Donβt sign shady smart contracts, enter your private key online, or store it using pictures on the cloud or a password recovery service.
this post was submitted on 25 Nov 2023
1 points (100.0% liked)
Ethereum
5 readers
1 users here now
Resources
- Website & Blog
- White Paper & Yellow Paper
- Documentation & Stack Exchange
- Learn Solidity
- Source Code on Github
- Bounty program
- Chat on Gitter
- Network Status & Gas Price Market
- List of DApps
- Meetups
founded 1 year ago
MODERATORS
I have no idea what meta mask is but Iβm constantly seeing posts like this. Whatβs making it so easy for people to lose their eth? I only use crypto for gambling so Iβm probably just ignorant to whatever meta mask is used for
Metamask is a popular wallet you can use to send/receive/store your crypto on their respective blockchains. Metamask isnβt the reason people are losing their funds. Itβs because people donβt properly protect their private keys.
Yeah, the reason for all the posts mentioning metamask is simply that it is the most popular with wallet for people who use smart contracts, and using smart contracts can be risky.
And because they sign shady permissions left and right without thinking and/or revoking them when they are done using the platform.
And email themselves their seed phrases and their email is still xX360noskoperxX@yahoo.com with pw hunter2
pw *******
Were we supposed to be able see a password, I think reddit blocked it out
The UX is terrible though. not necessarily the fault of metamask and more EVM related, but you mostly have no idea exactly what you are signing when interacting with contracts. Go tell your mom or grandma to revoke contracts after interacting with them. Is that really the web3 we want? This makes the web experience worse, not better.
Cloud with 2 factor auth is very safe
Have fun with that buddy.
Sadly no. LastPass was hacked last year, and a lot of people have had their wallets drained. So having your seed online is never truly safe.
What is the likelihood those people had either reused their master password elsewhere or that the password strength was very weak?
Google will automatically block any sign in from a new device, so even with a compromised password, access is not granted.
Lastpass hack made 2FA completely irrelevant because hacker got access to the password databases directly. They can at their leisure try to bruteforce passwords for all of these accounts.
what accounts?
Lol, all you people parroting the LP hackβ¦ if any of you read the incident report, there was only very basic metadata like company names, veiling addresses, etc which was not tied to specific users. No encrypted notes or credentials were taken at all. Thatβs not how PWMβs work.
How is that? Even if I give you my password for Google you won't be able to sign in to my account.
Yes, but if you have your seed phrase in an online container, and the container gets hacked, the 2FA doesn't do anything. The hacker can recreate your wallet from the seed.
load more comments
(1 replies)
Im not sure if thats the stupidest thing you saod in your life. But it definitely is the most moronic thing i have heard all month. Cloud with auth? Lol idiot.
Are password managers secure?
https://www.theverge.com/2023/9/7/23862658/lastpass-security-breach-crypto-heists-hackers
I wouldnβt trust them.
load more comments
(2 replies)
Depends on the password manager. With something like KeePassXC, only you have the encrypted passwords file and it's not on some server.
load more comments
(10 replies)
load more comments
(10 replies)
You had to give access. Bummer
Define ton? 1k?
28K (13 ETH)
Where do people like OP get so much money from?
Is called work
To have the exact sum that OP had you either work or steal from someone else metamask
What are the addresses? And where was the ETH sent? If the hacker ever sends the ETH to an exchange, you might have a chance at getting it back. But first, you need to file a police report.
Here are one of many of the transactions πππ
0xe5e7266bf6abb1babf4024373957f04f0c7c61eb14670502acf2374a4ed4e8e6
Some of the ETH was sent to another address. From there, it was sent to an address which may be associated with an exchange.
https://etherscan.io/address/0x813a690833ccf7e95f19754353a2d507d9cd73f9
Did you give away information about your keys, or signed some strange contract lately?
Hot wallets can be hacked at anytime. Always use a hardware wallet
Unfortunately, that won't change anything if you sign a bad smart contract.
This wasn't a hack. This was doing something dumb, just like 99% of when people lose coins.
You definitely turned on blind signing feature. It's basically like how on every phone you have feature to turn on inorder to install third party apps that'd not from official sources as apks. But the crypto version blind signing
if you had given access to your wallet to apps in the past to take part in their project s then there's potential for them to have the ability to drain your wallet.
There have been some failed projects that resorted to do that.
The transaction 0xe5e7266bf6abb1babf4024373957f04f0c7c61eb14670502acf2374a4ed4e8e6 was a basic ether send, which means somehow you gave away your private key or signed ~~a message~~ [this transaction when] you should not have
There are a few ways someone can get your private key. Physical access is one, but another is by signing messages with certain overlapping parameters, then some clever crypto math can be done to deduce your private key. https://medium.com/asecuritysite-when-bob-met-alice/cracking-ecdsa-with-a-leak-of-the-random-nonce-d72c67f201cd
Crypto is the future of payments, daily post ππ€£ππ€£
To be fair, most of the time these are people who can't even articulate what happened. They'd lose money in fiat, too.
somehow these people were able to buy crypto and get it out of exchange so you need to have some general knowledge
It's a step-by-step thing. People learn to operate washing machines, even if it takes 100% of their brain.
"Quote by a forest ranger at Yosemite National Park on why it is hard to design the perfect garbage bin to keep bears from breaking into it: βThere is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.β"
Metamask has never been hacked. It's always 100% the user making a mistake
load more comments
(6 replies)
Donβt keep all your crypto-eggs in one hot basket.
The wallet(s) with the majority of my assets never touch contracts. I keep small amounts of ETH etc in browser wallets for interactions.
Oh, and my keys are written on paper and stored in a titanium vault 300 meters underground.
load more comments
(2 replies)
Op, is the list of smart contracts that you have used a long list?
If you have had that much ether a long time, then I would suspect something more recent.
After that, are there pics on your phone, that are backing up to a cloud?
view more: next βΊ