Hi all,
I am supplying XVS via Venus and noticed that my supply balance is not showing correctly. I did not transfer the vXVS tokens. Can anyone advise?
Best, ChrisCross
This is why:
Why did you approve infinte vXVS for 0xc5dd78d7144efdf3c1fbbf52f24ea8b2d027196d and then sent your vXVS to 0x235075efb881fba4323ceac3c0f92d59215d42c9 ?!!!
Thanks for looking into it. Did not do knowingly.
Is there anything I can do to recover? Will pay for recovery.
Short answer: your tokens have been siphonned out of your wallet and are now in the hands of a scammer. As JUST investigated, you provided approval to your full XVS balance to a close code smart contract. This kind of malicious contract may move your tokens anywhere, and it happened.
What to do:
- Remove the similar dangerous approvals you provided to avoid losing more funds, if any.
- Do not listen to any “Recovery Super Hero” who would help you. They would be scammers.
- Only Venus team and/or Binance may help, and that’s very very unlikely. Contact Binance support chat and invoke the “Binance Pionneer” procedure. It means early adopters of Binance tech who did mistakes like you could receive help from Binance. Is XVS eligible? I doubt, but you may ask them. If they help, the Binance fee is a fixed 0.001 BTC.
Thanks - where can I check for similar approvals for my wallet?
He didn’t, the scammer did, using the approval. The mistake is the 1st tx. Other are the scammer’s job.
I keep hearing about these smart contracts. How do I avoid them? I assume it comes from connecting your wallet to unscrupulous sites?
They put the “Smart” in Binance Smart Chain.
If you provide approval for token X to a smart contract C, so the program C (because contract is here a term for program) can do whatever it has been programmed for, including malicious token transfer.
If you use the BSC with no contract interaction (assuming you don’t count the tokens as Contracts, because in fact, they are) so you won’t use any dApp. Even PancakeSwap is made of contracts. The only non-contract thing on BSC is the naked BNB. In such case, better say on CEX like Binance.
Realistically, grant approval only to contracts you trust for good, such has Venus or Pancake, and regularly use the BSC Allowance tool (see above) to revoke unused or suspicious allowance.
Token approval is very much like the Wire Transfer authorization you granted your Electricity supllier: it could pull any money from your account. But in the blockchain world, once the money is gone, so it’s gone.
I’ve been a victim of such a malicious smart contract when I entered BSC, namely BullFarm. Sometimes very elaborated dApp run for long before starting to siphon their users wallets. The key is to use only the very very most reliable like Venus, Pancake, Cream, Sushi…
Not simply connecting, but either signing a transaction (like you’d sign a check of any amount to anybody) or providing token allowance.
The extreme case would be to trick you into entering your passphrase, but here it would be simply scam/phishing, not limited to smart contracts.
1 Like
Thanks for all the replies – highly appreciated.
I tried all the suggestions and learned that this case does not qualify for the Binance Pioneer program since it is not a wrapped token.
Is there anything else I could do? Is there a Venus recovery fund?
Thanks again for all your support.
Not surprised, the Pioneer program is limited to Binance wrapped and BNB. Since XVS (and VAI) are part of the Binance ecosystem, it could have worked, but unlikely, sadly.
So far I don’t see any reliable way to get your tokens back. They are not stuck or frozen, they are stolen. To refund you, they would need to re-mint them, and minting XVS out of thin air is not normal action for a platform, except in case of global hack, where the platform itself has been hacked (see Bunny for example).
Last attempt would be to trigger attention of the Venus team, but I strongly doubt. Also in the worst case, you are a liar and are both the hacker and the victim, sent tokens to yourself, faking a scam. I don’t state that, but that’s technically possible, and this case already happened. This is why a simple XVS remint is not really possible.
The amount is big, USD 178K, maybe hire a specialized lawyer and start an investigation to find the scammer identity to go to the courts. It worked for the PolyNetwork hack and other. However lawyers are not cheap and the chance of recovery is very low. In my case, when Bullfarm stole my tokens months ago, I simply cried and wrote off my loss, that’s, sadly, how blockchain works.