Something VERY bizarre just happened when I scanned wallets. A wallet that is NOT mine showed up. This is very scary as I now have access to move all the WAX and NFTs in this other person’s wallet. Someone please reach out to me so we can schedule a zoom call to screen share and show you. I need to know that my wallet isn’t going to show up in someone else’s scan!
I actually had this happen to me as well - I’m not sure why, either a mistake on someone’s part copying keys or maybe it’s more malicious and is trying to trick people into transferring tokens into the account maybe?
Either way - it presents no risk to you. Just don’t transfer any tokens into it. That’s the only possible way I can think that anything bad would happen.
1 Like
That doesn’t satisfy me. There is $100 in WAX in the account and about a dozen or so NFTs I could easily take. How do you know it’s not a bug?
It’s not a bug because I investigated it when it happened to me. Someone set an account on EOS to have a permission that matched my Ledger key. This was the account in question: vwahingon.tp.
If you want me to look at this account as well - give me an account name or the public key it was set to, and I can go look on an explorer to see if it’s the same situation.
This is the account, https://wax.bloks.io/account/paul
though it showed up as paul@hitmeup in my wallet.
public key is EOS6QY2Rwcuj4srsFf2q8vcEDYgJeHXusykbgLqTTeCVHiBGjvFaa
Whoever is in control of that account definitely set a permission named hitmeup on the paul account and set it as your key.
It’s a valid import target for your key. The permission itself doesn’t allow you, as the private key holder, to do anything other than interact with the rich contract and call createnft - so you wouldn’t be able to take any tokens or manipulate the account in any way.
Looking further at the account, it looks like they’ve been messing around with various permissions and keys doing things that I can’t quite decipher the meaning of.
Again though - this presents no risk to you unless you deposit anything of value into that account. It’s not a bug, though it’s pretty odd. The only reason I can think this would be done intentionally is if the owner of that account wanted you to be able to create NFTs using their account - or they’re trying to phish unsuspecting users and trick them into depositing something of value into that account.
Thanks Aaron! Appreciate you investigating. So weird. I’ll just remove it from my account.
1 Like