Posts  / #POST-238704
REDDIT

PSA: the scam that empties wallets without ever stealing your keys

E
Jul 16, 2026 · 06:24

Approval phishing does not need your keys or your seed phrase. You visit a site, it asks you to sign or approve something, and that approval quietly hands a contract standing permission to move your funds. It can sit unused for a while, then drain the wallet later.

A few habits that hold for any wallet:

\- Treat every signature request as a permission grant, not a formality.

\- Check what contract you are approving and what it is allowed to do.

\- Revoke old approvals you no longer use (revoke.cash and similar make this quick).

\- Reading the real transaction on a separate screen beats trusting the website popup.

How do you all vet an approval before signing?