Lange Geschichte kurz … Ich wurde betrogen, indem ich meine metamask Brieftasche mit einem „Austausch“. sie wischte alle meine alt-Münzen (binance mainnet). Jetzt mit Ledger Verbindung zu einem DAPP für Staking eine bestimmte alt Münze zum Beispiel, kann die dritte Partei möglicherweise alle Münzen aus Ihrem Ledger zu stehlen, wenn sie wollte?
- Dieses Thema hat 7 Antworten sowie 2 Teilnehmer und wurde zuletzt vor vor 3 Jahren, 1 Monat von
aktualisiert.
-
Beiträge
-
-
Lange Geschichte kurz … Ich wurde betrogen, indem Sie meine metamask Wallet zu einem „Austausch“. sie wischte alle meine alt-Münzen (binance mainnet). Jetzt mit Ledger Verbindung zu einem DAPP für Staking eine bestimmte alt Münze zum Beispiel, kann die dritte Partei möglicherweise stehlen alle Münzen aus Ihrem Ledger, wenn sie wollten?
-
With a Ledger, every transaction must go into the device’s secure enclave for cryptographic signing, which always involves the pressing of the physical buttons on the device. You can be sure that no messages can be signed without going through this process if your seed phrase has remained safe.
There are other attack vectors that you still have to watch out for, the main one being a malicious dApp tricking you into using the Ledger to sign a message that does something different than you intended. This is called blind signing ([https://www.ledger.com/academy/cryptos-greatest-weakness-blind-signing-explained](https://www.ledger.com/academy/cryptos-greatest-weakness-blind-signing-explained)) and is unfortunately hard to avoid when going out into the web3 world at the moment.
But yeah as long as you protect your seed phrase and keep it offline, it’s much much more difficult for an attacker to cause you harm, and especially difficult for them to steal _all_ of your coins. You’d have to be fooled pretty hard to sign all of the transactions that would be needed to steal all of your coins….
-
Much appreciated for the comments 👍🏼 I’ll be honest I rushed into signing when connecting to the fake exchange..thinking I had some unknown tokens to claim!
Luckily it wasn’t my ledger! and I lost what I could afford to lose on my metamask wallet. I’ll learn from it! Thanks again for the prompt responses! 🙂
-
Coins cannot be stolen unless you validate a malicious Tx on your ledger device (or get you seed leaked).
As mentioned in the other comment, with tokens, it’s more tricky. They can be stolen by malicious smart contract, or if you get tricked into interacting with contracts that do not do what you think they do.
Also, be very careful with „unlimited allowances“ of tokens. They are dangerous, and if a malicious contract is given unlimited allowance, they can steal your tokens that have been given the allowance.
I would recommend that you go to [https://revoke.cash/](https://revoke.cash/) and check all the allowances that you may have on your ERC20 tokens, and revoke them if unsure.
-
-
-
Just watch out for a newbie mistake to not sign an incoming transaction that looks exactly like an official MetaMask popup – among other phishing scams out there that request you to sign off on your ledger device. If you’re a newbie or in a hurry it can happen and that’s how you physically sign off for them. You only sign off when sending out your assets. Simple but sometimes not known by newbies.
-
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.