Your Hardware Wallet CAN be drained- even IF you keep your seed phrase secure! Are you safe? Please learn how to Revoke Allowances!

>DO NOT USE YOUR HARDWARE WALLET TO INTERACT WITH SMART CONTRACTS

I mean it doesn’t really matter if you use a hw-wallet or not for smart contract interactions. This should say “Do not use your holding wallet to interact with smart contracts.”

Best practice is to send whatever amount you want to use for your interaction to a different address, do your interaction, and then send your newly acquired funds back to your “holding wallet”. This interaction address can also be another account from your hw-wallet.

Revoking Allowances is great and all, but what you should really be doing is to not do infinite allowances in the first place and only allow what you are realistically going to use.

Other then that, there is a new extension I have been using called fire (joinfire.xyz) which simulate the transaction before you sign. This will tell you exactly what is happening, which assets are leaving your wallet, and which ones (if any) are being returned.

It is especially useful for signed messages. It tells you in big bold writing if the transaction is safe to sign, or it risks moving your assets.

How do you only have 70 moons with this knowledge?

My hardware wallet is to store crypto

That is literally it.

If you’re using it for anything else you’ve missed the point of a hardware wallet.

Also don’t get why this post have no upvotes. I feel like upvotes are being throttled back or inhibited lately.

But what if you have less money in crypto then what the hardware wallet costs?

This is a high quality post. Thank you for your service.

Ok so this may be informative but it is also a ? …
I had been told , by multiple what I believe to be safe sources , that it is wise to link Meta Mask wallet with my Nano as added step of security for the M Mask wallet ( not same seed phrase as ledger .. M Mask has its own ) as any exchanges in Meta Mask wallet have to be authorized by physically approving on Nano … if one makes it a habit to always revoke permissions immediately after transaction would that be ok ? Or is having the 2 linked a bud idea ??

We need awareness how to secure the crypto assets and the problems faced. More posts like these are needed to remind the newbies and experienced users to not forget about safety.

If i hold btc only does this matter?

I worked hard to understand Bitcoin. I think I know what most of the risks are because I understand it. I do not understand smart contracts. I don’t own any crypto or use any apps that have the potential of me interacting with smart contracts and I don’t plan on doing so until I understand it. Which will probably be never.

Tip: Never interact with anything with your hardware wallet. Have a hot wallet to interact with DeFi.

I actually recommend having a small hot wallet when dealing with the outside world – move funds here and use it as a sandbox of sort

I’m fairly safe.

I treat my hardware wallet as “cold” storage so it doesn’t touch anything such as contracts. Those are for my hot wallets.

“Don’t shit where you eat.” is one of the rules of not only crypto but even in regular finance.

Do any hot wallets have this <revoke> functionality built in?

What about staking with hardware wallet?

Personally I only ever send funds to my hardware wallet. I have never connected it to any dapps or approved any contracts.

That screenshot scares me 😬

Thanks for the write up. Very informative

Why doesn’t ETH implement an auto timeout and reset, this could happen quarterly, yearly?

Lol the easiest way is to READ what it’s asking permission for.

If it shows a message saying hey we can use unlimited of ur coins on scammerponziswap then you shouldn’t sign it.

It’s like going into a sketch part of town, going in an alleyway, and giving a guy in a ski mask full permission to rob you blind of everything you got.

I got 30k stolen of stable last year it’s been absolutely hell, always revoke

Seems obvious that you should never connect your cold storage to anything. Just send coins in and out of there

Why isn’t this common knowledge? This should be a first tenet of crypto

why does everything important keep lagging my brain like this

Thanks for the tip bro

Always use a total separate wallet to make transactions with like buying and selling.

Well well well, I haven’t revoked anything but my main wallet holding shows 0 token approval. Seems like I’m good.

You forgot to mention the token revocation has a small tiny fee of a couple pennies.

Even if you don’t revoke the token approval the contract cannot move your funds without you physically approving the transaction via the hw wallet.

ALSO OP fails to state that:

> Please take note that this is a beta version feature and is provided on an “as is” and “as available” basis. Etherscan does not give any warranties and will not be liable for any loss, direct or indirect through continued use of this feature.

This post should be pinned

This is vital information. Saved.

How is this even acceptable in crypto? I’m glad there is no such thing like this in bitcoin and cardano, those are safe in my hardware wallet, and not even mart contracts can drain them.

TL:DR.

You wallet is hash identifier. It’s defined by its “secret key” the secret key and wallet address are created by the 12 word phase.

This means having the 12 word phase will generate your secret key, and your secret key can then sign transactions for you.

Hardware wallets store the key locally in the device and only should be sending out the transaction hash. If you connect a ledger improperly, the key can become comprised, and the ledger is now “hot”.

Hey OP could you help me please

I’m on etherscan token approval. It shows a total of 0 token approvals when I punch in my eth address.

Had a look revoke (dot)cash. Punched in my addresses, got 5 tokens that say no allowances. If I filter by unlimited and limited, there’s nothing.

Didn’t use my hardware wallet. I just punched into the ether address

Don’t connect your hardwallet to any swap or dex!

Allways use a etwixd soft wallet between those two?

I didnt even know that you can store shitcoins on HW??

Can anyone help me?
I was scammed for around 1000€ and would now like to know where the bitcoin went. Unfortunately I don’t have nearly enough karma for a post.

This thing LEGIT SCARES me, i usually do it every 3-4 months but it’s really a major issue, especially for less techy users

Fantastic post thank you.
I had 40 shitcoins 😋 costs 4p per revoke

Wish this could become a function in wallets?? New menu in Trustwallet