Let me remind you, a very cautious friend also encountered the hidden Metamask fishing. I took a look and found that it was basically hopeless. I can only say that fortunately I didn’t have much money.
There is a saying that goes well: No one is really safe from cheating, it’s just that you haven’t met the person who can cheat you yet.
----process----
A friend was browsing Twitter and came across a blogger who shared that using a website called Cealtis is similar to measuring how many assets at your address have been sold off.
The blogger himself also said that "the test result is that if pepe is not sold, 300 ETH can be earned."
It looked like a harmless website + a blogger he trusted in the past, so he clicked on it.
My friend was more cautious and used a small account to test first (thumbs up, everyone should never directly connect to a large account when encountering this kind of website).
As a result, after linking the wallet, the website went crazy with transactions, and the transaction was very fool-proof. It was the simplest way to transfer ETH to a certain contract.
There is no "authorization" step. Because everyone is usually more sensitive to "authorization". But Ethereum itself is not ERC-20, so there is no such step.
My friend is quite vigilant. As a "quiz" website, the request for transfer is somewhat unreasonable, so I clicked "Reject" on all of them.
I thought this matter was over.
But after a while, my friend remembered that he operated another DeFi, and that DeFi was in the OP chain, so usually Metamask will pop up a pop-up window that says "automatically switch chains".
As a result, my friend subconsciously clicked "Agree" as usual, thinking it was a chain switch, but to his surprise, it was still a transaction pop-up window from a phishing website.
When my friend realized something was wrong, he immediately added gas and tried to cancel the transaction. However, the phishing website raised the max gas price to 80+, and it must be uploaded to the chain within 12 seconds, which directly led to the cancellation failure.
As a result, the poor 0.1 ETH in the trumpet was also directly transferred to the address of the phishing website (drainer). Although the money is not much, it is disgusting enough.
----Event review----
1. It is very likely that the blogger it follows has had his account hacked, which directly led to him seeing this post.
2. Phishing websites pretend to be harmless to humans and animals. In the past, phishing websites violently attracted people who were greedy for small gains: such as free airdrops, celebrity giveaways, and fake customer service.
Everyone has become immune to this, so naturally no one can be fooled. But the small website packaged as this kind of test really makes people relax their vigilance.
3. Crazy pop-up of the transaction window - I bet you make the wrong click.
If you lose the bet, it doesn’t matter;
If you win the bet, your money belongs to him.
4. Deliberately not stealing ERC-20 tokens because everyone is sensitive to "authorization".
----Summarize----
Let's all be careful. In the past, I could advise everyone not to be greedy for petty gains, but now I can only advise you:
Unfamiliar websites must be linked with a small number first.
All Metamask pop-ups must be read clearly and don’t be too quick.
Finally, the chain is a globalized and decentralized world
#BTC , everyone must be the first person responsible for their own assets.#SAFU #Web3Wallet #etf #ARKB是BRC20一道靓丽的风景线美国sec批准的第一个比特币现货ETF, $ETH $BTC $BNB 
