Author

Topic: Is it always safe to connect your (metamask) wallet? (Read 184 times)

full member
Activity: 845
Merit: 100
Be careful, if there is a site that offers free airdrops just by sending a transfer fee and then we are asked to connect a wallet, it's better not to connect it because their assets will be drained and choosing a trusted and reputable site is safer.
full member
Activity: 1344
Merit: 110
SOL.BIOKRIPT.COM
Been here in the crypto space for about 5 years and never had bad experience about me connecting my account to Metamask. I bet it is better that nothing, exposing your private keys, well depends on what bad luck you have if you ever go around clicking stuffs and no shield like Metamask to recognize whether it is a Malware installing sites.
hero member
Activity: 1680
Merit: 845
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
That's how I fell for it once, I don't get how I caught up on such a stupid attempt. I was tricked through Discord, I made a question on a group, and he posed as an admin. Luckily, I quickly realized that something wasn't right and despite having my wallet compromised, I did not lose any funds. Definitely check validity's website before entering anything, and never input any important information on any site, Metamask even reminds you to never share your seed or private key.

This is the standard scam attempt on Discord!
Impersonating the admin or developer and pretending to help the asking user..
It's like a disease on Discords crypto channels!
Unfortunately, I was too naive when it came to Discord, I don't really use it and wasn't unaware of such scams. Undoubtfully, Discord is full of them, even when I joined another group, of the official platform, another user tried to scam me a second time. I was lucky that I realized that something was wrong, and immediately moved all my funds.
newbie
Activity: 37
Merit: 0
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
That's how I fell for it once, I don't get how I caught up on such a stupid attempt. I was tricked through Discord, I made a question on a group, and he posed as an admin. Luckily, I quickly realized that something wasn't right and despite having my wallet compromised, I did not lose any funds. Definitely check validity's website before entering anything, and never input any important information on any site, Metamask even reminds you to never share your seed or private key.

This is the standard scam attempt on Discord!
Impersonating the admin or developer and pretending to help the asking user..
It's like a disease on Discords crypto channels!
hero member
Activity: 1680
Merit: 845
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
That's how I fell for it once, I don't get how I caught up on such a stupid attempt. I was tricked through Discord, I made a question on a group, and he posed as an admin. Luckily, I quickly realized that something wasn't right and despite having my wallet compromised, I did not lose any funds. Definitely check validity's website before entering anything, and never input any important information on any site, Metamask even reminds you to never share your seed or private key.
sr. member
Activity: 2226
Merit: 259
Buzz App - Spin wheel, farm rewards
In fact, I have been using Metamask from the beginning when it was launched and i have never been affected or stolen my coins. But should be careful about pishing site, Mostly caught by those fake/suspicious sites. If you feel unsafe i think you don’t need to connect with your big wallet, You can send some in another wallet then connect it.
legendary
Activity: 2324
Merit: 1604
hmph..
How do you give them approval or permission? How do you know that you have given them permission?

Your approval is done manually and according to your decision (example). This approval will be done when you decide to swap the token you got with another token. Every time you get a new smart contract in your wallet, you are required to do it for approval. that's when the smart contract is created to steal tokens from the wallet, the contract can execute without asking for your permission.
legendary
Activity: 2492
Merit: 1215
When user finishes his work on swap or other site, is it necessary to remove this page from the list metamask is connected to? Or it save to keep this connected sites and let them view accounts address? It is maybe ok if user can keep connection to popular sites like 1inch or pancakeswap. But if user is connected to a page, for example connected his wallet to get airdropped NFT, and forget about it. Can a hacker buy-steal-hack this page and somehow and get an access to a wallet through that?
hero member
Activity: 2156
Merit: 531
so far I feel safe using metamask ,no suspicious activity because I've never been caught in a phishing method that requires logging in using a private key ! Yes, many people are often trapped by thief ,but not to me ! I always check the details of the link and often research personally the validity of the link with the information on google really helps me
sr. member
Activity: 2268
Merit: 275
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?

When should I not connect to a website?
You only need to disconnect from the platform after you are done using it. Don't leave it connected for too long especially if you don't visit it anymore. It's true that you need your confirmation, but that doesn't mean your wallet is safe from theft of coins in the Metamask wallet. As long as you hold the key there is no need to worry. And always pay attention to avoid platforms that ask you to enter the seed phase.
newbie
Activity: 7
Merit: 0
Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.

Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.

I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.

Metamask does not share private keys with any website. If a website asks you to enter a private key, that's what you need to make sure it's secure. Except like the import in trust wallet, which does require you to enter a private key. However, if it's an airdrop, bounty or foreign web service asking for a private key, that's the one you should leave.

Remember, smart contracts can drain the money you have if you just give permission/approval.

How do you give them approval or permission? How do you know that you have given them permission?
legendary
Activity: 2324
Merit: 1604
hmph..
Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.

Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.

I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.

Metamask does not share private keys with any website. If a website asks you to enter a private key, that's what you need to make sure it's secure. Except like the import in trust wallet, which does require you to enter a private key. However, if it's an airdrop, bounty or foreign web service asking for a private key, that's the one you should leave.

Remember, smart contracts can drain the money you have if you just give permission/approval.
newbie
Activity: 7
Merit: 0
--snip--
When should I not connect to a website?

Anything that doesn't have a public contract. The ones where you cannot see the "Read/ Write" contract part on etherscan.

Most scams happen not from the "Sign metamask" transaction with which you connect but from some links on the website itself that can install malware.

With the number of times people just blindly connect for airdrops, its a big flood of scams waiting to happen when someone will attack the whole ethereum community at the same time.

You have a ledger so no problems of exposing the private key so that is definitely a win.

Are you saying that when you connect with your Metamask wallet, Metamask is sharing your private keys with that website? I wish there was a tutorial on how Metamask works and a whitelist of safe dapps you can use.

Recently I connected my metamask wallet to a website for an NFT raffle and I wondered, "I feel like a fool; am I just writing a blank check to this nft website? What is the limit of what they can take out of my wallet? How can I know these things?" The only safety I have is the fact that I have a low balance in that wallet.

I am a newbie and I get overwhelmed by web 3.0; this is too much to learn and too much lack of safety and clarity.
full member
Activity: 2184
Merit: 100
SOL.BIOKRIPT.COM
In recent times many projects ask for the Metamask address so I also give my Metamask address instead of my Hardware wallet address. I am also looking for the answer to the question you asked but I know until and unless I approved the transaction from my wallet it can not be transferred but I am a little afraid to connect my wallet through Metamask. Even I would like to know is there anyone who connected its Trezor wallet through Metamask. Anyone has experience please share and hacking is possible when we click the links from unknown sources so better to avoid clicking random links until and unless you are sure about it.
sr. member
Activity: 980
Merit: 252
Used metamask since 2017 and still have the same wallets since the first time i used it so i think it's safe as long as we are careful about which website that we want to connect.
For me personally i never connect my main wallet which i save big amount of investment on it, when i want to buy a new coin which required to connect a wallet to their websites i always created a new one.
Actually having many wallet address is not that confusing if we are having an sheets taking a notes of every wallet we created and what's the purpose of the wallet.
full member
Activity: 190
Merit: 100
So basically just connect to known popular sites like Uniswap (but don't because it's fee robbery lol). Of course this might not work if the project is new and you're investing in a low-cap token, and any project could have a crooked developer or two.

Useful video, "3 Tips to Improve Your MetaMask Security": https://www.youtube.com/watch?v=2OSCIeHHV5Q
member
Activity: 616
Merit: 10
FRX: Ferocious Alpha
Connect to your Metamask wallet only when you know "for sure" the website is legit.

Make sure there is a Disconnect from your wallet button to log out.

Don't ever download suspicious files from your email box, because they may contain tracking/hacking viruses.

Last but not least, don't ever connect to your Metamask wallet 24 hours, 7 days a week.


copper member
Activity: 2156
Merit: 983
Part of AOBT - English Translator to Indonesia
for your own safety its better to not connect since there is dozen of phising website, i mean Correct Me if i am wrong if only connect they can only ready your data but cannot send coin inside unless you approve their contract.

almost all chain currently attack by scam token when you approved their contract all your money send to scammer address
member
Activity: 420
Merit: 13
$CYBERCASH METAVERSE
Make sure that the website you want to connect your wallet to is listed on coinmarketcap or coingecko

After a transaction is done on any Dex or platform always disconnect your wallet from there

If you are a airdrop lover like many on this forum be expecting phishing links sent to your email address do not connect your wallet to any links in your email address
legendary
Activity: 1526
Merit: 1032
Up to 300% + 200 FS deposit bonuses
The biggest mistake you can make is leaving your wallet connected to a website when you are done with transaction on the platform, always make sure you disconnect after you are through with any transactions, leaving it connected is giving them access to your wallet.
Metamask always asks for the password before you open the website even connected or not. this is for securing from any phishing or scam site. but, with too many websites they use Metamask to connect wallets, So what's wrong with users being more careful. I ever come to the website with I can't find where the unconnected button, I don't know what the purpose, maybe they want to explore your wallet while you sleep.
member
Activity: 285
Merit: 11
$CYBERCASH METAVERSE
Even websites with Https and other security are controlled by humans, my advice is always disconnect your wallet after every successful transactions just in case, humans can't be trusted when it comes to money, they can move your funds and deny they ever did. So always disconnect your wallet
legendary
Activity: 2254
Merit: 1377
Fully Regulated Crypto Casino
When should I not connect to a website?
If you see such website without security or not safe. Actually there are lot of new projects that require connecting metamask so to say to buy off something. Sometime you need to check whether those site connected to a very fishy contract. I once admit Ive fall to a scammer scheme. I've sent my tokens to their dapp approval and noticed in etherscan that there is no contract but the dapp design to put your contributions to a wallet. Of course that's somehow scared you since it's already a wallet and filling up scammers bags.
legendary
Activity: 3038
Merit: 1024
Leading Crypto Sports Betting & Casino Platform
what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?
You know that answer and when you have been approving it and scammer will able to steal your money from your ledger as you have been giving permission for scammer to hijack your wallet. This is possible and there are so many hacked cases with this method that happened with so many people. I thought that when you can try to spend a few minutes and you can find that in another thread in this forum as well.


When should I not connect to a website?

The problem it not about when you should or should not connect but that's about whether you are giving the scammers or hijackers approval to access your wallet and steal your coins. I think that it's clear that if you never connect your wallet and that's fine.
legendary
Activity: 3080
Merit: 1500
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?

When should I not connect to a website?

Metamask is quite safe I would say! No coin will be transferred unless you approve and sign the transaction. It can't be possible for a website to simply transct any amount or any token without your approval and sign. So you can be assured.

I am long time user of Metamask and a frequent user. I must admit that I haven't yet seen any such issues.
member
Activity: 1218
Merit: 49
Binance #Smart World Global Token


I am always careful to what I let my Metamask connect with...most especially that we know hackers and scammers are always ahead in this game. I am one of the victims last year when someone was able to withdraw my BAKE tokens from my TrustWallet all because I did not provide a transaction password in my wallet at that time and it was then connected with many airdrops. Lesson learned: stop doing airdrops where you have to connect with the wallet and always be watchful not toe expose your wallet to possible hacks. These days, there are people who are already professionals on intruding others' wallet so they can take whatever you got inside.
member
Activity: 252
Merit: 12
The biggest mistake you can make is leaving your wallet connected to a website when you are done with transaction on the platform, always make sure you disconnect after you are through with any transactions, leaving it connected is giving them access to your wallet.
hero member
Activity: 2436
Merit: 503
Cryptocasino.com
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.
This is a big mistake that was always doing by anyone. They were connecting their wallet to the many websites that they didn't know about what was the reputation of such website.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?
Yes it is possible to happen as you are approving the scammers to access your wallet. You didn't even know whether there was a backdoor or not on such platform. That's why connecting to our wallet to the unreputable site is a very big mistake.
When should I not connect to a website?
When you're connecting your wallet to the reputable website and you can do that anytime because it has proven its reputation but you should never connect your wallet to the unreliable website.
hero member
Activity: 2954
Merit: 796
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?

When should I not connect to a website?

Audit company is the answer to your question mate or read the open source code of the project to verify the code. There's a lot of danger on DeFi and the only way to minimize it is connect only on website that has a certificate of audit from a reputable company like Certik. For normal user without knowledge about the code, we don't have a choice than just trusting this audit company to do there job properly.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
The step you had where you have a hardware wallet is already the right one. You can never have enough safety and security when it comes to your coins. When connecting apps with your wallet, you won't have to worry about your private key being exported because that won't happen unless you do it.

I think it's pretty typical for a pretty new user to have that kind of fear of losing money with hacks. That's why I said you already made a nice move on getting a hardware wallet. Most of the people I know that were hacked didn't use it and installed different types of malware onto their phones etc.
hero member
Activity: 1680
Merit: 845
I'm not exactly sure whether someone can actually compromise your wallet that way, I also the same question. On the other hand, it's best to be on the safe side and avoid connecting your wallet on any sketchy looking website.

Moreover, never, I repeat, never trust a website claiming that automatic wallet synchronisation/connection failed, and your private key or seed phrase are required to put manually. I almost fell for that once.
hero member
Activity: 952
Merit: 513
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?

When should I not connect to a website?

Whenever you find yourself in a scammy site, you should probably reconsider.

There have been instances where people have gotten their NFTs stolen from them because of the fact that they connected to phishing sites with their metamask wallet. So this is definitely no joke here.

But so long as you don't go out of your way to connect to scammy/phishing sites, you should be okay. Stay as viligant as you would be on Web2.
legendary
Activity: 1932
Merit: 1273
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.
A few things for sure is to carefully choose which dApps you are going to use and also bookmark them.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?
Yes, it's possible and it is already being used by scammers. It's can be called as blind signing, Ledger site has some decent explanation about it (https://www.ledger.com/academy/cryptos-greatest-weakness-blind-signing-explained)

When should I not connect to a website?
Literally, you should have scepticism on everything you interact with any smart contract whether it is known or not. The thing that there is a phishing site and deceitful smart contract really made newcomers have a hard time grasping what it is all about inside their heads. The simple thing you could do is to play it safe by using and interacting with established tokens and dAaps that have been running around sometime. Don't just randomly accept help and follow unknown person guidance. And also be careful not to use the link that a random person gave you(e.g., https://app.uniswap.org/#/swap), you better find the site you really want to interact by yourself, and verify it is authentic and bookmark it.


Also, there is a collection of threads about security in general, I believe you should take a look at it:    
Beginners & Help Encyclopedia: Security
legendary
Activity: 1904
Merit: 1159
--snip--
When should I not connect to a website?

Anything that doesn't have a public contract. The ones where you cannot see the "Read/ Write" contract part on etherscan.

Most scams happen not from the "Sign metamask" transaction with which you connect but from some links on the website itself that can install malware.

With the number of times people just blindly connect for airdrops, its a big flood of scams waiting to happen when someone will attack the whole ethereum community at the same time.

You have a ledger so no problems of exposing the private key so that is definitely a win.
jr. member
Activity: 1876
Merit: 5
From my own experience, I can say that for 3 years now I have always connected my metamask wallet. And I never noticed that my data was being stolen. So I came to the conclusion that it is absolutely safe to connect your wallet to many sites. But only if these sites also do not pose a threat to my wallet. Thus, you can confidently connect your wallet for transactions.
full member
Activity: 190
Merit: 100
There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.

My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?

When should I not connect to a website?
Jump to: