Mnemonic is no longer safe?

[dothebeats]

Are you guys 100% sure that the device is clean and didn't help getting your friend hacked? Talking about experience, I have been using the same wallet since 2015 and has left 0.01 btc in there just for good measure. It was generated through electrum and I'm still using the same 12-word mnemonic that I have memorized over time, and up until now the balance is there. I generated it with an old, crappy HP laptop that was connected to the internet at that time, and so far I haven't encountered any security issues at all.

Better backtrack and check what other possible reasons may have caused this. Or it could be that someone gained access to his computer without him knowing.

[goinmerry]

Your friend doesn't tell you everything. It's technically difficult to hack a wallet because of mnemonic problem.

It's on the user side I guess why that unusual activity happened to your friend.

And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.

I have the same suspicions as well, it is easy to think that you are doing a good job and keeping your computer clean because you do not see anything wrong going on with your system, but if you really begin to try to find malware in your computer you will see that most computers today are infested with malware, and while some of that malware is not that dangerous there are other pieces of malware which are waiting to send out any important information they can collect out of you, and as such I think this is the main reason why the friend of OP lost his coins.

Another reason might be, OP's friend is a victim of phishing.

Likely ended up for let's say airdrop and asking to connect a wallet. But in the process, there's a prompt to enter the passphrase or mnemonics which should not be a step on connecting wallets as that should mostly do with the legit browser extension.

Anyways, OP didn't come back for another information that might help with the case.

[Zhi Wei]

Not mean to ignore those your care of feedback.

My friends is work for cyber of bank, so if you are things malware/virus how came he can't detect that?.

1 address/key was hacked, other is still safe.

I will lock the thread, will open once someone want to share.

[Zhi Wei]

I have did bit a research then I reach NEX(I found out by ENS Domain and hit em at Twitter)

S/he let me to share the statement.
Here's for big point.

Code:

*Yeah I legit have no idea. I even had quit.qoots look into it. 
Haven't minted anything degen, haven't connected wallet to anything other than blur and valhalla recently.

The hack was also very strange. It happened 5am my time, I was asleep. I woke up at 6.

I had 49 assets in the wallet. They onky floored 7 Metashima. There were more of that asset, and other decent valued ones they didn't touch.

They then drained the eth and weth

*So my metamask is just a plug in browser. I don't logon to a site for it.
And I don't do staking, 100% haven't tried to redeem any NFTs or tokens.

*I'm also at over 100 days of browser history checks, so far nothing.

*I simply login with a password through my metamask wallet on a browser extension

*I have them saved, but written physically and separated.

Still unsolved, but let time talking the truth...

[techansaari]

The same incident happen with me on 28th October and the recipient address is same. what i can see is all the stolen tokens are still there. Can we as a community take any step to freeze that account?

[Semar Mesem]

The thing we have to understand is that there is no perfect system, after time there will be gaps and gaps will be found and the program will automatically fix it, we should never be surprised when someone saves assets in a wallet using mnemonic and after checking it turns out the asset is lost stolen.

[Jawhead999]

I'm confused, mnemonic pharse isn't immune against malware or viruses, why you're linking a hack because of malware or viruses and the security of mnemonic pharse? it's similar like saying why mnemonic pharse can't protect against $5 wrench attack.

Can we as a community take any step to freeze that account?

As a community, we can't since the only one who can freeze that coins are depends on each creator of the coin or if the address is come from centralized exchange, the team of that's centralized exchange can freeze the account.

[Orange89]

MNEMONIC is somewhat safe
It is really Very much Difficult for individual to Encode the Mnemonic/Private key through Address or Transaction hash
But yes super Computer can encode it probably
I Think your Friends had used Some pirated/mod apk that's in the form of Mallicios It is also very important to store the Mnemonic in the safe place and Remember Storing in pc or Mobile is really a bad idea
That's the worst part of the Decenterlized Ecosystem we just can't report if someone had stolen our fund that's just too much privacy i believe, although i always prefer Decenterlized over Centerlized

CONCLUSION You can Purchase a Hardware wallet to store your Fund or You can create a Multi sign request but Just Remember nothing is safe if you have Internet connection

[Sarah Azhari]

The thing we have to understand is that there is no perfect system, after time there will be gaps and gaps will be found and the program will automatically fix it, we should never be surprised when someone saves assets in a wallet using mnemonic and after checking it turns out the asset is lost stolen.

It depends on what system or application you use for keeping assets. A lot of application out there is created by scammer to a traping newbie or user who doesn't know how to keep assets. The trick they use is hiding the trap, the scammer said is save, after that the scammer bringing the new user to keep the mnemonic they did create on paper. So, don't use the new application, let's use the application where many people here use it.

[vv181]

Here is the thing, it came down to the possibility percentage. You are aware of near-zero address collision as you have quoted on OP.

While on the other hand, you stated your friend works on "cyber of bank". Don't know what that means, but I suppose cyber-related security. In the latest post above, your friend mainly talked on the Metamask layer, so I bet he hasn't fully checked his full device. My point is, as I have once said, the possibility of it getting hacked due to device infiltration is way higher than an address collision. We can rule out mnemonic address generation since it is indeed safe if it is done right.