A user asks: A guy asked me to scan a QR code and transfer 1 USDT to him. I did what he said then all my USDTs were sent out from my wallet without my consent. How did that happen?
Another user asks: An imToken official told me that I could earn rewards by depositing tokens into imToken. Considering it a very good opportunity to grow money, I did as instructed. After transferring money to imToken, however, my wallet was drained.
imToken: That guy is a scammer and the so-called ‘imToken official’ is an impersonator. They tricked you into approving him to drain your wallet.
- Scammers usually send you a QR code or impersonate imToken officials to trick you into giving him the token approval.
- Token approval allows a third-party to transfer tokens out of your wallet without your consent.
- Check whether you are giving unlimited token allowance whenever you are making a transaction.
- Use tools like TRONSCAN and Etherscan to check and revoke token approval.
How can a scammer transfer funds out of your wallet without your consent? The answer is Token Approval.
What is token approval
Google Play offers a family payment method through which your family members’ purchases such as books, movies will be charged directly through your account. Even if your family doesn't know your Google Pay password, they can still use your money.
Token approval is a little similar. When you unconsciously give the token approval to the scammer, he can move your funds to their own wallets without knowing your mnemonic or password.
And scammers usually use QR code payment and liquidity mining to trick crypto investors.
QR code payment
Scammers lure you to scan a QR code or click a link, which opens a scam website mimicking the transfer page of your wallet app. The site takes you through an imitation of the familiar transfer interface. Instead of the transaction confirmation, a window for approving unlimited token balance shows.
Please note that you can distinguish between real and fake transfer pages by checking the icon in the upper right corner of the page. The icons in the top right corner of the fake page are "..." and "X", while that of the real page is a QR code scan icon.
In any case - such as scanning a payment QR code - there a few steps that help you to stay safe:
- Check whether the QR opens a legit transfer
- Check whether you are giving unlimited token allowance
- You can also ask for the text version of the recipient’s address. It’s a little inconvenient, but it’s much safer.
Scammers impersonate imToken officials on channels such as Telegram, WhatsApp, Youtube etc. and offer you a very good investment opportunity: Deposit USDTs into imToken and participate in liquidity mining or staking to get guaranteed daily earnings, the more tokens you deposit, the higher the rate of return.
Some scammers even tell you that no principal is required, just pay some miner fees to join the network, then you get a stable income. Sounds too good to be true? Well, it probably is.
When you confirm a transaction on the scam website to start the so-called liquidity mining or staking, you are actually giving unlimited token allowance to the scammer.
So when you make a transaction or invest in a project, please pay attention to whether the "Approve Allowance" page pops up in the app, and stay alert.
- imToken officials will never chat with you on Telegram, WhatsApp and Youtube.
- imToken is a self-custodial wallet, so there is no such thing as “Official Address” or “Address of imToken Financial Department”. If someone tells you this address belongs to imToken, he must be a scammer.
How to check whether you have approved a third-party to transfer your token?
Approve scams usually play out on Ethereum and TRON, so this blog will explain how to check and cancel the approval of your ETH and TRX addresses respectively.
Make sure you have at least 5 TRXs in your wallet. If not, please purchase some through exchanges and withdraw them to imToken TRX wallet or contact us in the App for help.
- Open imToken TRX wallet, and switch to the browser page.
- Enter “Browser” in the search bar, click “Blockchain Browser” ->“TRX” and select a wallet
- Scroll the page down and click “Approval”, then all third-party addresses you have approved are displayed on the page. If you find the Approved amount of an unknown address is unlimited or 999999…, it is likely to be a fraudulent address. Please revoke the approval immediately.
- Click “Cancel” to revoke the approval. After the token allowance is successfully removed, the status will change from “Cancel to “Canceled”.
- Check all your approval records to make sure that all your unlimited token allowances are canceled.
Make sure you have at least 0.02 ETH in your wallet. If not, please purchase some through exchanges and withdraw them to your imToken ETH wallet.
Note: When withdrawing coins, please select the ETH network.
- Open imToken ETH wallet, and switch to the browser page.
- Enter “Approval” in the search bar and click “Token Approval”.
- Click “Connect to Web3” -> “WalletConnect” ->“imToken”. After the wallet is successfully connected to Etherscan, return to the previous page and it will display "Connected".
- Scroll down the page and you can see the addresses and quantities you have approved under Approved Spender and Allowance.
In the picture below, we can see that the Approved Spender of my address includes Uniswap, SushiSwap, etc. This is because when I trade in DEXs I need to approve first, which is to allow DEXs to be able to complete the token swap.
- However, if you find an unknown address in your Approved Spender list, it is likely to be a fraudulent address. Please revoke the approval immediately. Click "Revoke" on the right side of the address, then click "Revoke" again on the pop-up page and confirm the transaction.
- Click "View your transaction". If the Status shows Success, it means you have successfully canceled the approval.
Note: If the status shows Pending, please wait for it to change to Success.
- Contact us in the App or send us an email via firstname.lastname@example.org when in doubt
- Tron network scam tokens
- Wallet Security Newsletter # 1: Fake websites and wallets