I just sold a malware (for xmr) that is stealing eth from metamask
imagine being so retard to store your wealth in a fucking browser extension
Just so you know
Josiah Martin
William Gonzalez
OK big guy, steal my ETH Im waiting MR hacker ? Come on bro do it DO IT PUSSY
Benjamin Gray
I’m not stealing anything, other people will, I already had my stash of xmr converted into btc
Aiden Rogers
>using metamask without a hardware wallet
nobody does this, right?
Daniel Howard
>nobody
80%+ of bizlets according to data mining threads
Cooper Nguyen
Does a hardware wallet make things safer for people?
Nathan Rivera
describe principles of exploit....(requires clicking a link, etc)
Easton Howard
yes, private keys never touch the computer, this is effectively an air
Zachary Lopez
gapped system that prevents niggers like OP from stealing yo coinz ayoo finnna nibba
Jonathan Watson
henlo broker
nope that’s not my part
just the shellcode to inject the browser and fuck it up (steal pass / export private key), ready to be chained
Isaac Davis
I use a paper wallet, is that ok?
Christopher Powell
smartest choice, don’t lose it in a boating accident
Isaac Bailey
Jokes on you I don't download anything
Nicholas Thompson
ok suppose you have an RCE in unpatched browsers. how do you even retrieve the private key considering metamask use a password to encrypt it and I would imagine the password itself if saved is also in an encrypted keychain
Dominic King
don't listen to him, it's a terrible choice. a paper wallet won't stop anyone who infects your computer from getting your private key the moment you enter it. it's good for coldstorage, but the second you decide to input it on a computer it's as good as garbage. you should use a ledger.
Angel Collins
you wait for the user to enter it aaaaand goodbye funds
Carter Clark
i keep my net worth in a trezor and i sleep with it tucked in between my buttcheeks nice try tho
William Baker
Imagine being so retarded you cant prevent yourself from fallinh for malware
Oliver King
two most probable ways:
1. he is spoofing the password page and captures password
2. he as some out-of-process program that watches browser state somehow and notices when extension has been opened / unlocked and then executes.
my bet is on #1
Brody Wright
if someone chain it with a 0day and a sandbox escape good look, you can be the smartest folk in the planet and still lose your funds
use an hardware wallet
Zachary Gutierrez
All these advices to use a hardware wallet are fine, but how am I going to do constant trading like that?
I'm currently planning to have small amounts for trading in my Metamask, and long-term hodl in a hardware wallet, is that a smart thing to do?
Isaiah Sullivan
no, everything runs as a separate process
inject good candidates and wait for the jackpot
Kevin Taylor
Obviously use an airgapped pc and generate tx offline before uploading to net attached pc to broadcast. No one should even own crypto who doesn't know this shit.
Angel Barnes
Dont download from sketchy sites or watch porn on the same pc. It's that easy folks
Josiah Hall
or you can just use a clean live linux distro when accessing it (from a burned dvd so shit don’t get saved)
Brayden Foster
lol, you will get pwned at the first http page you visit regardless of porn
William Bennett
If it's not https I don't bother
Juan Carter
and this is new, how? shits been around for years
Alexander King
just a warning to bizbros to not fuck it up, using a 1M+ metamask wallets and not signing tx somewhere else
John Peterson
Wait I'm a newfag. So you should never keep funds in metamask right? It's effectively just a wallet for temp use to transfer funds to uniswap and back using ETH?
Dylan Gutierrez
if you are playing with pocket money who cares, you have several k please use an hardware wallet or you will lose it sooner or later
Liam James
yeah it should be common sense to not leave a chunk of your portfolio in metamask. It's probably fine if you have small amounts of uniswap shitcoins but if you're dealing with money that you CAN'T afford to lose always, always use a cold wallet or even storing it on exchanges is a better bet. Another common sense tip which might not be common for some people, make it a habit to double confirm which address you're inputting when sending/receiving crypto. There are clipboard hijacking malwares that can replace your address with the hacker's so if you're not careful that's another way you get pwned.
Angel Taylor
Enter what? Password or private key?
Brody Martinez
noob here, if I have more than 2 metamask wallets, can I used one trezor for both?
Lincoln Wilson
also what happens if the battery dies?
Gabriel Powell
bump
real messed up