Stay Safe: How to Spot New Scams and Protect Your Web3 Wallet

With the growing adoption of OKX Wallet, scammers are continuously developing new tactics to deceive users into authorizing wallets or revealing seed phrases or private keys, which may lead to the loss of assets. Please stay vigilant and be cautious at all times.

New scam case: malicious permission changes

This type of scam most commonly occurs during deposits made via the TRC network. Exploiting users’ desire for low-cost deals, scammers lure users into purchasing items such as fuel cards or gift cards at unusually low prices, or topping up accounts through third-party verification platforms. When users make deposits using the links provided, malicious code is triggered to alter wallet permissions, allowing scammers to obtain signature authorization and ultimately gain control of the user’s wallet address.

Scam Method Overview

Step 1: Scammers often lure users through “bait” such as discounted offers to click third-party links. From the deposit page, users are redirected to their wallet, where malicious code automatically fills in a token contract address.

Step 2: During the transfer process, a warning about permission changes and potential risks will appear. If the user proceeds, wallet permissions are maliciously altered. Subsequent transfer attempts may display error messages, but by this point, control of the wallet address has already been compromised.

How to prevent it?

Please do not click on links to gift card, fuel card, or recharge card websites promoted through misleading or fraudulent advertisements, and avoid making deposits on such sites, especially those that redirect you during the deposit process. Clicking on suspicious links and proceeding with a transfer may result in malicious changes to your wallet permissions, leading to potential loss of funds.
For legitimate deposit services, simply transfer funds directly to the recipient’s address to complete the transaction.

Other scam cases

Case 1: Leaking your wallet mnemonic/private key to a scammer

Scammers may ask users to share their screens under the pretense of offering investment guidance, low-price product deals, or private crypto trading. They then instruct users to create a wallet and, through step-by-step guidance, trick them into revealing their seed phrases or private keys. Once this information is exposed, the wallet is compromised, leading to the theft of assets.

Case 2: Using Similar Address to Mislead Users

Scammers use address “generators” to create wallet addresses that closely resemble a user’s receiving address. By misleading users into copying the wrong address, funds are transferred to the scammer, resulting in asset loss.

Case 3: Phishing Authorization via Malicious Contract Interactions

When users participate in certain projects within their wallet and confirm authorization transactions such as approval-related actions, the project is granted permission to transfer assets up to the approved amount. Scam or phishing projects may later exploit this authorization to transfer assets via smart contracts, generating contract interaction records in the wallet.

Once authorization is granted, it effectively allows the project or a smart contract to use the approved USDT or other tokens. Afterward, the smart contract can automatically transfer funds without further confirmation, and these actions will appear in the transaction history as contract interaction records.

Case 4: Fake “Giveaway” Scams Using Shared Seed Phrases to Steal Transaction Fees

Scammers may publicly share wallet seed phrases on social media, claiming they are exiting the crypto space and giving away remaining assets. They lure others into importing the seed phrase into their wallet.

In most cases, these wallets are multi-signature wallets that require multiple approvals to execute transactions. As a result, even after importing the seed phrase, users cannot actually control the wallet. Typically, such wallets contain tokens (e.g., USDT) but lack transaction fees. Once a user deposits funds to cover the transaction fee, an embedded program automatically transfers the fee out. The user is then unable to withdraw any assets, resulting in financial loss.

If you encounter this type of scam, especially those circulating in social media comments or community channels, please remain vigilant. Do not trust such claims, and never transfer transaction fees or any assets to unknown wallet addresses.

To learn more, you can click

Web3 wallet: Please be cautious of my unknown trades

A comprehensive overview of common scam tactics and how to protect yourself?