New phishing alert: Attackers on BNB Chain are using fake authorizations to deceive users into giving away Gas.

Partner of y2z Ventures, blanker.eth, has written a reminder about a new phishing method where scammers use Revoke Cash and Rabby to remind users to revoke authorization, causing users to consume excessive gas in minting CHI tokens. At the same time, blanker.eth is urging the Revoke Cash and Rabby teams to conduct a Gas Check and calling on BNB Chain to integrate EIP-3298 as soon as possible to remove the gas refund for `SELFDESTRUCT` and `SSTORE` cancellations.

An attacker has appeared on BSC and deployed a fake ERC-20 token (contract address:, modified the approve() method, and manually forged authorizations for a large number of addresses on the chain, prompting Revoke Cash and Rabby to remind users to revoke authorizations. However, the approve() in the ERC-20 actually consumes a large amount of gas, allowing users to mint CHI tokens (i.e. gas tokens, destroying tokens can get a gas refund) for the contract deployer. The theoretical minting ceiling is the entire block capacity, and at BSC’s normal gas level of 3 Gwei, it will deduct approximately $60 worth of BNB from the attacker’s wallet. When users see the reminder to revoke authorization, they will mint CHI tokens to the contract deployer’s wallet by clicking to revoke authorization and sending a transaction.


Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.


Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Digital Asset Investment
Real world, Metaverse and Network.
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.