I just got hit for a ton of eth 3 meta wallets drained. Anyone heard anything or could help point me in the right direction of what to do? No idea how they accessed my funds.

  • SnooCalculations1742@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Sadly no. LastPass was hacked last year, and a lot of people have had their wallets drained. So having your seed online is never truly safe.

    • mehdital@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      How is that? Even if I give you my password for Google you won’t be able to sign in to my account.

      • SnooCalculations1742@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yes, but if you have your seed phrase in an online container, and the container gets hacked, the 2FA doesn’t do anything. The hacker can recreate your wallet from the seed.

        • mehdital@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I am talking about storing the seed in the Google account, aka Google keep. The likelihood of Google getting hacked is much lower than my house burning down and taking with it all cold storage.

    • Crypto_Cat_34_32@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What is the likelihood those people had either reused their master password elsewhere or that the password strength was very weak?

      • mehdital@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Google will automatically block any sign in from a new device, so even with a compromised password, access is not granted.

        • Crypto_Cat_34_32@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Lastpass hack made 2FA completely irrelevant because hacker got access to the password databases directly. They can at their leisure try to bruteforce passwords for all of these accounts.

    • neb_flix@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Lol, all you people parroting the LP hack… if any of you read the incident report, there was only very basic metadata like company names, veiling addresses, etc which was not tied to specific users. No encrypted notes or credentials were taken at all. That’s not how PWM’s work.