Scammers Stealing Chainlink by Abusing Token Approval Transactions

Share Article
In Brief
  • Chainlink holders targeted in latest crypto scam.

  • Token approve function being exploited.

  • More user vigilance is needed as crypto prices climb.

  • promo

    Want to learn how to trade? Get a beginners guide from _BeInCrypto Academy_ now!

The Trust Project is an international consortium of news organizations building standards of transparency.

New research has highlighted potential vulnerabilities in the transaction approval process that could enable malicious actors to steal crypto tokens.



The report, published by crypto wallet provider MyCrypto, stated that there could be security vulnerabilities with the approval mechanism that automated market makers use before a transaction or token swap can go ahead.

The research stated that the function allows a third-party to send tokens from your account on your behalf. It added that bad actors have learned to exploit this as users are expecting scams to target their private keys;



“Exploiting token approvals is a clever approach because users generally think: ‘If they don’t have my key then they can’t sign a transaction, so they cannot steal my assets.’”

The report highlighted one current scam targeting Chainlink (LINK) holders. Scammers use a malicious mailing campaign that details a fake upgrade to the token promising gas reductions and supporting meta-transactions.

“The promise of less gas is supposed to strike FOMO into the hearts of users so they “upgrade” as soon as possible without thinking,”

The malicious actors are publishing a verified contract on-chain using the token approval call to make it look more legitimate, it added. Users are prompted to set an approval call for their wallet address which then gives the hackers permission to withdraw LINK tokens.  

The report provided examples using addresses that have enabled the “approve()” function and those that have already stolen tokens.

It alleges that so far, the scammers have moved 266 LINK tokens, worth around $7,200 at the time of writing. However, the address they are sending the tokens to has a current balance of 1,111 LINK tokens valued at around $30,000.

It concluded that there are likely to be multiple campaigns from the same bad actors.

Staying Safe

To safeguard against such scams the report advised that users trust who or what they are approving to spend their tokens. It stated that a tool called revoke.cash is able to revoke these permissions

It is also pertinent to ensure that mailing lists and updates are coming from the official source and project, as the number of fakes continues to rise.

With rising crypto prices, more vigilance is needed by users and investors as the scams will grow in number and sophistication.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been writing on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Trade with the Best Crypto Signals - guaranteed profits with over 70% accuracy

Join now

Want to learn how to trade? Get a beginners guide from BeInCrypto Academy!

Learn now