So I accidentally signed a transaction on a website that was a clone/phishing scam of an original website called Mute.io and now I’m concerned as to how much access these hackers will have to the rest of the brave features beyond the wallet.
When I signed the transaction I was asked to put in my password for the brave wallet, is that something they now have access to given it was done through the brave API?
Hello! If you believe you signed a malicious transaction, you can revoke approvals at revoke.cash. This will remove permissions that may have been granted after signing.
Were you asked to enter your recovery phrase or private key anywhere? If so, your wallet may be compromised.
It is best practice to start a fresh wallet if you believe this one may be compromised. Please let me know if you have any questions.
So I had gone on this website and pasted my wallet address and revoked one signature on the Zksync era mainnet.
I had also checked to see what signatures/permissions I had active on the ethereum one and I couldn’t find any, yet they were able to siphon everything out of there regardless.
Unfortunately, it sounds like the wallet was already compromised due to the phishing contract.
While revoking the approval may have resolved the matter, I’d suggest starting a new Brave Wallet to be safe. If you have any questions on this process please let me know. Thanks!
Okay, that’s fair game.
My concerns moving forward now are the potential safety issues using the brave browser, given the fact the wallet is built on top of it and these phishers seem to know what they’re doing.
Is this a legitimate concern, a lot of people store passwords and payment information within their browsers
I’m tech savvy but not yet at the level to decipher lines of code
To help clarify a bit, if you compromise your 24 word recovery phrase, then all accounts tied to it are at risk. (Based on your description, I don’t believe this took place)
However, you signed a smart contract that holds malicious intent, but only the address used in signing is at risk and not the entire wallet. However, it would be best to start a fresh wallet to avoid any potential concerns.
Happy to clarify further!
@Digital_Dragon I noticed you mention things like passwords and payment information as a concern. These things are generally protected and encrypted through your browser. What you experienced is through Wallet and due to permissions that you gave someone.
Wallet is like a bank account. The 24 word recovery phrase is your master password that lets people use the entirety of your Brave Wallet if they are given it. This means they can send and receive any crypto you have stored. This number is something you NEVER should share with anyone.
Then you have web contracts. This is you going to a website to make a purchase. You are asked if you’d like to sign the web3 contract and give them access to your Wallet. As with many websites and other places in the world, there will be scam sites out there and it’s very important you do your research before giving authorization to anything.
That’s where I circle back to this. There are a lot of scams that are hard to differentiate. If you haven’t been through such articles yet, you may want to check out https://support.metamask.io/hc/en-us/articles/10143114273563-How-to-tell-if-a-smart-contract-is-safe-to-interact-with or https://www.coinbase.com/blog/real-or-fake-learn-how-to-identify-legitimate-stablecoins
Nah, nobody but you would have the password. It’s completely stored via your browser and even if someone had it, they’d not be able to do anything as it’s just to unlock it from your device.
Absolutely none. Brave Wallet is kept completely separate from the rest of info. And from what it sounds like, yours is just that you authorized a site to be able to access portions of your Wallet balance and they did so.
If you did download any viruses, keyloggers, or other types of malware from them or elsewhere, there could be potential for them to gather other data. But generally it’s kept safe and all of your information is encrypted. Obviously nothing is ever 100% safe, but the likelihood of this happening is pretty slim unless you’re installing a bunch of random extensions, torrents, and other things which are known for trying to steal your data or hijack your device.
Just so you know, this exists with ALL wallets. It has nothing to do with being built on Brave or Brave itself. It would have worked the same if you did MetaMask or anything. I kind of gave you some info below, but I’ll leave you with the info below as well, as it might be helpful for you to read.
You’ll see what you fell for is listed almost right away, called Ice Phishing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.