So let me get this straight. You just connect your Wallet to a random website and let them run arbitrary smart contracts? That's wild, man. Surely there's gotta be some concern here that someone could take your shit.
I'm just surprised there isn't a privacy.com equivalent for this, like a limited-view wallet that lets you create sub-wallets for interaction with various services. Or if there is, perhaps it's not famous yet. Worthwhile product, I think, but hard to build because you'll be the target of everything. I think it would be easy for me to make a mistake somewhere while building it.
Nothing stops a person making a new wallet with limited assets for interaction with less reputable websites.
Web3 culture has made this quite difficult in practice. For example, it's quite normalised to say "new exciting nft project, only available to existing owners of expensive nfts". This sort of thing is considered an ownership perk. And it's why those discord hacks were so damaging, a statement like that was made and it did not sound out of character. So in order to use this service, you must be using the wallet with your expensive nfts, so ownership can be verified, but also because it's a phishing site.
Edit: and if you wanted to routinely transfer small funds to a hot wallet, gas fees will put a stop to the idea.
Why is the MetaMask UI so dumb that it can't say "This transacation is sending your NFT to address X. Address X has [reputation stats of some sort]. Is that what you want?"
Surely attackers could just make new wallet as soon as they are added to the blacklist? Unless making a new wallet and updating the script is difficult / expensive, a blacklist system would have pretty low benefit:cost.
Metamask presents a large red warning when a user is prompted to sign a raw transaction, and they’re planning on deprecating that part of the API, so hopefully that helps.
It's just plain and simple phishing -- the user still has to authorize the transaction, nothing gets stolen just for visiting the site or connecting the wallet.
Not to say it's the user's fault entirely. What they're taking advantage of, is that generally people are less familiar with what to look for in a crypto transaction vs say an online credit card form (and/or wallet UI is worse than a typical stripe checkout)
> Surely there's gotta be some concern here that someone could take your shit.
Sure.
Keep in mind though that crypto is battling the status quo where some arbitrary user could initiate an arbitrary chargeback through the use of a third party. Good luck building a smart contract around that!
With crypto there's no confusion or anxiety-- your coins are provably gone in the example you're citing.
In a way it's like the old error-prone analog computers vs. the new binary-logic-based digital ones. Yeah, rampant theft is bad, but it is discrete theft. And that is the point-- we can measure it in ones and zeros to build upon and compose the digital infrastructure that will become web4.
The same reason anything isn't automated: the developer estimates the cost of developing the system is higher than the potential upside. At some point, someone will add this functionality to their coin / platform because they think the potential upside will be worth it.
I'm just surprised there isn't a privacy.com equivalent for this, like a limited-view wallet that lets you create sub-wallets for interaction with various services. Or if there is, perhaps it's not famous yet. Worthwhile product, I think, but hard to build because you'll be the target of everything. I think it would be easy for me to make a mistake somewhere while building it.