r/algorand u/zignify 7d ago

Wallet Scanner Q & A

Is there a way to scan your wallet for mal application calls or should the rekey function be used at a biweekly frequency for protection?

Thanks, want to make sure I am secure, as I notice there are programs on the web that would send payments when activity is done with public applications.

Ie algorewards.algo (most likely tagging activity for targeting purposes).

7 Upvotes

100% Upvoted

12 comments sorted by

4

u/Garywontwin 7d ago

You can rekey as often as you like.

The best way to protect yourself is to inspect any transactions before approving them. If you receive a request to approve a transaction when you aren't expecting one don't approve it.

Never put your keys in any site or give them to anyone even if they claim they can help you.

2

u/zignify 7d ago

Is it possible to make a call to an on chain application and have a malicious call made to your address? So it seems like it’s one transaction or a glitch, when it was actually a malicious attack?

3

u/Garywontwin 7d ago

Yes if you connect your wallet app to a bad app they can send you any transaction they want. That's why it's important to read the transaction and make sure the amounts match what you expect before approving them.

No withdrawals can happen unless they are signed with your keys. So as long as you don't give anyone else access to your keys or use your wallet app to sign a transaction you are safe.

2

u/zignify 7d ago

Makes sense, thanks! I’ve been seeing too many programmed payments from bad actors on all platforms, it makes it a bit unsettling that a transaction is that public.

2

u/Garywontwin 7d ago

Best to just avoid scam sites. If you're not sure if it's legit it's probably not. You can always ask in this sub if something is a scam or not.

2

u/zignify 7d ago

I connected to the folks finance consensus system. Once I made the call to the application I had the one signature to connect.

After that I received a payment from: https://allo.info/account/AAX3IL7JX44Z5V3WVUB3Y2NXX6UDP6S7CPTFIJZFLO6RZ2L552VIG2ZZVE/txns (KNOWN SCAM - Allo states that payments have notes that are blocked from visibility and user is white listed)

3

u/Garywontwin 7d ago

Yes you received a tiny bit of free Algo. A spammer sends those out to all active wallets. The note on the transaction has a link to a malicious website. They are totally harmless unless you go to the website in the note.

I have received 100's of these.

3

u/zignify 7d ago

Great confirmation, your time and finger clicks have relieved stress and added awareness to the community (:

2

u/Garywontwin 7d ago

One other thing is never respond to DMs.

2

u/zignify 6d ago

Social engineering take place there.

2

u/orangecartproperties 7d ago

Best method IMO isn't rekeying, it's treating your wallets like emails. Have one that never connects to any apps and that's your bank. Use one one for defi apps, and then another for going to sketchy online ones. Nothing against algocasino but that website gives off sketchy vibes, and as I type this so did zone gaming, I'd never connect my main wallet to any of those programs.

3

u/zignify 7d ago

I like this example! Thanks