Always double-check before you sign anything

13 replies 454 views
4lph42017Full Member
Posts: 47 · Reputation: 425
#1Apr 25, 2024, 05:53 AM
A trader recently lost a whopping $999,999, and it wasn’t because of bad trades or anything like that. He lost that cash over just one signature. Ouch, right? I can only imagine how tough that was. Since there are a lot of new folks here, I thought it’d be a good idea to remind everyone: before you sign any transaction, just take a moment to breathe and really look at what you’re about to sign. That one signature could mean transferring all your assets out of your crypto wallet. So, always slow down, double-check what you’re signing, and make this a habit.
3 Reply Quote Share
quantumbearHero Member
Posts: 411 · Reputation: 2212
#2Apr 25, 2024, 07:05 AM
What are you saying? Did anyone complain that he lost any coins? Did you see it on the news and decided to post it on this forum? If you see it on the news, it will be better you also included the link so that people can read about it. Yes, it is good to check and recheck that the address you are sending to is correct before you sign the transaction.
3 Reply Quote Share
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#3Apr 25, 2024, 10:36 AM
Just for clarification, the victim signed an "approval", means that it's not a transaction that directly sent his funds to the hacker. Instead, he basically gave the hacker a permission to spend the funds on his behalf. It's trickier for newbies to spot this since it looks like just another step to use a service. But as you said, it's avoidable if the user is informed about the risk of such signature, and wallets usually show a red warning before proceeding. The owner must have been new despite owning that much.
0 Reply Quote Share
tomdefiFull Member
Posts: 126 · Reputation: 377
#4Apr 27, 2024, 04:54 AM
It's the same old scam trick, but they always keep getting new victims. I tried to look through the different news channels, and it seems the person fell for the phishing token scam or those wallet drainer tokens by making a signature approval. he basically gave the hacker permission to spend his coins. A very sad case 1. https://x.com/hackapreneur/status/2075153044044718191 2. https://finance.yahoo.com/markets/crypto/articles/crypto-user-loses-999-999-080727743.html 3. https://www.tradingview.com/news/cointelegraph:3196350b1094b:0-trader-loses-1m-after-signing-phishing-token-approval/
3 Reply Quote Share
WildBearSenior Member
Posts: 206 · Reputation: 1230
#5Apr 27, 2024, 09:47 AM
Never sign/approve a transaction that you're not aware of. It's sad that this might be his entire life savings that's just lose because of his negligence. While that's a different case from being infected by a copy pasta malware. It's always best to verify first before doing a transaction or signing.
6 Reply Quote Share
quantumbearHero Member
Posts: 411 · Reputation: 2212
#6Apr 27, 2024, 11:27 AM
In both the scam, the hacker is not given the permission to spend the coin, it always happen in a way that the victim will be tricked to send the coin to the hacker. Or maybe I do not know the one that you are referring to. Anyone that want to begin crypto journey, the person has a lot to read about. The way people are losing money in crypto is very high.
1 Reply Quote Share
WildBearSenior Member
Posts: 206 · Reputation: 1230
#7Apr 27, 2024, 04:01 PM
They have to read a lot and also ask a lot if they're unsure of what they do. This can be prevented if they're vigilant and aware of the tactics of these potential scams in signing transactions. These victims has got a lot of money in crypto and yet in that very few second of being vigilant, they've forgotten some golden rules before proceeding the transaction.
2 Reply Quote Share
SwiftPixelFull Member
Posts: 130 · Reputation: 572
#8Apr 28, 2024, 06:10 PM
Some of them don’t appear to have that time; they are always in a rush because they have the money to risk and chase profit. They think everything ends with token risk in terms of a dump; they forget to pay attention to the real danger, which is far worse than a rug pull, and also, using a different wallet for daily trading practice could have reduced this loss even if the hacker gained that permission. much could have not been found in that wallet.
2 Reply Quote Share
SilentGuruSenior Member
Posts: 432 · Reputation: 1445
#9Apr 28, 2024, 08:02 PM
Yep, also use wallet that support clear signing ERC-7733 in which you can understand what are you trying to do. There is one thing that I'd never do when interacting with the blockchain and it's being in a hurry and not rechecking anything. Check what you are signing, check the right address and make sure it's not dust attack address, check the right contract, check the liquidity when you are swapping and so on. So many things you need to do before you can be 100% sure that you aren't gonna lose your money. On top of that, use modern wallet that disable eth_sign by default.
0 Reply Quote Share
lord_gasMember
Posts: 27 · Reputation: 214
#10Apr 28, 2024, 10:09 PM
I was really confused at first after reading through the OP post because the story wasn’t clear enough and was just wondering what the OP was talking about but after going through the other posts and yours especially gave me the clearest understanding of what the OP saying. Thanks for the clarification. This is really so sad for the victim and this also just serves as a big lesson and experience to others to never to fall into victims. We just need to be careful and very vigilant on things we come across. Avoid chasing after profits without making research on thing we are signing up for.
2 Reply Quote Share
RogueMoonFull Member
Posts: 110 · Reputation: 789
#11Apr 29, 2024, 09:51 PM
What about the moment when you are still a newbie on here mate? As newbie, the excitement is still in full bars and that leads us to do things quickly without knowing what risks entails at them. That still taught us an expensive lesson and shapes to what we are now. But yeah, that here in the blockchain/crypto field, things shouldn't be rushed as this is not like the others where a transaction can be reversed if in case there is a mistake that is experienced. ETH is supposed to be the most secure network but not all platforms are using ETH. It is still ridiculous if a wallet will just auto-sign on its own without our permission. Never came across a wallet like that, so I know I'm using a decent wallet. It is not totally a new wallet, as old wallet are still updating their security from time to time.
2 Reply Quote Share
jake365Full Member
Posts: 214 · Reputation: 688
#12Apr 30, 2024, 03:40 AM
People never learn and new people are coming in, so scammers can just rotate old tactics over and over. Now when regulations in US have gotten even more loose, and scammers can even get away with a fraud, so situation is probably getting worse when markets start to move up again. I am guessing that even ICOs could come back with a different branding, because there are practically no repercussions anymore. And bigger the scam, more changes for pardon if that scammer praises the right people. So in a way, we are going back in time.
3 Reply Quote Share
cipher_pixelSenior Member
Posts: 145 · Reputation: 915
#13Apr 30, 2024, 07:09 AM
I've heard this before. By granting signature permission, you're giving digital hackers access to your wallet. People can be careless, and hackers are well aware of this and use it frequently. I've been afraid that this signature permission might happen to me one day, so I usually check it, but I don't want to make any big pronouncements. Don't be lazy; you could lose your wallet in a moment of haste.
3 Reply Quote Share
SilentGuruSenior Member
Posts: 432 · Reputation: 1445
#14Apr 30, 2024, 07:48 AM
For a newbie, using the most recommended wallet usually already solves 99% of the problem. It auto hides dust attack, enforce clear signing, and many things that newbies might not know. What newbie need to do is to recheck the website properly and read what they're signing. A wallet don't usually auto sign, but the user signing blindly without knowing what they are signing which is what eth_sign actually is frequently used for. The good news is most wallet have already starting to deprecate it.
1 Reply Quote Share

Related topics