btcrevolution (OP)
Newbie
Offline
Activity: 4
Merit: 2
|
|
December 18, 2021, 05:27:14 AM |
|
For example, I accidentally open some scam site similar to Pancake and stake USDT/USDC there using a smart contract. Can scammers steal USDT, USDC and other tokens from my wallet? Can they use a contract which grants access to all my funds? If they can, how can I prevent stealing? Are there exist effective methods to test smart contracts? On the other hand, what if scammers find exploit in some trusted smart contract which certified by Certik or organization like that? In that case can they steal only staked pairs or all money? How can I protect my wallet from scammers? I use MetaMask as a hot wallet. This app is very popular and many scammers steal money from MetaMask. Sometimes they steal it without seed phrase, trojans, viruses etc. But users say that they sign some contracts and lose their funds. Many thanks to all your answers, my crypto friends !
|
|
|
|
mk4
Legendary
Offline
Activity: 2926
Merit: 3881
📟 t3rminal.xyz
|
For example, I accidentally open some scam site similar to Pancake and stake USDT/USDC there using a smart contract. Can scammers steal USDT, USDC and other tokens from my wallet? Can they use a contract which grants access to all my funds?
Yes, they can. If you execute a contract without knowing that it was a scam site, then they can steal your funds. If they can, how can I prevent stealing? Are there exist effective methods to test smart contracts?
Always make sure you're in the correct website. And if you're extra paranoid, always check the project's social media accounts so you're updated if there's a recent exploit or whatever. For example, I accidentally open some scam site similar to Pancake and stake USDT/USDC there using a smart contract. Can scammers steal USDT, USDC and other tokens from my wallet? Can they use a contract which grants access to all my funds? If they can, how can I prevent stealing? Are there exist effective methods to test smart contracts?
They can, and not even just a specific trading pair. As for testing the contract, you're highly more likely to be safe if you're executing the contracts through command line, and with you fully knowing what a certain contract actually does. But if you're executing through a front-end UI like a website, then there's not much you can do as far as I know. On the other hand, what if scammers find exploit in some trusted smart contract which certified by Certik or organization like that? In that case can they steal only staked pairs or all money? How can I protect my wallet from scammers?
A project being audited by Certik or any other auditing company doesn't make a project hack-proof.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11029
Crypto Swap Exchange
|
|
December 18, 2021, 06:34:48 AM Merited by Pmalek (1), mk4 (1) |
|
As for testing the contract, you're highly more likely to be safe if you're executing the contracts through command line, and with you fully knowing what a certain contract actually does. But if you're executing through a front-end UI like a website, then there's not much you can do as far as I know.
It is worth mentioning that the protocol that is used to build the contract is important too. Some of them are very weak and have many security flaws that can potentially be exploited to steal money from unaware users. You have to be an expert to notice these things though. DAO on Ethereum comes to mind when we talk about weak protocol and exploits.
|
|
|
|
mk4
Legendary
Offline
Activity: 2926
Merit: 3881
📟 t3rminal.xyz
|
|
December 18, 2021, 06:46:13 AM Last edit: December 18, 2021, 07:03:18 AM by mk4 |
|
It is worth mentioning that the protocol that is used to build the contract is important too. Some of them are very weak and have many security flaws that can potentially be exploited to steal money from unaware users. You have to be an expert to notice these things though. DAO on Ethereum comes to mind when we talk about weak protocol and exploits.
This. @OP you better freakin what you're doing if you don't want to get burned. If you want to provide liquidity for the gainz, then you better know what you're using. If you think exchange hacks are bad, DeFi exploits are just as bad. (or probably even worse, because sometimes we don't know if the anonymous developers planted an exploit on purpose) https://cryptosec.info/defi-hacks/
|
|
|
|
btcrevolution (OP)
Newbie
Offline
Activity: 4
Merit: 2
|
|
December 18, 2021, 07:54:10 AM |
|
Yes, they can. If you execute a contract without knowing that it was a scam site, then they can steal your funds. They can do it even if I use hardware wallet like Ledger? For examle, I connect Ledger to MetaMask and then execute a scam contract via Ledger. Or I connect Ledger to a scam site directly and do the same thing. That's mean I give scammers access to all my funds in my wallet and they can steal money without any confirmation of transactions?
|
|
|
|
GeorgeJohn
|
|
December 18, 2021, 08:15:49 AM |
|
Let me make it brief, scammer can penetrate to everywhere, first provided that their own platform exist, i have never seen a wallet scammers can not steal money from it, provided it's a scamming platform, going into their site to do any partnership or transactions you can be easily be scammed because i believe during the registration from the site they have access and vital information to penetrate into your various wallet address that may be input.
|
|
|
|
cryptoaddictchie
Legendary
Offline
Activity: 2254
Merit: 1377
Fully Regulated Crypto Casino
|
|
December 18, 2021, 08:19:52 AM |
|
On the other hand, what if scammers find exploit in some trusted smart contract which certified by Certik or organization like that? In that case can they steal only staked pairs or all money? How can I protect my wallet from scammers?
No matter how good the auditor is for sure there are plenty of ways how to exploit a smart contract and mentioning certik doesn't seem reliable since they got some projects that are fully audited and yet got some errors and conflict when regards to security. What does it imply, means not all audited one can completely safe from vicious scammers that are genius on their crime activities.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3038
Merit: 2161
|
|
December 18, 2021, 12:13:56 PM |
|
I don't think that smart contracts are needed for drive-by attacks - when you visit a site and it steals your ETH and tokens from your wallet. Smart contract is basically and address, you need to make a transaction to interact with it, so if an attacker can make a transaction on your behalf, they could just send their coins to regular address instead of a smart contract.
Smart contracts are used in scams by hiding some sort of backdoor that would allow them to steal money of anyone who interact with it. Like how they promise some profits from something like yield farming or staking, but then just steal all the tokens that were sent to them, because no one realized that the devs added some hidden function for that. Or hackers could find a legitimate bug that could lead to this scenario, but I'm more inclined to believe that a lot of the "hacks" are just inside jobs, because it's easier to put a bug in the software than to find one in the wild, and crypto space is full of scammer "developers".
|
|
|
|
pawanjain
|
|
December 18, 2021, 01:36:56 PM |
|
For example, I accidentally open some scam site similar to Pancake and stake USDT/USDC there using a smart contract. Can scammers steal USDT, USDC and other tokens from my wallet? Can they use a contract which grants access to all my funds? If they can, how can I prevent stealing? Are there exist effective methods to test smart contracts? On the other hand, what if scammers find exploit in some trusted smart contract which certified by Certik or organization like that? In that case can they steal only staked pairs or all money? How can I protect my wallet from scammers? I use MetaMask as a hot wallet. This app is very popular and many scammers steal money from MetaMask. Sometimes they steal it without seed phrase, trojans, viruses etc. But users say that they sign some contracts and lose their funds. Many thanks to all your answers, my crypto friends ! Yes you can lose funds if you visit some site which connects to your wallet. I have seen such scams on Phantom wallet where a scam site asks to connect to your wallet. If you connect your wallet then you lose all your balance from the wallet. People don't generally verify the site and simply connect the wallet thinking that the site is genuine. On the backend though, a code is executed which triggers the smart contract to be executed which transfers the funds from the victim's wallet to the scammers address.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
Shamm
|
|
December 18, 2021, 02:00:40 PM |
|
For example, I accidentally open some scam site similar to Pancake and stake USDT/USDC there using a smart contract. Can scammers steal USDT, USDC and other tokens from my wallet? Can they use a contract which grants access to all my funds? If they can, how can I prevent stealing? Are there exist effective methods to test smart contracts? On the other hand, what if scammers find exploit in some trusted smart contract which certified by Certik or organization like that? In that case can they steal only staked pairs or all money? How can I protect my wallet from scammers? I use MetaMask as a hot wallet. This app is very popular and many scammers steal money from MetaMask. Sometimes they steal it without seed phrase, trojans, viruses etc. But users say that they sign some contracts and lose their funds. Many thanks to all your answers, my crypto friends ! It is possible that they can steal your money from your wallet if when you open their sites and give all your information and especially your wallet then they have a chance to hack or transfer you money from your wallet to their wallets. Before you open a non trusted/ non familiar sites you need to do some research in order to prevent loss your money or getting scam.
|
|
|
|
vv181
Legendary
Offline
Activity: 1932
Merit: 1273
|
|
December 18, 2021, 02:10:06 PM |
|
They can do it even if I use hardware wallet like Ledger? For examle, I connect Ledger to MetaMask and then execute a scam contract via Ledger. Or I connect Ledger to a scam site directly and do the same thing. That's mean I give scammers access to all my funds in my wallet and they can steal money without any confirmation of transactions?
Yes, they can. When you execute a malicious scam contract, beforehand you are approving(signing) the transaction within your hardware wallet. So if the transaction or the contract is malicious in the first place, there is no use in using a hardware wallet. Another security risk is when you use a hardware wallet but you are using a fake Metamask wallet, it will also risk all of your funds.
|
|
|
|
MCcryptonia
Member
Offline
Activity: 155
Merit: 10
|
|
December 18, 2021, 02:11:01 PM |
|
Most crypto scammers use smart contract for their unforgiving act, the most popular one is creating a fake token of another project just to lure crypto newbies into buying the fake tokens through pancake swap or uniswap
Another one is creating fake token and sending the tokens to many ETH address as possible and when the ETH address owners sees the token they will want to sell their tokens and that's when they will lose all their assets all in the name of trying to sell the free fake token
|
|
|
|
suzanne5223
|
|
December 18, 2021, 05:47:35 PM |
|
In addition to all the previous explanations. Yes, scammers can steal from using the smart contract security vulnerabilities and that's why it is good to ensure that you're using the right site. If you must invest in a newly created token make sure it is smart contract audited because scammers also use this idea to steal from investors and the purpose of a smart contract audit is to guarantee that a certain smart contract is free from threat and rug pull.
|
🎁 | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . 375% | 200 . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . | 🛞 | ☆ | | ☆ | 🛞 | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . | ▀▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . | ▀▀▀▀▀▀▀▀▀▀▀▀ .U P T O . ▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ .300€ + 50 . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ .F R E E S P I N S . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 🎁 | |
|
|
|
mk4
Legendary
Offline
Activity: 2926
Merit: 3881
📟 t3rminal.xyz
|
If you must invest in a newly created token make sure it is smart contract audited because scammers also use this idea to steal from investors and the purpose of a smart contract audit is to guarantee that a certain smart contract is free from threat and rug pull.
Having auditors is just having someone to check the code for bugs and exploits with a fresh new pair of eyes, but it doesn't guarantee anything. Because if having auditors could guarantee contracts to be totally secure, then we wouldn't have this much DeFi exploits[1] today. Heck, even centralized exchanges has their own auditors. But yet..
[1] https://cryptosec.info/defi-hacks
|
|
|
|
Mpamaegbu
Legendary
Offline
Activity: 2870
Merit: 1233
Once a man, twice a child!
|
|
December 20, 2021, 09:13:01 AM |
|
And if you're extra paranoid, always check the project's social media accounts so you're updated if there's a recent exploit or whatever.
I always do that, and I guess my paranoia is in order too. No matter how someone tries to direct me to a site (of course, trusted sites) I tell them to send me link to the site. I do this to avoid phishers. Any fund transferred to a phishing site is as good as gone. In financial matters precision and patience are key items. I rather wait for the right link than hastily google it myself. A project being audited by Certik or any other auditing company doesn't make a project hack-proof.
But it surely goes a long way in helping the investor relax and have that sense of security that their money is safe. I easily get interested in projects audited by Certik, and so far I haven't been disappointed.
|
|
|
|
nullama
|
|
December 20, 2021, 10:49:06 AM |
|
Think of a smart contract as basically an executable that you download from a website.
When you run the downloaded executable, Windows will ask for your permission to run it. If you agree to run it, the program now has access to your device, and can cause damage.
Similarly, the website with a smart contract will ask you in your wallet to get access to your coins. If you grant access to it, then that website can access your coins, and that means if there's a bug in the code, a hacker can get your coins.
Be careful, read every thing you accept in your wallet, and make sure you go to the correct websites.
|
|
|
|
witcher_sense
Legendary
Offline
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
|
I easily get interested in projects audited by Certik, and so far I haven't been disappointed.
You might have been disappointed had you invested in Vee Finance, Spartan Protocol, Akropolis, or Saddle Finance. They all were audited by Certik and got hacked later. People lost more than 60 million dollars. For me, it is an instructive example of how it is almost pointless to rely on third-party audits when it comes to DeFi projects and smart contracts. If the hack can happen, it will happen. https://rekt.news/leaderboard/
|
|
|
|
The Cryptovator
Legendary
Offline
Activity: 2394
Merit: 2226
Signature space for rent
|
|
December 20, 2021, 03:14:17 PM |
|
They can do it even if I use hardware wallet like Ledger? For examle, I connect Ledger to MetaMask and then execute a scam contract via Ledger. Or I connect Ledger to a scam site directly and do the same thing. That's mean I give scammers access to all my funds in my wallet and they can steal money without any confirmation of transactions?
It doesn't matter what wallet have you been using, just keep in mind that if you allow your wallet access from another site and allow to make transactions then you lost it forever if that goes into a scammer wallet. Those who are we not much technical person, we can't read codes how it works. We don't know even whether it has deployed in smart contract or not, to be honest. We to prevent that always we must need to choose a reputable site to stake, trade, or swap. Most likely who have technical knowledge about smart contracts and solidity would know how the site works.
|
Signature Space for Rent
|
|
|
Rruchi man
Legendary
Online
Activity: 1470
Merit: 1112
Use chips.gg
|
|
December 20, 2021, 04:03:00 PM |
|
Scammers are very smart people who have devoted their creativity and time into devising new means and methods of swindling people and taking their hard earned cash. Have this at the back of your mind and be cautious always because we never know the new style or method they have devised. If someone tells you a definitive no right now that scammers can't steal your money using smart contracts, the answer may not still be true tomorrow as a new method may be devised by scammers tomorrow. i hope you understand where i'm coming from, always act with the consciousness that anything is possible with scammers.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
bitmover
Legendary
Online
Activity: 2478
Merit: 6317
bitcoindata.science
|
|
December 20, 2021, 05:35:06 PM |
|
You may also lose money in smartcontracts if someone exploits the smart contract, not necessarily a scammer Take a look here. On Sunday (yesterday) the defi Grim lost 30million USD in a hack attack: The decentralized finance (DeFi) protocol Grim Finance reported $30 million in losses due to a reentrancy exploit of the platform’s deposits. Grim Finance officially announced on Saturday that an “external attacker” had exploited the DeFi platform, stealing “over $30 million” worth of cryptocurrencies. According to Grim Finance, the hack was an “advanced attack,” with the attacker exploiting the protocol’s vault contract through five reentrancy loops, which allowed them to fake five additional deposits into a vault while the platform was processing the first deposit. https://cointelegraph.com/news/defi-protocol-grim-finance-lost-30m-in-5x-reentrancy-hackSmartcontracts are dangerous if not properly designed.. you may lose money in those projects.
|
|
|
|
|