|
|
|
|
|
|
by quickthrower2
1470 days ago
|
|
|
It depends on the site of course. It is easy to create a site that asks you to provide your wallet private phrase. The DNS MyEtherWallet hack that I vaguely recall exploited this. On the other hand, good crypto citizens will just use the web3 library that will request permissions on an ad-hoc basis from your wallet extension (such as MetaMask). However even then you can scam someone using social engineering: Just tell them "how" to do XYZ. E.g. "To get your free mini-monkey NFT, just connect your wallet with your bored ape, and when the confirm box pops up from metamask just click OK". The fiat equivalent of course is a site that asks you to log into paypal and send them $1000 - but that is way more obvious than the crypto equivalent, where you interact with a smart contract and it isn't necessary clear ahead of time what will happen. Especially as smart contracts might be used for, for example user registration. If the user registration endpoint asks for money then you could get scammed that way. |
|
|