The Ethereum Classic community issued a security advisory warning users about a rise in fraudulent websites impersonating legitimate decentralized applications. These scam sites targeted ETC users through phishing, malicious contract approvals, and fake token offerings.
Common Attack Vectors
Phishing Sites
Attackers created websites visually identical to popular DeFi interfaces, using similar domain names (typosquatting) to trick users into connecting their wallets. Once connected, the sites would prompt users to sign transactions that drained their funds.
Malicious Token Approvals
Some fraudulent dApps requested unlimited token approval permissions. While legitimate dApps may request approvals for specific amounts, scam sites exploited the ERC-20 approval mechanism to gain permanent access to a user's token balances, which could be drained at any time.
Fake Token Contracts
Scammers deployed token contracts designed to appear legitimate — complete with names, symbols, and even fake liquidity — but containing hidden mechanisms such as:
- Transfer taxes that route funds to the deployer
- Mint functions allowing unlimited supply creation
- Blacklist functions preventing token sales (honeypots)
- Self-destruct mechanisms to remove evidence
How to Stay Safe
Verify contract addresses: Always confirm dApp contract addresses through official sources. Check addresses on Blockscout before interacting.
Bookmark trusted sites: Access dApps through bookmarked URLs rather than search engine results or social media links. Scam sites frequently purchase ads to appear above legitimate results.
Review approvals: Before signing any transaction, carefully review what permissions you're granting. Use token approval checker tools to audit and revoke unnecessary approvals.
Check contract verification: Legitimate dApps typically have verified, open-source contracts on block explorers. Unverified contracts should be treated with extreme caution.
Use hardware wallets: Hardware wallets provide an additional verification step, displaying transaction details on the device screen before signing.
Community Response
The ETC community maintains awareness of known scam contracts and phishing domains. Users who encounter suspicious sites are encouraged to report them through community channels to help protect others.
Always verify before you interact. If a deal seems too good to be true, it almost certainly is.