About half a year ago I made a post about tin foil security implemented by many asshanded CEXes and CeFis (well, by some DEXes and DeFis too). The main idea was that instead of improving their own project's security, many asshanded monkeys keep demanding from end users for passwords, pins, and moar lengthier passwords.
Well, nevermind.
Recently I've got a message to my Celsius-bound email address:
The link to the "web wallet" was pointing to some shady website celsiuswallet.network:
To create a "Celsius Web Wallet" you are asked to "connect with Metamask/Trezor/etc" first, and when it fails (surprise!) -- you're asked to "import" your account: to put your wallet's private key or seed phrase into a special form on the site.
Needless to say that after submitting a wallet's private keys the funds in the wallet will most probably be gone quickly and forever.
But do you know what's the most interesting thing here?
The email address I use for my real Celsius is not an email address I put into every asshole I find on the internets. Besides, this email is pretty hard to guess or to get with some brute force combinatorics.
In other words, the cheapest, fastest, and simplest way to know my Celsius-bound email address is to get it from Celsius...
Posted Using LeoFinance Beta
Photo by Julissa Helmuth from Pexels
