How to Avoid the Latest & Gasless ETH Wallet Drain Scam

Aug 24, 2022 | Insights

eth-gasless-signature-wallet-drain-scam

There’s a new scam on the block, well, it’s been around for a while – but it’s coming to light more and more now scammers have realized how sneaky it is. The infamous gasless wallet drain scam.

Don’t worry though, we’ve put together this article to try to help understand exactly how it works and what you can do to avoid falling victim!

How does this scam work?

Instead of the usual ‘approve all’ signature wallet drain scams, this one works slightly differently by simply stealing your signature to then proceed to buy/transfer all your approved NFTs for free. The even more annoying thing is that it’s really hard to spot. However, there are some steps you can take to avoid falling victim to this:

If you connect to a mint site and it prompts you to connect your wallet before you can do anything, consider this a red flag. If you do connect and it proceeds to request a signature, be careful. This is where shit gets dangerous… unless you can read EIP-712 code.

The signature will probably look like any other signature to the average user – mainly because it looks similar and reminds you of when you first sign into OpenSea or most NFT marketplaces which are harmless – and doesn’t ask you for an ‘approve all’ transaction which what most scam mints do. However, signing a signature like this can do more damage than an approval for all transaction, if the scammer is smart enough!

Signing a message like this on a website that turns out to be a scam will grant the scammers contract (and linked wallet) the ability to literally just buy all your approved NFTs to the specified contract under the “exchange” for ) ETH, they can also add a time onto this so if they really wanted to that could constantly steal your NFTs for up to 50 years if they set that as a variable.

The thing that sucks the most is the fact that the signature itself is kept by the scammer so it cannot be removed by the likes of revoke.cash etc. Not to mention that there’s no way to find out what kind of signatures you signed like you can with transaction approvals. This basically means that even if you don’t have any marketplace contract signature live, the scammers could still wait until you do eventually approve an NFT to then target you and pull it out of your wallet at any point in time. Shit’s scary, right?

What tf can I do then?

It’s actually pretty simple:

  • Don’t sign any signature requests on degen mint sites or any that are giving you scammy vibes
  • Check your transaction approvals often and make sure to keep your wallet clean by revoking any contracts that you are no longer using/interacting with
  • Split your wallets up so you have a burner wallet for degen mints, a buying/selling wallet for your preferred NFT marketplace/s and a main wallet with ZERO approvals which you can simply use to send funds or the NFTs you want to hold to – nothing else

revoke.cash have also created an extension you can use to help detect these scams! See below.

If you have found this useful, then why not come join the Alpha Omega Discord community? We all share a love for NFTs, web3, cryptocurrency and provide our Alphas with only the best NFT tools, call-outs, giveaways and more!

🔎Other articles you may find interesting:

share

other articles