A Lesson in Crypto Security | Pay Attention to MetaMask Prompts
Multiple high-traffic websites are reporting being compromised with malicious prompts to connect MetaMask.
Malicious MetaMask Connetions
It has been reported by multiple websites including CoinGecko and EtherScan that a fake "Connect with Metamask" is appearing for some users. It seems attackers have acheived this pop-up via compromising a market agency known as CoinZilla, which displays ads on crypto websites. Essentially this is not a one or 2 website ordeal, this means any website that uses CoinZilla for their ads has potential to be compromised.
Why does this matter? Well - quite simply if you happen to visit a website and it asks you to connect Metamask, you've given that site access to your wallet. By giving permission to your wallet, a malicious website could basically drain your wallet. This issue has been resolved already but it is still a huge lesson in protecting your assets. The crypto and NFTs in your wallet are your responsibility at the end of the day, so it's your responsibility to protect them.
If you get pop ups to connect Metamask on random websites, and you just go connecting all willy nilly... Well, it's time to take a step back and learn about what can happen if you do that. If you're someone that keeps large amounts of money there... Well you're kinda asking for it.
So the lesson to be learned here is don't connect your wallet to random websites, or even websites you visit regularly that you don't normally connect to. You'd expect a prompt like this when visiting a decentralized exchange like SushiSwap or PancakeSwap. However, you wouldn't expect to be prompted to connect Metamask on Google or CoinGecko. See the difference? No reason to connect your wallet so you can google a recipe. That's just silly.
It's also just a good best practice with hot wallets like Metamask to make sure you're connected to only websites that you want to have access. There's a couple ways to do this with Metamask. You can either visit each individual clock explorer for each blockchain you use like Polygonscan and Bscscan, or you can use a service like Revoke. I've personally used Revoke to revoke all permissions from my wallet just because I felt like I should. Never a bad idea just to make sure you're only connecting to what you want to connect to.
You can think of this as kinda like changing your password to your banking app every now and then. I know most people never change their password and probably use the same password for every website but... Take a few minutes every couple months and revoke permissions from everything. Change your password. You don't want to be that guy trying to figure out where his Bored Ape Yacht Club NFT went.
The thing about these malicious links is that they don't always get you right away. They could just have this thing gathering permissions for months and then bam... Everyone's wallet gets drained. This can happen with really any wallet like Metamask. If you're using Brave browser's built in wallet, it works exactly the same way. Never a bad idea to take a look at what websites your wallet is connected to.
That's about it really. Just a quick lesson in securing your Metamask wallet. Your can never be too safe when you're dealing with your money. Crypto is cool but it's not like a bank account. You can't just call customer service when someone steals your money.
p.s.
I had a bad case of food poisoning yesterday and I'm still kinda out of it... I'm gunna go lay down.
Thanks for reading! Much love.
Links 'n Shit
| Play to Earn | Read emails, Earn Crypto | Get free crypto every day | Get a WAX wallet |
|---|---|---|---|
| Gods Unchained | ListNerds | PipeFlare | WAX.io |
| Splinterlands | GoodDollar | ||
| Rising Star | FoldApp |
Posted Using LeoFinance Beta
They told me if I killed myself now it would save the lives of countless others.
Saying the longer I wait to kill myself the more people will suffer.
They are reckless and should have shown the proper media what they had before taking me hostage for 5 years. I know there are many in prison that dont deserve to be there because of this. Your stay in prison will not be fun @battleaxe and friends. People are going to want you dead when they find out what you did. I hope you die a slow painful death. You sick mother fuckers.
https://peakd.com/gangstalking/@acousticpulses/electronic-terrorism-and-gaslighting--if-you-downvote-this-post-you-are-part-of-the-problem
Its a terrorist act on American soil while some say its not real or Im a mental case. Many know its real. This is an ignored detrimental to humanity domestic and foreign threat. Ask informed soldiers in the American military what their oath is and tell them about the day you asked me why. Nobody has I guess. Maybe someone told ill informed soldiers they cant protect America from military leaders in control with ill intent. How do we protect locked up soldiers from telling the truth?
There are people who shared how they lost their money from Metamask. Hackers somehow get access to their Metamask wallets and wipe them out.
Thank you @l337m45732 for sharing valuable information and suggestions!
Posted Using LeoFinance Beta
Yep it happens a lot. Usually the fault of the use being reckless.
Posted using LeoFinance Mobile
I think that is common sense but I wasn't even thinking about it. I haven't had it happen to me but I would probably reject it if I wasn't expecting myself to log in for that site.
Posted Using LeoFinance Beta
Easy to not think about. Especially for someone new.
Posted using LeoFinance Mobile
Thanks for the warning, very helpful.
Hope you feel better soon.🤞🏻😊 Had it once… it’s not funny. Take care!
Posted Using LeoFinance Beta
Thanks for the information and the heads up. I bet they will try again with another more improved version of this method.
!1UP
There will definitely be more of these popping up, no pun intended. That's why it's important to always be cognizant of what you're connecting your wallet to.
Posted Using LeoFinance Beta
You have received a 1UP from @thecuriousfool!
@leo-curator, @stem-curator, @vyb-curator, @pob-curator, @neoxag-curator, @pal-curatorAnd they will bring !PIZZA 🍕
Learn more about our delegation service to earn daily rewards. Join the family on Discord.
That´s why I only keep what I need in Meta....it´s just made to easy
Posted Using LeoFinance Beta
Yep, never a good idea to keep large amounts of assets in hot wallets.
Posted Using LeoFinance Beta