Author

Topic: SIGN ETHEREUM MESSAGE THROUGH ETHERSCAN(Android) (Read 190 times)

hero member
Activity: 2520
Merit: 952
November 11, 2023, 08:06:39 AM
#12
So, this is what reminds me of the very first time i got hacked.

I once got a phishing link in my mail with a request for me to sign an Ethereum message, not knowing the trick by the hacker, I signed the message and inputed my private key. I had no idea what I had done until a few weeks later when I started recieving my payments through that wallet, I just discovered that people were withdrawing funds from my wallet without any permission from me.

Whatever has to do with Signing message on Ethereum chain, I totally avoid it.

It's because you put your private key, it's one of obvious phishing scams around. if you were to sign a message using etherscan/MEW or any other legit platform, you would have been asked to sign message through your wallet without revealing your private key.
sr. member
Activity: 980
Merit: 282
Catalog Websites
So, this is what reminds me of the very first time i got hacked.

I once got a phishing link in my mail with a request for me to sign an Ethereum message, not knowing the trick by the hacker, I signed the message and inputed my private key. I had no idea what I had done until a few weeks later when I started recieving my payments through that wallet, I just discovered that people were withdrawing funds from my wallet without any permission from me.

Whatever has to do with Signing message on Ethereum chain, I totally avoid it.
hero member
Activity: 2520
Merit: 952
Btw, can’t I use mycelium Ethereum address to sign a message in the app without having to pass through the process of connecting my wallet to a site? I haven’t tried it yet but I think that should also work.

You can sign message using Mycelium android, on accounts page click on your address, on top right there is option to 'sign message' [1].

Note: When you done signing message then goto Revoke.cash and revoke all permission for safety.

I tried with metamask, it did not ask for any permission. I don't think signing message causes any fund risk, unless one goes to the shady website, they are sure to ask for shady permissions and your wallet will be drained.

Most ethereum scams happen by giving shady permissions than private key being leaked.



[1] https://www.talkimg.com/image/twFev
hero member
Activity: 700
Merit: 541
Bitcoin Casino Est. 2013
While this is great and I just learned something new about etherscan, I still won’t be using it.

If I can’t sign the message with the wallet that I am using then it’s a no no case for me, if I have to connect to a third party site and grant them some permission to my wallet before I can sign messages then I’d rather stick with my electrum or mycelium wallet to sign messages.

Btw, can’t I use mycelium Ethereum address to sign a message in the app without having to pass through the process of connecting my wallet to a site? I haven’t tried it yet but I think that should also work.
hero member
Activity: 868
Merit: 952
I don’t quite get you but if you’re talking about signing of both message and transaction, you need that particular wallet to have your private key, a watch only wallet which doesn’t have a private key doesn’t sign a message or transaction and that’s why you don’t broadcast transactions from those wallets.
You don't get it, he actually want to say that you should not keep funds in your wallet when you sign message because you have to connect wallet with etherscan site(not full trusted)

If that’s so, then you should not keep any coins at all in that wallet related to that private key. Because the danger is not actually connecting to the site at that time but exposing the private key. If the hacker gets hold of the private key if you later store coins on that private key even though it is not that wallet the you will still lose your coins.

Base on your explanation the staked address or private key should never be used to store any coins then
sr. member
Activity: 336
Merit: 292
20BET - Premium Casino & Sportsbook
Bitcoin address and signed message with Bitcoin private key is more favorite in the forum and you know, forum is a Bitcoin forum, not Ethereum forum.

I know that very well but what will be the option to recover if you have used only Ethereum wallet. Most of the users just applying for bounty here. If anyone don't have a PC then this is one method for recovery.

This tutorial is easily can be view here https://info.etherscan.com/verify-signature-tool/ or just use a common sense. Now why this thread posted in Beginners & Help section? move to Altcoins discussions section.

Most of the topics are available in other sources but why we have to go other sites if we can discuss the positive and negative aspect here. I make this tutorial after reading thread in Meta. some old members told him to sign ethereum message but all thread tutorial image showing error.

Some might say, Why don't you stake BTC or PGP and sign a message saying that? The thing is, I don't have a desktop device at this moment. Most of the time, I use Bitcointalk on my mobile. I hope everyone understands my situation.
legendary
Activity: 1932
Merit: 1273
Account Recovery:
It allows you to recover your account in case you lost your account because of hacking or you lost access to both your mail and account.

One thing to no is that recovering accounts using cryptocurrency key signed messages is a highly specific way of account recovery. It solely applies to this forum and maybe other cryptocurrency-related forums/platforms.

If you signing a message, you must do it with a wallet that does not store your coins. Because signing is with a private key that is a kind of risk for your fund.

Technically, signing a signed message does not pose a risk to the funds in any way. Unless the user wrongly accesses the website for the signing processes, say accessing a phishing/fake site, then it is obviously out of the question. So what specific risk did you have in mind when you said that? In terms of funds security, it should not be a problem.
hero member
Activity: 812
Merit: 619
It's useful for changing addresses in Bounties and signature campaigns.
I have changed address in the signature compaign and Manager didn't ask single time for any sign message. Is any manager asking for it?

Connect your wallet through any compatible option. If you use Metamask, then simply click on it. If you use Trustwallet, click on wallet connect and then select Trustwallet.



When click on sign message I received this message which is clear warning that connecting wallet is not safe as Etherscan is still in beta phase. BTC signing message is safe.


If you signing a message, you must do it with a wallet that does not store your coins. Because signing is with a private key that is a kind of risk for your fund.

I don’t quite get you but if you’re talking about signing of both message and transaction, you need that particular wallet to have your private key, a watch only wallet which doesn’t have a private key doesn’t sign a message or transaction and that’s why you don’t broadcast transactions from those wallets.

You don't get it, he actually want to say that you should not keep funds in your wallet when you sign message because you have to connect wallet with etherscan site(not full trusted)
hero member
Activity: 868
Merit: 952
Account Recovery:
It allows you to recover your account in case you lost your account because of hacking or you lost access to both your mail and account.

The forum recognizes the signing and verification of bitcoin addresses over the Alticoin addresses for account recovery purposes because in all standard it is much easier to verify and to me proves more trusted than this. So I will just advice you go stake or sign your bitcoin address instead if your purpose is for account ownership proof.  


Changing address:
It's useful for changing addresses in Bounties and signature campaigns.
You don’t need to sign every single address posted on the forum. If you plan to change your address and the manager has doubt over it then he would simply as for the signing of the former address. Signing each address wil just make that thread lose some value or make a long thread.


Connect your wallet through any compatible option. If you use Metamask, then simply click on it. If you use Trustwallet, click on wallet connect and then select Trustwallet.

After connecting your wallet, you will see the screen like below.

In terms of privacy or security concerns it is very bad to connect your wallet to any online website as this will expose your keys or seed phrases to the internet which is the first step of getting your account into the hands of hackers. Any private key that would be connected to a site should be for a wallet that doesn’t have much relevance. So if this is the only method of signing Ethereum then it is kind of bad and I wouldn’t advise it.


If you signing a message, you must do it with a wallet that does not store your coins. Because signing is with a private key that is a kind of risk for your fund.

I don’t quite get you but if you’re talking about signing of both message and transaction, you need that particular wallet to have your private key, a watch only wallet which doesn’t have a private key doesn’t sign a message or transaction and that’s why you don’t broadcast transactions from those wallets.

Just like the transaction signatures are signed by private keys from your wallet and later verified by nodes or miners using your public keys is almost similar to signing of message and verifying it. So you need a wallets that holds the private key to the address you want to sign it’s message
hero member
Activity: 952
Merit: 662
This tutorial is easily can be view here https://info.etherscan.com/verify-signature-tool/ or just use a common sense. Now why this thread posted in Beginners & Help section? move to Altcoins discussions section.

I don't think you must sign a message with Bitcoin wallets or Ethereum wallets when you change your receiving address in signature campaign or bounties.
That's really depend on the campaign managers.

Quote
If you signing a message, you must do it with a wallet that does not store your coins. Because signing is with a private key that is a kind of risk for your fund.
There's nothing like that, you're connect your wallet to etherscan, not an unknown site. So regardless your address have a coins or not, it doesn't matter.
sr. member
Activity: 966
Merit: 306
Account Recovery:
It allows you to recover your account in case you lost your account because of hacking or you lost access to both your mail and account.
Bitcoin address and signed message with Bitcoin private key is more favorite in the forum and you know, forum is a Bitcoin forum, not Ethereum forum.

Quote
Changing address:
It's useful for changing addresses in Bounties and signature campaigns.
I don't think you must sign a message with Bitcoin wallets or Ethereum wallets when you change your receiving address in signature campaign or bounties.

Most of campaign managers don't as their participants to sign a message.

If you signing a message, you must do it with a wallet that does not store your coins. Because signing is with a private key that is a kind of risk for your fund.
sr. member
Activity: 336
Merit: 292
20BET - Premium Casino & Sportsbook
Today, I am sharing the method of signing messages with an Ethereum address using an Android smartphone. Signing a message serves several purposes:

This tutorial is just for learning purpose. Bitcoin message sign is best way to sign message and If you have a PC then no need of Ethereum message signing although users only have android smartphone could use it as an alternative.

Account Recovery:
It allows you to recover your account in case you lost your account because of hacking or you lost access to both your mail and account.

Changing address:
It's useful for changing addresses in Bounties and signature campaigns.

A method was already shared for signing messages through MEW (MyEtherWallet), but unfortunately, images are no longer supported due to Bitcointalk no longer supporting Imgur embedding.

I will show the tutorial of signing messages on Etherscan through Metamask/Trustwallet/Safepal/Bitget wallet or any wallet that supports WalletConnect.

First, go to the Etherscan signature page site:
https://etherscan.io/verifiedSignatures


Connect your wallet through any compatible option. If you use Metamask, then simply click on it. If you use Trustwallet, click on wallet connect and then select Trustwallet.



After connecting your wallet, you will see the screen like below.



Write the sign message in this format:

Code:
Today Date: Oct 08 2023.
This address is owned by Hondacd125

Note: You can customize the sign message as needed.

The sign-in prompt will appear in your wallet; just sign it, and you're done now.

Click on publish to make it public.



Save signature hash for future use.
Signature hash:
0x1761e86e28a842aa69f76c8199fb38b669cf055a955d88b7e3573d8b3a1c861d394574fcc8b9b d2689785375bb9449b1a05b3593f88608f52bfb6ec5403f490c1c

You can check or verify your message by going to this site https://etherscan.io/verifiedSignatures, clicking on Verify, and then just put the signature hash.




Note: When you done signing message then goto Revoke.cash and revoke all permission for safety.
Jump to: