Scam in some EVMsThe general idea is that there are some "gas tokens" that are replenished when you return gas to the EVM network. This feature was removed in ETH in 2021 by improving eip-3298. But in BSC this function remains.
How does Scam happen?
1️⃣ The fraudster creates a token. Here is an example of such a scam token.
2️⃣ The fraudster made it so in the smart contract code that he himself can approve this token for any wallet. Then it will approve these tokens to the victims’ wallets (randomly or selectively).
3️⃣ Because of this approval, you are starting to see this approval in different services, such as
https://revoke.cash/. And the token looks like a stable DAI, USDT, and so on.
4️⃣ Next, you remove permission to spend this token, but gas has an increased value (this is how the token contract is programmed). But not a lot judging by the transactions. From point 1 of this post, you can go through the approvals and see that there are expenses of $0.1-5.
5️⃣ They write that after revoking the approval, it still remains. Because you don't have this token. And apparently the scam token contract does not provide for just a revocation or something like that. Therefore, the token will still remain hanging on a service like
revoke.cash. Well, the services have already started deleting these scam tokens.
6️⃣ If you send unapprove, then more gas will be taken from you, which will be returned to the scammer in the form of a gas token. But I didn’t see more than $5 for transactions. Here is an example of how a scammer loses gas token CHI: (at the moment the scammer has 98,000 tokens worth $570)
7️⃣ Liquidity for this CHI token is only $1579. Therefore, apparently this scam will end soon 😂. I don’t know if there are gas tokens anywhere else or not.
But this bug is unpleasant and the community is asking to release the eip-3298 update to BSC and other networks to remove this bug. For example, they will now create a bunch of scam tokens that will be approved by victims, and the token will supposedly cost money, then you go to the site and there is a virus or something (the same thing happened with just sending tokens to wallets, now they can send approvals)
Project @CryptoWares
Shop: @CryptoWaresBot
