Just got an airdrop of 298,131 XCH tokens.
When I looked into the project a bit, I found out they are a scam.
Let me walk you through.
๐งต๐๐ผ
When I looked into the project a bit, I found out they are a scam.
Let me walk you through.
๐งต๐๐ผ
First I had to check the tx that actually did the airdrop.
Looks like a pretty standard "push to all people" airdrop.
etherscan.io/tx/0x7d678e4c1โฆ
Looks like a pretty standard "push to all people" airdrop.
etherscan.io/tx/0x7d678e4c1โฆ
When I went to check the last transactions that interacted with the contract, something interesting was there.
Lots and lots of failed transactions. ๐
All of them are trying to call "approve".
Lots and lots of failed transactions. ๐
All of them are trying to call "approve".
Digging deeper into one failed approve transaction, I saw the error message is
'To Exchange, use this website - abchange.io'
This LOOKS FISHY! ๐ก
You SHOULD be able to interact with the contract directly, not only through the website.
etherscan.io/tx/0x30d1becacโฆ
'To Exchange, use this website - abchange.io'
This LOOKS FISHY! ๐ก
You SHOULD be able to interact with the contract directly, not only through the website.
etherscan.io/tx/0x30d1becacโฆ
The next step is to just check the website.
The values are prepopulated, and it seems the airdrop would translate into 6.1 ETH.
Who wouldn't sell them for that much ether?
The values are prepopulated, and it seems the airdrop would translate into 6.1 ETH.
Who wouldn't sell them for that much ether?
But changing any of the values doesn't do anything.
I was expecting the ether value to be calculated based on the updated XCH value and vice-versa.
I was expecting the ether value to be calculated based on the updated XCH value and vice-versa.
I was thinking, maybe I need to first connect my ๐ฆ wallet.
But still, the initial values should be calculated not just filled in.
But still, the initial values should be calculated not just filled in.
However, when I connect my ๐ฆ wallet, it grabs a list of all tokens I own.
The values still aren't updated if I change them.
It just needed my personal address to get a list of my assets.
Wondering why?
The values still aren't updated if I change them.
It just needed my personal address to get a list of my assets.
Wondering why?
After I click "Exchange" I get this message in ๐ฆMetamask.
"Allow abchange.io to spend your $DEGEN?"
Say what?
"Allow abchange.io to spend your $DEGEN?"
Say what?
Now it all ties together.
They need to find out what assets you have on your account to get the most valuable asset you own.
In my case, it's $DEGEN, an index token created by @ndxfi
The good thing is Metamask understands the transaction and it's able to tell you what it does
They need to find out what assets you have on your account to get the most valuable asset you own.
In my case, it's $DEGEN, an index token created by @ndxfi
The good thing is Metamask understands the transaction and it's able to tell you what it does
So it's actually trying to scam you out of the most valuable token you own.
The airdrop is just a way to bring people to the website.
The airdrop is just a way to bring people to the website.
I just created a pull request into @MetaMask to add abchange.io to the blacklist.
Help me get this through quickly! We need to protect the users.
github.com/MetaMask/eth-pโฆ
@danfinlay @kumavis_
Help me get this through quickly! We need to protect the users.
github.com/MetaMask/eth-pโฆ
@danfinlay @kumavis_
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
