You connect your MetaMask or Xaman wallet to a site claiming you have free tokens to claim. You click 'Approve Transaction.' Instantly, your entire wallet is drained of all tokens and NFTs. Welcome to the modern phishing attack.
The Mechanics of a Wallet Drainer
Traditional phishing tries to steal your password. Crypto phishing tries to trick you into signing a malicious smart contract approval (like `setApprovalForAll`).
By signing this transaction, you are cryptographically giving the attacker's smart contract permission to move tokens out of your wallet on your behalf. Since you authorized it, the blockchain executes it flawlessly.
The 'Revoke Cash' Defense
Every time you interact with a DeFi protocol or DEX, you grant it token approvals. If that protocol is later hacked, the hacker can drain your wallet. You must regularly use tools like Revoke.cash (or XRPL's native account settings) to routinely revoke approvals for smart contracts you aren't currently using.
OpSec Rules to Live By
- ✓Never click links in Discord or Telegram DMs. Customer support will never DM you first.
- ✓Bookmark the official URLs of DEXs and Yield Farms. Never Google them, as Google Ads are frequently hijacked by phishing sites.
- ✓Use a 'burner wallet'. Keep your main holdings in a cold wallet that never interacts with smart contracts. Send small amounts to a hot wallet (burner) for daily Web3 interactions.