There are ongoing attempts to drain ETH wallets by sending fake tokens, fake airdrops, NFTs to random wallets. I don’t exactely know how it works, but as I understand it, if you click on it and sign the transaction, your wallet is drained.
I received this in one of my wallets:
I never published my address anywere, so I suspect they scan the blockchain for transactions and record wallet addresses.
I was lucky, because I saw a YT clip about this a while ago, otherwise I wouldn’t know and probably click it.
So watch out and ignore the unsolicitated token drops. It’s very helpful that my wallet introduced the filter for these tokens and hides them.
2 Likes
Accepting/receiving token does not drain the wallet. The drain happens after the victim authorizes spending, usually via approval or signed permit. Social engineering is used to trick the person into signing the permit or approving the spender contract.
It’s not different than any other social engineering attack where people are tricked into approving transactions in some way without paying attention.
The protection against it is simple — don’t act on unsolicited messages, gifts, and what not, and fully understand what are you agreeing you when you click accept, let alone authenticate somewhere.
1 Like
Yes, you can see that in the image is a “t.me” link. So they want that you contact them over telegram. Often it’s even in the name so you can see the link better and visit their site to connect your wallet. And boom your wallet is suddenly empty
4 Likes
