Trezor Dapps und heiße Geldbörsen

[root_s2yse8vt]

Up

0

Down

::

Soweit ich das verstanden habe, ist die Verwendung von Dapps ein Risiko für sich selbst, selbst mit Hardware-Wallets.

SO würde dieses Beispiel gerne bestätigen —

Bisher habe ich compound.finance und uniswap (Original-Sites) mit rabby + trezor verwendet (nur der öffentliche Schlüssel wird geteilt)

Um compound zu nutzen, musste ich natürlich einen Vertrag mit meinem trezor unterschreiben… Bedeutet das, dass compound.finance im schlimmsten Fall durchdreht und beschließt, mein gesamtes Guthaben aus meiner Wallet zu stehlen, und das ohne jegliche trezor-Bestätigung tun kann?

[brianddk]

Up

0

Down

::

Three things to understand….

* Blockchain – What chain you are on, ETH, BNB, Poly, etc
* Derivation – Which account your on / ETH / BNB address
* Authorization – Whether or not you’ve accepted / signed an authorization

IFF you’ve signed an authorization, that will only authorize funds on that account / derivation, on that particular chain. BUT, once authorized, they can drain that particular account on that particular chain any time they want, until you revoke the authorization.

BTW, wrapped coins or tokens that show up on whatever account / derivation on whichever specific chain are also available to be drained for a drainer authorized on that specific account on that specific chain.

Authorizations for accounts secured by Trezor can not happen without your Trezor screen prompting for a confirmation, and you mashing the screen / button on the Trezor device.

BTW… there are ways (Rabby) to view the raw TXN before it is sent to Trezor. That TXN can be decoded and examined for malicious code. It’s just complicated enough that few would ever really endeavor to do it.

Here’s a Ledger user (u/Avanchnzel) that does this very process regularly. It should be straightforward to do this on Trezor as well

^(https://www.reddit.com/r/ledgerwallet/comments/18id148/comment/kde0nld/)

[Autor]

Beiträge