This page explains how to use decentralized applications safely, identify phishing sites, review authorizations, and protect against malicious smart contract signatures.
Learn to Safely Use On-chain Apps
Most digital asset thefts do not come from hardware wallet vulnerabilities
But from malicious on-chain apps and incorrect authorizations
Understanding dApp risks is a crucial step in protecting your assets
What Are On-chain Apps (dApps)
dApps are programs that run on the blockchain — your wallet authorizes smart contracts to act for you, so contract approvals, not the wallet itself, ultimately decide what happens to your funds.
On-chain applications (Decentralized Applications)
are programs running on the blockchain. Users connect to these apps via wallets and authorize contracts to perform operations.
Wallets don't directly control assets, smart contracts can
What Are the Main Risks of Using dApps?
Four common attacks target dApp users: malicious contracts disguised as legit, unlimited token approvals, phishing sites mimicking real dApps, and signature-fraud tricking you into signing transfers.
Malicious Contracts
Attackers deploy malicious contracts to trick users into authorizing assets
Unlimited Approval
Users allow contracts to transfer assets without limits
Phishing Websites
Websites disguised as well-known projects.
Signature Fraud
Tricking users into signing malicious messages
Understanding Token Approval
In DeFi, users typically need to authorize contracts to use tokens
Limited Approval
Users allow contracts to transfer assets without limits
Unlimited Approval
Allows contracts to transfer all assets at any time
Unlimited approval is a common cause of theft
How Do You Safely Use On-chain Apps (dApps)?
Five habits keep you safe on-chain: connect only to trusted dApps, avoid unlimited approvals, sign every transaction on hardware, ignore random airdrops, and review past approvals regularly.
In DeFi, users typically need to authorize contracts to use tokens
Only connect to trusted websites
Avoid unlimited approvals
Use hardware wallets to confirm transactions
Be wary of unknown airdrops
Regularly check authorizationsMain Risks of On-chain Apps
Contract Address
Verify contract source and credibility to prevent connecting to malicious contracts
Transaction Content
Clarify transaction behavior and called functions to avoid misoperations or fraudulent signatures
Approval Amount
Carefully set approval limits to avoid granting unlimited access
Token Transfer Involved
Identify whether asset transfers are triggered to prevent fund theft risks
Manage and Revoke Approvals
Users can view authorized contracts through approval management tools
View Approval List
Revoke Approval
Limit Approval Amount
