Due to crypto's decentralized, unregulated nature, self-custody and security are top priorities. Even the most cautious users can occasionally make mistakes and become victims of scams. One of these unassuming but very prevalent mistakes is connecting cold wallets to malicious dApps, putting users' assets and data at risk.
A dapp, short for decentralized app, is conceptually similar to the apps or games you commonly use on your computer or phone. The main distinction is that dapps are developed and run on decentralized protocols like Ethereum. Dapps enable you to exchange tokens, purchase and trade collectibles, make payments, and more.
If you suspect that you're in this situation, you must act swiftly to minimize potential damage. Here's a step-by-step guide listing certain actions to take if you accidentally connect your Tangem Wallet to a malicious dApp.
What are malicious dApps?
Malicious decentralized applications (dApps) are fraudulent apps that exploit users by stealing their funds, data, or assets. Unlike legitimate dApps that provide services or utility on the blockchain, malicious dApps use deceptive tactics to drain wallets or gain unauthorized access to users' tokens and assets.
How do malicious dApps function?
Malicious dApps often employ sophisticated techniques to deceive users and evade detection:
- Deceptive interfaces: These apps mimic legitimate services like DeFi platforms or NFT marketplaces to lure users.
- Approval exploitation: They often request unlimited token approvals, allowing them to transfer assets without further user consent.
- Anti-debugging and obfuscation: Techniques like API hooking, debugger detection, and code obfuscation make it hard to detect malicious activities and understand the app's true intent.
- Backend control: Centralized servers collect data on potential victims and craft personalized attacks to maximize theft.
How to spot malicious dApps
To protect yourself, be vigilant and look out for the following signs:
- Too Good to Be True Offers: Fake DeFi platforms promise high returns using AI trading or arbitrage but drain wallets once approvals are given. If you transact with the malicious DApp, you will give unlimited token approval (usually USDT, USDC, BUSD, or DAI) to the scammer's wallet or smart contract.
- Unsolicited links and random tags: Be wary of unexpected minting or airdrop links from social media. Wallet Drainers via Fake NFT Drops steal NFTs and tokens by luring users to sign malicious contracts.
- Suspicious approvals: Avoid signing unreadable or excessive tokens and NFT approvals.
- Impersonation: Fake customer support may ask for more funds to "unlock" your account.
Steps to take if you connected to a malicious dApp
Connecting to a malicious decentralized application (DApp) can be alarming, but taking immediate and effective action can help protect your assets and personal information. Here's what you should do right away:
1. Revoke permissions
Use blockchain explorers like https://revoke.cash/ and tools like Etherscan's Token Approval Checker (for Ethereum) or similar tools for other blockchains.
If you know the specific chain where you gave your approval, then use any of the following:
- Ethereum: https://etherscan.io/tokenapprovalchecker
- Binance Smart Chain: https://etherscan.io/tokenapprovalchecker
- Polygon: https://polygonscan.com/tokenapprovalchecker
- Arbitrum: https://arbiscan.io/tokenapprovalchecker
- Avalanche: https://snowtrace.io/tokenapprovalchecker
These tools allow you to see which DApps can access your tokens and revoke those permissions.
2. Disconnect your wallet
Immediately disconnect your wallet from the DApp.
Open your wallet app and navigate to the settings or connected DApps section. Find the DApp in question and disconnect it.
3. Transfer funds to a secure wallet
If you're still not sure about your asset's safety, move them to a new, secure wallet to prevent potential theft. Create a new wallet that has not interacted with the malicious DApp. Transfer all your funds from the compromised wallet to this new one.
4. Change passwords and secure your account
Strengthen the security of your accounts. Change passwords for your wallet and any linked services. Enable two-factor authentication (2FA) for enhanced security.
5. Scan for malware
Ensure your device is free from any malicious software that may have been introduced. Run a full malware scan on your device using reputable antivirus or anti-malware software.
6. Notify the community
Share information about the malicious DApp in relevant online communities and forums to warn other users. If you have lost significant funds, consider reporting the incident to cybercrime authorities or blockchain security firms that handle such cases. Provide detailed information about the DApp, the transactions involved, and any other relevant details to help them investigate.
Preventive measures for the future
Here's what you should you to safeguard your assets from malicious decentralised applications:
- Verify DApp authenticity: Always check the legitimacy of a DApp before connecting your wallet. Look for reviews, official websites, and community feedback.
- Limit permissions: Only grant the minimally necessary permissions to DApps. Regularly review and revoke permissions for DApps you no longer use or trust.
- Use a hardware wallet: For added security, use hardware wallets like Tangem, which keep your private keys offline.
- Stay informed: Follow the latest security news in the crypto space to stay aware of current threats and best practices for staying safe.
Conclusion
Realizing that you've been connected to a malicious DApp can be unsettling, but quick and decisive action can help mitigate the risks. You can protect yourself from potential harm by disconnecting, revoking permissions, transferring funds, and securing your accounts.
Adopting preventive measures and staying informed can help you avoid such situations in the future. Prioritize your security and remain vigilant in the ever-evolving world of decentralized finance.