After the worst year ever for cryptocurrency hacks and exploits, The cryptocurrency community has given some advice to new investors heading into 2023: check your smart contract approvals and revoke access regularly.
Reddit user 4cademy posted its advice on the r/CryptoCurrency subreddit on Jan. 1, noting that it had approved a bunch of smart contracts over a two-year period and “figured it was time to check my approved smart contracts.”.
He discovered that “almost all” of his approvals were for “unlimited amounts,” which prompted him to revoke approvals for all smart contracts in his wallet.as it was “better safe than sorry”, and advised:
“You should also at least check your approvals and possibly revoke them.”
The reason for doing this, the user said, is that some users of decentralized finance (DeFi) or non-fungible tokens (NFT) protocols may have mistakenly approved malicious smart contracts of phishing attempts that could be lurking to steal user funds.
Such ice phishing scams have been successful in the past.; an elaborate month-long scam involving an offer from a bogus movie studio led to the theft of 14 Bored Ape Yacht Club (BAYC) NFTs from a single wallet.
Even known “good behavior” contracts should be revoked, as hackers could find exploits to steal funds from connected wallets.
The top 10 exploits in 2022 saw around $2.1 billion stolen mostly from DeFi protocols and cross-chain bridgeswhere the attackers found vulnerabilities in existing smart contracts to carry out their heists.
The user offered more advice: he said to “use different wallets for different purposes”such as having a wallet that only interacts with smart contracts and another that does not that is used for the sole purpose of storing funds.
Users who commented on the post also suggested that a recurring interval could be scheduled to revoke all smart contract approvals, such as the 1st of every month or even the beginning of every week.
Others suggested that there were third-party services that could check and revoke smart contract approvals on various chains, such as BNB Smart Chain, Ethereum, and Polygon.
One user responded that the “best” advice was to interact with as few smart contracts as possible.adding that “revoking permissions is a good practice, but not giving permissions in the first place is better.”
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.