Pages:
Author

Topic: A bad practice that cost a friend everything. (Read 326 times)

legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
October 31, 2023, 02:59:14 AM
#35
...then I stumbled on his recovery seed been screenshot, that was when I knew he messed up.
That's it! I think it's laziness that makes people do that. Laziness of copying it out. They rather be on the fast lane and screenshot it. This same thing happened yesterday while I was trying to set up a wallet for someone I advised to buy and hodl for the bull rally. The dude made a screenshot of his passphrase and I condemned that wallet. I always advise people not to be hasty when it comes to anything finance, whether online or offline. It's this hastiness that scammers rely on to hit their targets. Extra five minutes for writing the PP out wouldn't have killed your friend and his funds would've been intact.

Quote
This is new to me, but let's take this serious, some stupid crypto wallets still allow taking screenshots, it's wrong, this should be a RED FLAG when installing a crypto wallet on your phone, and as for you and everyone it's a stupid idea to take screenshot of your recovery seed.
Well, I don't know if the screenshot thing is enabled from start before the wallet is properly set up but I know there's an option to enable or disable that on a few of the wallets I've used. Away from the screenshots of PP, what about for tutorials to show the point of what one is doing as a guide to mentee so they can easily follow up? I don't think the blame should be on the use of screenshot on wallet apps (I like having it), we should blame the user who administered it wrongly. Like they say, before you blame the hawk for wickedness you must first scold the mother hen for exposing her chicks to danger.
hero member
Activity: 1246
Merit: 699
Now I am starting to believe that some app creators are intentionally creating useful apps for people to use only to gain access into their files and pictures, this is why when apps ask for some access on my phone I always block them.
I didn't think that something like that and what many people usually do (I think) could have such a bad impact. I also often access my wallet via smartphone. but I use a different smartphone than what I use every day for my activities. so I have a smartphone that I only use to access wallets and exchanges. there are no social media or other additional applications.

I don't know if it will prevent me from being hacked. but from the cases you shared, it seems like almost everyone does it. permits some apps to enter your contact list and even their pictures. I'm sure not all application developers have bad intentions, but what has happened like that, clearly gives us experience and knowledge. thank you for sharing it.
hero member
Activity: 3178
Merit: 661
Live with peace and enjoy life!
Thats probably what happened there. Some apps really are suspicious no matter how helpful it is. If this proven true, will the developer of the app held liable for the stolen eth? Maybe they will say its an assumption since there is no evidence from the one who got loss unless he ca prove the app functionality that it can access the phones images.
Surely they will deny that accusation since no criminal will ever admit their crime committed. And I think the owner of the wallet is more liable of that because he’s never cautious of what he’s been doing to the extent of he’s the one making things easier for the thief to steal his ethereum. This might be very upsetting on his part but at least he learned his big lesson now.

This is why I don’t easily agree with  some apps that require access to your phone. It’s obvious that it’s for their own advantage why they are doing that and definitely not for our own safety. Every time it happens on me, I just cancel it immediately. Otherwise, they will have another target to victimized.
full member
Activity: 462
Merit: 117
Possibly the developer must have done that to him but how could he have screenshot his phrase and got it stored on his phone. That was a silly mistake head though.

I remembered some weeks ago I was discussing with my friend and we were talking about phone apps  and their security features because I just bought her a new phone and I had to tell her to disable all connectios between the apps she would download and she argued over it so I had to explain things to her that was when she understood what I really meant. I will send her this thread to read as well to see the reasons why I told her to not grant access any app to get access to her phone.

If your friend has written to binance, I believe he would get positive results from them. Only what I would advise hi tidonis tone patient with them. Since the hacker has done his kyc with them, they must know who he is to getting more facts for the case at hand
hero member
Activity: 714
Merit: 521
DGbet.fun - Crypto Sportsbook
Some people don't know how to manage the security to the wallet, they did some nasty acts thinking it's nothing without knowing those are the kind of weakness that the scammers are looking around for to see coming from us, when a user does not know how to perfectly secure his wallet seeds that will prevent any third party from knowing or seing it, all he could do was to make a screenshot of the private keys forgetting that anyone can have access to their own mobile device used while they have forgotten there's a screenshot of their seed phrase on the device.
sr. member
Activity: 686
Merit: 398
This is new to me, but let's take this serious, some stupid crypto wallets still allow taking screenshots, it's wrong, this should be a RED FLAG when installing a crypto wallet on your phone, and as for you and everyone it's a stupid idea to take screenshot of your recovery seed.

Most crypto wallets don't allow the taken screenshot option again; they disabled it long ago, and some of them have the option for you to enable it, but that's not the case here. The thing is with the person who uses the app to create a wallet or import his or her seed phrase.
 
If the app doesn't allow for screenshots, most people still make use of a second phone to take a picture of the phrase, which not taking screenshots can't solve. It's about individual decisions. Most people are just too lazy to want everything to be done too easily when what's only required to be safe is to do some extra work by writing them down and making sure they're kept in a safe place in at least two different locations.
 
I feel sorry for your friend. After all the lessons, it still appears that he falls under the category of people who like learning the hard way, so since he experiences this loss, he will never make such a mistake again. Let's hope Binance can do something about it, but the refunding of those stolen funds is not guaranteed.
hero member
Activity: 1484
Merit: 928
A friend lost all his Ethereum and tokens two days ago and it came to my attention, this is someone who I shared some tips about crypto wallets with some past months ago, I made sure he generate the new wallet offline and he wrote his recovery seed down, though I was not there with him, we are having the conversation online.
Whenever I am teaching anyone about crypto, I don’t like doing it online. I always prefer seeing the person physically because I know they will end up messing everything up, so to avoid unnecessary complains, I do ask them to visit me, or when I am free, I can just visit them to guide them on the necessary things they should do.

then I stumbled on his recovery seed been screenshot, that was when I knew he messed up.
One of the mistakes newbies make is always taking screenshots of their private key and keeping it on their phone. It also once happened to me when I was new. I believed the easiest place to secure my private key was on my phone, so I made a screenshot then and left it on my phone. Actually, I wasn’t hacked, but after doing more research, I discovered that leaving a private key on a phone is really a wrong idea. Anyone can collect your phone and decide to go through your gallery, they might end up stealing your private key and sending out all your coins.

He have some picture apps on his phone for meme creations and picture filtering apps, one of this apps have access to his library, including all his photos, and I believe the app scooped the image screenshot, maybe the developer of the app happen to stumble on the picture and decide to steal the fund.
It may not be a developer, someone might just collect the phone and stolen the private key from it, it might even be someone close to him, maybe a friend, and it might also be a developer of one of the apps that has access to it. No one can say because there are lots of phishing apps. That’s why we have to be careful with the apps we are downloading and don’t always keep sensitive information on our phone.

The funds were moved to Binance exchange and sold, we are now hoping that Binance help in this case because he filed complain to them and hopefully the scammer already KYCed on Binance exchange.
Before you can make use of Binance, you have to complete your KYC first. But I haven’t lodged a complaint like this before with Binance, so I don’t know how they are going to handle it. But how sure are you that the person didn’t use someone’s Binance? Since you have reported to Binance, just wait and see the response that Binance will give. I will like you to share the response you received from Binance here.
sr. member
Activity: 938
Merit: 334
DGbet.fun - Crypto Sportsbook
How it's possible in the first place? few months ago I tried to take a screenshot of my wallet's back up, but I can't and received a warning message. Although there are a lot wallets out there and not every wallet have a same security.
This is possible in some wallets, I know you can actually do this using trust wallet but it's not possible on electrum wallet.

Remember it's not only about screenshot, it also depends on how many apps you installed, downloaded file you run in the background, etc etc.
When you want to generate a seed phrase, there's always a warning message to write it down on a piece of paper. Some people don't take their wallet security seriously until something bad happens. The picture app his friend installed on his phone had an infostealer malware and an example is CherryBlos, this malware can scan photos and extract written text on it. When he granted the app access to his gallery, the malware was able to read the text on the screenshot and stole the seed phrase.
I think it depends on the smartphone we use, look at what @Stopmix said on his reply, he was able to take screenshot of his recovery seed using Electrum wallet and you aren't able to do the same with the same crypto wallet, I think the phone we are using plays a part too, anyway, I might have lost my recovery seed in the same manner too, because I still couldn't find the reason behind the lost of my assets to hack some years ago, but I can remember perfectly that I like taking screenshot of recovery seeds, I was stupid it seems, but I don't do such anymore, something inside me just believe its wrong, but thanks for sharing this story OP.

After doing some research online I found out that so many people have lost their assets and even money in their bank account due to taking screen shots, like seriously I don't even know what's save and what's not save to do online anymore, it feels like things are just getting even more worse than they used to..

It's safe to take screenshots for personal use but when it comes to financial value you will likely get in trouble taking screenshots of vital information, like passwords, numbers, bank details, home address, BVN etc, screenshots can pose a sever threat to your privacy, I have heard about how unsafe machine sharing software are if you are a fan, other parties can capture your screenshots without you knowing,
legendary
Activity: 2576
Merit: 1043
Need a Marketing Manager? |Telegram ID- @LT_Mouse
It must have been very tedious for a hacker to scan one by one all the images he come across and look into them. He sure expects to find one after all if the app is crypto related he sure will find someone who owns some crypto and installs it.
~
I don't know if what does the "APP" that the OP said is, but if it's an app that's related to crypto, I believe it's expected that the developers will try, and dig those pictures on the phone especially if the owner let them have access to his files, but if it's not a crypto-related app, I believe it's only a mere coincidence, and the person who saw that picture happens to have a bit of a knowledge in cryptocurrency.

Nevertheless, the moral lesson here is don't save whatever phrases you have in your phone. I didn't do this ever since, and I only store it in my drawer, and other places. I'm not saving it online because it wasn't safe at all, and it never has.

Anyway, I guess your friend learned a very expensive lesson like what others are experiencing as well.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
Now I am starting to believe that some app creators are intentionally creating useful apps for people to use only to gain access into their files and pictures, this is why when apps ask for some access on my phone I always block them.

This is new to me, but let's take this serious, some stupid crypto wallets still allow taking screenshots, it's wrong, this should be a RED FLAG when installing a crypto wallet on your phone, and as for you and everyone it's a stupid idea to take screenshot of your recovery seed.

Do not be like those average users, take your wallet security very seriously like your life depends on it.
While the scammers and phishers are using websites to take the seeds and private keys of the victims that they can. It's likely that these apps can also scan out the images on someone's smartphone when most of the time, we just tend to agree and check all the conditions given to them so that we can download the app. It's not a good idea to have screenshots, saved in cloud, email and any other devices where our seeds can be  exposed to anyone. On this case that you have already asked for Binance's cooperation, although the funds are likely withdrawn already but the details that they can provide to you and your friend can help you if you want to pursue it.

Stop taking screenshot of your recovery seeds, it's basically you storing it online for someone else to see.
Don't be lazy on how you keep your recovery seeds properly by simply writing it down with many backups but not with screenshots.
hero member
Activity: 2926
Merit: 657
No dream is too big and no dreamer is too small
 Whatever you store on your phone will not be safe always most especially if you happen to download apps that require access to your phone. When you see that, always cancel your downloading as it will never safe for you most especially on the files that you have stored in your phone. And cases like seed phrase or passwords to any of your personal account, you don't need to take a screenshot but write it down on your notes and keep it privately like you're the only one who knows it. Its better to keep it safe than feel sorry in the end.

Furthermore, whatever details in your wallet, do not make it compromise through creating an access with any of your social media account. Note that social media is the playground of scammers, so you better stay away from social media using the info in your wallet or you get rid from being involved in social media because it will never give you an edge over your privacy.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
There are also some apps that we need and when we download them through playstore then it is ok.
Downloading something through Playstore doesn't mean that it is safe, there are a lot of fake and shady applications you can download through Playstore. If you want to download a wallet, do so through the original website; and finally do not use your wallet in a device that you use to carry out all of your online activities, get a hardware wallet so that your wallet will be offline and safe.
sr. member
Activity: 1622
Merit: 270
Undeads.com - P2E Runner Game

Now I am starting to believe that some app creators are intentionally creating useful apps for people to use only to gain access into their files and pictures, this is why when apps ask for some access on my phone I always block them.

There are also some apps that we need and when we download them through playstore then it is ok. But if we directly download an app from Google on a mobile phone because it is not available in the Play Store. Then it is necessary to download it from the Google link and we have also to permit our phone. Is it a scam? Or what we should do then if there is only one way to download the app and if we don't permit them we can't download it?

One of my friend's wallets has been hacked because he was always downloading things from Google the same thing was present in the Play Store I don't understand if they had created a website how easy they have to hack someone's mobile phone and their videos and files etc.
sr. member
Activity: 658
Merit: 441
How it's possible in the first place? few months ago I tried to take a screenshot of my wallet's back up, but I can't and received a warning message. Although there are a lot wallets out there and not every wallet have a same security.
This is possible in some wallets, I know you can actually do this using trust wallet but it's not possible on electrum wallet.

Remember it's not only about screenshot, it also depends on how many apps you installed, downloaded file you run in the background, etc etc.
When you want to generate a seed phrase, there's always a warning message to write it down on a piece of paper. Some people don't take their wallet security seriously until something bad happens. The picture app his friend installed on his phone had an infostealer malware and an example is CherryBlos, this malware can scan photos and extract written text on it. When he granted the app access to his gallery, the malware was able to read the text on the screenshot and stole the seed phrase.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
He have some picture apps on his phone for meme creations and picture filtering apps, one of this apps have access to his library, including all his photos, and I believe the app scooped the image screenshot, maybe the developer of the app happen to stumble on the picture and decide to steal the fund.

Let's see
- a developer going through millions of pictures of the users of his app, and all this data traffic is not getting picked by anyone
- your friend by mistake when selecting pictures posting the pic with the seed also on some website
- your friend by mistake sending that picture to somebody instead of other picture

I would place my bets like 49.9% on each of the last two and 0.2% on the first one!

How it's possible in the first place? few months ago I tried to take a screenshot of my wallet's back up, but I can't and received a warning message. Although there are a lot wallets out there and not every wallet have a same security.

It depends on what wallet you use, I can't take a screenshot of my PIN cards or CVV number when displayed in the bank app but I can easily take a screenshot while generating a seed in Electrum.

hero member
Activity: 3038
Merit: 617
It must have been very tedious for a hacker to scan one by one all the images he come across and look into them. He sure expects to find one after all if the app is crypto related he sure will find someone who owns some crypto and installs it.

There are apps that you can't really avoid allowing to have access to your storage. I'm wondering if the hacker can get around when you only allow "while in use" ?
legendary
Activity: 1596
Merit: 1288
A friend lost all his Ethereum and tokens two days ago and it came to my attention, this is someone who I shared some tips about crypto wallets with some past months ago, I made sure he generate the new wallet offline and he wrote his recovery seed down, though I was not there with him, we are having the conversation online.

Being Offline by cutting off internet is not clod storage. If you turned off the Internet when you created the wallet and then restarted it and used the wallet normally, you are still at risk. If the hacker gains access to root privileges, he will be able to spend from your wallet.

So I was like how the hell he managed to lost his recovery seed to hackers or scammers, he started swearing that he is damn sure he did nothing wrong, and we meet today, looking into his phone and my mind was on the phone, thinking maybe he rooted the phone or something, then I stumbled on his recovery seed been screenshot, that was when I knew he messed up.

What phone wallet allows you to take a screenshot of seeds? Taking pictures of the seeds or saving them digitally means that there is a weak point that hackers will be able to access if they reach your phone, which will benefit you in this case if you generate an offline wallet.
hero member
Activity: 3038
Merit: 634
Possible also that a friend of a friend has borrowed and taken a look at his phone and borrowed it and browsed through his galleries and saw that screenshot of his seeds and taken a photo of it or wrote it down.

But if it's with the app, it's also possible as they get the log of their users and that's possible for the devs to see it.

It has never been safe to take a screenshot of our seeds. I was a naive when I've done this before but realized it that it's not an ideal way of keeping your wallet.
legendary
Activity: 2268
Merit: 1655
To the Moon
...He have some picture apps on his phone for meme creations and picture filtering apps, one of this apps have access to his library, including all his photos, and I believe the app scooped the image screenshot, maybe the developer of the app happen to stumble on the picture and decide to steal the fund...

I hope your friend didn't keep nude photos on his phone) Otherwise, the problems are just beginning for him, and perhaps soon these photos will become public when they are posted on a thematic service. A smartphone is not a place where we can keep our secrets.
legendary
Activity: 2758
Merit: 6830
On iOS at least you have the option to select which photos you want to share with the app, it doesn't share the entire photo library by default. Same thing with your clipboard, where you need to explicitly permit the app to access your clipboard every time it needs it (to make pasting stuff easier, etc). Not sure about Android, but I'm sure there may be a (rooted) option to make something like this? Using a custom rom, etc...

People trash talk Apple all the time, but this stuff is smart.
Pages:
Jump to: