Reddit users identify specific risks associated with unlicensed smart contracts


  • The bitcoin community received advice from Reddit member 4cademy, who mentioned that they had approved a lot of smart contracts during the previous two years.
  • Nearly $2.1 billion was taken in total by the top 10 exploits in 2022, most of which made use of DeFi protocols and cross-chain bridges.
  • Additionally, the user proposed having separate wallets for varied uses, for having one wallet that exclusively communicates with contracts.

In 2023, after the worst year ever for cryptocurrency thefts and attacks, the cryptocurrency industry offered advice to new investors. In light of these developments, it is essential to regularly check one’s intelligent contract permissions and remote access. The user suggested to the community via a Reddit post that because uncontrolled smart contracts may pose problems, approvals should be routinely withdrawn.

In the r/CryptoCurrency thread on January 1, the Reddit user 4cademy offered advice to the community of cryptocurrency users, indicating that they had approved numerous smart contracts over the previous two years and had decided it was time to evaluate those that they had already done so.

Since it was “better to be safe than sorry,” they decided to withdraw permissions for every smart contract in their wallet after learning that “nearly all” of their rights were for “infinite quantities.”

The user mentioned the likelihood that certain NFT or DeFi protocol holders may have unwittingly approved dangerous smart contracts from phishing attempts. They might be doing this out of anticipation of stealing user money.

The top 10 exploits in 2022 collectively stole almost $2.1 billion, mostly using DeFi protocols and cross-chain bridges where criminals took advantage of security holes in pre-existing smart contracts to carry out their crimes.

The user also suggested using various wallets for different purposes, such as having one wallet that only interacts with contracts and another that doesn’t and is simply used for keeping money.

Another recommendation offered by visitors who left comments on the page was to schedule the cancellation of all competent contract approvals for the first of every month or even the first of every week.

Some claimed that third-party services, such as those provided by Ethereum, polygon, and BNB Smart Chain, might be used to check and revoke smart contract approvals.