Home Foren Trezor Wallet Verlorene Gelder mit Trezor

  • Dieses Thema hat 11 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 2 Wochen, 2 Tage von indyreveng.
Ansicht von 11 Antwort-Themen
  • Autor
    Beiträge
    • #778670
      root_s2yse8vt
      Verwalter
      Up
      0
      Down
      ::

      Liebe Community,

      Nachdem ich ein Befürworter des Ledger: Trezor, habe ich immer mit diesem Markt vorsichtig gewesen.

      Heute ist der Tag, an dem ich versagt habe. Ich habe es versäumt, ein gesichertes Konto zu haben, da ich gehackt wurde. Ich habe keine Seed-Phrasen mit jemandem geteilt, und es ist physisch auf einem Stück Papier gespeichert, das niemand kennt.

      Als ich aufwachte, hatte ich fast nichts mehr auf meinem Konto, und obwohl mein Trezor nicht einmal an meinen Computer angeschlossen war, konnte jemand auf mein Konto zugreifen und es abheben.

      [https://ftmscan.com/address/0x907c149d67bb449904580e2c5b463053c2d69f7f](https://ftmscan.com/address/0x907c149d67bb449904580e2c5b463053c2d69f7f)

      Bitte lassen Sie mich wissen, was ich tun kann, um dieses Problem zu lösen, wenn es einen Weg gibt…

      Ich glaube, dass ich von 888crypto.pro betrogen worden bin, aber ich habe nie geglaubt, dass es möglich ist, Geld ohne die Erlaubnis eines Ledgers abzuheben.

      SEIEN SIE VORSICHTIG DA DRAUSSEN

    • #778671
      Kno010
      Gast
      Up
      0
      Down
      ::

      He did have your permission. You gave it to him in this transaction (0x608f5968df311903a6f22da42b869f1504f625919adf8a0795b351479745d369) and also the several transactions following that one where you for some reason approved the same amount and address again.

      The address you gave permission to spend your tokens is this one: 0x8D6b0431841653f8910A6c9F9bEa8e2156055B19

      Next time when you approve an address to spend you tokens you need to make sure you are actually approving the smart contract you wanted to approve, checking the code too is a good idea. In this case you didn’t even approve a smart contract, you approved an ordinary address to spend you funds. If you had paid attention then the fact that the address you approved wasn’t even a smart contract would have been an obvious sign that you were being scammed.

      Obviously if you want to keep using the address you need to cancel all your approvals to that address, if not he can withdraw any USDC you deposit to the address since he still has a large allowance left.

    • #778672
      [deleted]
      Gast
      Up
      0
      Down
      ::

      [deleted]

    • #778673
      Height4Hire_
      Gast
      Up
      0
      Down
      ::

      In every single defi app I’ve used in the last couple of years there’s always an ‘approve’ button for a specific action followed by a ‘stake/farm/provide’ button.

      You cannot stake without first approving, however BOTH transactions require a signiture from the hardware wallet.

      I have never witnessed a hardware wallet transaction get executed without the need for a signiture from the device. Even ‘claim & stake’ buttons which allow for two separate blockchain commands also require TWO signatures.

      So how did this contract both gain permission AND drain the account without the user needing to sign. It should be highlighted to the user in clear block capitals that this contract is requesting to drain the full account (similar to how app permissions work in Android). We cannot rely on users knowing how to navigate solidity or being able to tell the difference between contract addresses and normal wallet addresses.

      This needs more work from metamask, ledger and trezor!!

      Lastly, how do we check an approval contract we are signing is not malicious? (I bet there are no tools for this)

    • #778674
      reddevilandbones
      Gast
      Up
      0
      Down
      ::

      Sketchy Defi contract. Sorry about the loss.

      I’d suggest next time make sub pots for accounts. Like one wallet to hold NFTs, one for stables, defi, degen wallet, etc. And all your long term holds go to another wallet with completely different seed phrase.

    • #778675
      ThatBitchTsundere
      Gast
      Up
      0
      Down
      ::

      What DeFi protocols did you use?

    • #778676
      brianddk
      Gast
      Up
      0
      Down
      ::

      Malicious ETH contracts can clean you out.

      https://ethereum.org/en/developers/docs/smart-contracts/security/#attacks-and-vulnerabilities.

      > withdraw funds without permission of a ledger

      When you sign a malicious contract it can grant future permission. Malicious contracts are intentionally convoluted.

    • #778677
      TurbulentInternet
      Gast
      Up
      0
      Down
      ::

      > never believed that it was possible to withdraw funds without permission of a ledger.

      There are contracts that do exactly that.

    • #778678
      GreyEternal
      Gast
      Up
      0
      Down
      ::

      How is this possible (even from a theoretical technical standpoint)?

    • #778679
      WokeSleepR
      Gast
      Up
      0
      Down
      ::

      Let’s not tag this as an issue with Trezor. As zucc would say: user error

    • #778680
      pogoenemy
      Gast
      Up
      0
      Down
      ::

      I’m sorry for the heavy price you paid, and your advice is well taken. This attack vector has prompted this PSA. A different honey pot but the same tactic.

      https://blog.coinbase.com/security-psa-mining-pool-scams-targeting-self-custody-wallets-543ffe698724

    • #778681
      indyreveng
      Gast
      Up
      0
      Down
      ::

      Do you have Any recovery options available to you?

Ansicht von 11 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.