GM,

There have been updates on both news stories discussed last week. Here's a brief summary.

FTX has started selling its holdings of SOL, totaling approximately $7.5 billion. This figure is quite staggering, as it suggests that FTX could compensate for most users' losses just by liquidating SOL. I also need to correct the statement from last article1. Initially, I thought the "locked SOL at FTX" was involved in on-chain staking, but later I found out it was due to token vesting not being completed. Therefore, what FTX is liquidating is not actual SOL but the rights to future SOL. The good news is that the SOL price won't be affected, but the bad news is that the "future SOL" can only be sold at a 30% discount to market price (still totaling $7.5 billion...).

In another piece of news, I mentioned that Google currently supports Ethereum address search, a feature even Bitcoin doesn't have. Surprisingly, just a few days after the article was published, Google announced support for Bitcoin address search. It seems Google also values the Blocktrend's voice (oops). Now, onto the main topic.

Cryptocurrency scams come in various forms. If it's about emotional entrapment or investment traps, there are already references for dummies. If it's about mishandling private keys, using recommended wallets2 should mitigate major issues. However, a recent emerging scam type—Approval Phishing Scam—has caught many veterans in the crypto community off guard. Even cybersecurity experts specializing in detecting approval phishing have inadvertently fallen victim. A moment's carelessness could lead to hackers emptying wallets.

Instances of approval phishing on the internet are all too common, but there are increasingly more prevention tools available. This article will first explain why approval phishing is so challenging to thwart and then teach you the most efficient ways to perform a health check on your wallet and use tools to build a firewall around it.

Uniswap Hacked

In October 2023, a post appeared on the Uniswap subreddit of Reddit with the title "Warning: Uniswap Authorization Vulnerability Occurring! Users Have Lost Over $37 Million. Anyone Who Has Used Uniswap in the Past 8 Months Is at Risk." Clicking into the post, the author only provided a link to an article from the cryptocurrency media outlet Blockworks.

Developers tweeted that the Uniswap smart contract was hacked in the early hours. This vulnerability involves the "Permit2" function... Security firm PeckShield stated, "Uniswap Permit2 appears to have an authorization vulnerability, resulting in $37 million being hacked." Developers from DefiLlama and Uniswap also confirmed this vulnerability... Uniswap's Chief Security Engineer urged users to revoke all contract permissions from Uniswap.

The journalist who wrote this report was considerate enough to include links to revoke token permissions twice in both the subtitle and the body of the text, allowing users to handle the situation promptly and cut losses in time. However, if you followed the steps to connect your wallet and revoke permissions on Etherscan at the first moment, you would only find a few notifications of asset transfers out of your wallet - you have become a victim of authorization phishing.

This was a carefully orchestrated authorization phishing scam. The targets were not novice investors but rather seasoned crypto users familiar with DeFi operations! In fact, Uniswap was not hacked at all; the news reports and developer testimonies were all fake, and throughout, only the Reddit forum and your wallet were real.

Fortunately, the hackers behind this scam were careless. After people entered the phishing website, fake authorization messages demanding signatures did not immediately pop up, allowing many users to escape unharmed. Below is a comparison chart of the real and fake websites. Without deliberate scrutiny of the URLs, it is difficult to detect any anomalies.

Chainalysis, a blockchain data analysis company, pointed out that in 2023, over $300 million was stolen through authorization phishing. Each scenario varies, with the most common being fake airdrops used to deceive users into granting authorization. If you're a novice who keeps all assets on centralized exchanges, authorization phishing is unlikely to target you. However, if you frequently open wallets and interact with decentralized applications on the blockchain, you become a prime target for hackers.

The blind spot lies in people's general lack of awareness of what they're authorizing. For instance, the report mentions "Permit2," but who outside of technical experts would know what that is? But since the report quotes so many experts and even provides links to revoke permissions, would the media fabricate such information? In any case, keeping your wallet's private key secure should suffice, right?

As a result, in moments of panic, people tend to overlook multiple verifications. Moreover, the information that pops up during the signing process in wallets is often not user-friendly. Many people unwittingly authorize transactions, inadvertently handing over their assets to hackers.

If you're unsure whether you've authorized risky permissions, consider using Wallet Guard, a tool for conducting a comprehensive health check on your wallet.

Wallet Health Check

Wallet Guard is a free browser extension tool, functioning much like antivirus software for your wallet. Once connected to your wallet, it can scan for any previously signed risky authorizations based on a "virus database" and assess the health of your wallet. The scan result below shows that I've previously used the decentralized exchange Curve Finance, which was compromised3 in August 2023, resulting in high-risk authorizations.

Although at the time Curve was hacked, it involved the ETH and CRV pools, and I held WBTC, which should theoretically remain unaffected. However, Wallet Guard, being cautious, categorizes the entire Curve as high risk. At this point, I could choose to click the prominent white "Revoke" button on the screen to cancel authorization, or simply transfer the exposed asset WBTC elsewhere. The former eradicates the issue, rendering the hacker unable to access wallet assets, while the latter is more of a "band-aid solution," temporarily depriving the hacker of funds.

Once the funds are transferred, the Wallet Guard warning disappears, and the wallet's security score increases. The user experience is very intuitive, and I recommend keeping it as a browser extension, much like antivirus software.

But prevention is better than cure. How great would it be if someone could remind us when we're authorizing something suspicious during our daily routines? Next, I recommend two tools—Scam Sniffer and Rabby Wallet—to help you stay vigilant and prevent phishing attempts.

Daily Prevention

Scam Sniffer is a browser extension tool that acts as a scam detector. It's like carrying a portable passive alarm that automatically "sniffs out" any signs of scams every time you browse websites or read tweets. I purposely found two phishing websites (1, 2) for everyone to test. If you have Scam Sniffer installed, you should be blocked by the warning screen below, just like me.

The "antivirus software" Wallet Guard mentioned earlier also has the same function. I personally have both enabled, which means every website undergoes two checks before browsing, reducing the likelihood of missing anything. However, like antivirus software, having too high a sensitivity inevitably leads to false positives. Recently, when I was claiming a rebate, Wallet Guard saw no issues, but Scam Sniffer popped up a risk warning, prompting me to double-check the URL. After a thorough inspection, I felt reassured to proceed with authorization.

Most people fall victim to unauthorized transactions due to momentary negligence, only to regret their carelessness afterward. The greatest significance of installing these plug-in tools is to compel you to pause and take a closer look. However, both of these toolsets are browser extensions and can only be used on PCs. If you want to receive similar notifications on your mobile device, you'll need to download Rabby Wallet as another line of defense.

Rabby Wallet is positioned as a firewall for wallets. When you open Rabby, you can't create a new wallet or enter a mnemonic phrase. Instead, you must link it to another wallet you're already using, such as MetaMask. Rabby's main feature is translating authorization signatures into "plain language" and simulating the signing results for users in advance. Seeing the results before deciding whether to authorize makes it less likely to be deceived.

The image below shows a transaction sent using Rabby. The bottom left corner indicates which application this transaction is being used for and whether it has been operated on before. If it's the first time using it, Rabby will require confirmation of the risk before authorization. On the right side of the screen is the simulated result of the transaction, showing that it will convert one meme coin into ETH.

Simulated transactions are a very user-friendly design, and another mobile wallet, Rainbow Wallet, also has the same functionality. My personal practice is to link Rabby with Rainbow Wallet, effectively providing two layers of protection for every transaction. Unless you're completely oblivious, the chances of making a wrong signature are very low.

In case all these preventive mechanisms fail to stop you, the only recourse is to quickly use Wallet Guard or Revoke.Cash to revoke authorization and remedy the situation afterwards. Although these are standard procedures, if you were to ask: What should you do first upon seeing your wallet assets being transferred out? I believe creating a new wallet and promptly competing with the hacker to reclaim your assets and time is the most practical approach.

Keep Out of The Way

I haven't experienced it personally, but seeing your wallet assets being hacked would certainly leave you feeling blank, not knowing what went wrong. It could be a leaked private key or a case of authorization phishing. In cases of uncertainty, transferring assets to another newly created wallet is the simplest course of action.

If it's the private key that's been compromised, revoking authorization won't help. Revoking authorization only applies to specific situations of mistakenly signed authorization and requires action on websites like Wallet Guard and Revoke.cash. I'm not confident I would remember these names at such a critical moment. Moreover, each revocation is an on-chain transaction, requiring payment of fees. Due to technical limitations, users cannot revoke all authorizations at once.

On the other hand, in a dangerous situation, fleeing and transferring assets to another wallet is more intuitive and efficient. There's no need to transfer everything in an emergency; just protecting a few large assets will minimize the damage.

I always look forward to the engaging and practical content from Blocktrend, but this article is a bit different. I hope it's the most "useless" article Blocktrend has ever written.

Blocktrend is an independent media platform sustained by reader subscription fees. If you find Blocktrend's articles valuable, we welcome you to share this piece. You can also join discussions on our member-created Discord or collect the Writing NFT to include this article in your Web3 records.

Furthermore, please consider recommending Blocktrend to your friends and family. If you successfully refer a friend who subscribes, you'll receive a complimentary one-month extension of your membership. You can find past issues in the article list. As readers often inquire about referral codes, I have compiled them on a dedicated page for your convenience. Feel free to make use of them.