Topic: Is it always safe to connect your (metamask) wallet? (Read 184 times)
Be careful, if there is a site that offers free airdrops just by sending a transfer fee and then we are asked to connect a wallet, it's better not to connect it because their assets will be drained and choosing a trusted and reputable site is safer.
Been here in the crypto space for about 5 years and never had bad experience about me connecting my account to Metamask. I bet it is better that nothing, exposing your private keys, well depends on what bad luck you have if you ever go around clicking stuffs and no shield like Metamask to recognize whether it is a Malware installing sites.
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
That's how I fell for it once, I don't get how I caught up on such a stupid attempt. I was tricked through Discord, I made a question on a group, and he posed as an admin. Luckily, I quickly realized that something wasn't right and despite having my wallet compromised, I did not lose any funds. Definitely check validity's website before entering anything, and never input any important information on any site, Metamask even reminds you to never share your seed or private key.This is the standard scam attempt on Discord!
Impersonating the admin or developer and pretending to help the asking user..
It's like a disease on Discords crypto channels!
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
That's how I fell for it once, I don't get how I caught up on such a stupid attempt. I was tricked through Discord, I made a question on a group, and he posed as an admin. Luckily, I quickly realized that something wasn't right and despite having my wallet compromised, I did not lose any funds. Definitely check validity's website before entering anything, and never input any important information on any site, Metamask even reminds you to never share your seed or private key.This is the standard scam attempt on Discord!
Impersonating the admin or developer and pretending to help the asking user..
It's like a disease on Discords crypto channels!
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
That's how I fell for it once, I don't get how I caught up on such a stupid attempt. I was tricked through Discord, I made a question on a group, and he posed as an admin. Luckily, I quickly realized that something wasn't right and despite having my wallet compromised, I did not lose any funds. Definitely check validity's website before entering anything, and never input any important information on any site, Metamask even reminds you to never share your seed or private key. 
In fact, I have been using Metamask from the beginning when it was launched and i have never been affected or stolen my coins. But should be careful about pishing site, Mostly caught by those fake/suspicious sites. If you feel unsafe i think you don’t need to connect with your big wallet, You can send some in another wallet then connect it.
How do you give them approval or permission? How do you know that you have given them permission?
Your approval is done manually and according to your decision (example). This approval will be done when you decide to swap the token you got with another token. Every time you get a new smart contract in your wallet, you are required to do it for approval. that's when the smart contract is created to steal tokens from the wallet, the contract can execute without asking for your permission.
When user finishes his work on swap or other site, is it necessary to remove this page from the list metamask is connected to? Or it save to keep this connected sites and let them view accounts address? It is maybe ok if user can keep connection to popular sites like 1inch or pancakeswap. But if user is connected to a page, for example connected his wallet to get airdropped NFT, and forget about it. Can a hacker buy-steal-hack this page and somehow and get an access to a wallet through that?
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.
My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?
When should I not connect to a website?
You only need to disconnect from the platform after you are done using it. Don't leave it connected for too long especially if you don't visit it anymore. It's true that you need your confirmation, but that doesn't mean your wallet is safe from theft of coins in the Metamask wallet. As long as you hold the key there is no need to worry. And always pay attention to avoid platforms that ask you to enter the seed phase. My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?
When should I not connect to a website?
Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.
Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.
I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.
I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
Metamask does not share private keys with any website. If a website asks you to enter a private key, that's what you need to make sure it's secure. Except like the import in trust wallet, which does require you to enter a private key. However, if it's an airdrop, bounty or foreign web service asking for a private key, that's the one you should leave.
Remember, smart contracts can drain the money you have if you just give permission/approval.
How do you give them approval or permission? How do you know that you have given them permission?
Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.
Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.
I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.
I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
Metamask does not share private keys with any website. If a website asks you to enter a private key, that's what you need to make sure it's secure. Except like the import in trust wallet, which does require you to enter a private key. However, if it's an airdrop, bounty or foreign web service asking for a private key, that's the one you should leave.
Remember, smart contracts can drain the money you have if you just give permission/approval.
--snip--
When should I not connect to a website?
When should I not connect to a website?
Anything that doesn't have a public contract. The ones where you cannot see the "Read/ Write" contract part on etherscan.
Most scams happen not from the "Sign metamask" transaction with which you connect but from some links on the website itself that can install malware.
With the number of times people just blindly connect for airdrops, its a big flood of scams waiting to happen when someone will attack the whole ethereum community at the same time.
You have a ledger so no problems of exposing the private key so that is definitely a win.
Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.
Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.
I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
In recent times many projects ask for the Metamask address so I also give my Metamask address instead of my Hardware wallet address. I am also looking for the answer to the question you asked but I know until and unless I approved the transaction from my wallet it can not be transferred but I am a little afraid to connect my wallet through Metamask. Even I would like to know is there anyone who connected its Trezor wallet through Metamask. Anyone has experience please share and hacking is possible when we click the links from unknown sources so better to avoid clicking random links until and unless you are sure about it.
Used metamask since 2017 and still have the same wallets since the first time i used it so i think it's safe as long as we are careful about which website that we want to connect.
For me personally i never connect my main wallet which i save big amount of investment on it, when i want to buy a new coin which required to connect a wallet to their websites i always created a new one.
Actually having many wallet address is not that confusing if we are having an sheets taking a notes of every wallet we created and what's the purpose of the wallet.
For me personally i never connect my main wallet which i save big amount of investment on it, when i want to buy a new coin which required to connect a wallet to their websites i always created a new one.
Actually having many wallet address is not that confusing if we are having an sheets taking a notes of every wallet we created and what's the purpose of the wallet.
So basically just connect to known popular sites like Uniswap (but don't because it's fee robbery lol). Of course this might not work if the project is new and you're investing in a low-cap token, and any project could have a crooked developer or two.
Useful video, "3 Tips to Improve Your MetaMask Security": https://www.youtube.com/watch?v=2OSCIeHHV5Q
Useful video, "3 Tips to Improve Your MetaMask Security": https://www.youtube.com/watch?v=2OSCIeHHV5Q
Connect to your Metamask wallet only when you know "for sure" the website is legit.
Make sure there is a Disconnect from your wallet button to log out.
Don't ever download suspicious files from your email box, because they may contain tracking/hacking viruses.
Last but not least, don't ever connect to your Metamask wallet 24 hours, 7 days a week.
Make sure there is a Disconnect from your wallet button to log out.
Don't ever download suspicious files from your email box, because they may contain tracking/hacking viruses.
Last but not least, don't ever connect to your Metamask wallet 24 hours, 7 days a week.
for your own safety its better to not connect since there is dozen of phising website, i mean Correct Me if i am wrong if only connect they can only ready your data but cannot send coin inside unless you approve their contract.
almost all chain currently attack by scam token when you approved their contract all your money send to scammer address
almost all chain currently attack by scam token when you approved their contract all your money send to scammer address
Make sure that the website you want to connect your wallet to is listed on coinmarketcap or coingecko
After a transaction is done on any Dex or platform always disconnect your wallet from there
If you are a airdrop lover like many on this forum be expecting phishing links sent to your email address do not connect your wallet to any links in your email address
After a transaction is done on any Dex or platform always disconnect your wallet from there
If you are a airdrop lover like many on this forum be expecting phishing links sent to your email address do not connect your wallet to any links in your email address
The biggest mistake you can make is leaving your wallet connected to a website when you are done with transaction on the platform, always make sure you disconnect after you are through with any transactions, leaving it connected is giving them access to your wallet.
Metamask always asks for the password before you open the website even connected or not. this is for securing from any phishing or scam site. but, with too many websites they use Metamask to connect wallets, So what's wrong with users being more careful. I ever come to the website with I can't find where the unconnected button, I don't know what the purpose, maybe they want to explore your wallet while you sleep. Jump to: