Last week, Mark Cuban’s wallet was hacked for about USD 850K. What happened and what simple security measures can we take in order to avoid these risks? Let’s see them one by one.
Due to the nature of the attack, where many different tokens were drained (USDC, USDT, ENS, stETH, etc.), it seems to be a clear case of a stolen private key. When this happens, your funds in all EVM networks can be stolen as they share the same private key.
If something like this ever happens to you, acting fast and sharply is very important. So, here are some tips to avoid it but also to be better prepared in case it does.
Etherscan Address Watchlist
First of all, create a watchlist in Etherscan with your addresses. This way, you will receive an email notification every time your address receives or sends a transaction.
Token Approval Checker
Next, use the “Token Approval Checker” tool from Etherscan to check for allowances (permissions) you have given to different smart contracts to spend your tokens. Revoke the ones you don’t recognize or don’t use anymore.
Use a tool like DeBank to track your address portfolio in all EVM chains at the same time. This way, in case you ever find your wallet was compromised, you can prioritize what assets to move out of your address first.
Verify: Only Official Websites
Regarding using Metamask or any other hot wallet of your choice, first, we must remember that hot wallets were not designed to store large amounts of money but for everyday use. Higher amounts of funds should be saved in hardware wallets or multisigs.
Download MetaMask only from the official website, and always type the URL, never go through Google search, where you may end up clicking on a phishing ad. Don’t even trust Social media or Discord links, they can be deceptive.
When you install it, Metamask will ask you for a local password, which is used to encrypt your private key in the KeyStore File, stored in your computer or phone. It’s very important to use a strong password, as they will try to brute force it if they steal your keystore file.
Remember to backup your seed phrase on a paper, in case you ever to reinstall Metamask or lose your phone or computer. Never save this seed phrase in a computer, cloud, email, or anything with internet access. Never share it with anyone. Never.
Metamask can be used with Hardware wallets such as Ledger or Trezor. Consider this if you want to benefit from the simplicity of Metamask plus the security of a hardware device. More on this here.
For additional security, install Blockfence’s Snap for Metamask. This plugin will analyze every transaction’s safety before you confirm it. This Snap consolidates information from industry security leaders such as Forta Foundation and GoPlus Security.
Follow Blockfence for more tips on how to navigate Web3 safely and weekly security news and updates from the Blockchain ecosystem.
*Featured image by CNBC.