- A new scam has arisen from the ashes of the Multichain hack.
- The scam has the potential to affect multiple EVM chains.
- Find out how to protect yourself from the scam.
On Friday, July 7, Multichain was exploited for about $126 million. Following the hack, Multichain, security service Revoke.cash, and wallet provider Rabby urged users to revoke approvals associated with the Multichain protocol to prevent further losses.
However, scammers have quickly attempted to take advantage of this by creating fake approvals on several addresses to earn gas tokens when unsuspecting users rush to revoke these approvals, often at unusually high costs.
In this article, we look at how to spot these scams, how they work, and how to deal with them.
How to Spot Gas Token Scams
Gas token scams allow scammers to earn gas tokens when users revoke fake approvals created on their wallets.
These scams typically appear as unknown airdropped tokens with fake approvals that users might be tempted to revoke to secure their wallets.
As highlighted by Rabby Wallet, these fake approvals typically require about 100 times more gas fees than necessary to get revoked. Additionally, the airdropped tokens usually do not have logos.
How Do Gas Token Scams Work?
The “storage refund” feature rewards users for clearing storage on the blockchain by deleting data from a smart contract with the gas fee associated with storing that data. Gas tokens were created to use this feature to tackle variable gas prices. They can be bought and stored when gas prices are low and burnt or sold when gas prices are high to save on fees as the network pays for freeing up the data previously occupied by storing the gas tokens.
While the storage refund feature and the concept of gas tokens have been deprecated on the main Ethereum chain, several other EVM chains, like the BNB chain, still have this loophole.
Scammers typically airdrop fake tokens with fake approvals to multiple addresses to take advantage of this. Unknown to users, these tokens are designed to mint large amounts of gas tokens during a revoke transaction, which the scammer receives and sells.
"This is scary because your wallet popup will not show that you're sending funds, just a high fee," Revoke.cash stressed.
While Revoke.cash and Rabby Wallet have become aware of these scams and are flagging these transactions, it is not 100% foolproof. Hence users must know how to deal with them.
How to Deal with Gas Token Scams
It is relatively easy to stay safe from gas token scams when you know what to look for. Here are some tips to take note of:
- Be suspicious of unreasonably high fees when revoking approvals.
- When you see an unknown approval and suspicious token in your wallet, the best action is to ignore it. You can not lose money if you do not interact with them.
- Ask for help from wallet providers and security firms when unsure.
- Check online communities to know if anyone else is seeing similar unknown approvals.
Is Your Wallet Compromised if You Revoke a Fake Approval?
Some users have already fallen victim to this scam. y2z Ventures partner blanker.eth highlighted that the Multichain scammer had raked in 70,000 CHI tokens worth about $400 within four hours of launching the exploit.
However, if you are one of these users, there is no need to fret about the safety of other funds in your wallet.
"If you tried to revoke these fake approvals, you probably paid a very high fee, which went to the scammers. Besides that, the rest of your wallet should be safe," Revoke explained.
On the Flipside
- Tether and Circle have frozen about $65 million in tokens from the Multichain exploit.
- Multichain’s service remains paused following the hack.
Why This Matters
The gas token scam can potentially affect millions of users across multiple EVM chains.
Read this to learn more about the Multichain hack:
Learn about Polygon’s new CEO Marc Boiron: