Author

Topic: Don't keep connected your wallet to a Dapps for a long time. (Read 371 times)

newbie
Activity: 2
Merit: 0
Be careful out there with your wallets. I wish i knew this earlier, i left my wallet connected to this fake website and my balance was gone before i knew it. I reached out to their customer support but got no response so i spoke to a tech friend about it, he recommended team of hackers (the vaultech team) who facilitated the recovery of my ETH. Do not click any link sent to you, do not connect your wallet to websites that are not legit. There are too much strategic scams out there. If you have lost your crypto in any way, report your case to  vaultechservices @ protonmail . com for a possible  recovery before its too late.
sr. member
Activity: 1722
Merit: 261
Vave.com - Crypto Casino
usually before we connect we need to read how the dapps work usually just look at the wallet address and some that I think are safe, maybe if we connect and are asked to enter the private key it may be a different story, it is also impossible for the connected metamask to show the private key because every process connected and transactions require manual signatures so it is very difficult for thieves to see our private keys, make sure we really access the site correctly and when doing a signature need to read what needs to be approved before signing, so if this is the case the thief can see the key Personally, of course, many wallets have lost their coins
sr. member
Activity: 546
Merit: 261
Moonbet.io
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Disconnect only is not enough for your wallet safety because third party platform have been connected in your wallet need to revoke to cut with all connecting before, usually I don't use main wallet connecting with new airdrop project or some spent all my fund to main wallet don't use for connecting with 3rd party platform. Last time I connected with new 3rd party site and have domain xyz seem not trusted, but give worth reward trough old wallet used active on trade several dapp exchange, after claiming reward revoke with this connecting and later disconnect in metamask setting site.
legendary
Activity: 1932
Merit: 1273
in my personal experience in terms of connecting wallets with various sites or Dapps have never experienced any hacking until now. and I have never disconnected from any Dapp I once connected. so in your friend's case I don't think it's because of the wallet's relationship with one of the Dapps but it's purely your friend's fault. because hackers set traps wherever they think they can take someone else's wallet.

There is no technical conclusive proof about the stories, whether it is caused by the user's negligence or simply because of a hack. But wallet condition affects how an attacker could access your funds, in this case, a hack that might be caused by token approval is still possible. As I have said before in this thread, there is a difference about disconnecting the wallet.

In fact, it is the reason why there exists a platform that checks users' smart contract allowances/token approval, it could be used for mitigation or as a self assessment of user risk.
full member
Activity: 798
Merit: 100
Reward: 10M Shen (Approx. 5000 BNB) Bounty
Often we need to connect wallet third-party sites for various reasons. We should always ignore connecting our wallet to an unknown and unsafe site. That's how your wallet would be drained. One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets. Hackers took this advantage and take control of full wallets. So funds have been drained from all the addresses. Metamask doesn't disclose which Dapps and how happened.

I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.

in my personal experience in terms of connecting wallets with various sites or Dapps have never experienced any hacking until now. and I have never disconnected from any Dapp I once connected. so in your friend's case I don't think it's because of the wallet's relationship with one of the Dapps but it's purely your friend's fault. because hackers set traps wherever they think they can take someone else's wallet.
hero member
Activity: 2520
Merit: 711

I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.

This is valuable information for newcomers. Also note that you should never forget to check all the details before authorizing any transaction in your Metamask. Also note that an incoming transaction to your Metamask address does not require any action. After using Metamask, I always disable connected Dapps under "Connected Sites".
legendary
Activity: 3010
Merit: 1280
Get $2100 deposit bonuses & 60 FS
It does make sense, allowing these Dapps to access our wallet and enable them to do transfers can possibly be exploited by hackers.  Maybe your friend @OP has his wallet connected to a Dapps that has some nefarious-minded developer or somewhere in between the connections, a hacker gain access through authorizing their connections.

This is a good reminder to us that we shouldn't leave our connection open to any Dapps out there and have the practice of locking the wallet after usage.
hero member
Activity: 2562
Merit: 577
That is so true, most of these dapps will connect our wallet to are not secured enough to protect our wallet, so am in agreement with always disconnect our wallet from any dapp site immediately we are done with transaction.

And also it is important to have separate wallet for airdrop and giveaways because most of them are the reason users get hacked, if anyone must participate in this airdrops, it is better to use a different wallet from amin wallet that don't hold much funds. Better to be safe than be sorry.
legendary
Activity: 3654
Merit: 1165
www.Crypto.Games: Multiple coins, multiple games
I had this trouble before, there was a period where I was too much interested in defi projects and I was part of too many of them, lesson learned of course and I did not after a while but lost a good chunk there.

During that time I was interested in so many of them and connected so many of them (even ones I didn't invested into) that after a while I got a warning that someone tried funny stff with my address, eventually I used unrekt to make sure that I do not have any connection to any defi or actually anything that I wasn't using constantly. After I removed them, the warnings stopped and to be fair I do not have any money left on my metamask neither.
copper member
Activity: 2800
Merit: 1179
Leading Crypto Sports Betting & Casino Platform
I don't see the dapps wallet connection as a threat to wallets. I have connected my wallet to dapps wallet on several occasions, and am yet to see or hear such a thing happen. Although sh*t does happen in crypto when we less expect it.
 
In other words, for you to be on the safe side, create a new wallet or use a preferable wallet that doesn't have any funds inside to connect to the dapps wallet.

The dapps itself is the one being dangerous and not the length of connection because your will be safe even if you connect for a long time if the dapps itself is trusted and doesn’t experience any security breached.

Hacker can only exploit all connected wallet if they have access on the dapps itself which is the same scenario on what happened before on DeFi hacks but in general connecting on trusted dapps will not gonna harm your balance inside your wallet. You are lucky that you didn’t have any experience connecting your wallet on shady website.
legendary
Activity: 3318
Merit: 1133
Leading Crypto Sports Betting & Casino Platform
I am not sure if it's Chrome or Metamask who have the feature of logging it out automatically once the browser is closed or if you are not making any transactions for hours.
Honestly, I was a bit irritated by logging in every time I open my computer but it was a good security measure made by them.
I haven't tried logging in yet with a Dapp.
Was the experience of your friend from a stand-alone application that is being installed on the computer?
sr. member
Activity: 924
Merit: 365
I don't see the dapps wallet connection as a threat to wallets. I have connected my wallet to dapps wallet on several occasions, and am yet to see or hear such a thing happen. Although sh*t does happen in crypto when we less expect it.
 
In other words, for you to be on the safe side, create a new wallet or use a preferable wallet that doesn't have any funds inside to connect to the dapps wallet.
copper member
Activity: 2156
Merit: 983
Part of AOBT - English Translator to Indonesia
there is app to revoke connected sites app.unrekt.net

the hacker nowadays is getting smart so we need get to smart too
member
Activity: 392
Merit: 13
Sugars.zone | DatingFi - Earn for Posting
In my opinion, only connect with Dapps as necessary. Always check site your connect Metamask. Make sure to check first, the site address, and the smart contract token first.

Another way, you can try it by using an empty wallet first. Install MetaMask and create another profile in your current browser of choice.

Don't use if site visited a malicious phishing. To avoid getting hacked, never open or connect your wallet to an unknown site. Always disconnect the wallet once you are connected to any Dapp for a long time.
legendary
Activity: 3122
Merit: 1102
Leading Crypto Sports Betting & Casino Platform

Yeah, this is possible, maybe the hackers got the session because it hasn't been closed for days. And once they hold of it, then can do whatever they want, like in this case, draining the wallet with all the hard earn money of the victims.

And not just Metamask, everything related to crypto, like exchanges, when you login, you should log out as well because you just don't know, hackers are all over and you might be the next victim.

this is the good thing for some exchanges where you will be automatically logged out if you are inactive for certain period of time, and when you log in, they will always ask for login details and if possible the 2FA. so that's a security check for your account. it goes to show also that even decentralised apps are not free from possible hacking because of other shortcomings. not because of the site but other security aspects.
hero member
Activity: 1344
Merit: 540
Often we need to connect wallet third-party sites for various reasons. We should always ignore connecting our wallet to an unknown and unsafe site. That's how your wallet would be drained. One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets. Hackers took this advantage and take control of full wallets. So funds have been drained from all the addresses. Metamask doesn't disclose which Dapps and how happened.

I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.

Yeah, this is possible, maybe the hackers got the session because it hasn't been closed for days. And once they hold of it, then can do whatever they want, like in this case, draining the wallet with all the hard earn money of the victims.

And not just Metamask, everything related to crypto, like exchanges, when you login, you should log out as well because you just don't know, hackers are all over and you might be the next victim.
hero member
Activity: 2730
Merit: 632
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.

This is something that a lot of people overlook when starting to accept connections to any Dapps. Once you've given the "approve all" permission, a normal disconnect won't do anything either, those Dapps can still continue to use your wallet as a true owner. There is only one solution in this situation, and that is to revoke all the permissions you previously granted them.
As @OcTradism mentioned above, there is only one way to keep our wallets from being hacked and that is to use a recovery tool: unrekt.
People would just simply ignore or dont mind about it if they do still see their assets are still intact into their wallet which they would really be having that kind of confidence
but on the time that they do get hacked or faced up the same situations then this is where they become serious when it comes to security which they should have at least
done it earlier, which they might able to save up their asses back there.Never ever forget on revoking those permissions that you had allowed it earlier.
When it comes to security then its better to be a bit paranoid when it comes to that.
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.

This is something that a lot of people overlook when starting to accept connections to any Dapps. Once you've given the "approve all" permission, a normal disconnect won't do anything either, those Dapps can still continue to use your wallet as a true owner. There is only one solution in this situation, and that is to revoke all the permissions you previously granted them.
As @OcTradism mentioned above, there is only one way to keep our wallets from being hacked and that is to use a recovery tool: unrekt.
legendary
Activity: 3178
Merit: 1054

Just keeping your wallet connected to a dapp/website won't do this, you'd also have to click to sign or authorise a transaction too.
I thought the same as you. Also, victims thought the same things. But connect a long time is harmful. According to metamask seed would be compromised this way where you don't need to approve from your wallet. The victim is pretty sure the device hasn't been hacked. If a transaction happens from the device then there should be a history on the wallet. But nothing, only history funds on the chain.
As pointed out that the dApp or website will need the wallet owner to authorize a transaction before can it be executed? I think people are missing the point here that there's a vulnerability found in some certain old version MetaMask through which they can steal a wallet passphrase and the person that still make use of the Metamask version will believe its because he contacted his wallet to a dApp or website.
 I once created a thread about this but people didn't take it seriously.

so your seed will be exposed to the hackers or to the 3rd party app where a victim is connected for a long time. seem a huge vulnerability but not patched. amazing how they can authorize a transaction remotely. i think metamask can disconnect if the wallet is inactive for several hours to make sure of its security.
hero member
Activity: 3038
Merit: 634
I'm not confident connecting it for too long and that's why I usually disconnect time after time of using a dapp or any third party website that requires of connecting Metamask.

It's like making me think that I am sometimes paranoid and think of those scams and hacks before but it's better to be safe.

I don't know technically the hackers are doing the drain but yeah, much better to be safe rather than suffer and feel bad once it happened to your wallet.
member
Activity: 1165
Merit: 78
Just keeping your wallet connected to a dapp/website won't do this, you'd also have to click to sign or authorise a transaction too.
I thought the same as you. Also, victims thought the same things. But connect a long time is harmful. According to metamask seed would be compromised this way where you don't need to approve from your wallet. The victim is pretty sure the device hasn't been hacked. If a transaction happens from the device then there should be a history on the wallet. But nothing, only history funds on the chain.
As pointed out that the dApp or website will need the wallet owner to authorize a transaction before can it be executed? I think people are missing the point here that there's a vulnerability found in some certain old version MetaMask through which they can steal a wallet passphrase and the person that still make use of the Metamask version will believe its because he contacted his wallet to a dApp or website.
 I once created a thread about this but people didn't take it seriously.


legendary
Activity: 1946
Merit: 1157
MAaaN...!! CUT THAT STUPID SHIT
Some of my friends also experienced this kind of thing which would certainly harm them and the tokens in their wallets were drained out. some valuable tokens become the main target.
this happens because of connecting the wallet with lots of Dapps and then leaving it alone. Airdrops also use Dapps and the main suspect who stole my friend's assets was from several airdrops that were followed on condition that they connect with their Dapps and make several claims of aiddrop tokens, it's just a trap so that the wallet is connected and has full access.

To overcome this, it is better to check your wallet with the website https://app.unrekt.net/ ,
and there you will see all the wallet connections that have been made and can revoke.

Support for Network ETH-BSC-AVAX-FTM-MATIC-HECO-CRONOS-MOONBEAM-ASTAR-DOGECHAIN
legendary
Activity: 1064
Merit: 1228
Playgram - The Telegram Casino
One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets.
I'm sorry to hear that, but it really was user error. Your friend may not know how to keep his funds safe or maybe he trusts the platform too much for his funds. We have heard a lot of suggestions that any platform is not a safe place to store funds, connect wallet at one platform without disconnecting after completing trade is a fatal mistake.

I don't blame hackers in this because someone forgot about the responsibility for his funds especially about the security of his funds and wallet. Of course this will be a good lesson not to repeat the same mistakes in the future. But by the way, have you warned him?

I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Crime can be committed when the opportunity arises, so we should be responsibility to close all loopholes from scammers.
sr. member
Activity: 952
Merit: 275
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Thank you for providing this information. OP, I have a wallet that has been connected to my trust wallet Dapp for more than five months now, and I never considered disconnecting the wallet, but after reading this post, I will do so immediately, and I will reconnect the wallet whenever I need it.
What about the wallet created on Metamask, which is directly linked to their Dapps?
Is there a need for disconnect as well?
That's very bad of you, imagine a bad actor been part of the team of that platform you left your account connected to, they would have stole your funds mate, as a trust wallet user always disconnect your wallet after few transactions has been done.
hero member
Activity: 994
Merit: 744
I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Thank you for providing this information. OP, I have a wallet that has been connected to my trust wallet Dapp for more than five months now, and I never considered disconnecting the wallet, but after reading this post, I will do so immediately, and I will reconnect the wallet whenever I need it.
What about the wallet created on Metamask, which is directly linked to their Dapps?
Is there a need for disconnect as well?
hero member
Activity: 2282
Merit: 659
Looking for gigs
Often we need to connect wallet third-party sites for various reasons. We should always ignore connecting our wallet to an unknown and unsafe site. That's how your wallet would be drained. One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets. Hackers took this advantage and take control of full wallets. So funds have been drained from all the addresses. Metamask doesn't disclose which Dapps and how happened.

I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.

Not just that I disconnect my wallets after connecting to Dapps, but I also revoking permissions as well. This would ensure everything that my wallet is safe. No matter if I am using desktop or mobile, it is important in doing these steps so that my wallet will not be compromised.

But still, it will remain vulnerable once we don’t have any antivirus installed in our respective devices once we are not careful in clicking or downloading anything like what happened to me months ago about getting my wallets drained worth $12k+ in total.
hero member
Activity: 2520
Merit: 952
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.
...The most likely seed would be compromised after a certain period when wallet keeps connect for a long time...

That seems unlikely just because you connected wallet. Will change my opinion whenever a drain occurs just because of it.
hero member
Activity: 714
Merit: 521
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.

I think once it comes to matters related to hacking then we can't predict the extent to which these people canngo just to succeed in their attempts, remember one has to make some downloads and there's jo guarantee that through that they can't infiltrate into ones system, just by ordinary click on a picture can mean alot in giving an access unknowingly to a malicious Attack, some messages can pop up on dapp and any click on such can mean aloy as well, hackers can't be predicted
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.
Often we don't read what is the permission actually and we approved it. Keep in mind hackers are too advanced than us and know all the loopholes. So there must something that they can reveal your seed and how they move funds from all the addresses. The most likely seed would be compromised after a certain period when wallet keeps connect for a long time.
hero member
Activity: 2520
Merit: 952
Afaik, connecting wallet doesn't give anyone access to your wallet, any transaction would have to go through you only, unless dapp was given 'approve all' permission.
legendary
Activity: 2254
Merit: 1377
Fully Regulated Crypto Casino
Just keeping your wallet connected to a dapp/website won't do this, you'd also have to click to sign or authorise a transaction too.
I also believed on this. Unless the dapp have a trick front end statement "connect your wallet to our app" ( but actually that transaction is accepting the transaction confirmation already. Well the users must have gone two to three connection to the dapp without him noticed and thats the reason maybe of the hacked.

The victim is pretty sure the device hasn't been hacked. If a transaction happens from the device then there should be a history on the wallet. But nothing, only history funds on the chain.
Probably a highly tricked system. Some tech have capacity to hide some meta transaction data, in a transaction. So highly possible that the hacker is an expert and must have done a thorough process in order to execute the crime.
hero member
Activity: 1722
Merit: 801
Disconnect to dApp when you done your work and revoke smart contract access when you finish a transaction you want.

I use this site when I need to revoke Smart contract allowance https://app.unrekt.net/

Sometimes, hackers also change filters in your email and you will not aware notification emails about suspicious activities with your email and related accounts.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I thought the same as you. Also, victims thought the same things. But connect a long time is harmful. According to metamask seed would be compromised this way where you don't need to approve from your wallet. The victim is pretty sure the device hasn't been hacked. If a transaction happens from the device then there should be a history on the wallet. But nothing, only history funds on the chain.

If this was the case there'd be more scams of this nature. I now think the person has put their seed in on a different website or installed a fake version of metamask - this shouldn't happen without them signing a transaction. It's possible malicious code was put in by the website and signed by the user without them knowing too but I doubt metamask gives away the seed as that'd have been discovered a long time ago.

Also a transaction history not being available on metamask but on the blockchain is more evidence that the wallet is malware because what reason would metamask have to not show you that transaction?
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
I agree with jackg. Connecting metamask to a dApp shouldn't pose any risk. Metamask isn't supposed to share your wallet seed or private keys with the website it's connected to and you need to manually sign the transaction by clicking the sign button so it gets broadcast.

If the dApp can access your seed (although I doubt it) then this is a critical vulnerability and metamask team should've patched it since they are aware of its existence!
hero member
Activity: 2338
Merit: 757
When we leave our hot wallets constantly connected to apps, it poses a greater risk than keeping our savings on centralized platforms. Unfortunately, beginners do not realize how much risk they are taking just because they have not been exposed to any accident. Most of them do not follow the news of the cases of sepsis that occur almost daily.
The most that I can recommend is to keep your money in a cold wallet and use the hot wallet to perform short operations only and then transfer it back to your cold wallet if you do not want to disconnect the wallet from the applications you use .
legendary
Activity: 1932
Merit: 1273
There is a distinction between disconnecting a wallet and removing the token approval. Disconnecting it from some platform hardly does thing for security, but the latter is suggested. The essence is connecting the wallet into a platform won't make it viable to hack, but if you were interacting with a shady/unknown smart contract, it likely increases the risk, even if the issue didn't raise in the meantime.

Metamask blog covers those things nicely: Disconnect wallet from a dapp and What is a token approval?
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Just keeping your wallet connected to a dapp/website won't do this, you'd also have to click to sign or authorise a transaction too.
I thought the same as you. Also, victims thought the same things. But connect a long time is harmful. According to metamask seed would be compromised this way where you don't need to approve from your wallet. The victim is pretty sure the device hasn't been hacked. If a transaction happens from the device then there should be a history on the wallet. But nothing, only history funds on the chain.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Just keeping your wallet connected to a dapp/website won't do this, you'd also have to click to sign or authorise a transaction too.

I think this is the bit that could become the more problematic part as it's possible to sign transactions that look weird when doing things like buying an nft (a lot of gaming marketplaces ask you to sign a transaction that confirms spending up to a certain amount rather than an exact amount and I think this is the bit that might be able to catch people out if they're using a scammy platform - especially if it's not broadcast straight away or the smart contract can come with a delay for funds being taken).
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
I've recently read news about how third party sites and Dapps pose a security threat to wallet owners.

Ideally we should never give 3rd party platforms access to our financial or personal details (KYC). But if you must, it should be for a short period of time, and only limited to certain platforms.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Often we need to connect wallet third-party sites for various reasons. We should always ignore connecting our wallet to an unknown and unsafe site. That's how your wallet would be drained. One of my known person's wallets has been hacked a few days back. Then he contacts Metamask about how it has happened. They said the metamask was connected to a couple of sites for a long time and users didn't disconnect wallets. Hackers took this advantage and take control of full wallets. So funds have been drained from all the addresses. Metamask doesn't disclose which Dapps and how happened.

I learned from him that we shouldn't keep connected any Dapps for a long time. It would drain wallet funds after a certain period. Always disconnect your wallet even if you connect for any reason. Don't just leave it as it is. Hackers have powerful tools to trace you and drain your wallet. Don't give that chance.
Jump to: