@Ledger and @Trezor are safer and more trusted than MM. Ice cold paper airgapped machine storage is even moreso.
But your random no-name mobile wallet, the port tracker that wants your full admin exchange API keys, and the rotting DeFi food you keep throwing $ at are WAY WORSE.
Flashy new wallet that's never endured a bull run? Yeah, no thanks lol.
Entering your private key directly into a website/dapp? Fuck off.
Centralized "recover with your phone number" shit? Hope you are bribing all the $1/hr support agents in the Philippines to NOT sim swap you!
Its FAR more likely that you will lose funds via your actions. If I had to bet on MetaMask or you, I would always bet against you. Sorry.
...fake google ads, fake apps, impersonators, a/b/c/d/e/f tested spear phishing messages, websites asking you to paste your key, screenshotting your key, not backing up your key, and accidentally uploading your key to github or sharing it on a screenshare are ALL more likely.
The reason you shouldnt put all your assets in MM is bc the less places a key is, the less often you touch it, the less likely it is to emptied. Make a paper or hardware wallet, put majority in it, and just dont take it out.
But Tay! What do I do when I need more money in my MM?
I dunno. Consider contributing to the ecosystem instead of paying miners and throwing eth at anon devs who are hot to abscond with all your assets on a bed of lies?
Tbh, its absurd that MM catches any heat considering the destructive bullshit yall engage in. 🙄
And before you get all defensive and argue-y, read and do all the shit in the following two articles. It'll be far more productive for everyone. 😘💖
Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry.
They rekt more people, companies, protocols than anyone else.
But it's good to know exactly how they get in. Bc another smart contract audit won't save you.
For example, one long-time fave method:
- Contact employee via social/messaging app
- Direct them to a Github for a job offer, "skills test," or to help with a bug
- Rekt individual's device
- Gain entry to company's AWS
- Rekt company (and their users)
When it comes to financial crime, money laundering, etc. everyone goes thru a phase of thinking that the solution is knowing the identity of the account holder.
"if only we knew who moved these assets! then we would be able to catch them and stop crime!"
N O .
Literally NO.
It doesn't work at any scale. It's never worked at any scale. It never will work at any scale.
AML laws and all the related shit don't stop crime or money laundering. And it never has.
And it's really important to note that the implementation is NOT the issue.
The laws are *designed* to detect and block people from accessing the financial system.
And they do exactly that. Really well. So well in fact that like 1/4th of the world's population doesn't have a basic ass bank account.
On Fri June 2nd, thousands of Atomic Wallet users had their wallets drained across basically every chain.
Each theft involved 1-3 new addies. Initially we were only able to link thefts on-chain if they sent gas to multiple addresses.
(green guys are what we put alerts on first)
The lack of consolidation means the majority of addresses collected so far came direct from users sharing their info w/ folks like @zachxbt or w/ Atomic, @elliptic, @SlowMist, etc.
We have no idea how complete our lists are currently, or how long the long tail will be.