Can my tokens be stolen?

Hi guys,

I keep receiving these BEP 20 tokens on the BSC from unknown sources, tokens that i know nothing about. Then i realized these are dust attacks and i am not the only one. I was wondering if i could swap these tokens for BNB? How could the dust attacker steal my other tokens in my wallet or do anything to benefit out of the dust attack? What are the risks associated with swapping the dust attack tokens?

Your tokens CAN be stolen if you are not careful with the transaction that approves the BEP-20 token to be spent from your wallet. It is a good idea to search the respective community, twitter, forums, etc to see what others are saying about a specific token. It can become obvious very quickly if an airdrop is malicious.

Sometimes it isn’t a dust attack at all, it’s just a project trying to extend its reach. There’s a reason people put “DYOR” everywhere - the more you search, the more likely you are to discover problems with a malicious token.

Cheers and good luck!


Can they get access to my wallet if I approve a tokens to be spent from my metamask wallet? Can the scammer design their contract as such so that he can access my whole wallet if I approve a token to be sold on pancake swap before swapping it.

I tried swapping one such token for which the error that BSC gave was " Fail with error ‘ERC20: token must be unlocked before approve. Visit for more info’ " so what does this mean? assuming this is a scammer can he get access to my wallet? should i be worried?

if this is a scam and he can get access then what can i do to prevent myself from getting scammed now?

With a little (very little) research, this looks totally like an scam.
It seems they spammed A LOT of wallets with 800.000 “vera” transactions. 800.000 Vera seems to swap to USD 94k (huge amount of money). If you try to change them you get the error you mentioned: Fail with error ‘ERC20: token must be unlocked before approve. Visit for more info’
No matter which exchange you use… as the authorization fails, I don’t think that can harm you in any way… but I’m not 100% sure as any transaction failed or not leaves traces, and if this is intended to attack your privacy this could partially be a success for the dusters/scammers.

Then if you go to site… the site looks bad, really bad! The domain has been registered for a couple of days and it totally lacks of legit project information. All you get is the “connect your wallet” button. I didn’t clicked but probably that’s the point where the malicious attack really begins, so, you better don’t click it!!!

I hope you’ll get new information about this probable scam soon, for now this is the only post I found about this.

1 Like

Some people out there are confirming that Vera. io (veranet. info) is a scam, if you connect the wallet at his site they empty your wallet. So just be careful.
Connecting wallet to a site you didn’t know and trust is usually a very bad idea.


thanks for your valuable update. i very much appreciate it. saves me from going rekt

1 Like

I have seen that only a few times. The best practice is not to unlimited approve any tokens, and don’t approve tokens you don’t recognize. Remember "There ain’t no such thing as a free lunch "

So what do we do with these tokens that have been airdropped?

Just leave them alone in our wallets?

I’ve received these garbage bep-20 tokens:

I can’t advise you no what to do with them, but to my knowledge there isn’t danger in ignoring them.

1 Like

I have the same issue… i received the same tokens and i tried to swap one of them and have approved it on my end but it was failed… will it harm my metamask? When i check on the bscan one of them i read a warning that it is a phishing and I get worried that all my tokens in my metamask might be lost…

Is there anything I can do? Please help…

No, it won’t harm your metamask. There is nothing you need to do at this time. If you really don’t want the tokens in your wallet you should be able to send them away without unlocking them.

sorry for my english, i’m from brazil… i got scammed by one of this “fake tokens” when you go to the website and click to claim tokens, you pay a small fee to aprove the site to spend your token… and you know what happens next… my question is… this authorization of transaction, they only can do once with one token or it can be multiple tokens and entire wallet? and is there a way to block new transactions or resetting every permission ?

1 Like

make sure you read what you are accepting, they might be asking for permission to clean out all your tokens and you just push the accept button without realizing you gave them access to everything.

You can use the tool from the site unrekt to revoke the permissions you have accepted. You have to connect your wallet to the site and each revoke will cost you a transaction (gas) fee.

I have used this site to revoke permissions and haven’t had issues, but please don’t take my word for it, please do your own research before you connect your wallet to any site you don’t know.

That said, this is the site:

app(dot)unrekt(dot)net (change (dot) to . since I cannot add links here)