A question has arisen regarding the security of our MetaMask wallet in conjunction with a connected hardware device.
Specifically, if someone gains knowledge of the seed phrase for our MetaMask wallet but does not have access to the secret key for our hardware device, would they still be able to access and withdraw funds from our MetaMask wallet, given that it is connected to the specific hardware device?
Furthermore, what if they were to use an entirely different device to confirm the transaction?
Your prompt response to this inquiry would be greatly appreciated.
Thank you for your assistance.
hi @cryptokidnapp ,welcome to MetaMask community.
Do you mean computers and mobile phones by hardware devices?
Once the seed phrase is leaked, your wallet is completely controlled by someone else. He can import the seed phrase and enable the new passwords on the new device.
Likewise, you can use different passwords on different devices or browsers for the same wallet.
Thank you for having me!
Actually, by “hardware device” in this context, I’m referring to cold wallet devices like Ledger or Trezor.
I’m not familiar with hardware wallets.
Wait for other friends to answer your question
Hey @cryptokidnapp, welcome to MetaMask community!
There are 2 scenarios:
If your device gets compromised and the hacker/scammer has access to it, he will see what you use, including the connected hardware wallet, but it will still require for a confirmation on the device itself for any kind of transaction the hacker tries to make, including even if the hacker has your Secret Recovery Phrase of the MetaMask wallet.
If the hacker/scammer got your Secret Recovery Phrase for the your MetaMask wallet, he would not be able to see your hardware wallet if he imports your Phrase to his own instance of MetaMask, because they are a separate instance of a running MetaMask, it’s local. They won’t even be able to see or know that you also have or used a hardware wallet in conjunction with your MetaMask wallet.
In either case, your connected hardware wallet has its own private key on the device itself, derived from the Secret Recovery Phrase of the hardware wallet itself, which is within the device. So they wouldn’t have access to your hardware wallet, unless the Secret Recovery Phrase or the private key for the respective account you use, derived from that SRP, are compromised.
Hope this answers your question.
I’m pleased to confirm that my understanding is in accordance with your explanation. Your clear and detailed response is greatly appreciated. Thank you for sharing your expertise, Chinzilla!
This topic was automatically closed after 30 days. New replies are no longer allowed.