I fell for a fake airdrop that granted unlimited withdrawal to a token with a smart contract. Nothing stood out as malicious as it was a 0 eth fee and I’m new to crypto. Also, since I initiated the transaction it felt like I was approving what I asked for, just like every other transaction I have done that was not malicious, Muscle memory at this point.
Once I saw the transaction in eth scan and saw the token icon(chainlink) that had nothing to do with an airdrop, that’s when I realized I messed up big. It was to late, they pulled out over 17k before I could move it and had no idea how to undo what I just did. Thankfully it was only one coin and not my entire wallet.
Metamask should add in a catch for this type transaction. " You are about to grant xx unlimited access to xx, are you sure?"
Or
“This contract exposes you to $$ of possible loss, are you sure”
This seems easy enough and would protect so many people that are not savy in defi.
Sure some people it would annoy but have a advanced option to turn it off.