🏔 DApp authorization scam

Security is the most important subject for Envo, no one. As a wallet, it is its basic mission to keep users' assets safely, but this process requires users to have certain security knowledge and be able to cooperate according to the official operation guide, otherwise, once users operate irregularly, they will easily be cheated by fraudsters to get their private keys and lose their money in just a moment.

Therefore, we will list out the fraudulent means in different channels and ways, and only after we are familiar with the core and set template of fraud, we can consciously prevent it in the process of exploring the crypto industry in the future.

The core of prevention is also very simple, here is a simple summary for you: don't believe in gaining cashback, over-authorization is very dangerous; strangers and QR codes, ignore or don't believe don't sweep; security tips look clearly, can't distinguish find customer service.

Enter our first disaster area: dApp authorization.

dApp authorization scam

When users need authorization when interacting with a dApp for the first time, there will be hidden dangers in it. If the dApp is attacked afterwards, it will be able to use its authority to steal the user's assets directly. When a user makes a transaction in a dApp contract, there will be an authorization button on the page of the dApp, and the user must be authorized before the transaction is allowed, and this authorization is the authority of the dApp contract to transfer your assets, and the number of tokens authorized is generally unlimited by default for the convenience of the user. Once the contract is vulnerable, or the contract administrator gets greedy, all the tokens in the user's authorized wallet will be transferred away.

Envo suggests that users should not over-authorize when interacting with on-chain protocols, and should also regularly de-authorize Dapps that they do not use frequently, and pay attention to prevent fraudsters from "changing vests" to avoid suffering asset losses.

Therefore, you need to regularly clean up your unused dApp permissions or set a cap on the amount of tokens you can transfer.

Rebate Scam

Currently, there is a kind of return revenue scam: scammers fake a wallet address QR code, swipe the code to enter the fake website designed according to the Envo transfer page, the scammers ask you to transfer a certain coin about 0.01 amount, promising to give users a daily 3% return, only need to transfer 0.01 to confirm your address.

In actuality when you are scanning the code to enter the fake website and transferring money, it is equivalent to opening the authorization for the scammer to transfer that currency, and he can steal your entire balance. This is also theft of assets due to authorization issues. Envo has made many risk tips in the product, users must pay attention to verify the link address when using the wallet for third-party QR code scanning/website access and authorization, or ask Envo official customer service in the first place whether the link is safe.

How to check the authorization status in the wallet

To check the authorization history of DApps in Envo, select the public chain where the DApp is located, click [Tools], and then enter the [Authorization Detection] page.

Just paste the address of the wallet you want to check in the search box.