• 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: October 20th, 2023

help-circle


  • Lifter_Dan@alien.topBtoEthereumMetaMask hacked 😰
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    That link describes hashcat which uses some of the methods I’m referring to, it’s dependent on the password quality. Crappy password will be quick.

    It doesn’t decrypt it, but tries many combinations of words etc encrypted to compare against the hash.

    Even with a good password, I never would want anyone storing seeds in keepass, anything on the computer is a no for storing seeds.



  • Getting the 12/24 words from metamask is not the same as a paper or hardware wallet.

    Hardware wallet = Trezor or Ledger giving you the 24 words to write down. They are NEVER on your computer, thus hackers can never view/steal them. You still use Metamask, but metamask talks to your USB trezor and then you do the approval on the hardware device where no malware can touch it only you can approve. In contrast, any virus on your computer can read your screen, store whatever password you type into metamask and potentially even tell metamask what to do when you walk away from your computer.

    Paper wallet = old style wallet where you’d write down the phrases from a wallet created on a computer that does not have internet access (air gapped computer). You would then send some Bitcoin to that address and let it sit there until you’re rich at which stage you’ll have to use the key to transfer it to sell. Paper wallets aren’t really used anymore.

    Hardware wallet is recommended, and if you can read the docs about using a trezor passphrase on top of that it’s an extra step of security too that I’d recommend.


  • Lifter_Dan@alien.topBtoEthereumMetaMask hacked 😰
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Hacked money is usually gone for good.

    The most valuable thing is to:

    a) Find out how it happened and what you did wrong

    b) Take actions in future to prevent it

    Did you have a hardware wallet that requires you to physically approve transactions on the external device before metamask submits them? If not, that would be the first step. Trezor I prefer over Ledger, because Ledger’s lax security allows data leaks exposing us to scammer contacts and they had some other questionable plans.

    Did you store your seed phrase somewhere secure and inaccessible to 3rd parties or internet?

    Did you use a seed passphrase when setting up your wallet (13th word or 25th word) that require you to type that passphrase when doing a transaction?

    These might sound like a pain, but they’re really pretty easy once you’ve done it once and it prevents malware from executing transactions on your PC without you physical approval.