Recently, the popularity of restaking projects in the cryptocurrency field has increased significantly, attracting the attention and participation of a large number of investors. Restaking involves depositing staked ETH on Ethereum into other protocols without unlocking the staked assets.
Prominent restaking projects like Ether.fi, EigenLayer, Puffer Finance, Renzo, and others are gaining traction in the market, but they've also become targets for scammers.
These fraudsters frequently create social media accounts, particularly on platforms like Twitter, with names closely resembling legitimate restaking projects. This tactic aims to deceive users into mistaking these fake accounts for official ones, leading to fraudulent activities.
For instance, while the genuine Twitter handle for Ether.fi is @ether_fi, a scammer might create a similar account like @efher_ifi, using a slight variation in spelling to mimic the original.
By purchasing Twitter's gold checkmark and services to increase followers and likes, scammers make it difficult for users to distinguish authenticity, and then impersonate official accounts to conduct fraudulent activities.
Example
ETH holder Kimi is actively following restaking projects. However, while browsing Renzo's tweet, he accidentally clicked on a link, leading to a phishing website.
When Kimi clicked the fake website and connected his wallet to sign in, the phishing site silently got his ezETH Permit authorization and stored it on the scammer's server. This signature remained inactive on the chain until the scammer activated it. Meanwhile, the fraudsters monitored Kimi's on-chain activity. As soon as they noticed Kimi withdrawing his staked ezETH, they promptly activated the Permit authorization, and swiftly transferred Kimi's ezETH to their own wallet, resulting in Kimi's token loss.
(The on-chain record of Kimi's token loss)
Safeguard tokens with “You Sign What You” feature
As early as August 2023, imToken optimized signatures for such Permit authorization scams. Through the "You Sign What You See" function, users can clearly know the type of transaction they are signing, avoiding the mistaken authorization of Permit as wallet connections.This allows users to have a clearer understanding of the content they are signing. For more information about Permit, please refer to:
Use Revoke.cash to cancel potentially risky authorizations
If you suspect that you have performed permit authorization during previous interactions on the chain, you can cancel it through Revoke Cash.
How to:
Open imToken, copy your wallet address, switch to the browser page and search Revoke cash. Enter your wallet address to the search bar of Revoke cash and click the arrow to search. It will display the authorization type and allowance under the address. For risky authorizations, it is recommended to cancel its authorization.
PSA:
- When managing wallets containing substantial assets, it's advisable to exercise caution when connecting to websites and refrain from blindly signing transactions.
- Regularly check the authorization and signature of the wallet address using the tool Revoke Cash.
- Be cautious about any suspicious links or information you see on social media platforms. It is best to get information directly from official sources and carefully identify official tweets.
imToken Is Always Protecting Your Token Security
In March, imToken marked a total of 851 risky tokens; banned 704 risky DApp websites; and marked 37,862 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
With scams continually evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions, providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.