>using macos with brave browser >download metamask 2 years ago, seed phrase viewed once at that time and written down on paper and put in a safe >trade some ETH for INJ 5 days ago on Uniswap via 1inch >don't even unlock the token as I don't want to give Uniswap access to my funds >10 minutes later a transaction shows up on the blockchain draining my LINK from this wallet
Do not used metamask anons, even with a HW. It has definitely been pwned. I've seen hundreds of people saying their metamask has been hacked in the last couple of weeks
>>don't even unlock the token as I don't want to give Uniswap access to my funds unlocking does not give the smart contract access to your funds
> Do not used metamask anons, even with a HW if you would have used a hw wallet then you must have accepted the signature request for the LINK transaction on the hw wallet device. there is no other way. even if metamask is 100% malicious, it doesn't get around asking for that signature.
Elijah Murphy
Do you know how this could have happened then? Some kind of browser exploit?
Michael Hill
assuming you indeed used a hw wallet then the only possibility I see is that when you traded ETH for INJ, the infected metamask asked for two signatures (one for trading ETH to INJ and another one to send out your LINK) and you accepted both on your hw wallet because you thought it is normal that you have to confirm twice on the device. it is always wise to double check the data on the screen of the hw wallet, even if it is often kind of cryptic.
Juan King
No I should clarify this was not using a HW at the time, I do have a HW but I only use this for cold storage and not active trading
Hudson James
Post evidence or larp
Leo Baker
Also I think the transaction must have been broadcast from somewhere else because it showed up 10 minutes later with a much higher gas price than the one I used to trade eth/inj
Just been scratching my head as to how it could have happened as as far as I knew macos is secure and I don't think they had my private key as there were other tokens worth even more on that wallet that were not stolen
Aiden Bailey
then i guess you have a keylogger installed which delivered your metamask password to some chinese highschool kid when you did the INJ trade.
Hunter Gutierrez
Well I can post the transaction hash but you'll probably claim that's a LARP too
It was moved twice and is now sitting in an wallet that also had funds moved into it like 6 months ago
Easton Flores
this whole thread OMEGALUL
Matthew Hill
Fucking Larp
Nathan Jackson
you're fucking retarded, hw wallets were created so that you can use your cold storage for trading, you just wasted money and could have used a free paper wallet for cold storage you don't touch
Zachary Harris
but the password is not enough you need the seed phrase if you don't have the device
also wtf is macos?
Xavier Davis
How would a keylogger help them steal my link though? It's not like I'd be typing in private keys
Carter Gutierrez
I created the metamask account way before I owned a HW, I'm not too concerned about the loss, they managed to steal 94 link out of my 39k stack, but I'm interested to know how it was possible
Cameron Thomas
The operating system iMacs and macbooks use
Cooper Bell
true it would also need to get the encrypted extension itself sent over, but that's probably a minor issue of you already have a program running there.
> also wtf is macos? an inferior linux for apple users
Blake Garcia
there it is. you are just a dumbass
Jaxon Flores
lol WTF, LARP or you did something yourself which you don't understand
no one would not just drain the whole stack
Andrew Cook
LARP
Elijah Nelson
Maybe it was because of 1inch, I've never used that one
Jordan Perry
I am very wary of using that exchange again, it was 10 minutes after using it that my links were drained
Tyler Davis
this desu
William Reyes
They did drain the whole stack that was on that wallet user. My other links are on different wallets
Nathan Brooks
Do you remember the url of the 1inch exchange? Is it really 1inch?
Parker Mitchell
1inch.exchange
Had it bookmarked - I know there are a lot of phishing sites, there was a metamask phishing site that used a paid ad to show up in the Google search results a few weeks ago too but it definitely wasn't a phishing attack
Zachary Carter
user you really should be signing all transactions with a hardware wallet. Cold storage is supposed to be just that: cold. As in it's on paper and no computer has the private keys for that wallet. This is basic crypto opsec you should have figured out either as soon as BTC hit $1 or the very first day you got into crypto.
To all the lurkers: you're an idiot if you don't spend the time to understand how all this crypto stuff works in practice. Your money is literally a leaked password away from being stolen by internet hackers with no legal recourse, just like the boomers thought of the internet in the 90s and 00s. Get smart or get fucked, your choice.
Carter Lopez
this is true but i'd be very interested to know how this was done - as far as I know Mac is pretty secure against trojans and keyloggers as it is all sandboxed. Can metamask still be exploited through the browser without the users knowledge and forced to submit transactions?
Connor Wilson
Same thing just happened to me a little over a month ago. Lost over 3 ETH Also using brave. I'm a software dev, so it could have been a package I had installed I suppose.
TX never showed up in MM log, but was recorded in etherscan.
Noah Parker
>browser wallet Mfw
Nolan Wright
These stories 100% of the time have some sort of glaring flaw or mistake that the story teller omits, just like people who "got banned for no reason???" who leave out the part about how they were screaming they want to kill all niggers
Camden Evans
>as far as I know Mac is pretty secure against trojans and keyloggers as it is all sandboxed holy fuck how big of a brainlet can you be. maybe this was true 20 years ago
