I was scammed a few days ago using a staking/farming protocol that has since gone offline (polylambo). Usually I move on from such scams and consider it a lesson learned, but now I have a bigger problem: the smart contract I interacted with perpetually siphons tokens for the token addresses that have been staked before: WMATIC, WETH, WBTC, some LPs, QUICK, and POLYDOGE. Essentially what happens is that whenever my wallet address (0x6533…) has a balance of any of the above tokens, a few minutes later that token balance its transferred out into an external wallet address by the malicious smart contract. Let me explain with an example:
A few hours ago I purchased 1 Matic’s worth of Polydoge (my wallet: 0x6533…), as seen here:
A few minutes later, a token transfer takes place that takes those funds and transfers them to the “scam wallet”, 0x609d…:
I noticed that the token transfer is executed by the following smart contract, which was created by the scam address: 0xD1348C232dAd3D778b38E8927FDA657D71CE906C
Now I know that the easy, short-term way out is to just transfer out all my tokens into a separate wallet address and never use the 0x6533… address ever again, but I am in a costly predicament because I have funds staked that earn me QUICK and WMATIC. As it stands, I cannot collect those rewards and I cannot unstake those funds because the malicious smart contract will steal them the moment that they reach my wallet. I also cannot simply change addresses unless I want to lose those funds forever.
The question is, is there any way for me to interact with the malicious smart contract, and revoke read/write access to my wallet? How would I go about such a thing? If not, any suggestions how to get out of this problem? Thanks in advance everyone.