New year community advice: Check your smart contract approvals

cointelegraph.com:

On the back of the worst year for crypto hacks and exploits, the crypto community has given some advice to newbie investors going into 2023 — check your smart contract approvals and revoke access regularly.

Reddit user 4cademy posted their advice to the r/CryptoCurrency subreddit on Jan. 1, noting that they had approved a slew of smart contracts over a two-year period and “thought it was time to check my approved smart contracts.”

They found “nearly all” of their approvals were for “unlimited amounts," which spurred them to revoke approvals for all smart contracts in their wallet as it was “better safe than sorry,” and advised:

The reason to do this, the user said, is that some users of Decentralized Finance (DeFi) or nonfungible token (NFT) protocols could have mistakenly approved malicious smart contracts from phishing attempts that could be lying in wait to steal user funds.

Such ice phishing scams have been successful in the past, with one such elaborate month-long scam involving an offering from a fake film studio leading to 14 Bored Ape Yacht Club (BAYC) NFTs stolen from a single wallet.

Even known “good-behaving” contracts should be revoked as hackers could find exploits to pilfer funds from connected wallets.

The 10 largest exploits in 2022 saw around $2.1 billion stolen mostly from DeFi protocols and cross-chain bridges where attackers found vulnerabilities in existing smart contracts to carry out their heists.

Related: Developers need to stop crypto hackers or face regulation in 2023

The user offered up further advice saying to “use different wallets for different purposes” such as having a wallet that only interacts with smart contracts and another that doesn’t which is used for the sole purpose of holding funds.

User