Pages:
Author

Topic: Possible Compromise Laptop With Seed in Password Manager? - page 2. (Read 280 times)

full member
Activity: 1624
Merit: 163
I posted this in the bitcoin subforum but I think it probably should be posted in altcoin subforum.  But I say its probably better to post it in few places so others could give opinion.



I have coins stored in a software wallet on my laptop.  The thing is I do have the seed stored in my password manager.  Yes I know people tell me you should never do this in case your computer gets compromised.



My concern now is I clicked on a redirect link when using my laptop earlier.  The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site.  I then just closed it but then noticed this was a phishing site.  I didn't enter anything on that site.



My concern is i read this malware I have could be some browser hijack and keylogger etc.  So that means if i log into my password manager on my compromised laptop, they could track everything I typed?  What if your password manager was open at the time?  I do also have my seed written on paper as well.  My concern is if i log into my password manager now on my computer, that means the hacker could literally see all my passwords and everything i wrote on it?  I know about the phishing links hackers post where you download a fake wallet and enter the seed.  But if you don't enter your seed, I read its safe.   But could clicking on a link to a website without downloading anything also do this?  I did not see any program download.  But I'm pretty sure it was a dangerous site.



The thing that I considered was to not log into my password manager.  But then use another device and enter my seed into it to access the wallet.  Then assuming my coins are still there, create a new wallet and send all of them there and get a new seed.  Is that recommended?



I don't want to wipe my laptop as I have so many things on it for years etc.  I also didn't do a backup of it as well.  The thing is I do have a copy of my password manager on a usb drive.  But is there any virus program I could use or buy where it would find any type of malware, keylogger or browser hijack etc on it?  So that way I could continue to use my laptop without wiping it clean?



I have heard of that browser hijack where when people send coins, their browser would copy/paste another address etc.  But in this situation, what would you do?  I guess this is the same like if your computer is compromised and you use software wallets and sites since anything you type into binance or coinbase etc... well that person could record your keystrokes?

You are most likely safe. As long as you didn't enter any crucial information or downloaded any files on the computer, the website you entered won't do any harm to your computer except knowing some basic information such as IP address, etc.

You could use a USB enclosure for your SSD or HDD then connect that to other computer clean to check if your storage is compromised.
legendary
Activity: 3654
Merit: 1165
www.Crypto.Games: Multiple coins, multiple games
You have to be really careful in a situation like this and avoid entering anything on that computer as of yet. If it is possible like you have said, I believe that you would have access to another device or smartphone, you can use it to access that wallet and make sure that your wallet is safe and everything in it is safe. Had a friend who had this kind of problem and was hacked of $4000 worth of bitcoin in his wallet.

So, make sure to secure your funds and avoid any problems at all. After that you can then go ahead and look for trusted Anti-virus software that you can install and use it to take off the malware that has been installed on your system. You can make use of Avast? And you have to be very careful with the links you click on these days, don't just download from any link except you're very sure about it.
hero member
Activity: 2688
Merit: 540
DGbet.fun - Crypto Sportsbook
I don't think visiting a fake site not gonna make your device compromised/

Unless you accidentally download some file or fake apps from the phishing site the worst-case scenario you are running the program. I read in the internet, for virus or malware can't be running until you are running or open the program.

So even you are on fake phishing and download some virus or malware as long you are not running or open the program still be fine just delete the program.

-snip-
You access the wallet and stored the address.

How you are not storing your own public address, that's important so you are not always open a wallet to just check your fund. Just search your address on explorer, after that bookmark the link explorer of your address.
Assuming on the same thing which is about malware which is the main culprit as always when it comes to hacks of funds on a pc.They wont
really be operational until it wasnt really been executed and we know that malwares could disguised like a folder or file which turns out not
to be suspicious on first look and if you are really that not keen on various things then you would likely to click it out but
if you are somewhat that paranoid person in terms of security then you would definitely have those doubts on clicking it at t he first place.
legendary
Activity: 2660
Merit: 1261
I don't think visiting a fake site not gonna make your device compromised/

Unless you accidentally download some file or fake apps from the phishing site the worst-case scenario you are running the program. I read in the internet, for virus or malware can't be running until you are running or open the program.

So even you are on fake phishing and download some virus or malware as long you are not running or open the program still be fine just delete the program.

-snip-
You access the wallet and stored the address.

How you are not storing your own public address, that's important so you are not always open a wallet to just check your fund. Just search your address on explorer, after that bookmark the link explorer of your address.
full member
Activity: 1750
Merit: 186
How do i check my coins using block explorer?  Don't I need the address of the address of it though?  If so, its on my password manager that I would need to log in to.


I do have a hardware wallet.  The thing is I did not connect these coins to the hardware wallet though.


But is there a way to see if the website i went to has malware/keylogger etc?  Such that if i post the link, it would show it? 
legendary
Activity: 1526
Merit: 1359
Your question is filled with too many "what ifs". Let me offer you a few suggestions.

- Assuming you still have access to your coins, I suggest creating a new wallet (with a new seed phrase) and moving all coins to new wallet. That would be the safest solution. Be sure to double-check the recipient's address before broadcasting the transaction.
- Although I highly doubt that the compromised website had access to your password manager, I suggest that you change your master password with a new (clean) device to be extra safe.
- If you suspect your computer is infected with malware, the only safe and secure solution is a clean installation of the OS with the latest updates and antivirus protection. Only then can you restore your data from backup.

Just my two cents.
legendary
Activity: 2688
Merit: 3983
Do the following ---> check your coins using block explorer ---> if it exists then you are safe.

 - Write the seed down in a safe place ---> create a new wallet in a secure computer/phone.
 - Buy a hardware wallet, a new computer, or a phone that has not connected to the Internet and you do not want it to be connected to the Internet.
 - Create a new wallet and transfer coins to that wallet.
 - Do not use this device, leave it in a safe place, do not connect to the Internet from it.

So you don't need to delete anything.
full member
Activity: 1050
Merit: 104
The internet network is the result of human work. The computer and device are also human creations. Then the wallet in the computer is also human creation, it is not impossible if all that can be hacked by humans.
As a user of the device, we must be aware of the account we saved on the device.
legendary
Activity: 1932
Merit: 1273
I don't think just visiting to the dangerous site will immediately make your device get compromised. But just to be safe, and if you have concern that your seed phrase may have been compromised in the first place, moving your seed phrase to another device wouldn't make it safe. As above suggested, you better open your wallet on a live CD os, like Tails for example, but after that, it would make sense that if you move your cryptocurrencies into a brand new seed phrase of a wallet.
hero member
Activity: 1974
Merit: 856
I do not know if I have my coins right now because I don't want to type or copy/paste it into my software wallet because of this reason.

So you suggest using another device, making sure that computer is malware free, type your seed in it and if its still there, move all your coins to another address right?
Oh ok, I see, but don't you have a public address to check your balance? What coins/currency are we talking about here?

But yes, your second sentence is basically what I would suggest  Smiley
Get a different device (or if you have to use your old device use some linux live-cd to boot into a save operating system) and move your coins
full member
Activity: 1750
Merit: 186
I do not know if I have my coins right now because I don't want to type or copy/paste it into my software wallet because of this reason.


So you suggest using another device, making sure that computer is malware free, type your seed in it and if its still there, move all your coins to another address right?
hero member
Activity: 1974
Merit: 856
My concern is i read this malware I have could be some browser hijack and keylogger etc.  So that means if i log into my password manager on my compromised laptop, they could track everything I typed?  What if your password manager was open at the time?  I do also have my seed written on paper as well.  My concern is if i log into my password manager now on my computer, that means the hacker could literally see all my passwords and everything i wrote on it?  I know about the phishing links hackers post where you download a fake wallet and enter the seed.  But if you don't enter your seed, I read its safe.   But could clicking on a link to a website without downloading anything also do this?  I did not see any program download.  But I'm pretty sure it was a dangerous site.
From you story it sounds unlikely that the website could record anything from you. However, there is still a possibility. If you still have your coins, then this is a good sign and I would say you are 99% safe. In most cases the hackers know exactly what they are looking for and your coins are gone within moments.

To be 100% safe, I would generate a new seed, only stored offline in a safe place. Then transfer all your coins to the address of the new seed. It's good practice that whenever you are not 100% sure, to create a new seed and new addresses to keep your peace of mind.
full member
Activity: 1750
Merit: 186
I posted this in the bitcoin subforum but I think it probably should be posted in altcoin subforum.  But I say its probably better to post it in few places so others could give opinion.



I have coins stored in a software wallet on my laptop.  The thing is I do have the seed stored in my password manager.  Yes I know people tell me you should never do this in case your computer gets compromised.



My concern now is I clicked on a redirect link when using my laptop earlier.  The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site.  I then just closed it but then noticed this was a phishing site.  I didn't enter anything on that site.



My concern is i read this malware I have could be some browser hijack and keylogger etc.  So that means if i log into my password manager on my compromised laptop, they could track everything I typed?  What if your password manager was open at the time?  I do also have my seed written on paper as well.  My concern is if i log into my password manager now on my computer, that means the hacker could literally see all my passwords and everything i wrote on it?  I know about the phishing links hackers post where you download a fake wallet and enter the seed.  But if you don't enter your seed, I read its safe.   But could clicking on a link to a website without downloading anything also do this?  I did not see any program download.  But I'm pretty sure it was a dangerous site.



The thing that I considered was to not log into my password manager.  But then use another device and enter my seed into it to access the wallet.  Then assuming my coins are still there, create a new wallet and send all of them there and get a new seed.  Is that recommended?



I don't want to wipe my laptop as I have so many things on it for years etc.  I also didn't do a backup of it as well.  The thing is I do have a copy of my password manager on a usb drive.  But is there any virus program I could use or buy where it would find any type of malware, keylogger or browser hijack etc on it?  So that way I could continue to use my laptop without wiping it clean?



I have heard of that browser hijack where when people send coins, their browser would copy/paste another address etc.  But in this situation, what would you do?  I guess this is the same like if your computer is compromised and you use software wallets and sites since anything you type into binance or coinbase etc... well that person could record your keystrokes?
Pages:
Jump to: