DApp Phishing Scam in Coinbase Wallet

With Chrome Dev Tools , I was able to look inside the client code of https://u2e-free.com. This site is the scam dapp that drained all my USDT after my Coinbase Wallet granted them unlimited spending of my USDT. The site is a single-page web application written in Vue.js v2.6.12 and web3.js . Below is the tree view of the site. The application supports two different languages in its UI — English and Chinese, with English as the primary language. I concluded that English is the primary language because there are untranslated texts for the Chinese version as shown below. Next I will focus on the code that implements the Receive button. This is the most important action because it is what obtained the permission to spend unlimited USDT from victims' wallets. Below is the receive function that implements the action. The function above does the following: Obtain the USDT Contract Get the estim

The DApp Phishing Scam inside Coinbase Wallet is now widespread with more and more people becoming victims. There is a subreddit on this scam with 256 members (many of which I believe are victims) as of now: https://www.reddit.com/r/eth_liquidity_scam/ I made various attempts to inform Coinbase of their vulnerability since I got scammed on November 18, but it looks like nothing has changed since then. I also have been collecting Google Play Store reviews of Coinbase Wallet which I think are from victims, and I found a review that inspired me to make one more attempt: What's stand-out about the review above is that it got a response from Coinbase Wallet, giving information on phishing: https://help.coinbase.com/en/coinbase/privacy-and-security/avoiding-phishing-and-scams/what-is-phishing Reviewing the page, I did not see any examples of DApp phishing so I wanted to report on this type of phishing. The instruction for this

After I got scammed over $50K when using Coinbase Wallet , I contacted Coinbase Support several times. Initially, I was telling them my situation and asked them if there was anything that could be done to take the money back. After that, I tried to inform them of the vulnerability in Coinbase Wallet where money could be drained even when the recovery phrase was never compromised. I don't know how many others have pointed out that issue to them, but at least there was my attempt over a month ago that I will disclose in this post. Below is our first communication thread between November 18 and 19. It started with filling out a form in the Coinbase Help Center . I did not capture the screenshot of the support form, but I did capture the text I submitted. All the money, $58,734.78 (USDT), in my wallet got transferred out of my wallet without my permission through this transaction: https://etherscan.io/tx/0x28fe570dc54f6432db9fd7b7fce6808

Updated: February 19, 2022 The following are recent reviews of Coinbase Wallet on Google Play Store that I have collected. I believe these reviewers are victims of the same DApp phishing scam while using Coinbase Wallet . I could not find earlier reviews that I was able to capture screenshots of because I could not scroll down far enough. Google kept on refreshing the list and reviews are randomly out of order after each refresh. This is either an annoying bug (Google, bug?) or it is an intentional throttling mechanism that Google put in place to prevent us from finding the reviews we want (?). Ali Dibo February 18, 2022 The wallet has so many vulnerabilities and hackers favorite wallet to drain