Can a scammer drain my crypto wallet through a 'connect wallet' button on a website?
Yes. Malicious 'connect wallet' buttons can prompt you to approve a transaction that grants the scammer unlimited access to your tokens.
Last reviewed: 1 June 2026
Explanation
Wallet-draining scams disguise themselves as NFT mints, DeFi platforms, airdrop claim pages, or charity donation sites. When you click 'connect wallet' and then approve the transaction in your wallet app, you may be approving a smart contract permission that grants the scammer's contract the right to transfer all of your tokens. These are called malicious approvals or 'approval phishing'. The initial connection itself is not always dangerous, but the approval transaction that follows can be. Before approving any transaction, check what permissions it is requesting, verify the website address carefully, and only interact with contracts from official project links. You can revoke existing approvals through token approval checker tools.
Common red flags
- Website prompts a wallet approval for an amount labelled 'unlimited' or a very large number
- Site URL has minor spelling differences from the genuine project
- You found the site through a social media ad rather than an official project link
- The transaction gas fee seems very low, suggesting a pre-signed malicious transaction
What to do now
- Reject any wallet transaction you do not fully understand
- Check existing approvals with a reputable token approval checker and revoke suspicious ones
- If you approved a malicious contract, move remaining funds to a new wallet immediately
- Report the site to your national cybercrime unit and the platform that hosted the ad
Frequently asked questions
Is it safe to connect my wallet to read-only sites?
Connecting your wallet for read-only portfolio tracking is generally low risk, but you should still verify the site is genuine and never approve any transaction on a site you have not thoroughly verified.