In a worrying turn of events for crypto users, GoPlus Security has issued a high-risk security alert following a malicious exploit linked to the DMT token airdrop, reportedly orchestrated by a project named DexMaxAI. The scam has allegedly led to the theft of over $130,000 in cross-chain assets, prompting GoPlus to urge affected users to take urgent protective action. (Coincu)
What Actually Happened
- According to multiple reports, more than 1,000 users who claimed the DMT airdrop were tricked into signing additional authorization transactions. (KuCoin)
- These extra signatures weren’t innocuous: attackers used them to gain token approval permissions, allowing them to transfer users’ assets without further interaction. (Coincu)
- The stolen funds then flowed out via cross-chain bridges, mostly ending up as ETH, with a large portion landing on the HitBTC exchange. (youtocoin.com)
- Alarmingly, the official DexMaxAI Twitter account and website were taken offline, raising suspicions of a rug-pull. (KuCoin)
Why This Is Particularly Concerning
This isn’t just another “airdop scam” — several factors amplify the seriousness:
- Social Engineering + Signature Abuse
The attack tricked users into signing not just to claim tokens, but to authorize additional interactions. Once permission is granted, scammers can move tokens without needing more confirmations. That’s powerful and dangerous. (Coincu) - Cross-Chain Complexity
The use of cross-chain bridges indicates a well-planned operation. Moving funds across chains (especially into ETH) suggests the attackers knew what they were doing — and how to obfuscate their trail. (youtocoin.com) - Token Approvals Are Risky
This incident underlines a broader problem: users often underestimate the power and risk of “approve” or “permit” transactions in smart contract systems. Once you approve, you can give away broad access to your tokens. (SlowMist) - Lack of Transparency
The sudden disappearance of DexMaxAI’s online presence makes it hard for victims to verify legitimacy or claim recourse. That’s a major red flag in any crypto project. (KuCoin)
Immediate Steps GoPlus Recommends
GoPlus has made clear, practical suggestions for anyone who interacted with the DMT airdrop:
- Revoke Authorizations: As a priority, users should revoke any suspicious token approvals linked to the DMT airdrop. GoPlus’s alert explicitly calls for this. (KuCoin)
- Move Assets to Safer Wallets: If revoking is not enough or if you’re unsure, transfer your assets to a wallet you fully control. GoPlus stresses that this is safer than staying exposed. (youtocoin.com)
- Use Revocation Tools: On Solana, there are on-chain tools built specifically for revoking authorizations. GoPlus advises using them without delay. (KuCoin)
- Stay Informed: Keep an eye on trusted sources and alerts from security providers like GoPlus. Being vigilant is one of the best defenses.
Broader Implications for Crypto Security
This incident isn’t just about one token. It speaks to systemic vulnerabilities in how crypto users claim airdrops:
- Airdrop Risks: “Free” tokens can be deceptively dangerous. Attackers often use airdrops as lures to get people to authorize malicious contract interactions. (SlowMist)
- Approval-Based Exploits: The “approve” function in ERC-20 (and equivalent standards) is a consistent attack vector. Some academic research has shown that even well-understood contract logic can be exploited through clever sequencing of approvals. (arXiv)
- Regulatory Pressure May Grow: As these approval-based and social-engineering exploits become more common, regulators could tighten oversight, especially when it comes to how tokens are distributed and how users are educated. The SEC, for example, has already signaled concerns about promotional token distributions being classified as securities. (SEC)
- User Education Is Key: This isn’t just a “developer problem” — individual users need to be more aware of the permissions they grant and know how to manage them safely. As recent blockchain research suggests, education combined with better monitoring tools can help reduce exploit risk. (Newswise)
Advice for the Crypto Community
Given what’s happened, here are some proactive tips for anyone in crypto — whether you’ve claimed the DMT airdrop or not:
- Limit Approvals Whenever Possible: When prompted to “Approve” a contract, think carefully. Do you understand what you’re giving permission for, and is it necessary?
- Use Revocation Dashboards: Tools like Revoke.cash (for Ethereum) or on-chain revocation tools on other chains are invaluable for cleaning up unwanted approvals.
- Keep Wallets Separate: Use a “main” wallet for long-term holding and a “dapp/airdrop” wallet for interacting with new projects. If something goes wrong, your main funds stay safer.
- Verify Projects Before You Interact: Check the legitimacy of airdrops, use known community sources, and don’t rely purely on announcements. Scam projects often disappear quickly once they’ve done the damage.
- Regularly Monitor Transactions: Watch for unexpected approvals, transfers, or changes. Proactivity can help you catch issues before they escalate.
Final Thoughts
This alert from GoPlus Security is a stark reminder: in the world of crypto, “free” doesn’t always mean risk-free. The DMT airdrop incident highlights how social engineering combined with smart-contract mechanics can be weaponised.
For users, the message couldn’t be clearer: revoke suspicious permissions, move your funds if necessary, and always treat airdrops with caution. For the wider industry, it’s a wake-up call — a need for better education, safer tools, and perhaps tighter standards around token distribution and permission management.
As we continue to navigate the evolving landscape of Web3 and decentralised finance, this event should serve as a case study: security isn’t just about code — it’s about user behaviour, awareness, and trust.
Sources:
- GoPlus Security alert and details on stolen funds (KuCoin)
- Over $130,000 lost via fraud in DMT airdrop (KuCoin)
- KuCoin’s report on revocation advice (KuCoin)
- Cross-chain stealing and bridge use (youtocoin.com)
- Risks from token approval mechanisms (SlowMist)
- Academic insight into ERC-20 approval vulnerabilities (arXiv)
- Regulatory context around token distribution (SEC)
- Broader research about phishing and user education (Newswise)
