Malicious authorization is to authorize a certain Token with a certain number of callable permissions through the Approve operation, usually stealing all the balance of the authorized Token. So if an ordinary address has not performed the Approve operation, can it also be called?
Recently, more and more users have reported that they will see records of 0USDT being transferred out in their USDT transfer list, as shown below:
When you see your address being called to transfer 0 assets, your first reaction is to think that you may be at risk of being maliciously authorized, so you open a permission detection tool or browser to check your authorization record.
An authorization record was found in the authorization list, but a [Cancelled] prompt was found on the right side. Click the arrow to view the authorization and cancellation records.
The content in the authorization change record is blank, and the user is completely confused at this time.
Don’t worry! Let’s restore this together.
1. Open the TRON browser, find the USDT contract address, and click [Contract]--[Write Contract]--[transferFrom]
2. Fill in the sending address, receiving address and quantity here respectively, and then click [Send] to complete the signature using the plug-in wallet. You will see the green [true] at the bottom indicating that the execution was successful. If the quantity here is set to something else, it will prompt the content that has been sent, but because the other party does not have the quantity that can be called, the execution cannot be successful. The TRX consumed here is paid by the other party.
3. After the execution was successful, we continued to check the authorization information of this address, and sure enough, another blank record was added.
At this point, I believe everyone should have a full understanding of the reasons for this problem. It shows that any address can be used to call, but this method is in vain. It does not put our assets at any risk, but Their ultimate goal is to let you use the wrong address to trigger mistaken transfers for profit. Scamming with the same last number address is a complementary scam method.
This kind of call is also applicable to other EVM chains. The previous high imitation tail number address fraud method was an active transfer method. The current call is a transfer method, which will be more confusing for triggering misoperations. Scammers update their tricks very quickly, so everyone should pay more attention to their precautions.
Let’s explain some of the questions that everyone is confused about:
1. Why is my asset called.
This operation is performed directly through the TransferFrom function of USDT. Any address can be called here and generate a record in the wallet and a blank record in the authorization record.
2. If this happens, are my assets still safe?
The purpose of this operation is to simulate the transfer record from the user's address, combined with the disguised address method to induce the user to mishandle the transfer. It does not cause any risk to your assets, but please be sure to pay attention to this possible misoperation. implement.
3. Why the wallet doesn’t take action.
This is a new method of auxiliary fraud that uses normal mechanisms to perform operations, so there has not been much optimization in the wallet for the time being, but TokenPocket will optimize this issue in the future.