Could people share some thoughts if there’s any scenario where we could potentially lose our funds without clicking any malicious link in our solfare or phantom wallet? Just by holding assets in them?
If no. Then why one would need a cold storage?
This is not a wallet issue, but if you are using a hot wallet, it’s likely you have your private key store in your local system. That is a point of failure. That’s why cold > hot
Has nothing to do with signing a malicious contract. Hot vs cold wallet discussions are about where your private keys are best stored.
What seems seem like a better method to store your passwords? On your phone or on a device that doesn’t share it with anything? When comparing hot vs cold you are comparing how you store your keys. Your keys are your passwords. HW wallets also offer an extra layer of protection against your greatest security weakness. You. It forces you into additional steps before doing something stupid while being phished. Phishing is behind 99.999999% of any story related to someone losing their funds.
Software wallets obviously encrypt, but you can be safer with cold storage. We’ve seen attacks in the past where the auto “update software” feature of a software wallet was compromised. Users would then unknowingly update to a malicious new version that asks them to re-confirm their keys. They then lost everything. This wouldn’t be something that would affect as many HW wallet users as those users should know they will NEVER be asked to input their seed in any other way besides using device itself. This means no typing in. No malicious software to catch it. Yet, some will still fall for these tricks.
TLDR: Software wallets work well enough as they encrypt. Are there very rare situations that this may not be enough security? Yes. This has nothing to do with visiting a website that links to a bad smart contract. This is just phishing. Any sizeable amount of wealth should still only be connected to a key stored offline.
Thank you for your great response.
I have one question that I was unable to Google successfully.
If I create new wallets in Fantom, my guess is that they have the same seed, but, can anybody else to realize that they are linked to my main account?
Some people active on sol used slope before the drain because it had an auto approve feature which we used to be fast. Some got screwed, especially for those that didn’t treat that wallet like a burner.
Yep, I lost $2500 in phantom once, now I use multiple Ledgers