With the rise in crypto hacks and fraud in 2024, it is crucial to stay vigilant. A recent report by ImmuneFi highlighted that these kinds of attacks have risen to an alarming 112% in the second quarter of 2024. One simple and effective way to protect your assets is to revoke token approvals regularly.
This is a companion article to the post-mortem report and malware analysis published regarding the 7 August 2024 security incident.
7 August Incident
On 7 August 2024, attackers gained access to credentials to manage smart contracts for the Fundrs platform. Using these credentials, they transferred $NXRA tokens from the Fundrs staking contracts on Ethereum and accessed the vesting contract on Avalanche. They have never been able to access $NXRA tokens in users’ wallets.
Fundrs smart contracts have been rigorously audited, and it has been confirmed that the issue did not stem from them. Users who only staked on the platform don’t need to take action. However, to ensure the security of assets, it is a good practice to review token approvals regularly.
What Are Token Approvals?
Token approvals allow a DeFi dApp to “spend” your tokens. While up-to-date crypto wallets like MetaMask suggest appropriate amounts for approval, older or malicious websites may request “unlimited” approvals. This grants them unrestricted access to your tokens, even after disconnecting your wallet.
To better protect yourself, you could optionally revoke token approvals for all your tokens — particularly $NXRA and stablecoins like $USDT or $USDC — on Fundrs smart contracts. Below is a list of smart contract addresses related to Fundrs fundraising rounds:
- Ethereum: 0x556553093A3b7B4839eFeCc890e8065E3FC97C77
- Avalanche: 0x3EEa8015c635ff213aeFEBc20119E03aAd7933A3
- Polygon: 0x9E0Fa708F4534C2D9a2706498502362dfdF44D9f
- Arbitrum: 0x9E0Fa708F4534C2D9a2706498502362dfdF44D9f
How to Revoke Token Approvals
You can use various tools to revoke token approvals, such as Revoke (revoke.cash) or blockchain explorers like Etherscan. However, please do your research before taking action.
Via Revoke
Revoke (revoke.cash) is a tool for inspecting and revoking token approvals. Revoke lets you easily search for specific smart contract addresses and immediately see your token approvals.
Connect your wallet to the website and check your token approvals for smart contract addresses mentioned above on Ethereum, Avalanche, Polygon, and Arbitrum networks. Once you’ve selected a network, you will see a list of your tokens and the approvals that you’ve granted.
From this screen, you can:
- Switch networks to see your token approvals on other networks.
- See which contracts requested token approvals.
- Edit your approvals.
- Or revoke token approvals completely.
Note that revoking token approvals costs minimal gas to process the transaction.
You can also search for the smart contract address to see which tokens have token approvals for that contract.
Via Blockchain Explorers
You can also use blockchain explorers like Etherscan (etherscan.io) for Ethereum to inspect and revoke token approvals.
To access their token approval checker, visit etherscan.io, click “More” and then “Token Approvals” in the menu above, or directly access the tool at this link.
On this page, you can:
- Paste in a wallet address and quickly inspect the active token approvals for the wallet.
- Select “Show all approvals” to show all token approvals.
- Opt to evoke the approval for the specific asset and the spender.
Please note that you have to connect your wallet to be able to revoke tokens.
About Nexera
Nexera is empowering the future of finance with cutting-edge open-source innovation. Nexera infrastructure seamlessly incorporates blockchain technology, facilitating on-chain and off-chain operations for simplified digital, financial, and real-world asset management.
Nexera is focused on nurturing the broader ecosystem and DAO and enhancing the utility of the $NXRA token. It is committed to promoting community growth and driving innovation in the digital asset space, including the growth and development of current and future key ecosystem partners.
Learn more about Nexera by following them on X, joining the Telegram Community, or visiting their website.
