Reason why online wallets are hack

[Buga00]

Online wallets are risky because people don't understand how to use it, they do not verify the links they are on (if they are on the real website), they insert their seed phrase without verifying the domain name(anybody that sends them a link they press it without too much thinking), etc. It's not the wallets fault, if you are referring to big wallets like Metamask, it's the user issue. If they receive a link in the Telegram they start pressing on it, or maybe found a project at the beginning that requires wallet connect, people pressing buttons like on Gambling, without even thinking or hesitating or giving a second thought, this is not wallets issue, this is USER ISSUE. The wallets offer you an interface, and you basically connecting your seed phrase which use cryptographic encryption from your local device, you are accessing with your local device their website, but people doesn't check if the link is correct or if the project is real, and so on. And when you connect it, you are literally giving them access to your funds. Is this wallet issue? No it's USER problem. Please stop clicking on links that are not secure, and stop connecting your wallet on a website that you are not sure of, to prevent giving out your wallet phrase

[NeuroticFish]

this is USER ISSUE

You have been thinking only to one use case, and yes, in many cases it's an user issue (usually phishing).

But you have missed the fact a developer with bad intention (for example one about to get fired) can do a small temporary change in such a website (even if it's a known and legit website) and log/save locally all those seeds. And after some days, months or years he can steal all those funds.

Or you've missed that a big number of so called online wallets are custodial wallets, meaning the user gets an account, not an actual proper wallet (the user doesn't own any private keys). Such a website, if gets hacked, will lose all the funds from the hot wallet, which can affect a lot o users. Or it can go bankrupt, or it can start asking for various KYC some may not be happy to give (and freezing/stealing the funds of those who don't comply).

So while the phishing and user issue is indeed the most common problem, it's not the only one that can happen. It's better to just avoid online wallets if that's possible.

[jackg]

There might also be a chance that some website tabs have access to other tabs too (depending on your browser - especially if it's old) which can lead to issues with websites being able to alter what's presented in a different tab. Electrum had a vulnerability years ago that meant json requests from websites could access certain wallet information (including nmemonics for unencrypted wallets).

Malware is easier to catch when it's in browser too. Add ons are quite fast and easy to add (like apps on an app store) and if you install something that manages to get past malware filters or install it a different way then you could end up with funds being stolen without knowing how (and these are less likely to be picked up if you don't have anti virus added to your browser or the threat is new/unique).

The oldest biggest risk of using online wallets though seemed to be not backing them up/remembering your password so it's nice that's changed (especially at a time before bip39) - unless this new issue is bigger than that one was.

[jossiel]

Please stop clicking on links that are not secure, and stop connecting your wallet on a website that you are not sure of, to prevent giving out your wallet phrase

A simple reminder yet still forget about this basic thing.

When they see some airdrops and free tokens, many users are connecting it without even questioning or reading the whole thing about those projects.

What they do is just connect it and do the simple task for them to be eligible for the airdrop that they're going to receive and anticipate but comes the unexpected.

[stomachgrowls]

this is USER ISSUE

-snip

This is true but nowadays there are online wallets that dominate the market and owned by trusted developer like trustwallet by Binance and Metamask founded by Aaron Davis which is both dox that eliminates the doubts on the developer of the wallet. I understand your point since this is the issue before during times when most of the developers of crypto wallets are anonymous but now crypto wallet market is already established and so far no scam or shady behaviour from the developer side happened since these wallet introduced to the public.

Whenever a certain thing do able to get that reputation and popularity then this is where people to neglect out the risk involved on the things that they've been dealing with.This is where things becomes messy if

ever there are unexpected things that happen like hacking or exploits or something like that.Its been suggested for how many times that non custodial or non centralized wallets is always been recommendable to use
specially if you are really making it as a main storage of your coins.

It cant be denied that there are really indeed times which these centralized wallets is really that convenient to use but of course it does have corresponding risk.So its yours to take.

[crwth]

Knowledge is essential when it comes to the safety of your wallet. The most common way to protect it is to know the different forms of scamming or hacking of your wallet. From that, you can have somewhat of a gist before doing anything that could harm you.

[Jawhead999]

LOL

User fault can't be said as hack, those are really different thing. Hack is when the hacker can exploit the vulnerability of the system created by the developer and you're already secured your wallet, but the hacker can still steal your coins. This mean even though you're already try to secure your wallet, but you can't do anything if the wallet has a poor security.

Go search about multi-coin web wallet hack, you will find many wallet was been hacked before, Metamask could be the next. This is why you need to use hardware wallet.

[Anonylz]

And one major mistakes some people make with online wallet is not bookmarking the original site rather they will use Google anytime they want to visit the wallet site in which the user may end up clicking a phishing site unknowingly.
This often happens to those who are hunting for free airdrop, giveaways, they don't mind connecting their wallet to any site as long as they can get free tokens, nft.

[crytolad]

One of the reasons is greed and stupidity. Some persons are really quick to connect their wallet to freebies and airdops without taking time to get more information about the websites they are visiting or the tokens they received on their wallet. They end up clicking on phishing links and have their private keys compromised. If it's not greed, how can you receive a token worth $20k or more just like that and you quickly rush to swap it without knowing that it's a bate.

[joniboini]

This is true but nowadays there are online wallets that dominate the market and owned by trusted developer like trustwallet by Binance and Metamask founded by Aaron Davis which is both dox that eliminates the doubts on the developer of the wallet.

You should not avoid them if possible. Trusted or not, if the code is unknown or closed-source, there are chances that there is a bug that can be exploited or there might be malicious code inserted into the app. Not saying existing wallets do that, but there is a chance. Stick to open-source wallets if possible, and learn to verify or at least wait for public analysis on such wallets before using it.

[gunhell16]

Online wallets are risky because people don't understand how to use it, they do not verify the links they are on (if they are on the real website), they insert their seed phrase without verifying the domain name(anybody that sends them a link they press it without too much thinking), etc. It's not the wallets fault, if you are referring to big wallets like Metamask, it's the user issue. If they receive a link in the Telegram they start pressing on it, or maybe found a project at the beginning that requires wallet connect, people pressing buttons like on Gambling, without even thinking or hesitating or giving a second thought, this is not wallets issue, this is USER ISSUE. The wallets offer you an interface, and you basically connecting your seed phrase which use cryptographic encryption from your local device, you are accessing with your local device their website, but people doesn't check if the link is correct or if the project is real, and so on. And when you connect it, you are literally giving them access to your funds. Is this wallet issue? No it's USER problem. Please stop clicking on links that are not secure, and stop connecting your wallet on a website that you are not sure of, to prevent giving out your wallet phrase

Apps wallets that can be downloaded to our mobile devices are inherently high risk, so what you are saying is true. So for me, it is better to use a desktop or laptop, or if there is a legit app wallet that is good to use it is only Trustwallet for me, other than that there is nothing else.

Phishing sites usually become an open door for scammers or hackers to steal other people's funds here in the cryptocurrency community. And often the link with the phishing site can be found in various groups in telegram apps. That's why extra care is needed when it comes to this matter.

[Jawhead999]

Such things can become the reason but the wallet hack can come from so many mistakes that would be made by the owner of wallet. Just like when people randomly clicking or even they were revealing their privatekey to others. People are so dumb enough by clicking everything without knowing more about what they have been clicking. That proves that if people don't even care so much with their money and they wanna give it to the scammers or hackers. 

What you're talking about? hack and stolen are different thing, don't mix it.

Owner's fault are not considered as hack, but it will make scammers able to steal his coins. The reason why they're randomly clicking or even revealing their private key is they're still don't have enough knowledge about crypto space. Actually people who want to start invest on crypto should have an enough knowledge to mitigate or prevent this kind happen. Perhaps they could interested by a fake giveaway so that's why they're greedy to get big money with instant way.