Also, is it possible that purchasing tokens from decentralized exchanges like Uniswap, Jupiter, PumpDotFun, or others, could facilitate such unauthorized access to one's wallet or just the coins related with the DEX or contract address interacted with. ?
Just the coin related that interacted with only if you allow the transaction on your wallet. Its like youre given them permission to like how much max token to be allowed to move from that signed transactions. But youll know if the contract is safe or malicious cause some wallets notify its not safe or has info commented before you signed any transactions.
What can you say about this kind of issue.
The owner of the wallet said he only used pumpdotfun and Jupiter. And he never connect his wallet to any other DEX apart from that. Means someone got his private key either buy spyware of anything?
Is it possible for someone to initiate a transaction from their wallet to transfer funds out of another wallet, without having access to the private key or seed phrase associated with that wallet? If so, could this unauthorized access be a result of interacting with a malicious smart contract address?
They never can do that if they don't have private keys of your wallet.
"It's your private keys, it's your bitcoins. It's not your private keys, it's not your bitcoins." This means that if hackers don't have your private keys, they can not steal your bitcoins.
They never can sign a transaction to move bitcoin from your wallet if they don't have your private keys or can not hack your device to get access to your wallet and its private key.
Bitcoin Q&A: Not your Keys, Not your CoinsOnly for Bitcoin network or every other network. Since you are mentioning only Bitcoin But I mentioned SOL and Ethereum.
They never can do that if they don't have private keys of your wallet.
I think they can when the victim happened to be lured on a malicious website so that their smart contract can do the stealing while running their program.
metamask had warn users on this case anyway.
https://support.metamask.io/privacy-and-security/staying-safe-in-web3/fake-mining-voucher-scams/Maybe for bitcoin it isnt. But surely OP is probably talking about altcoins or metamask wallet containing alts not bitcoin by his word "malicious smart contract" which happened not present on bitcoin. Also based on his mentioned project like pumpdotfun (solana) and uniswap (eth network).
Thank you so much
cryptoaddictchie . I was talking about sol and Ethereum networks..
For what metamask said, seems we can get hacked with malicious websites and contract addresses. That's a reason why they ask us to revoke our wallet access frequently.
For many reasons this post should be on the Altcoins section of the forum. Bitcoin or altcoins, ideally if you are using a standard wallet where you are literally the only one who has access to the keys, it's not possible for anyone to initiate a transaction from their wallet transferring funds from another person's. If they don't have the keys, they cannot do that. Most reason why you see stories of wallet hacks is because of malicious links, keyloggers, connecting of wallet to unknown sites,installing Trojans and not keeping your keys offline. These few mistakes are what crypto holders make that put their funds at risk and it may be due to lack of information on how to avoid hack or ignorance(they don't believe they can be hacked until it happens).
I Posted it here because Beginner's can probably learn from pros. I know there will be lots of opinions that will make people understand different ways of getting hacked which I also need to know cos I also don't really know much..
Also, thanks for the tips you have valid points and I think if someone can stay away from all you've stated, they will be safe.
This means that if hackers don't have your private keys, they can not steal your bitcoins.
There is another way to make it happen with no seeds/private keys is to get access to the victims device which let them to execute any command they want remotely if the device is connected to the internet.
One of the most common methods is
Remote Access Trojan (RAT), that often bundled with the software the users download from unofficial sites such as cracked versions, once that infects a device which gives complete control of your device to the hacker and the worst part is you can't even find it happened.
They can access your camera, files, microphone, and any application and even go deep down to manipulate the devices' hardware.
Hmmmm. What?
I had to delete some apps on my phone after seeing this. I downloaded a testing app from playstore last month to help a DEV test thier app. Although, I didn't give the app any access. I only play games in it..
Will try make more research on this Remote Access Trojan. Thank you
Also, is it possible that purchasing tokens from decentralized exchanges like Uniswap, Jupiter, PumpDotFun, or others, could facilitate such unauthorized access to one's wallet or just the coins related with the DEX or contract address interacted with. ?
From how I have dissected this scenario, I think it's not about the platforms security and what not tbh.. afaik a compromise usually happens from users side (devices ) and this could mean browser might have been compromised giving the hacker the unauthorised access or keyloggers were used to get access to the said platform's which technically makes unauthorized access possible...which is why we need a clean system or dedicated device for such transactions to avoid malicious programs from being harboured or installed on our devices...I mean you never know you could click the wrong link or open the wrong file and access is granted without you knowing..
Your reply makes me feel like nothing is really safe on the internet. Even incognito mode might not be safe. You mean some DApp, platform or Browser might not be secured enough making hackers find a way to malicious compromise users behaviour and get them expose some private information. That's strong.
But thank you for this. I learn another new thing as I've been learning here so far.
