See More

Scammers Stealing Chainlink by Abusing Token Approval Transactions

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • Chainlink holders targeted in latest crypto scam.
  • Token approve function being exploited.
  • More user vigilance is needed as crypto prices climb.
  • promo

New research has highlighted potential vulnerabilities in the transaction approval process that could enable malicious actors to steal crypto tokens.

The report, published by crypto wallet provider MyCrypto, stated that there could be security vulnerabilities with the approval mechanism that automated market makers use before a transaction or token swap can go ahead.

The research stated that the function allows a third-party to send tokens from your account on your behalf. It added that bad actors have learned to exploit this as users are expecting scams to target their private keys;

“Exploiting token approvals is a clever approach because users generally think: ‘If they don’t have my key then they can’t sign a transaction, so they cannot steal my assets.’”

The report highlighted one current scam targeting Chainlink (LINK) holders. Scammers use a malicious mailing campaign that details a fake upgrade to the token promising gas reductions and supporting meta-transactions.

“The promise of less gas is supposed to strike FOMO into the hearts of users so they “upgrade” as soon as possible without thinking,”

The malicious actors are publishing a verified contract on-chain using the token approval call to make it look more legitimate, it added. Users are prompted to set an approval call for their wallet address which then gives the hackers permission to withdraw LINK tokens.  

The report provided examples using addresses that have enabled the “approve()” function and those that have already stolen tokens.

It alleges that so far, the scammers have moved 266 LINK tokens, worth around $7,200 at the time of writing. However, the address they are sending the tokens to has a current balance of 1,111 LINK tokens valued at around $30,000.

It concluded that there are likely to be multiple campaigns from the same bad actors.

Staying Safe

To safeguard against such scams the report advised that users trust who or what they are approving to spend their tokens. It stated that a tool called revoke.cash is able to revoke these permissions

It is also pertinent to ensure that mailing lists and updates are coming from the official source and project, as the number of fakes continues to rise.

With rising crypto prices, more vigilance is needed by users and investors as the scams will grow in number and sophistication.

Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored