Security advice, phantom wallet hack

There was a hack on a forum, official admin posted links to a fake site that connected to phantom wallet and approved authorization permission. Nothing was stolen as far as I am concerned but what are the risks here? What do you recommend that I do after this? Should I reinstall browser? Reinstall machine? Can I know for sure if my browser or machine is infected with something?

You can never really “know for sure” but we can make reasonable guesses based on circumstances.

Can you share the link to the admin announcement you referenced so we can understand better what happened?

Also, do you have any kind of security software on your system?

And can you check your browser for any extensions that are installed that you don’t expect?

I reinstalled the phantom extension I did not have any new extensions and phantom wallet did not have any new permission. I noticed afterwards that the the extension got a white circle around it when surfing on pages, when i clicked the extension is asked to reload the extension in a popup window with a reload button because it unloaded. I have never seen this before but if you are a dev you probably know what it is.

OK, at first I thought you meant the forum admin posted something about a fake site, not that he posted the link to the fake site himself. I think I follow you now.

If that site is malicious then it should be OK for you to go ahead and remove it from your previous post so nobody else hits it by accident.

Where is the ‘phantom’ extension coming from, is it in the Chrome web store? Your browser shouldn’t authorize any new permissions without warning you first; do you recall which permissions it had (or has)? If it didn’t have direct access to local files then I think there’s little need to reinstall the system (or the browser), but it’s certainly possible that some data (wallet, file content, history, etc.) could have been exfiltrated while it had the permissions.

Regarding the white circle around the extension icon, that just means it doesn’t have access to the content of the page you happen to be on.

I’d certainly defer to others more familiar with cryptocurrencies to suggest what to do if you are concerned your private key may have been stolen. My guess would be that you’d want to create a new wallet and transfer your funds to it ASAP (emptying the original), but it’s not really my area so hopefully someone else can speak to this.

Thank you for great reply.
I got it at official chrome web store. I checked the permission before and after reinstall there was no permission assigned to the extension. Not even sure id had inspect background page before reinstall which is odd. If this was another browser or operating system should I have been more worried? How confident are you in security aspect of brave?

Well, I think the Chromium permissions system is as solid as any browser. It’s certainly possible that there could be unknown, unpatched exploits against it. But I think the biggest potential for problems would come from any permissions you allowed when prompted.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.