Richard Heart@RichardHeartWin
Lets make a more exhaustive list of ways to "get hacked." Many of which I've mentioned before.
Weak RNG:
Use a wallet with a weak RNG (random number generator.) or other vulnerability. Some mobile wallets had this problem, and some vanity address generators had it too.
Someone has a camera watching your screen and you view your seeds.
You google a website and a scam site has done SEO or paid to be at the top of the search results
Fake "support" messages you by direct message, or on socials to help you with your wallet or problem.
Fake support pretends to be the exchange and asks you info they use to login as you and empty you, to "verify your account."
You accidentally leak your seed on a livestream (sounds erotic.)
You put your seed in plain text somewhere, and someone else finds it.
You use a brain wallet with a phrase from a book and people constantly scan the chain for common phrases from books.
You used an L2, and the L2 decided to take your money.
You used an exchange and they decided to take your money.
You used an exchange and they didn't decide to take your money, but got hacked or just exit scammed everyone at once
You installed malware. RAT (remote access trojan). Address replacer, (replaces the address you copied with their address instead of the one you wanted.)
You fell for vanity addresses made to look like one you've sent to in the past, but sent to you more recently, so when you look at the block explorer it looks like a previous legit address, same beginning and end, but the middle is different. People have lost lots of millions to this one recently, heck I think it's the majority of gas use on Ethereum now.
You gave your coins or money to someone else to invest. They lost it / stole it. You fell for a romance scam or pig butchering scam, or AI boss asked me to send money scam or whatever scam of the day is.
You installed an evil browswer extension.
The front end you used got DNS hijacked and now points to an evil dapp.
The X account you follow got hijacked and is now spreading malware links.
You installed an ok browser extension but it got bought by, or exploited by evil and auto updated to evil.
You set too wide a slippage trading on a DEX and got nuked.
The state takes half ur money, cuz, uh, divorce, or whatever reason.
You forget your seed words or don't write them down correctly.
Some guy at the airport security just images your device and decides to empty whatever wallet he finds.
You left a limit order in a wallet with no funds, but then you send funds one day and the stale order fills at a terrible price.
Basically, in computers, physical access defeats most countermeasures, so it's wise to not have any unencrypted seed on any single device in a single place ever.
You approved a dapp's permissions, but then one day the dapp gets evil, often by using an "upgradeable" proxy contract, becuase you never removed the permissions, or overapproved, or jsut shouldn't have ever used a contract wiht an upgradeable proxy ever, anyway.
Oh, yeah, you install malware by doing a job interview, or talking to a reporter, but they're actually just scammers. Devs also fall for this by cloning repo's and installing whatever evil is in them. So the impersonation thing, whether it's for interviews, or investors, or getting hired is a very, very common vector for getting people to install viruses on their machines. People also fall for other kinds of impersonation, people pretending to be their boss, or pretending they need bailed out using AI vids.
You use anything with an admin key.
I could probably think of more, and I've mentioned the majority of these on here before. Feel free to add.
