A lot of us have been scammed by malicious smart contracts that check who calls the smart contract and then change the behavior of the contract.
The principle is easy:
First an user is sent small amount of tokens. When the user tries to look up the token on legitimate decentralized exchange, it seems to have liquidity, thus making the user believe the token has real value.
The user calls "approve" method of the token contract to supposedly allow the decentralized exchange to take the tokens from user's wallet. Instead of approving the following transfer, the contract creates new contracts until there is no more gas remaining.
Only function of the created contracts is to self-destruct when the malicious user sends small amount of coins to the contract. The self-destruct will cause the coins and gas to be returned to the malicious user.