Is there any other way wallet can be compromised?

Coyster

legendary

Activity: 2058

Merit: 1270

Life's but a walking shadow!

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

It's becoming scary day by day to leave huge amount of assets on wallet this days.

On what kind of wallets, offline, online, closed source? etc. You cannot just say it is scary to keep huge assets in wallets these days, wallets that are online and one that you connect to different websites for airdrops have never been safe. From the replies of many in this topic, it should be clear to you now why you lost your funds.

If you don't want to lose more, keep your huge amounts in offline wallets, create an empty wallet if you want to claim airdrops or you can forget about airdrops completely. Being your own bank comes with quite a lot of responsibilities and anyone who isn't ready for it should prolly not be using bitcoin.

Alone055

full member

Activity: 1035

Merit: 200

There are a couple of mistakes that you've made that you should make in the future.

The first mistake is to use a wallet that has funds for airdrops. That is one of the biggest mistakes one can make, newbies tend to do this but you seem to be a bit experienced, so you shouldn't do that. Always make and use new wallets when you are participating in an airdrop, and only use funds that you are using for the airdrop for like bridging or making transactions to become eligible, etc.

Your second mistake is keeping a lot of funds in decentralized wallet that is stored as an extension in your browser. You can't expect for such wallets to never get compromised because you visit a lot of websites when surfing the internet and things can happen. So it's best for you to keep your funds in a non-custodial wallet that isn't stored in a device that you use all the time. It's even better if you can use a hardware wallet for that.

Cookdata

hero member

Activity: 910

Merit: 875

Not Your Keys, Not Your Bitcoin

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

It's becoming scary day by day to leave huge amount of assets on wallet this days. Perhaps this is one of the reason some people still think everything about bitcoin and crypto entirely is a scam as funds lost can not be recovered. I will appreciate detail explanation on this and the solution to avoid future occurrence.

I'm not sure if you are aware there were some email bridge from Coingecko and some exchanges some weeks ago, anyone can have access to that leak emails and other sensitive information and if your email is one of those comprised, they can try those emails with the leak password and if you are the type of person that use simple password or general password, your email content could be exposed through this way.

It could also be that someone close to you have access to your phone or email login and you don't know about it, so do well and check your email activity if there has been an attempted login from other devices or just check the devices your email login into.

About been connected to aidrops, this is not the safest way to use a wallet address. When running airdrops, you should never use your main wallet to participate in any of the airdrops because you might be compel to interact with a smart contract and this contracts are hidden, you don't know what they means or what they are to do, you might end up exposing your entire wallet doing these aidrops, next time use a new wallets with nothing on the address to claim or participate in airdrops.

knowngunman

sr. member

Activity: 658

Merit: 345

Quote from: PrivacyG on June 26, 2024, 06:25:20 AM

It could very well not be the Airdrop being malicious but OP having malware that compromised even the Seed of their Wallet.

This is my concern now honestly. I know it doesn't take a blink of eye to create a new wallet but as it is now, I can't tell whether my device entirely is comprised and creating a new wallet on the device might not be completely safe from future attack. I will just have to abandoned the device and anything that has to do with wallet while I get another device to create a new wallet.

Quote from: Justbillywitt on June 26, 2024, 08:33:03 AM

There is no other explanation need for you to that it was the site you connected your wallet to that wiped out your funds. Your funds were safe before the connection was made, and after the connection your funds vanished, that's to tell you that there are other ways your funds could be moved outside your private key or seed phrase.

Despite that I have no any proof against the airdrop site for stealing my funds, they still remain the top list of my suspect because I check their Twitter handle and many people were complaining of the same thing happening to them when they connect their wallet to the site. Although, someone explain under this thread that it is possible for them to have access to your wallet information as soon as you connect it and even if you disconnect the wallet, this information can be accessed by them. However, I'm still finding it hard to believe the whole scenario how it happened despite that I have moved on.

Justbillywitt

full member

Activity: 224

Merit: 151

There is no other explanation need for you to that it was the site you connected your wallet to that wiped out your funds. Your funds were safe before the connection was made, and after the connection your funds vanished, that's to tell you that there are other ways your funds could be moved outside your private key or seed phrase. We learn everyday and you just discovered another way. The moment you approved the connection that was what exposed your wallet information. Airdrops are highly risky something. Even if the airdrop is legit, scammers will always come up with various malicious links and you won't know the one that got to you if it's the fake or the legit one. It's best you get two mobile devices one specifically for airdrops and the wallet in it if you must do airdrops. While the other device which have your main wallet should never have anything to do with clicking of any links, not to talk of connecting your wallet. Let's play safe, sorry for your loss.

AVE5

member

Activity: 154

Merit: 33

Eloncoin.org - Mars, here we come!

To stay more Concious, I'll advice that disconnected the previous connected wallets may not be enough for your funds safety. So, I'd advice you to delete the wallet entirely and create a new one with new pass generated phrases to stay on a virgin or clean wallet.
Don't forget that not only airdrops projects that scammer can steal your funds, it could also be by malicious clicking of links and signing in to malicious platforms with the interest of earning rewards.
Don't also think anyone can't be reachable to where you hid your key phrases not untill you're more careful after much carelessness of your pasts.
Sorry for your lost.

PrivacyG

hero member

Activity: 826

Merit: 1803

Crypto Swap Exchange

Quote from: SquirrelJulietGarden on June 26, 2024, 12:30:38 AM

Revoke your smart contract approval.

This is I believe only useful if the Service you are using that requested the Signature of a Smart Contract is not malicious already. It is a good thing to revoke Smart Contract Approvals from well Trusted Services such as Pancake Swap to avoid the compromise of funds in case of a malicious handling of the website, but if you approved a Smart Contract on an already malicious website then chances are your Money has been gone from the first seconds on.

Once the Wallet is emptied out, since there is no more Money OP owns, I rather not touch that Wallet ever again. Revoking a Smart Contract Approval means more Money to be thrown at a Wallet that is already compromised. And since it is not the 100 percent accurate explanation and it could be a completely different reason, risking to continue using the same Wallet is not worth it at all. It could very well not be the Airdrop being malicious but OP having malware that compromised even the Seed of their Wallet.

OP, just accept the loss and move on to a different Wallet. But secure it properly this time.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

@knowngunman, simple and free advice for you and everyone else - stop doing things like airdrops, using pirated software, downloading content via torrent and visiting suspicious websites. If, in addition to all that, you have your backup saved safely (offline), then nothing bad will happen to you - unless you brag online that you have cryptocurrencies, and bad guys decide to visit you one day and ask you to give them a "donation".

Start acting like you have your own bank and not a charity giving out money to anyone who asks for it.

Floxynice

newbie

Activity: 26

Merit: 10

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

Firstly, not all airdrop sites are real, some of them are fake websites which the scammers use to trick their victims inorder to have access to their wallets. There are chances that you may have entangled yourself with a fake website, clicked on a malicious link or dealing with a scammer who is impersonating a legit airdrop site. I have seen people who have encountered this kind of issues and I must say the best way to stay safe with anything online is by having an offline wallet or creating a separate wallet for the purpose of that particular thing you want to achieve.

knowngunman

sr. member

Activity: 658

Merit: 345

Quote from: taufik123 on June 25, 2024, 03:37:25 PM

This is what your problem is, and you are not aware of how the Claim airdrop is done.
You don't check whether the claim link is genuine or just a phishing website.

Now it's very long with phishing that will expose your wallet to Drained Bot attacks.
When you connect your wallet with a phishing claim website, it will be catastrophic and make all your assets in the wallet be withdrawn to the scammer's address.

It was actually a big mistake which I admit. What happened is that I have many wallet imported in my metamask and trustwallet which I do switch from one to other whenever I want to use them. I didn't check the metamask to know the last address I used before connecting the wallet to the airdrop site, unfortunately it happen to be the wallet I have some assets which I disconnect immediately I noticed it. The site is actually a genuine site affiliated to the project but I can't tell whether the entire project is a scam. The gas fee required to claim the airdrop was too high despite being on BSC chain and that made me to be suspicious of their genuinty.

Quote from: SquirrelJulietGarden on June 26, 2024, 12:30:38 AM

Storing your wallet seed phrase in email, it's hard to believe because it is one of worst practice. Either in text or image (screenshot), it's bad practice. It's worse if you did not secure your email with strong password and 2FA. Even you did have strong password and 2FA for your email, you can not trust Google.

Thank you for the links you shared. If you read Op very well, that mistake of storing seed phrase in email was prior before I understand about wallet security, it is not something of recent. After reading people experience here and how to keep wallet safe, I desist from doing that. For the second time, lesson is being learned again but I don't think it will happen again for third time. I have read through every replies herein so far and I have taken the key points.

SquirrelJulietGarden

hero member

Activity: 1344

Merit: 742

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

I experienced something today on my EVM wallet and I'm still in shock how the hell it happened. Before now, I have some wallets that were compromised due to my carelessness with their security. I saved some passphrase in my email and saved some on Google drive as image because I took screenshot of the phrases. I learned lesson the hard way when my funds were wiped out from the wallet.

Storing your wallet seed phrase in email, it's hard to believe because it is one of worst practice. Either in text or image (screenshot), it's bad practice. It's worse if you did not secure your email with strong password and 2FA. Even you did have strong password and 2FA for your email, you can not trust Google.

Quote

Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

Revoke your smart contract approval.

How to Revoke Token Approval
Revoke Smart Contract Allowance with unrekt.net
https://etherscan.io/tokenapprovalchecker
https://revoke.cash/
https://app.unrekt.net/

Most important, don't use any wallet with big fund to do tasks, claim airdrops. If bad things come, you will lose big fund. With airdrops, use very small and nearly empty wallets to do tasks and claim airdrop.

Dave1

hero member

Activity: 1344

Merit: 538

Your whole machine has been compromise so stop using it or at least format it clean although there could be malware that is going to be persistent after a clean wipe out of your PC and total reformat.

It could be that it might not be the airdrop or something, but you have click a link that has a malware on it and remain undetected by your AV because malware author are very intelligent to hide it from AV and somewhat it will take months before they can find out this new malware.

So it might cost you money, but it's a better investment, get a fresh laptop or PC and learn from your mistakes and only use the new machine for your crypto related. Everything else should be in that old laptop of yours. Or try to switch OS, Linux flavored will be one good option for the old machine total reformatted and run new OS.

PrivacyG

hero member

Activity: 826

Merit: 1803

Crypto Swap Exchange

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

Is it possible for airdrop sites to access your funds even after disconnecting your wallet?

Yes. Many people are still unaware that disconnecting the Wallet is not enough and this is how they end up losing significant Money. If you had to Sign a Contract and you have no idea what it truly does, you may become a victim very easily. There are malicious Smart Contracts that, once signed, basically have access to the Coins in your Wallet. So even if the Wallet is disconnected, the Smart Contract is still valid and working.

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

Is there any other way wallet can be compromised aside this mistakes?

There are MANY ways it can be compromised. To avoid over 90 percent of the fears and trouble, just have two separate Wallets. One you ONLY use for Transfers, where you have the big stash, and one that you use for smaller actions such as Payments, Trades et cetera.

Stop trusting random websites and blindly signing Smart Contracts. As you can see, they do NOT make you Rich and no body is doing volunteering for you. Most of them are Scams, and the real ones offer a Reward so low it is not worth risking your whole stash for it.

PX-Z

hero member

Activity: 1428

Merit: 836

Top Crypto Casino

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

Yes, depends on the permission too. That's why its recommended to use other wallet for connecting to other stuff like airdrop, dapps, also to browser-based wallet (extension/addon) to connect like in gambling and exchanges.

Also, by the time your funds was lost you should consider your device as compromised as well.

On your last compromised wallet, what kind of wallet you used? Also on the second one?

SatoPrincess

hero member

Activity: 966

Merit: 701

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

It's becoming scary day by day to leave huge amount of assets on wallet this days. Perhaps this is one of the reason some people still think everything about bitcoin and crypto entirely is a scam as funds lost can not be recovered. I will appreciate detail explanation on this and the solution to avoid future occurrence.

People lose their coins because they lack the key to be able to protect their assets. As someone involved in cryptocurrency, you should know to not leave huge amounts on hot wallets. Hot wallets are vulnerable to hacks, if you have more than $1k worth of bitcoins, you should buy a hardware wallet to store your coins. Do your research when choosing a hardware wallet, I recommend using open-source and airgapped wallets.

albon

legendary

Activity: 1680

Merit: 1343

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

It's becoming scary day by day to leave huge amount of assets on wallet this days. Perhaps this is one of the reason some people still think everything about bitcoin and crypto entirely is a scam as funds lost can not be recovered. I will appreciate detail explanation on this and the solution to avoid future occurrence.

Of course, scammers can gain access to your assets even after disconnecting your wallet from the deceptive domain if you have granted them token approvals or malicious smart contract approvals and mistakenly signed transactions. Check out this [article] published by Metamask.

Also, I agree with several members who mentioned the possibility that your computer might be compromised. Therefore, if you have created a new wallet on this infected device, the scammers will know your seed phrases and private keys. I recommend using an alternative device that has antivirus protection. You should install trusted wallets because using malicious browser extensions, unofficial wallet applications, or downloading cracked software, in general, will threaten your wallets' security.

Richbased

full member

Activity: 322

Merit: 176

Quote from: Smartvirus on June 25, 2024, 04:33:42 PM

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

Your problem is that, you’re under some serious phishing attack by the amount of activities you might have been doing on various sites, getting mixed up with these and that airdrop along with the meme coins and the scams that comes with it.

Your window of compromise could be your device. Although, haven’t linked your wallet to one of these airdrops creates another window of complication. My advice would be that, you dish that device for a new one, create a wallet on the new device, use all appropriate safety types and you would be good.

Also, avoid linking wallets your Bitcoin wallet with any other wallet for airdrops, it’s just not worth it.

I also have same thinking of phishing attacks due to numerous sites he would have gotten himself into while trying to claim various airdrops and all that and even if he was to link his wallet address for airdrops it shouldn't have been the wallet where he still have some coins in it. He can restore the device factory settings and enhance all safety precaution measures are taken when using a new wallet.

I have seen many people linking their wallets more especially exchange wallet address to claim airdrops without knowing that storing your coins in an exchange is a very big risk coupled with linking it to other malicious sites to claim airdrops is even more riskier because exchanges doesn't give full security over your assets. He should also consider using an anti phishing codes when doing some transactions so that he can be notified if a transaction is being performed without his knowledge.

Smartvirus

legendary

Activity: 1414

Merit: 1108

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?
Is there any other way wallet can be compromised aside this mistakes?

Your problem is that, you’re under some serious phishing attack by the amount of activities you might have been doing on various sites, getting mixed up with these and that airdrop along with the meme coins and the scams that comes with it.

Your window of compromise could be your device. Although, haven’t linked your wallet to one of these airdrops creates another window of complication. My advice would be that, you dish that device for a new one, create a wallet on the new device, use all appropriate safety types and you would be good.

Also, avoid linking wallets your Bitcoin wallet with any other wallet for airdrops, it’s just not worth it.

taufik123

legendary

Activity: 2562

Merit: 1767

Rollbit.com | Crypto Futures

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

-snip-
I have a rethink to figure out what might be the cause and then I realized that I mistakenly connect the wallet to claim an airdrop last week but I immediately disconnect the wallet without approving any transaction when I noticed that I connected the wrong wallet.
-snip-

This is what your problem is, and you are not aware of how the Claim airdrop is done.
You don't check whether the claim link is genuine or just a phishing website.

Now it's very long with phishing that will expose your wallet to Drained Bot attacks.
When you connect your wallet with a phishing claim website, it will be catastrophic and make all your assets in the wallet be withdrawn to the scammer's address.

Like the incident a few days ago when the Zksync Airdrop was launched, many phishing claim websites appeared on Twitter.
In fact, not only on Twitter, a surprising incident occurred in the Bitget wallet which was once a favorite wallet, but when the Zksync airdrop was launched on the Bitget wallet browser, there was a fake zksync claim automatic link at the very top, and this caused many wallets to be drained.

In the end, I decided to throw away the Bitget wallet and those affected by the drain should also report to the Bitget wallet and of course get the lost funds replaced.

Aanuoluwatofunmi

sr. member

Activity: 532

Merit: 390

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

I saved some passphrase in my email and saved some on Google drive as image because I took screenshot of the phrases. I learned lesson the hard way when my funds were wiped out from the wallet.

This was your first and avoidable mistake made, none of these should be a way that should contain the custody of our wallet security information's, they all involved the access of a third party on them because they are centralized routes which allows for the use of a third party access like the issuing organization involved.

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

I have a rethink to figure out what might be the cause and then I realized that I mistakenly connect the wallet to claim an airdrop last week but I immediately disconnect the wallet without approving any transaction when I noticed that I connected the wrong wallet.

Could this be the cause? Mind you, my assets were intact after the incident until this happened three days ago thou I noticed it today.

My questions:
Is it possible for airdrop sites to access your funds even after disconnecting your wallet?

Its another serious mistake that you have made here as well, you shouldn't make use of your main wallet for bounties, don't connect the wallet to all these airdrop platforms, create a separate wallet for them and also make use of a different devise for them.

Quote from: knowngunman on June 25, 2024, 12:38:59 PM

Is there any other way wallet can be compromised aside this mistakes?

Download links
malicious contents
third party access
your personal vulnerability

Topic: Is there any other way wallet can be compromised? (Read 187 times)