Yesterday I wasn’t paying attention and signed my MM to a fraudulent website.
The website asked for access to my MM and I needed to “sign” but it also cost me $3 in gas fees.
Very stupid of me, they stole most of the coins on the network (some tokens they left?). I even signed using two different networks. Both networks were partially emptied (the highest-value coins).
The other networks I never signed with, those funds are still on there.
Now I’ve disconnected my MM from that fraudulent website, and also I’ve revoked all token approvals using Etherscan & Unrekt.
Main question: Is my MetaMask still safe to use now?
I have tried sending ETH to the compromised network, and it’s still on there, didn’t get stolen. But I wonder if it is able to get stolen, so I don’t dare to deposit a lot more.
I want to keep my current MM address because it’s linked to many valuable future airdrops. I have spent many months and costs on this.
Does anyone know what else I can do to check?
DONT USE IT!!
The fraudulent website is: [zigzag .exchange .yt](zigzag .exchange .yt/airdrop)
DONT USE IT!!
I don’t know how to check the site for smart contracts or anything. Maybe someone knows how that works?
The main question I still have is: Do I need to create a new account on my MetaMask, or am I good still using the old one. Or is there anything else I can do to check for a potential future compromise?
Sorry to hear about this. You did right in disconnecting and revoking everything. Best thing for you to do is to create a new MetaMask wallet and move everything you still have on the new wallet and keep the old one just for hopefully claiming your possible airdrops, when and if they come. Can’t know what kind of connection the site requested and if it managed to get control of your wallet, so it’s best to be careful going forward.
Thanks a lot, I’ve clicked “Create Account” on my current MetaMask, and now got a new wallet address. I transfered everything to this account, so should be safe for now.
Now referring to the possible airdrops that I was farming on my original address. What would you advise? To wait until I (maybe) receive it, and then transfer it immediately to my new MM address?
No. That’s not what i meant when i said you need a new MetaMask wallet. The account you created on the same MetaMask wallet is on the same Secret Recovery Phrase. You need a whole new MetaMask wallet created that has a new Secret Recovery Phrase entirely. And to move everything on that one.
About airdrops, it’s difficult to say. Hope for the best. What you describe could work, but it all depends on how compromised your wallet may be.
So only clicking on “sign” on a scam website, with one of my networks, can reveal my secret recovery phrase which allows access to all networks on all accounts of my MetaMask??
Why would MetaMask even have a functionality that reveals your secret recovery phrase that easily?
It doesn’t work like that. Your Secret Recovery Phrase doesn’t get revealed in such a way ever. There are other methods of getting it like phishing, or getting access to your MetaMask wallet without it, that would compromise your wallet.
The thing is, you also signed a transaction, which may compromise your wallet in different ways too, as you explained, they were able to steal tokens of a certain value from 2 different networks.
You might be safe going forward if only the connection and the approval/allowances you accepted, and then revoked, were what happened, but as i said, to be safe 100%, it’s best to create a totally new MetaMask wallet and move everything to it. It’s up to you.
Check these articles for more info on how all of this works and on how to stay safe in the future.