/biz/ - Business & Finance

>>28846599

Yeah metamask had a major security issue last week, I moved my stuff offline just in time

>>28846599
Yeah, I've lost ten thousand dollars when my UNI airdrop was stolen from me in Metamask.
I've realized to never EVER stick to one wallet. Dispose and change it regularly. Or uniornically CEXes like Binance are safer.

>>28846698
>>28846717
Thanks for letting me know guys, I'm glad I left almost all my shit on an offline wallet.

Weak FUD.

>>28846599
Just be poor lol

>>28846599
making shitty trades and stolen ETH aren't exactly the same.

>>28848154
I'm serious unfortunately, it was only like 50$ worth of eth but still I'm spooked about how the fuck it happened. I did have an encrypted copy of the key on my computer so Im guessing it was keylogger+trojan or rat?

>>28848247
Also, the most perplexing part is how they were able to mask the transaction in metamask, there was no record of the transaction anywhere other than ethscanner.

Imagine being so retarded that you install the wrong extension, get a keylogger or visit some phishing site. It's your own fault, stop blaming the extension.
>>28846698
No it did not. Post proof or fuck off. There was a very specific issue some weeks ago when adding a custom network without specifying a chain ID. And I bet you don't even know how to do that, so you probably have not been affected by that.

>>28846599
>bamboo swap
Wtf is even that.

>>28848297
>there was no record of the transaction anywhere other than ethscanner
Can you share?

>>28846599
isn’t it interesting that these “metmask compromised“ slide threads only happened during the massive roiling mumu market?

>>28849526
Im not gonna drop my public key here, but there is transactions logged going from my key to a burner key on scanner but nothing on metamask. I don't really care if it was some sketchy site i connected my wallet to that stole my funds, Im just worried this is a RAT or keylogger. I did enter my seed phrase on this computer about 2 weeks ago since I was transferring an old metamask account, a keylogger could've easily picked that up.

>>28846717
>I've realized to never EVER stick to one wallet.
That doesn't really mean anything, you just need your private key - no wallet at all. I suppose you're saying distribute your funds in on different addresses and access them with different apps?

I don't know, I'd just use Bitcoin as store of value and be cold about it

I don't understand how you can be desperate enough to use this sketchy shit.

>>28849695
>has probably priv key leaked
>not gonna share pub key
>PUBLIC key
Man... anyway, learn the basics and better luck next time.
Do it on separate device, etc.

>>28848247
Who would pay the gas to move your penny's worth of eth? You may have somehow profited from this...

>>28849822
Haha I don't like any identifying information of any kind being online. Yeah, I'm definitely not going to use this computer for crypto again.

>>28849921
It was only around 10$ of gas for about 50ish worth of eth, so they did make a little bit at least

>>28850056
You can have infected router ofc. There are multiple options.

>>28846599
dont store keys digitally dummy

More likely something you clicked on IMO

>>28846599
chances are you haven't been keeping your wallets very clean.
this is what privacy tools like suter shield are for. just use it. suter

>>28849575
if you're suggesting coordinated fud, occam's razor applies. it's more likely bull markets encourage more retards to chase increasingly dumb shitcoins and fall for scams
all retards share two characteristics, inability to accept responsibility and anger at their intelligence being questioned. so they will always blame some convenient externality for whatever they did wrong
these threads feel organic to me. perhaps a tinge of meme at worst, but not organized fud

If you were hacked, this would most likely be due to a few possible reasons:

1- Your computer has been compromised with (malware/spyware) and you stored your private information on your computer.
2- You have visited a malicious phishing website that stole your information.

3- You gave your private key or seed phrase to someone or a site.

4- You gave a web3 site / smart contract unlimited access to your funds (check who you gave access to and revoke here: https://tac.dappstar.io/#/))

5- You installed a fake MetaMask extension that stole your funds.

Try to analyze your browser history and scan your computer to eliminate any further breach of information. If you discover any suspicious phishing websites please notify us via the Metamask Support Form so we can prevent this from happening to other users in the future. If you have any further information after your own investigation please let us know.

>>28851705
lol

>>28851705
Thanks for the info, its really helpful

>>28851705
Is this pasta or bait?

>>28851705
I thought the giving Web3 access thing was a meme.

Do I really need to revoke all the connected sites?

>>28851705
>notify us via the Metamask Support Form

LOL surely MM support doesn't just browse /biz/ looking for FUD? Did you copy paste this from somewhere?

Either way OP, MM isn't comprised but possibly your computer is if you truly lost funds.

>>28849822
he's obviously larping it should be obvious to you after that

>>28851930
no this is directly from the metamask support site:

https://metamask.zendesk.com/hc/en-us/articles/360052511372-I-ve-been-Hacked-Scammed-Unauthorized-transactions-on-my-Account-

just check the sites/contracts you gave access to, probably used a rug and they're exploiting you now.

>>28852139
Is this seriously possible?

>all this FUDing

kek, there is literally no risk unless you are retarded enough to get a virus on your PC

someone isnt gonna magially get your seed phrase or password cause you went on some website

i literally sit in starbucks on public wifi with $500k in my MM displayed on the screen, seed phrase written down on a scrap of paper next to me

ive even left it all out on the table while going to the toilet and never had a problem, normies dont even know how to work it and anyone who does is some hacker guy who will only be able to do anything if you get a virus like a retard

>>28852840
>>28852139
If this is possible I'm getting my shit off metamask asap

I dunno bros I'm just scared that if I do order a Trezor it gets intercepted or swapped in delivery and I end up putting funds in a compromised wallet

>>28853044
and then there was the addresses data leak recently. Not comfortable giving a physical delivery address

whereas with metamask as long as I use a clean laptop just for crypto and no shady shit, I think it should be fine

>>28852957
Why would you carry your seed phrase around with you? 500k and you can’t memorize 12 words? Wtf

>>28852964
getting stuff out of metamask will not help, it's an approval() issue and tied to your address
approvals are set to be unlimited by default for convenience, in both quantity and length. this means it's trivial for clever coders to hide some function in the concerned smart contracts to siphon your funds months after the fact
in metamask, there's actually a normalfag-friendly UI letting you specify a given approval amount when you are first asked to approve a token
there's also random websites letting you see all the approvals you've allowed in the past, and eventually revoke them

>>28853214
assume everything posted on this board is false, anon.

>>28852957
>i literally sit in starbucks on public wifi with $500k in my MM displayed on the screen, seed phrase written down on a scrap of paper next to me
wtf lol

>>28852840
>>28852964

YES, do you even read? Permission to spend your ETH, DAI, LINK.

go to https://debank.com and go to approval tab and see what you have at risk from which sources.

>>28852840
>Is this seriously possible?
yes.

>>28853214
It’s not safe to just memorise it. If it’s something you don’t use all the time it’s possible to forget it and then you’re fucked.

>not having crypto insurance for like $5/month

lol

>>28849695
>did enter my seed phrase on this computer about 2 weeks ago
This is why, dont fucking do that. You had a keylogger most likely

>>28853498
How and where please kind sir?

>>28850536
It wasn't my fault and fuck you for implying that I'm stupid

Also get a fucking hardwallet you stupid fucks. It cost like $70, less than gas fees ffs

>>28852139
HOW ANON HOW
WHAT SITE DO I GO TO

>>28853044
You really think this shit is going to happen. Has this ever fucking happened.

>>28853675
see
>>28853044
>>28853136

>>28853686
>HOW
https://tac.dappstar.io/#/


>use a hardware wallet with metamask. even if your pc is filled to the brim with malware you'll be safe. use a trezor as your "hotwallet" with metamask, mycrypto and/or exodus.

>transfer longterm holds to another hardware wallet. i usually only hold about 5% of my total networth on metamask/hotwallet

>secure your seedphrase with a metalbackup - diy (https://safu.ninja/)) or https://cryptotag.io/ or https://privacypros.io/products/the-billfodl/ or https://cryptosteel.com/

>consider shamir backup https://bitcoin-takeover.com/how-and-why-to-set-up-a-shamir-backup-trezor-model-t/

>secure your pc to be absolutely safe. i am using avira (free), spybot (free), malwarebytes (free) and ccleaner (free). last time i did a fresh windows install was in 2016.

>don't download shit just to try it out, use a virtual machine for that (virtualbox, free)

>>28853800
trezor deletes customer data after 90 days

>>28853780
yes, that's why there are websites to tell you how to check if your Trezor is genuine
and obviously they improve the fakes as time goes on

>>28853916
when you initialize your trezor on the website they ask you to check if all security stickers were in place iirc

>>28853675
if i use a hardware wallet with metamask my funds are safu, right?

>>28853873
If you lose your Trezor can you just buy a new one and login with same details?

>>28854004
Yes I cant see how that would make it any unsafer. Even if you have a virus on your computer its safe.

Also how come no one uses MEW anymore?

>>28846599
these fake threads are retarded

>Trezor salesmen FUDing MetaMask

Fucking clever desu

>>28853873
they didn't reply when people asked if this includes backlogs and backup database

>>28854069
Because its unsafe as fuck if your are even just a little bit retarded at time, thats why.

>>28854025
your can restore your seedphrase on any device (trezor or any other device that supports their used standards - https://wiki.trezor.io/Cryptocurrency_standards))

>>28854069
not as normie friendly as metamask
couple dns attacks and MANY malicious google ad over the years cost trust
a browser extension might not be the safest but it's somewhat safer than a website for the average user

>>28853834
>https://tac.dappstar.io/#/
most of mine are just UniswapV2Router02 - is that fine?

>>28854102
no salesman, just adding much needed security to it and you can use a ledger as well.

>>28854069
>with metamask you can access web3 and secure it with a hardware wallet

>with mew or mycrypto you can only access your funds on said hardware wallet. you can't use aave with mew e.g.

>>28854124
you can contact support and request immediate deletion of your info.

>>28852840
>>28852964
it's not possible for a malicious/insecure contract to spend your ETH, but it's 100% possible for a contract to spend your tokens if you used the "approve" function and gave the contracts permission. There's some sites to see which contracts and tokens you've approved in the past.

It's also possible for a malicious/hacked dapp to pretend like you're doing some function, but actually do another one, like sending 1000 tokens instead of 1 token, or sending to a different contract than the one you want.

It is NOT possible for a malicious site to steal your ETH or unapproved tokens. If that happens to you, your private key leaked. Any .exe you've ever clicked in your entire life on that device could have installed a custom malware that just waits for retards to install metamask and steal their keys. The only safe way to use metamask is in combination with trezor/ledger hardware wallet, which never exposes your private key.

>>28853214
well I hope you never get bonked in the head like a car accident or something

>>28854206
those are tokenbound for exchanges on uniswap

this thread is your reminder to just use a fucking hardware wallet

>>28846599
I can tell you what happened by looking at your address. Whatever Metamask says doesn't matter. Only what Etherscan is saying matters.

>>28848297
>no etherscan record
Then your coins weren’t stolen brainlet lol

>>28853834
ty fren
i will diligently apply this knowledge

>>28854503
no worries. i hope i could give you some pointers that will help you on your journey to securing your funds. :)

>>28854494
learn to read brainlet

Buy the dip, faggot
>they told again and again
Then shill this shit on /biz/
>good I have bot ocean subscription and use bots for trading and less risks on DEX

>>28854402
sorry, what does that mean exactly? ty fren for the other advice here too, will look into the hardwallets

>>28854408
fuck off ledger shill, ur fucking device is aids. I dont want some gansta in my house because u decided to keep my detail and then leak it.

How is Coinbase wallet app sirs?? Recommend? I can't do swaps on mobile with metamask

>>28854603
>hardwallet
hurr durr - hardware wallet

>>28853498
Show me this dumb or scamming fuck who's providing an insurance for individuals. Sir.

>>28854441
You know what I don't care anymore, here is the transaction, you can see 3 days and 16 hours ago they tried to move my tokens which are locked right now and did move my eth. Based off everything here I assume I got malware installed on my computer. Unfortunate.
https://etherscan.io/address/0xd2bade5f4ece4814f77b5dcb218fe273c4e223d9

>>28854693
Also I don't know why my id keeps changing, I'm not using a proxy

>>28854102
They don't need to do that shit, Slush is a honest guy.

>>28853440
I meant when he’s at Starbucks you smoothbrain. You don’t need to bring it with you every time you go out

>>28854613
ok enjoy being hacked then

>>28852840
Yes, same as a Credit card

>>28854693
Kek, they bought fucking PRQ.

>>28854370
Don’t be a retard. Obviously have a paper backup somewhere but you don’t need to carry it around with you to fucking Starbucks

>>28854909
Yeah, I guess they are ending up at 0$ anyway

>>28854967
You know what? Go to PRQ telegram and seriously ask Analtoy what can be done... Just for the lulz.

>>28846599
I've also lost 500 USD from Metamask last month. Not a FUD. As far as I know, t's really easy to inject scripts into a browser like Chrome - all you have to do is visit a bad website, let it install a plug in without your consent (sometimes it can just be disguised as as simple link), and your wallet is easily compromised.

>>28854967
And it's quite possible that someone from this place stole that.
Maybe you can remember what suspicious links you visited from here?

>>28855006
I might just have to
>>28855069
I think it's just a virus, the shit is stored locally and encrypted but if they grab your seed phrase you're fucked

>>28855157
It's probably from a porn game or something that I downloaded desu, it was only a matter of time until this happened which is why I keep almost all my shit offline

>>28855069
Metamask support doesn't really help either. I don't think any browser extension is 100% secure. As other anons have pointed out, its easy for an 'approval' or permission to be disguised as something else.

Browsing smart, keeping your mawlare up to date etc, lowers your risk hugely.

>>28849695
>Im not gonna drop my public key here,
HAHAHHAHAAH
nice one retard, kys

>>28854956
>>28854831
>not doing some trades while sipping on a frappe and checking out the local qts

Not gonna make it

>>28854603
new coins (coins that you didn't exchange with that wallet before) must be approved on uni before you're able to exchange them, same on 1inch (you can choose to unlock once or infinite unlock)

This thread is unironically about to make me transfer all my shitcoins to coinbase wallet. Even if it’s all FUD seems way safer than MetaMask

>>28851705
>You gave a web3 site / smart contract unlimited access to your funds
This is why crypto will never actually be used in the real world.

>>28854693
the fact that they left your shittokens means you probably authorized some scammey site to spend your ETH

probably that bambooswap or whatever scamshit you were going on about it in the OP. Or that hydraDX or Envion stuff, WTF is that?

>>28855069
i spent 10k on fees since i started using metamask gtfo hahaha ^^

>>28855366
OR... this has a potential for a new startup, kek.
>we are securing your funds

>>28855347
so does that expose the wallet to the risks discussed here?

>>28855351
It's really probably because I got a virus, but for any large amount you should definitely always store offline.

>>28855414
They tried to transfer my shit tokens to their burner wallet and failed though, they are locked right now and can't be transferred until later. Envion was a 2017 ico disaster, I'm sure some oldfags here remember it. This is my shitcoin risk wallet.

this thread if full of curry stinking faggots and retards. you see how many people day after day post and explain how they cant figure out fucking uniswap.

thats who gets their metamask compromised. actual retards.

>>28855451
i've been using metamask on a shitton of sites and services for quite a while now. never had any problems whatsoever.

just secure your computer and think twice before giving access to that one farming site that's super new and gets you the best yield.

it's the same with your computer. don't download shit you don't need. if you want to try shit - use a vm like virtualbox.

>>28854693
Why the fuck didn't you also lock your ETH in?

>>28855563
Also the part I can't understand is how they were able to remove the transactions from my metamask history on my PC. On my phone linked to that metamask account it shows the transactions. It's pretty wierd.

>>28846599
Did you fall for the: "Hey, connect your wallet to walletsconnect.com for it to work on this site"
fucking retard

>>28855825
What do you mean by that? I should've just transfered the eth scraps to my offline wallet after I bought the shitcoin.
>>28855952
Probably what happened, I'm hoping it was that and not a virus.

>>28855861
settings/advanced/reset

Resetting your account will clear your transaction history. This will not change the balances in your accounts or require you to re-enter your seed phrase.

usually used to remove failed transactions to reset the nonce

>>28855750
i'm only using uniswap and 2x staking websites (grt lol)

computer is fine, have all the things you mentioned here, funnily enough >>28853834

just paranoid now what fucking accesses i've given other than all those uniswap token approvals - and do those approvals have the same issue as approvals for "definitelynotascam.com"?

>>28856042
See the thing is that my older transactions are kept, only the hacker transactions were deleted. If they cleared wouldn't it remove the old transactions as well?

i just use mew lol. can key loggers even get a copy of my keystore? can malware or viruses even do that?

>>28846599
Sounds more like you tried to do a trade on a dex without enough gas. Then the trade doesn't go through, but you lose the gas

>>28856071
also connected sites =/= approvals, right? so be wary of sites that want to connect that request approval?

>>28856316
...obviously

>>28856032
>>28856153
If they wiped single logs from your transaction history, locally stored on your metamask, chances are your machine is compromised in some way. Just saying.

Which is the best cold storage then? I'm lazy in that I've kept everything on metamask but I think it's about time to get an offline wallet, though the ledger hack made me a bit weary of using that, hence why I'm asking

>>28856512
Yeah that's my guess, Ive run a bunch of different virus scans and found nothing which means it's probably some sort of custom script. I'm just gonna clean install windows I think and hope for the best.

>>28856626
just buy a new laptop and use it just for crypto, if you're storing a lot of wealth that's the safest.

>>28846599
dude its fucking metamask, i don't know if you remember all the shit back in the day with this company

>>28846599
Don't fall for this FUD. Only ACTIVE metamask addresses will be eligible for the airdrop.
It takes a quantum supercomputer to take down Metamask's cryptography.
OP wants to get a bigger piece of the pie.
He won't get it!

>>28856756
I wish I was lying to be honest, I feel like a fucking idiot. Shouldn't have downloaded those hentai games...

>>28856806
>Shouldn't have downloaded those hentai games...

>>28856516
If you want to use it with metamask for shitcoin purposes, ledger or trezor.

>>28856626
Yes. Malware works best if it's undetected by virus scans. Also Windows is not known for being very secure.
>>28856806
lmao at least run this shit in vm, you are asking for it tbqhfam

>>28856738
Yes, MM is used by people with literally millions of dollars in their fucking wallet and they choose right this poor fag and his 0.03 ETH...

>>28856903
Thanks, been looking at the ledger nano s, seems best for money wise

Suppose I use a booteable USB with a Live Linux like Tails and I only type my seed in that SO, that is completely clean, is that secure? I need something simple to make sure that my father does not get his coins stollen, he is a bit dumbass and I don't want anything bad to happen, I have to teach him something simple

>>28856903
>>28856875
Well they haven't charged my credit cards or anything else so far so I'm hoping it was just a simple script looking for metamask seed phrases. Lesson learned

>>28857054
absolutely does the trick

>>28855336
>frappe
>spending $5 on a white girl drink

>>28854004
yes because your keys are on the ledger, metamask is just an extention that lets you interact with the ether network. If you connect a hardware wallet to MM you still need the hardware wallet plugged in if you want to send funds from that adress through MM, i think you even have to confirm the actions by pressing buttons on the Ledger. There is no reason at all to keep your shitcoins anywhere other than on your ledgers adress unless you want to do quick flips on the go, you can have another all digital MM wallet for that if you must but the adress that your Ledger generated is safu no matter what.

>>28857091
Safepal looks better desu and cheaper

>>28857345
no metamask support

>>28854336
nah, I don't want my physical address out there
nty

Found something weird using tac.dappster.

Under USDT it shows permission for a random contract. Any idea what this is or means? I've set it to 0 already but it was set to unlimited. Could be that someone had access to my account or something. Im usually pretty careful desu i don't know how it could have happened.

>>28846717
>uniornically CEXes like Binance are safer
For retards like you CEXes are better.

>>28858432
that looks like my contract, kek

but yeah you should remember USDT is a centralized company, they have the ability to freeze addresses and other shit. Stay in DAI or USD Terra if you want to be in the dollar. USDC if you want a centralized company.

But USDT is a ticking bomb, everyone knows this

I bought a brand new tablet, attached a new email/account, generated keys and viewed seed phrase while offline, when I use this tablet I log in, do my trades or whatever I need to do then disconnect from internet. I never view my seed phrase and def wouldnt store it online. Idk, is this really not safe enough? I dont really fuck with any scappy dapps I just use uniswap.. I have been thinking about buying a ledger.

>>28858736
you're doing it right fren
fuck giving out your physical address to a central entity that specializes specifically in blockchain security

>>28858809
Thats what I thought. When I hear about stolen funds the common thing seems to always be some neet using his gaming pc he downloads tranny porn on using the chrome extention.

>>28846599
checked and nope, you prolly send it to the wrong adress or slip^page

>>28846599
if you don't:
>have a dedicated pc for crypto shit and nothing else
>use linux
>use hardened firefox/ tor browser
>check the sha256 digests of everything you download
>write private keys down on a physical piece of paper
>use full disk encryption
>use an open source wallet
>regularly update wallet
>regularly update operating system

You deserve what you get.

Decentralization means YOU have a stake in the network and YOU are responsible for keeping it secure. Its niggers like you who are going to re-centralize crypto because you mongoloids can't be fucked to store your shit properly.

is the mobile version (android - ios) safer than the chrome extension?

>>28859614
I think its easier to dedicate an unused tablet or phone and would say its safer only because you're less likely to download other shit on it. What I am wondering is how doing what I am doing is any more dangerous than a ledger when I generated my keys offline and will never view then again. It might be good for someone using their regular pc that they download shit on

>>28859614
Also from my understanding the apps are not a chrome extention but completely seperate with their own browser. I could be wrong maybe another anon will correct me/ tell me why I'm retarded

>>28846717
CEXes constantly steal your crypto via """"hacks"""", or when they pretend they're overwhelmed by traffic and halt trading while their market makers and whales are allowed to trade.

>>28860035
true

I use Metamask, MEW and have shit on exchanges, idgaf kek.

>>28854613
There are other hardware wallets than ledger & it was Salesforce that fucked over Ledger and their customers. Retard.

>>28859832
>What I am wondering is how doing what I am doing is any more dangerous than a ledger when I generated my keys offline and will never view then again
Your tablet will still store and decrypt your keys to sign transactions. In case your tablet gets compromised, they could be stolen. A real cold wallet (ledger) has your keys always offline and never connected to any live system. Transactions are signed on device in secure element and there is physically no way, your keys could be exposed.
Your solution is still 1000x smarter and more secure than keeping your shit on metamask and running sketchy hentai games on the same machine lol

>>28853834
>>28854503
>secure your pc to be absolutely safe. i am using avira (free), spybot (free), malwarebytes (free) and ccleaner (free). last time i did a fresh windows install was in 2016.
those are all fucking botnet AND malware including winshit. even paid antivirus are shit.
if you want your OS to be truly secure install a linux based OS (or a bsd if you're anal about systemd) and just use common sense.
furthermore you'll want to look at cubeos, tail or similar that you boot from a flash drive with no data retention.
and keep your data encrypted with veractypt or luks / dm-crypt.
but in no situation let any proprietary software routinely scan your whole installation. this include anti-cheats in gaymes

>>28862293
and if you want to go on shizo / glowing territory do all this on a corebooted thinkpad or machine no younger than 2006.

>>28862293
>>28862782
...or just use a hw wallet on your hentai game infested machine with no risk and actually cold storage