rich1616 (OP)
Jr. Member
 Offline
Activity: 50
Merit: 2
|
 |
July 12, 2022, 09:00:19 PM |
|
Hi all . re: m.mask security ...... if you have very small/low risk funds in m.mask wallet , as recommended , but from a phishing/hacking perspective , you have : connected sites : to wallet , does this mean if wallet is accessed by hacker that they can then access connected sites ?
|
|
|
|
|
Upgrade00
Legendary
Offline
Activity: 2044
Merit: 2186
CoinPoker.com
|
|
July 12, 2022, 09:10:14 PM |
|
does this mean if wallet is accessed by hacker that they can then access connected sites ?
How I see it, shouldn't you be more worried about your wallet being accessed through a vulnerability in the connected websites, that the other way around? AFAIK, a vulnerability on either side can lead to a breach into the other; so if your wallet is accessed by a hacker they can gain access to connected sites. Also, if you link your wallet to a malicious site, it could lead to a breach in your wallet security. |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 12, 2022, 09:34:12 PM |
|
Nothing can be stolen from you until you hit to get a transaction processed.
It's a good idea though not to connect to anywhere you don't trust/doesn't have a big audience and will stop you from making that mistake.
|
|
|
|
|
|
SquirrelJulietGarden
|
|
July 13, 2022, 12:24:47 AM |
|
Revoke Smart Contract Allowance with unrekt.netOn some web3 sites, you will have to connect your wallet and approve access to its key to make transactions. The approve step is dangerous and hacker can use that access to steal your money. If you have an active wallet with history of transactions, you will see there are some hidden (in grey color) tokens that airdropped to your wallet. Their tokens are unverified and I can tell you most of unverified tokens by block explorers (Etherscan.io or bscscan.com) are scam tokens. You should revoke smart contract allowance to avoid unwanted access to your fund. If you ever click on unverified tokens, give them access, you should move your fund to a new wallet with new mnemonic seed as soon as possible.
|
| | | | | | | ███▄▀██▄▄
░░▄████▄▀████ ▄▄▄
░░████▄▄▄▄░░█▀▀
███ ██████▄▄▀█▌
░▄░░███▀████
░▐█░░███░██▄▄
░░▄▀░████▄▄▄▀█
░█░▄███▀████ ▐█
▀▄▄███▀▄██▄
░░▄██▌░░██▀
░▐█▀████ ▀██
░░█▌██████ ▀▀██▄
░░▀███ | | ▄▄██▀▄███
▄▄▄████▀▄████▄░░
▀▀█░░▄▄▄▄████░░
▐█▀▄▄█████████
████▀███░░▄░
▄▄██░███░░█▌░
█▀▄▄▄████░▀▄░░
█▌████▀███▄░█░
▄██▄▀███▄▄▀
▀██░░▐██▄░░
██▀████▀█▌░
▄██▀▀██████▐█░░
███▀░░ | | | | |
|
|
|
|
libert19
|
|
July 13, 2022, 03:38:27 AM |
|
...does this mean if wallet is accessed by hacker that they can then access connected sites ?...
If wallet itself is accessed, you are pretty much done for. Connected site or anything else becomes irrelevant. However, no one can gain access just because you have wallet connected to some site. |
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2184
Merit: 4241
Join the world-leading crypto sportsbook NOW!
|
|
July 13, 2022, 04:06:24 AM
Last edit: July 13, 2022, 05:09:23 AM by DireWolfM14 |
|
Hi all . re: m.mask security ...... if you have very small/low risk funds in m.mask wallet , as recommended , but from a phishing/hacking perspective , you have : connected sites : to wallet , does this mean if wallet is accessed by hacker that they can then access connected sites ?
If your private keys or seed phrase have fallen into the hands of a phishing site scammer then, yes. If they have been compromised any and all coins, tokens, and accesses privileges are now within reach of the scammer. Everything! There are many scams out there that imitate legit sites, if you remain diligent you'll stay safe. Don't trust any site that aske for private keys or seeds. If you really want to remain safe, learn how to verify stuff with GPG. |
|
|
|
cryptoaddictchie
Legendary
Offline
Activity: 2086
Merit: 1319
CoinPoker.com
|
|
July 13, 2022, 05:11:03 AM |
|
does this mean if wallet is accessed by hacker that they can then access connected sites ?
Yes of course it is. Once they can get the tokens orbany valuable coins on your wallet ofcourse they can access the connected site with your wallet. That includes your play2earn games or any platform connected with. I assume you have a game or apps that has valuable nft or funds that you ought to scared to get stolen am I right? |
|
|
|
_act_
Legendary
Offline
Activity: 896
Merit: 1198
|
|
July 13, 2022, 08:46:03 AM |
|
Hi all . re: m.mask security ...... if you have very small/low risk funds in m.mask wallet , as recommended , but from a phishing/hacking perspective , you have : connected sites : to wallet , does this mean if wallet is accessed by hacker that they can then access connected sites ?
Connect to the legit websites and always know that your wallet is vulnerable at the moment because you make another party to have access to know more about your wallet. Hackers are very wise and tricky, in the process, it is possible that your seed phrase can be revealed and if your seed phrase is known, nothing else needed to compromise your wallet. But just that I do not know much about altcoins but I know we should avoid hackers, if you connect to their site, consider your coin gone. |
|
|
|
aysg76
Legendary
Offline
Activity: 1960
Merit: 2124
|
|
July 13, 2022, 10:00:23 AM |
|
Some security tips for you are :
1) Don't click on some links you see over the internet that could inject malware in your system gaining access to your wallets.
2) Never share you seeds and keys with anyone and if anybody is asking you to enter it then it's scam stay away from it.
Your security lies in your hand and if you are not letting anyone compromise it then you are safe because the scams you will see on the net happens usually due to our carelessness of giving away our wallet access to the hackers.
|
|
|
|
Ryker1
Sr. Member
Offline
Activity: 1932
Merit: 442
Eloncoin.org - Mars, here we come!
|
|
July 13, 2022, 11:45:43 AM |
|
Hi all . re: m.mask security ...... if you have very small/low risk funds in m.mask wallet , as recommended , but from a phishing/hacking perspective , you have : connected sites : to wallet , does this mean if wallet is accessed by hacker that they can then access connected sites ?
Well nothing will hack if you don't store a big amount on your Metamask wallet, just separate them into different wallets. If you will use your Metamask on exchange --use a dummy Metamask account to connect to the exchange API and separate it into your main account which is where the big amount is stored. Yes --scammers can access your Metamask wallet if you will linked to them and have a transaction. I suggest keeping your seed and keys stored offline and never store in the device that you usually use. |
▄▄████████▄▄
▄▄████████████████▄▄
▄██████████████████████▄
▄█████████████████████████▄
▄███████████████████████████▄
| ███████████████████▄████▄
█████████████████▄███████
████████████████▄███████▀
██████████▄▄███▄██████▀
████████▄████▄█████▀▀
██████▄██████████▀
███▄▄████████████▄
██▄███████████████
░▄██████████████▀
▄█████████████▀
█████████████
███████████▀
███████▀▀ | | | Mars,
here we come! | ▄▄███████▄▄
▄███████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀ | ElonCoin.org | │ | | .
| │ | ████████▄▄███████▄▄
███████▄████████████▌
██████▐██▀███████▀▀██
███████████████████▐█▌
████▄▄▄▄▄▄▄▄▄▄██▄▄▄▄▄
███▀░▐███▀▄█▄█▀▀█▄█▄▀
██████████████▄██████▌
█████▐██▄██████▄████▐
█████████▀░▄▄▄▄▄
███████▄█▄░▀█▄▄░▀
███▄██▄▀███▄█████▄▀
▄██████▄▀███████▀
████████▄▀████▀█████▄▄ | .
"I could either watch it
happen or be a part of it"
▬▬▬▬▬ |
|
|
|
rich1616 (OP)
Jr. Member
Offline
Activity: 50
Merit: 2
|
|
July 13, 2022, 09:59:42 PM |
|
thank you very much for all your time /help/
|
|
|
|
|
|
dansus021
|
|
July 15, 2022, 02:57:07 AM |
|
The hacker only can access your account only 3 option as far as i knothen
first option is by knowing your private key by this mean he have full access of your account
Second option is through smartcontract this is little bit tricky when you approve unverified smart contract and give him access they can send busd or pretty much anything legally and then poof your money was gone this usually people dm try to give you free nft or free million dollar of money through their app
And last third option is simple the hack your computer and know whats password is and will go like the first option
|
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
|
passwordnow
|
|
July 15, 2022, 12:42:28 PM |
|
The hacker can only have that idea on which websites your metamask is/was connected if he's going to manually check all of the transactions that came in and out from that address.
Usually, there's the website and name of that address e.g Binance and other websites that have that label on their smart contract addresses. Why are you so concerned about that? And yes, the hacker can connect to those websites since they'll have your metamask private keys and for example, you've been totally hacked.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
khaled0111
Legendary
Offline
Activity: 2534
Merit: 2880
Top Crypto Casino
|
|
July 15, 2022, 03:05:41 PM |
|
The hacker can only have that idea on which websites your metamask is/was connected if he's going to manually check all of the transactions that came in and out from that address.
The hacker can also know which websites/services your metamask was connected to from the " Connected sites" menu on your metamask app (3 dots - > Connected sites). But this is possible only if he has access (be it physical or remote) to your wallet app on your device. If he has restored the wallet using its seed then the onbected websites menu will be empty. This is why it's a good practice to always disconnect from the website after finishing your work on it and remove it from your wallet history. |
|
|
|
|
passwordnow
|
|
July 15, 2022, 03:25:38 PM |
|
The hacker can only have that idea on which websites your metamask is/was connected if he's going to manually check all of the transactions that came in and out from that address.
The hacker can also know which websites/services your metamask was connected to from the " Connected sites" menu on your metamask app (3 dots - > Connected sites). But this is possible only if he has access (be it physical or remote) to your wallet app on your device. If he has restored the wallet using its seed then the onbected websites menu will be empty. This is why it's a good practice to always disconnect from the website after finishing your work on it and remove it from your wallet history. Thanks to that addition. This is now me getting more curious if OP is in a situation that has led him in asking this question and needs to take action quickly. But since he has said thanks to everyone, things are probably solved and clear to him now. This topic is actually good for those that don't practice disconnecting their metamask wallets on different websites that they connect it, especially into those dexes. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
suzanne5223
|
|
July 18, 2022, 10:43:03 PM |
|
Hi all . re: m.mask security ...... if you have very small/low risk funds in m.mask wallet , as recommended , but from a phishing/hacking perspective , you have : connected sites : to wallet , does this mean if wallet is accessed by hacker that they can then access connected sites ?
First. If you're not using web MetaMask Extension versions 10.11.3 and above and you connected your wallet to a phishing website. According to the research done by Halborn. Yes, the coins in your metamask wallet can be accessible by a hacker because your wallet's secret recovery phrase can be extracted. Second. If you enter your wallet secret recovery phrase or private keys on the phishing website, you have automatically given them access to your metamask wallet. |
|
|
|
Lucius
Legendary
Offline
Activity: 3248
Merit: 5698
Blackjack.fun🎲
|
|
July 19, 2022, 10:02:07 AM |
|
I have never had the need to use this wallet, but I have to admit that the idea of a crypto wallet that works in a browser or as a mobile application has never appealed to me precisely because I think it is very risky from a security point of view. If we know how hot crypto wallets are exposed to various risks, it's hard for me to understand people who use this way of storing and transacting very significant amounts of cryptocurrencies.
For me personally, the best way is not to use such wallets if at all possible - and if you have no choice, let your caution always be at a high level.
|
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
rich1616 (OP)
Jr. Member
Offline
Activity: 50
Merit: 2
|
|
July 19, 2022, 09:32:36 PM |
|
Thanks for more replies. to sum up.....my post about m.mask security is partly because ive had trouble linking it to my ledger for extra security [ did a seperate post on this ] . My computer is clean ,as i dont open links/ connect to dodgy sites etc . Also my keys are offline . I close meta mask when not using it . So , are people saying that i should UNCONNECT from connected sites to m.mask , then re connect when i need to use them ?
|
|
|
|
|
|
|
vv181
Legendary
Offline
Activity: 1932
Merit: 1273
|
|
July 21, 2022, 02:18:48 PM |
|
So , are people saying that i should UNCONNECT from connected sites to m.mask , then re connect when i need to use them ?
There is a great distinction between disconnecting some sites or revoking smart contract access. To put up simply for security concerns, if you are dealing with established platforms like Aave, Uniswap, PancackeSwap, etc, you shouldn't worry too much. But if you are dealing with shady and unknown platforms or token or smart contracts, well this part should be better to avoid in the first place because if you already dealing with it, there is little contribution from disconnecting or revoking things. For better references, I strongly suggest you read the information from Metamask: |
|
|
|
|
|
