Here is the thing, it came down to the possibility percentage. You are aware of near-zero address collision as you have quoted on OP.
While on the other hand, you stated your friend works on "cyber of bank". Don't know what that means, but I suppose cyber-related security. In the latest post above, your friend mainly talked on the Metamask layer, so I bet he hasn't fully checked his full device. My point is, as I have once said, the possibility of it getting hacked due to device infiltration is way higher than an address collision. We can rule out mnemonic address generation since it is indeed safe if it is done right.
Topic: Mnemonic is no longer safe? (Read 581 times)
The thing we have to understand is that there is no perfect system, after time there will be gaps and gaps will be found and the program will automatically fix it, we should never be surprised when someone saves assets in a wallet using mnemonic and after checking it turns out the asset is lost stolen.
It depends on what system or application you use for keeping assets. A lot of application out there is created by scammer to a traping newbie or user who doesn't know how to keep assets. The trick they use is hiding the trap, the scammer said is save, after that the scammer bringing the new user to keep the mnemonic they did create on paper. So, don't use the new application, let's use the application where many people here use it.
MNEMONIC is somewhat safe
It is really Very much Difficult for individual to Encode the Mnemonic/Private key through Address or Transaction hash
But yes super Computer can encode it probably
I Think your Friends had used Some pirated/mod apk that's in the form of Mallicios It is also very important to store the Mnemonic in the safe place and Remember Storing in pc or Mobile is really a bad idea
That's the worst part of the Decenterlized Ecosystem we just can't report if someone had stolen our fund that's just too much privacy i believe, although i always prefer Decenterlized over Centerlized
CONCLUSION You can Purchase a Hardware wallet to store your Fund or You can create a Multi sign request but Just Remember nothing is safe if you have Internet connection
It is really Very much Difficult for individual to Encode the Mnemonic/Private key through Address or Transaction hash
But yes super Computer can encode it probably
I Think your Friends had used Some pirated/mod apk that's in the form of Mallicios It is also very important to store the Mnemonic in the safe place and Remember Storing in pc or Mobile is really a bad idea
That's the worst part of the Decenterlized Ecosystem we just can't report if someone had stolen our fund that's just too much privacy i believe, although i always prefer Decenterlized over Centerlized
CONCLUSION You can Purchase a Hardware wallet to store your Fund or You can create a Multi sign request but Just Remember nothing is safe if you have Internet connection
I'm confused, mnemonic pharse isn't immune against malware or viruses, why you're linking a hack because of malware or viruses and the security of mnemonic pharse? it's similar like saying why mnemonic pharse can't protect against $5 wrench attack.
Can we as a community take any step to freeze that account?
As a community, we can't since the only one who can freeze that coins are depends on each creator of the coin or if the address is come from centralized exchange, the team of that's centralized exchange can freeze the account.
The thing we have to understand is that there is no perfect system, after time there will be gaps and gaps will be found and the program will automatically fix it, we should never be surprised when someone saves assets in a wallet using mnemonic and after checking it turns out the asset is lost stolen.
The same incident happen with me on 28th October and the recipient address is same. what i can see is all the stolen tokens are still there. Can we as a community take any step to freeze that account?
I have did bit a research then I reach NEX(I found out by ENS Domain and hit em at Twitter)
S/he let me to share the statement.
Here's for big point.
Still unsolved, but let time talking the truth...
S/he let me to share the statement.
Here's for big point.
Code:
*Yeah I legit have no idea. I even had quit.qoots look into it.
Haven't minted anything degen, haven't connected wallet to anything other than blur and valhalla recently.
The hack was also very strange. It happened 5am my time, I was asleep. I woke up at 6.
I had 49 assets in the wallet. They onky floored 7 Metashima. There were more of that asset, and other decent valued ones they didn't touch.
They then drained the eth and weth
*So my metamask is just a plug in browser. I don't logon to a site for it.
And I don't do staking, 100% haven't tried to redeem any NFTs or tokens.
*I'm also at over 100 days of browser history checks, so far nothing.
*I simply login with a password through my metamask wallet on a browser extension
*I have them saved, but written physically and separated.
Haven't minted anything degen, haven't connected wallet to anything other than blur and valhalla recently.
The hack was also very strange. It happened 5am my time, I was asleep. I woke up at 6.
I had 49 assets in the wallet. They onky floored 7 Metashima. There were more of that asset, and other decent valued ones they didn't touch.
They then drained the eth and weth
*So my metamask is just a plug in browser. I don't logon to a site for it.
And I don't do staking, 100% haven't tried to redeem any NFTs or tokens.
*I'm also at over 100 days of browser history checks, so far nothing.
*I simply login with a password through my metamask wallet on a browser extension
*I have them saved, but written physically and separated.
Still unsolved, but let time talking the truth...
Not mean to ignore those your care of feedback.
My friends is work for cyber of bank, so if you are things malware/virus how came he can't detect that?.
1 address/key was hacked, other is still safe.
I will lock the thread, will open once someone want to share.
My friends is work for cyber of bank, so if you are things malware/virus how came he can't detect that?.
1 address/key was hacked, other is still safe.
I will lock the thread, will open once someone want to share.
Your friend doesn't tell you everything. It's technically difficult to hack a wallet because of mnemonic problem.
It's on the user side I guess why that unusual activity happened to your friend.
And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.
I have the same suspicions as well, it is easy to think that you are doing a good job and keeping your computer clean because you do not see anything wrong going on with your system, but if you really begin to try to find malware in your computer you will see that most computers today are infested with malware, and while some of that malware is not that dangerous there are other pieces of malware which are waiting to send out any important information they can collect out of you, and as such I think this is the main reason why the friend of OP lost his coins.It's on the user side I guess why that unusual activity happened to your friend.
And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.
Another reason might be, OP's friend is a victim of phishing.
Likely ended up for let's say airdrop and asking to connect a wallet. But in the process, there's a prompt to enter the passphrase or mnemonics which should not be a step on connecting wallets as that should mostly do with the legit browser extension.
Anyways, OP didn't come back for another information that might help with the case.
Are you guys 100% sure that the device is clean and didn't help getting your friend hacked? Talking about experience, I have been using the same wallet since 2015 and has left 0.01 btc in there just for good measure. It was generated through electrum and I'm still using the same 12-word mnemonic that I have memorized over time, and up until now the balance is there. I generated it with an old, crappy HP laptop that was connected to the internet at that time, and so far I haven't encountered any security issues at all.
Better backtrack and check what other possible reasons may have caused this. Or it could be that someone gained access to his computer without him knowing.
Better backtrack and check what other possible reasons may have caused this. Or it could be that someone gained access to his computer without him knowing.
Just want to share, I can't prove that mnemonic safe or not. I'm not an expert for things like that.
It's safe there are millions of wallets users that rely on Mnemonic to open their wallet, if it's not safe then we have hundreds or even thousands of complaints and users will discard these wallets
Quote
My friend just got hacked, lost about 300-400 USD.
He wonder how it happened, make some probably the device was infiltrated by malware, if yes. All his key is gone(all), so there's no only 1.
Malware and interaction with a project are just two of the reasons but doing nothing is just impossible. He wonder how it happened, make some probably the device was infiltrated by malware, if yes. All his key is gone(all), so there's no only 1.
Quote
He was generated Mnemonic by coin98. Never connected to MetaMask or some things like login to connected, never.
Your friend needs to dig deeper he might interact with one project and not remember it or use an infected PC to open his wallet, I'm not a user of Coin98 but there's hardly a scam accusation on Coin98
Your friend doesn't tell you everything. It's technically difficult to hack a wallet because of mnemonic problem.
It's on the user side I guess why that unusual activity happened to your friend.
And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.
I have the same suspicions as well, it is easy to think that you are doing a good job and keeping your computer clean because you do not see anything wrong going on with your system, but if you really begin to try to find malware in your computer you will see that most computers today are infested with malware, and while some of that malware is not that dangerous there are other pieces of malware which are waiting to send out any important information they can collect out of you, and as such I think this is the main reason why the friend of OP lost his coins. It's on the user side I guess why that unusual activity happened to your friend.
And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.
Most of the account hack problem is because malware. Hacker use different software for PC or Laptop to target especially crack files which need registry. For Mobile hacking they target cloud data. All users who Signup on their mobile using cloud storage 90% has been hacked.
Mnemonic Phrase is secure but it's need to be save in paper and should not be save in Gmail or any online storage area.
Mnemonic Phrase is secure but it's need to be save in paper and should not be save in Gmail or any online storage area.
~
The possibility of your friend getting hacked due to personal security issues is more likely than a standard process of mnemonic code generation and potential collision. So without knowing your friend's digital hygiene, it is hard to seek the actual reason for it getting hacked.
~The possibility of your friend getting hacked due to personal security issues is more likely than a standard process of mnemonic code generation and potential collision. So without knowing your friend's digital hygiene, it is hard to seek the actual reason for it getting hacked.
OP said that malware is the primary suspect for the hack so by there, I think his friends so called "digital hygiene" are not that clean enough and maybe he likes to visit random websites and connect his wallet there. It's also possible that he downloaded the fake version of the wallet since this wallet isn't that popular as the other so the original version may not have that small blue check yet.
OP never stated malware is his primary concern, since if it is he thought that all the seed phrases should be exposed not some particular key. But it is also possible that OP lack of additional information or simply security knowledge regarding what any potential vulnerability flaw that his friend has. His saying about 1 particular key getting hacked may happen due to the condition of that particular address is the one who got the funds.
Your friend doesn't tell you everything. It's technically difficult to hack a wallet because of mnemonic problem.
It's on the user side I guess why that unusual activity happened to your friend.
And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.
It's on the user side I guess why that unusual activity happened to your friend.
And next time, try to use another reputable wallet and not the mentioned one by you as I didn't aware of it.
I'd ask him/her more questions if I were you.
Like where did he save the seed phrase? Was it on the computer? E-mail? Cloud? Or just written on a simple piece of paper which is the safest of all.
How about phishing? Is he honestly telling you everything? How about checking his browsing history?
There are a lot of ways now being done by scammers and hackers to gain access to your accounts.
I never had a problem even in Metamask or other wallet services like Trust Wallet even though it's not recommended to keep your funds there.
Like where did he save the seed phrase? Was it on the computer? E-mail? Cloud? Or just written on a simple piece of paper which is the safest of all.
How about phishing? Is he honestly telling you everything? How about checking his browsing history?
There are a lot of ways now being done by scammers and hackers to gain access to your accounts.
I never had a problem even in Metamask or other wallet services like Trust Wallet even though it's not recommended to keep your funds there.
I assume this problem is user-side and not Mnemonic or insecure private key. Most likely his friend was negligent in the process of using it, like the computer was infected with a virus or connected to strange dapps and did not revoke the connection...there are many reasons for property theft.
I'm also using metamask and trustwallet on my phone, so to say I've been using that wallet for 5 years and never changed to a new address but I haven't had any unfortunate problems. Security is the most important thing when entering the market, everything will be useless if we do not know how to protect our assets from hackers.
I never heard of Coin98 Wallet, and upon checking it out, it seems there is no source code available. Its availability is also only on Chrome.
Mnemonic code generation by a popular and trusted wallet is fine. The seed generation process is secure as it widely can be viewed by those who understand. Until this time, A popular wallet user is safe from any mnemonic code vulnerability that I'm aware of.
The possibility of your friend getting hacked due to personal security issues is more likely than a standard process of mnemonic code generation and potential collision. So without knowing your friend's digital hygiene, it is hard to seek the actual reason for it getting hacked.
Coins98 was once in binance and then later on I just saw they have their own wallet. They are not new though so I think it's kinda trusted. I even created one in my browser extension only for airdrop purposes but I never received my coin on that airdrop that I join but I know it wasn't the fault of coins98. Maybe I am just unlucky.Mnemonic code generation by a popular and trusted wallet is fine. The seed generation process is secure as it widely can be viewed by those who understand. Until this time, A popular wallet user is safe from any mnemonic code vulnerability that I'm aware of.
The possibility of your friend getting hacked due to personal security issues is more likely than a standard process of mnemonic code generation and potential collision. So without knowing your friend's digital hygiene, it is hard to seek the actual reason for it getting hacked.
OP said that malware is the primary suspect for the hack so by there, I think his friends so called "digital hygiene" are not that clean enough and maybe he likes to visit random websites and connect his wallet there. It's also possible that he downloaded the fake version of the wallet since this wallet isn't that popular as the other so the original version may not have that small blue check yet.
I think there was no fault with mnemonic/seed phrase/private key, it’s happened for malware in your friends computer most probably. Somehow his PC was compromised otherwise it will never happened. Mnemonic is of course if you can keep it in the safe place, i don’t keep store any wallet private key in the online.
Jump to: