Is my wallet compromised?

So, I’ve been using Metamask for some months now, I’ve done my reading, I’m aware of scammers trying to contact people in discord and other channels and I’ve avoided all that. Except on Saturday, I was struggling with my laptop computer (which can be a pain sometimes, especially when using Chrome) and with my toddler, who was particularly nagging with questions that day (this is not to blame my son, of course, I am merely describing the context). I was using the Wanaka Farm site to withdraw some tokens and encountered an error. I went to their discord to see what steps I had to take to solve it and got a DM from one of these scammers.

The thing is, distracted as I was due to the aforementioned context, I didn’t realise it was a DM, and instead thought it was a legit channel, and clicked for a supposedly giveaway or some other BS. Two or three Metamask messages appeared asking my permission to access my wanaka tokens, which I accepted, but it hit me on my mistake when it asked for access to another game. That one I rejected. I went to discord and realised it WAS a DM, and ran to my home office (which has a better comp). There I was able to send ALL my assets (none of which had been taken) to my other wallet (the one I use with my cellphone). After that, I checked the list of sites connected to my wallet, found the offending site and deleted it from the list.

All this happened yesterday, in a matter of minutes. I didn’t lose any NFTs I have in other games (the site never got permission for that) and the Wanaka website requires email confirmation when you withdraw from them.

So, my question (which can be seen in the title) is: Is my wallet compromised? I don’t think I gave them enough clearance to do damage, and prevented them from further asking permission by removing the site from my list, but I don’t know if that’s enough. This is my main wallet, and since I’m about to start making art NFTs to sell, I’m hesitating whether I should use it or not.

3 Likes

Hey @Cristante, welcome to the MetaMask community! :fox_face:

Sounds like you took the right steps after realizing you received a scam DM!

Here’s more information to fully determine whether or not your wallet has been compromised, and what to do afterwards:

2 Likes

I’ve just read that topic. I also ran the Token Allowance Checker and came out with zero as a result. So, aside from what I already did, there seems to be no way of protecting my current account any further, or to detect any possible weakness, am I correct?

As per the “Next steps” section, I should just discard this metamask account, even if I never detect any other possible scams. That won’t be so easy: I do have assets in several NFT games which will consider my changing my wallet to be an act of multi accounting, and if I get banned for that, it will be as good as getting everything stolen. I do believe I will make another account just for the NFT sales and leave this account to use those games (at least, those that do not allow multiple accounts on the same device).

Thanks for the reply. Any further information will be most appretiated.

By the way, is there any way to add a password for the cellphone app (i.e. one I have to write every time I open the app)? I don’t much like the idea of my funds being readily accesible to anyone who opens the app.

2 Likes