Receive some random tokens in your Wallet?

You may have been going about your Crypto life when out of nowhere you receive an airdrop/deposit of some random token into your wallet. Curiosity sets in and upon a quick check it seems you may have a new found fortune just waiting for you once you swap said tokens to your currency of choice!! The excitement quickly fades when upon approving the token for sale on PancakeSwap, you find you're unable to actually trade it. This type of "attack" goes by a few names, most common being a "dust attack." The term "dust attack" originates from the ETH blockchain where these types of scams first started to commonly occur. They've now become extremely common on the Binance Smart Chain as well.

I'll go into some more detail but first and foremost, it's important to know that other tokens or funds cannot be taken from your wallet simply from you trying to sell a token on PancakeSwap. This goes for any token, whether it's a scam or not. There is a lot of misconception around this and a lot of unnecessary panic caused by the spread of misinformation. There is no need to waste gas and cause yourself undue stress and anxiety. I'll outline some of the common ways we've seen this scam work and the recommended course of action for each.

SCENARIO A

  • You receive a deposit of 10,000 tokens of a coin called "Project Scam"
  • You proceed to go to PancakeSwap, add the custom contract for "Project Scam", approve it for sale, and attempt to swap the 10,000 tokens into BNB.
  • The transaction fails
  • You try it several more times with various gas amounts, each time it fails
  • You give up

In Scenario A above, there is no action you need to take. You've wasted some money on gas on a token you'll never be able to sell, and other than that, life continues on. No need to transfer your funds to another wallet, revoke approvals, etc.

SCENARIO B

  • You receive a deposit of 50,000 tokens of a coin called "Good Project Sir"
  • You proceed to go to PancakeSwap, add the custom contract for "Good Project Sir," approve it for sale, and attempt to swap the 50,000 tokens into BNB
  • The transaction fails
  • You try it several more times with various gas amounts, each time it fails
  • You try another swapping platform like Bog Swap or PooCoin Trade and repeat the above steps, each time the transaction fails.

In Scenario B above, there is no action you need to take. You've wasted some money on gas on a token you'll never be able to sell and you did on multiple swap platforms "just to be sure". Other than that, life continues on. No need to transfer your funds to another wallet, revoke approvals, etc.

SCENARIO C

  • You receive a deposit of 30,000 tokens of a coin called "ShitToken.io"
  • You proceed to go to PancakeSwap, add the custom contract for "ShitToken.io", approve it for sale, and attempt to swap the 30,000 tokens into BNB.
  • The transaction fails
  • You decide to visit the website "ShitToken.io"
  • Upon getting to the website you see a notification, button, or similar that says "Received an airdrop of tokens? Click here to see your options!"
  • You click the button and are brought to a page that instructs you to connect your wallet in order to swap the token using their platform
  • You connect your wallet, you attempt to swap the token and the transaction fails
  • You give up

In Scenario C above, because you connected your wallet to an unknown website/platform, you should immediately take action to transfer and secure your funds. In over 95% of incidents similar to this, the suspect finds their wallet drained of BNB or other funds within hours (sometimes sooner) of connecting their wallet. Other times the attacker may wait months for an opportunity to strike and drain the funds. Always pay attention to the permissions being requested in MetaMask/Trust Wallet when connecting your wallet to a dapp.

SCENARIO D

  • You receive a deposit of 150,000 tokens of a coin called "Miner XYZ"
  • You proceed to go to PancakeSwap, add the custom contract for "Miner XYZ", approve it for sale, and attempt to swap the 150,000 tokens into BNB.
  • The transaction fails
  • You decide to google or lookup "Miner XYZ" token and come across their website
  • Upon getting to the website you see a notification, button, or similar that says "Received an airdrop of tokens? Click here to see your options!"
  • You click the button and are brought to a page that instructs you that in order to unlock or approve the tokens for sale, you must "upgrade" your wallet by paying a small fee (usually in BNB)
  • You connect your wallet and pay the fee to upgrade your wallet

In Scenario D above, because you connected your wallet to an unknown website/platform, you should immediately take action to transfer and secure your funds. In over 95% of incidents similar to this, the suspect finds their wallet drained of BNB or other funds within hours (sometimes sooner) of connecting their wallet. Other times the attacker may wait months for an opportunity to strike and drain the funds. Additionally, the fee or money you paid for the "upgrade" is gone. Always pay attention to the permissions being requested in MetaMask/Trust Wallet when connecting your wallet to a dapp and never send or pay funds to "upgrade" or "unlock" any random tokens in your wallets.

FAQs

But I heard that by trying to sell the token on PancakeSwap I have to revoke the approval or all my other tokens will get stolen!!??

This is not true, and not possible. Connecting on PancakeSwap simply grants "account view" permissions. Approving a token for sale only approves that single token for swapping on PancakeSwap. All incidents where funds have been drained after a similar incident all involve having private keys or seed phrases compromised (usually unbeknownst to the victim)

I had Token XYZ in my wallet and one day it was gone! Is it because I didn't revoke the permission?

Not really. The thing most people don't understand about BSC tokens is that even though you see them "in your wallet," they aren't really "in there" and you don't really "own" them. The smart contract is acting as the authority here which tells the blockchain that you "own" those tokens. When you sell/buy for example, the swap protocol is "calling" the smart contract, which then responds confirming (or otherwise) the transaction and making the needed entries to the "ledger". Your wallet acts as an app that reads this ledger and reflects the "balances" to you. Depending on the smart contract and the functions included, it's possible for things to change like balances, name, and otherwise.

I received a scam token and tried to sell it. What do I do?

Read above and determine which scenario best matches your situation and take the appropriate action. In a situation where you don't know what happened or cannot remember, it's always better to air on the side of caution and transfer and secure your funds into a fresh wallet.

Leave a Reply

Join

advertise

DISCLAIMER: The information presented here is for educational purposes only and is not financial advice. Always investigate crypto projects fully and never invest more than you are willing to lose. The DeFi District is not responsible for the accuracy or reliability of information presented. Projects presented on the daily launch list are not to be considered vetted or approved by The DeFi District.