Topic: Don't keep connected your wallet to a Dapps for a long time. (Read 318 times)
Be careful out there with your wallets. I wish i knew this earlier, i left my wallet connected to this fake website and my balance was gone before i knew it. I reached out to their customer support but got no response so i spoke to a tech friend about it, he recommended team of hackers (the vaultech team) who facilitated the recovery of my ETH. Do not click any link sent to you, do not connect your wallet to websites that are not legit. There are too much strategic scams out there. If you have lost your crypto in any way, report your case to vaultechservices @ protonmail . com for a possible recovery before its too late.
usually before we connect we need to read how the dapps work usually just look at the wallet address and some that I think are safe, maybe if we connect and are asked to enter the private key it may be a different story, it is also impossible for the connected metamask to show the private key because every process connected and transactions require manual signatures so it is very difficult for thieves to see our private keys, make sure we really access the site correctly and when doing a signature need to read what needs to be approved before signing, so if this is the case the thief can see the key Personally, of course, many wallets have lost their coins
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Disconnect only is not enough for your wallet safety because third party platform have been connected in your wallet need to revoke to cut with all connecting before, usually I don't use main wallet connecting with new airdrop project or some spent all my fund to main wallet don't use for connecting with 3rd party platform. Last time I connected with new 3rd party site and have domain xyz seem not trusted, but give worth reward trough old wallet used active on trade several dapp exchange, after claiming reward revoke with this connecting and later disconnect in metamask setting site. 
in my personal experience in terms of connecting wallets with various sites or Dapps have never experienced any hacking until now. and I have never disconnected from any Dapp I once connected. so in your friend's case I don't think it's because of the wallet's relationship with one of the Dapps but it's purely your friend's fault. because hackers set traps wherever they think they can take someone else's wallet.
There is no technical conclusive proof about the stories, whether it is caused by the user's negligence or simply because of a hack. But wallet condition affects how an attacker could access your funds, in this case, a hack that might be caused by token approval is still possible. As I have said before in this thread, there is a difference about disconnecting the wallet.
In fact, it is the reason why there exists a platform that checks users' smart contract allowances/token approval, it could be used for mitigation or as a self assessment of user risk.
Often we need to connect wallet third-party sites for various reasons. We should always ignore connecting our wallet to an unknown and unsafe site. That's how your wallet would be drained. One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets. Hackers took this advantage and take control of full wallets. So funds have been drained from all the addresses. Metamask doesn't disclose which Dapps and how happened.
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
in my personal experience in terms of connecting wallets with various sites or Dapps have never experienced any hacking until now. and I have never disconnected from any Dapp I once connected. so in your friend's case I don't think it's because of the wallet's relationship with one of the Dapps but it's purely your friend's fault. because hackers set traps wherever they think they can take someone else's wallet.
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
This is valuable information for newcomers. Also note that you should never forget to check all the details before authorizing any transaction in your Metamask. Also note that an incoming transaction to your Metamask address does not require any action. After using Metamask, I always disable connected Dapps under "Connected Sites".
September 22, 2022, 03:53:00 PM
It does make sense, allowing these Dapps to access our wallet and enable them to do transfers can possibly be exploited by hackers. Maybe your friend @OP has his wallet connected to a Dapps that has some nefarious-minded developer or somewhere in between the connections, a hacker gain access through authorizing their connections.
This is a good reminder to us that we shouldn't leave our connection open to any Dapps out there and have the practice of locking the wallet after usage.
This is a good reminder to us that we shouldn't leave our connection open to any Dapps out there and have the practice of locking the wallet after usage.
September 22, 2022, 03:37:50 PM
That is so true, most of these dapps will connect our wallet to are not secured enough to protect our wallet, so am in agreement with always disconnect our wallet from any dapp site immediately we are done with transaction.
And also it is important to have separate wallet for airdrop and giveaways because most of them are the reason users get hacked, if anyone must participate in this airdrops, it is better to use a different wallet from amin wallet that don't hold much funds. Better to be safe than be sorry.
And also it is important to have separate wallet for airdrop and giveaways because most of them are the reason users get hacked, if anyone must participate in this airdrops, it is better to use a different wallet from amin wallet that don't hold much funds. Better to be safe than be sorry.
September 22, 2022, 03:26:50 PM
I had this trouble before, there was a period where I was too much interested in defi projects and I was part of too many of them, lesson learned of course and I did not after a while but lost a good chunk there.
During that time I was interested in so many of them and connected so many of them (even ones I didn't invested into) that after a while I got a warning that someone tried funny stff with my address, eventually I used unrekt to make sure that I do not have any connection to any defi or actually anything that I wasn't using constantly. After I removed them, the warnings stopped and to be fair I do not have any money left on my metamask neither.
During that time I was interested in so many of them and connected so many of them (even ones I didn't invested into) that after a while I got a warning that someone tried funny stff with my address, eventually I used unrekt to make sure that I do not have any connection to any defi or actually anything that I wasn't using constantly. After I removed them, the warnings stopped and to be fair I do not have any money left on my metamask neither.
copper member
Activity: 2758
Merit: 1163
Leading Crypto Sports Betting & Casino Platform
September 22, 2022, 07:36:03 AM
I don't see the dapps wallet connection as a threat to wallets. I have connected my wallet to dapps wallet on several occasions, and am yet to see or hear such a thing happen. Although sh*t does happen in crypto when we less expect it.
In other words, for you to be on the safe side, create a new wallet or use a preferable wallet that doesn't have any funds inside to connect to the dapps wallet.
In other words, for you to be on the safe side, create a new wallet or use a preferable wallet that doesn't have any funds inside to connect to the dapps wallet.
The dapps itself is the one being dangerous and not the length of connection because your will be safe even if you connect for a long time if the dapps itself is trusted and doesn’t experience any security breached.
Hacker can only exploit all connected wallet if they have access on the dapps itself which is the same scenario on what happened before on DeFi hacks but in general connecting on trusted dapps will not gonna harm your balance inside your wallet. You are lucky that you didn’t have any experience connecting your wallet on shady website.
September 22, 2022, 07:21:20 AM
I am not sure if it's Chrome or Metamask who have the feature of logging it out automatically once the browser is closed or if you are not making any transactions for hours.
Honestly, I was a bit irritated by logging in every time I open my computer but it was a good security measure made by them.
I haven't tried logging in yet with a Dapp.
Was the experience of your friend from a stand-alone application that is being installed on the computer?
Honestly, I was a bit irritated by logging in every time I open my computer but it was a good security measure made by them.
I haven't tried logging in yet with a Dapp.
Was the experience of your friend from a stand-alone application that is being installed on the computer?
September 22, 2022, 07:07:51 AM
I don't see the dapps wallet connection as a threat to wallets. I have connected my wallet to dapps wallet on several occasions, and am yet to see or hear such a thing happen. Although sh*t does happen in crypto when we less expect it.
In other words, for you to be on the safe side, create a new wallet or use a preferable wallet that doesn't have any funds inside to connect to the dapps wallet.
In other words, for you to be on the safe side, create a new wallet or use a preferable wallet that doesn't have any funds inside to connect to the dapps wallet.
September 22, 2022, 12:29:04 AM
there is app to revoke connected sites app.unrekt.net
the hacker nowadays is getting smart so we need get to smart too
the hacker nowadays is getting smart so we need get to smart too
September 21, 2022, 08:44:10 PM
In my opinion, only connect with Dapps as necessary. Always check site your connect Metamask. Make sure to check first, the site address, and the smart contract token first.
Another way, you can try it by using an empty wallet first. Install MetaMask and create another profile in your current browser of choice.
Don't use if site visited a malicious phishing. To avoid getting hacked, never open or connect your wallet to an unknown site. Always disconnect the wallet once you are connected to any Dapp for a long time.
Another way, you can try it by using an empty wallet first. Install MetaMask and create another profile in your current browser of choice.
Don't use if site visited a malicious phishing. To avoid getting hacked, never open or connect your wallet to an unknown site. Always disconnect the wallet once you are connected to any Dapp for a long time.
September 21, 2022, 06:38:35 PM
Yeah, this is possible, maybe the hackers got the session because it hasn't been closed for days. And once they hold of it, then can do whatever they want, like in this case, draining the wallet with all the hard earn money of the victims.
And not just Metamask, everything related to crypto, like exchanges, when you login, you should log out as well because you just don't know, hackers are all over and you might be the next victim.
this is the good thing for some exchanges where you will be automatically logged out if you are inactive for certain period of time, and when you log in, they will always ask for login details and if possible the 2FA. so that's a security check for your account. it goes to show also that even decentralised apps are not free from possible hacking because of other shortcomings. not because of the site but other security aspects.
September 21, 2022, 06:06:17 PM
Often we need to connect wallet third-party sites for various reasons. We should always ignore connecting our wallet to an unknown and unsafe site. That's how your wallet would be drained. One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets. Hackers took this advantage and take control of full wallets. So funds have been drained from all the addresses. Metamask doesn't disclose which Dapps and how happened.
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Yeah, this is possible, maybe the hackers got the session because it hasn't been closed for days. And once they hold of it, then can do whatever they want, like in this case, draining the wallet with all the hard earn money of the victims.
And not just Metamask, everything related to crypto, like exchanges, when you login, you should log out as well because you just don't know, hackers are all over and you might be the next victim.
September 21, 2022, 05:59:12 PM
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.
This is something that a lot of people overlook when starting to accept connections to any Dapps. Once you've given the "approve all" permission, a normal disconnect won't do anything either, those Dapps can still continue to use your wallet as a true owner. There is only one solution in this situation, and that is to revoke all the permissions you previously granted them.
As @OcTradism mentioned above, there is only one way to keep our wallets from being hacked and that is to use a recovery tool: unrekt.
but on the time that they do get hacked or faced up the same situations then this is where they become serious when it comes to security which they should have at least
done it earlier, which they might able to save up their asses back there.Never ever forget on revoking those permissions that you had allowed it earlier.
When it comes to security then its better to be a bit paranoid when it comes to that.
September 21, 2022, 05:53:50 PM
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.
This is something that a lot of people overlook when starting to accept connections to any Dapps. Once you've given the "approve all" permission, a normal disconnect won't do anything either, those Dapps can still continue to use your wallet as a true owner. There is only one solution in this situation, and that is to revoke all the permissions you previously granted them.
As @OcTradism mentioned above, there is only one way to keep our wallets from being hacked and that is to use a recovery tool: unrekt.
September 21, 2022, 04:45:52 PM
Just keeping your wallet connected to a dapp/website won't do this, you'd also have to click to sign or authorise a transaction too.
I thought the same as you. Also, victims thought the same things. But connect a long time is harmful. According to metamask seed would be compromised this way where you don't need to approve from your wallet. The victim is pretty sure the device hasn't been hacked. If a transaction happens from the device then there should be a history on the wallet. But nothing, only history funds on the chain. I once created a thread about this but people didn't take it seriously.
so your seed will be exposed to the hackers or to the 3rd party app where a victim is connected for a long time. seem a huge vulnerability but not patched. amazing how they can authorize a transaction remotely. i think metamask can disconnect if the wallet is inactive for several hours to make sure of its security.
September 21, 2022, 04:23:55 PM
I'm not confident connecting it for too long and that's why I usually disconnect time after time of using a dapp or any third party website that requires of connecting Metamask.
It's like making me think that I am sometimes paranoid and think of those scams and hacks before but it's better to be safe.
I don't know technically the hackers are doing the drain but yeah, much better to be safe rather than suffer and feel bad once it happened to your wallet.
It's like making me think that I am sometimes paranoid and think of those scams and hacks before but it's better to be safe.
I don't know technically the hackers are doing the drain but yeah, much better to be safe rather than suffer and feel bad once it happened to your wallet.
Jump to: