this post was submitted on 25 Nov 2023
1 points (100.0% liked)

Ethereum

5 readers
1 users here now

Resources

founded 1 year ago
MODERATORS
 

I just got hit for a ton of eth 3 meta wallets drained. Anyone heard anything or could help point me in the right direction of what to do? No idea how they accessed my funds.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Lifter_Dan@alien.top 1 points 11 months ago (1 children)

KeePass DB is vulnerable if they can crack the master password. If your master password has enough entropy that it would take so many million years to brute force, then you'll be fine.

[โ€“] MeowMeNot@alien.top 1 points 11 months ago (2 children)

The Keepass DB can be cracked. https://medium.com/@andreabocchetti88/unlocking-keepass-a-comprehensive-guide-to-crack-the-database-74a2593d676a

I kept a few seeds in my Keepass, I have since removed them after someone at work warned me about this.

[โ€“] Lifter_Dan@alien.top 1 points 11 months ago

That link describes hashcat which uses some of the methods I'm referring to, it's dependent on the password quality. Crappy password will be quick.

It doesn't decrypt it, but tries many combinations of words etc encrypted to compare against the hash.

Even with a good password, I never would want anyone storing seeds in keepass, anything on the computer is a no for storing seeds.

[โ€“] DigStock@alien.top 1 points 11 months ago

Anything can be cracked this way, this is just a bruteforce of the master password. It can take 300 centuries to crack using NSA servers if it's a strong password.