I‘ve been absent from the ethereum sphere for a while now. While I have some experience with uniswap LPs I‘ve never really put any significant amount of money in anything less known. The main reason being that it‘s already a gamble to simply interact with most of those contracts.
Here‘s my understanding of how most recent hacks worked:
- Phishing website is created by the attacker
- Phishing mail is sent to victims
- Victims go to website and connect their wallet to the dApp
- It says that they are simply signing a verification that they want to interact with this site (this is an assumption and what I‘m not sure about) but in reality they are signing a transaction which sends all their funds to the attacker
I assume (and hope) that the attack is a bit more sophisticated than that but the main issue is that people sign things they don‘t mean to because the information they get as to what they‘re signing is just a hexdump of some sort.
Is there a recent approach which changes this issue? I imagine some type of certificate infrastructure or something where a user sees some information about what they‘re signing on their wallet and then they can decide to sign based on that.
Last time I used uniswap I just signed stuff and prayed to god that it‘s the correct thing. There was literally no way for me to verify anything.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments