A Lesson in Crypto Security | Pay Attention to MetaMask Prompts
Multiple high-traffic websites are reporting being compromised with malicious prompts to connect MetaMask.
Malicious MetaMask Connetions
It has been reported by multiple websites including CoinGecko and EtherScan that a fake "Connect with Metamask" is appearing for some users. It seems attackers have acheived this pop-up via compromising a market agency known as CoinZilla, which displays ads on crypto websites. Essentially this is not a one or 2 website ordeal, this means any website that uses CoinZilla for their ads has potential to be compromised.
Why does this matter? Well - quite simply if you happen to visit a website and it asks you to connect Metamask, you've given that site access to your wallet. By giving permission to your wallet, a malicious website could basically drain your wallet. This issue has been resolved already but it is still a huge lesson in protecting your assets. The crypto and NFTs in your wallet are your responsibility at the end of the day, so it's your responsibility to protect them.
If you get pop ups to connect Metamask on random websites, and you just go connecting all willy nilly... Well, it's time to take a step back and learn about what can happen if you do that. If you're someone that keeps large amounts of money there... Well you're kinda asking for it.
So the lesson to be learned here is don't connect your wallet to random websites, or even websites you visit regularly that you don't normally connect to. You'd expect a prompt like this when visiting a decentralized exchange like SushiSwap or PancakeSwap. However, you wouldn't expect to be prompted to connect Metamask on Google or CoinGecko. See the difference? No reason to connect your wallet so you can google a recipe. That's just silly.
It's also just a good best practice with hot wallets like Metamask to make sure you're connected to only websites that you want to have access. There's a couple ways to do this with Metamask. You can either visit each individual clock explorer for each blockchain you use like Polygonscan and Bscscan, or you can use a service like Revoke. I've personally used Revoke to revoke all permissions from my wallet just because I felt like I should. Never a bad idea just to make sure you're only connecting to what you want to connect to.
You can think of this as kinda like changing your password to your banking app every now and then. I know most people never change their password and probably use the same password for every website but... Take a few minutes every couple months and revoke permissions from everything. Change your password. You don't want to be that guy trying to figure out where his Bored Ape Yacht Club NFT went.
The thing about these malicious links is that they don't always get you right away. They could just have this thing gathering permissions for months and then bam... Everyone's wallet gets drained. This can happen with really any wallet like Metamask. If you're using Brave browser's built in wallet, it works exactly the same way. Never a bad idea to take a look at what websites your wallet is connected to.
That's about it really. Just a quick lesson in securing your Metamask wallet. Your can never be too safe when you're dealing with your money. Crypto is cool but it's not like a bank account. You can't just call customer service when someone steals your money.
p.s.
I had a bad case of food poisoning yesterday and I'm still kinda out of it... I'm gunna go lay down.
Thanks for reading! Much love.
Links 'n Shit
| Play to Earn | Read emails, Earn Crypto | Get free crypto every day | Get a WAX wallet |
|---|---|---|---|
| Gods Unchained | ListNerds | PipeFlare | WAX.io |
| Splinterlands | GoodDollar | ||
| Rising Star | FoldApp |
Posted Using LeoFinance Beta
