Partner of y2z Ventures, blanker.eth, has written a reminder about a new phishing method where scammers use Revoke Cash and Rabby to remind users to revoke authorization, causing users to consume excessive gas in minting CHI tokens. At the same time, blanker.eth is urging the Revoke Cash and Rabby teams to conduct a Gas Check and calling on BNB Chain to integrate EIP-3298 as soon as possible to remove the gas refund for `SELFDESTRUCT` and `SSTORE` cancellations.
An attacker has appeared on BSC and deployed a fake ERC-20 token (contract address: https://bscscan.com/address/0x1af32e8488822bf8e2fff374de8d737ecfb368c3), modified the approve() method, and manually forged authorizations for a large number of addresses on the chain, prompting Revoke Cash and Rabby to remind users to revoke authorizations. However, the approve() in the ERC-20 actually consumes a large amount of gas, allowing users to mint CHI tokens (i.e. gas tokens, destroying tokens can get a gas refund) for the contract deployer. The theoretical minting ceiling is the entire block capacity, and at BSC’s normal gas level of 3 Gwei, it will deduct approximately $60 worth of BNB from the attacker’s wallet. When users see the reminder to revoke authorization, they will mint CHI tokens to the contract deployer’s wallet by clicking to revoke authorization and sending a transaction.
Reference: https://twitter.com/0xblanker/status/1677784240086450176
- Why is weather-beaten UAE a promising region for Bitcoin mining?
- Developer Report 2023: Developer population has decreased by 22% compared to last year, with almost half of new developers leaving the field.
- Cryptocurrency Crash and Layoffs: Interpreting Lessons for Local Leaders in Building Innovative Ecosystems
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
