Complexlity pfp
Complexlity
@complexlity
There's this theory that you could be airdropped a scam token and if you try to sell it, all you wallet is drained. is this true? or just not exactly what happens. I've been hearing about this but with my current solidity knowledge, I'm not sure how it's possible. I'm thinking, If it was possible, everyone would have been drained by now.
3 replies
1 recast
4 reactions
AJ pfp
AJ
@awedjob
I would like to know more about the mechanics of wallet drainers so I can intelligently guard against those attacks.
1 reply
0 recast
1 reaction
Complexlity pfp
Complexlity
@complexlity
The typical types, would have some kind of "claim" button on their site that when you click, would call a dubious smart contract (obviously written by the attacker). If you approve it, whatever is written in that contract would happen to you. i.e if the contract says "transfer all eth and usdc from base chain to wallet 0xbcd", anyone that approves that contract will transfer their eth and usdc directly to the attacker's address. Usually the contract is well written and can take a whole lot more than just two tokens. So, yh, any single approval you make can be a "hack". Good thing is, most popular applications have open source or verified contracts on the chain so people know verified/popular contracts are often safe-r (it's possible to obfuscate though but difficult and could still be found out by someone skilled). Also, wallets often simulate contracts so they would usually tell you what's moving when you approve, but you can't rely on this though, for complex contracts, the accuracy tends to be low.
1 reply
0 recast
1 reaction