Spot new scams and use your Web3 wallet safely
As OKX Wallet is being used by more and more customers, some malicious actors are constantly coming up with new scams to trick customers into granting wallet authorization or stealing mnemonic phrases/private keys, resulting in asset losses. We urge all customers to stay vigilant and beware of scams.
New scam case: malicious permission changes
This type of scam often occurs during top-ups via the TRON chain. For example, exploiting the mentality of "seeking small gains," criminals lure customers into buying fuel cards, gift cards, etc., at very low prices, or use certain authentication code platforms for top-ups. When customers use the provided link to top up, the criminals trigger code that maliciously alters permissions to obtain the customer's password signature, thereby gaining control over the wallet address.
Review of scam methods
Step 1: Use incentives and other methods to guide users to click on third-party links, redirect them from the deposit page to the wallet, and use malicious code to directly fill in the contract address of the Token.
Step 2: During the transfer process, you will see a prompt about changing permissions and the associated risks. If you continue, it may result in malicious permission changes. When you try to transfer again, you will see an error message, and in reality, you have already lost control over the modified address.
How to prevent it?
Please do not click on links to various fake gift card, fuel card, or recharge card websites promoted on the network, and do not participate in recharging on these sites, especially those that provide recharge redirect services. If you click on suspicious links and make a transfer, your address permissions could be maliciously altered, resulting in loss of funds. For legitimate recharge services, you only need to transfer funds using the receiving address to complete the transaction.
Other scam cases
Case 1: Leaking your wallet mnemonic/private key to a scammer
Scammers guide customers to share their screens, claiming to help them invest, buy and sell swag at low prices, or trade crypto privately. They instruct customers to create wallets and, under the scammer's guidance, customers end up revealing their mnemonic phrases or private keys, resulting in their wallets being stolen and assets lost.
Case 2: Using similar address to mislead customers
Using an address 'generator' to create addresses that are very similar to the customer's receiving address, misleading customers into copying the wrong address and resulting in asset loss.
Case 3: Phishing link authorization (contract interaction)
When customers participate in certain projects within their wallet and confirm an authorization trade or other authorization-related trades, the project will obtain permission to transfer assets up to the approved limit. For example, some scam or phishing projects may later use smart contract to transfer your assets, which will generate contract interaction my trades in your wallet.
Once the authorization operation is completed, it is equivalent to transferring the usage rights of your USDT tokens to this project or to another smart contract. After the authorization is completed, the smart contract can automatically transfer your funds. This will be reflected in your my trades as a contract interaction record.
Case 4: Using shared mnemonic phrases to give away coins and scam withdrawal applicants out of their transaction fees
Scammers display wallet seed phrases on social media, using the excuse of leaving the crypto space to give away coins and lure others into importing the wallet seed phrase. In the end, they trick the person withdrawing funds into depositing transaction fees.
Usually, these wallets are multi-sig wallets that require multiple people to sign off on any operation. Therefore, even if the scammer reveals the seed phrase, you still cannot control the wallet after entering it. Typically, the wallet contains a certain amount of valuable tokens, such as USDT, but lacks transaction fees. Once a customer deposits the required fee, a built-in program in the wallet will automatically transfer the fee out, and you will not be able to withdraw any assets from the wallet, resulting in asset loss. So, if you encounter this type of scam, especially in comments under official platform media or widely spread in communities, please stay alert, do not believe it, and never transfer fees or any assets to any wallet address.
To learn more, you can click
Web3 wallet: Please be cautious of my unknown trades
A comprehensive overview of common scam tactics and how to protect yourself?