"Deceptive site ahead" flag by Metamask

[junhohong]

Hi team,

Just wanted to flag that the production url eth95.dev is flagged as deceptive by Metamask.

Has the domain been compromised, or is this a false flag?

[adrianmcli]

That's weird. I still own the eth95.dev domain. Not sure how it got flagged. Let me try to engage with them.

[adrianmcli]

I left a comment here: https://github.com/MetaMask/eth-phishing-detect/issues/32394

I hope we don't have some malicious code that snuck in.

[junhohong]

Thanks a lot! I don't mean to cause alarm but I did recently get an address drained which was used via private key import. Definitely could be something else, but just wanted to flag in case anyone else may have had a similar experience.

[adrianmcli]

The flag has been removed: https://github.com/MetaMask/eth-phishing-detect/issues/32394#issuecomment-2022325935

[adrianmcli]

Thanks a lot! I don't mean to cause alarm but I did recently get an address drained which was used via private key import. Definitely could be something else, but just wanted to flag in case anyone else may have had a similar experience.

Do you have any proof that it happened through the Eth95.dev site?

Nevertheless, people should not be using the private key import for anything in-production. This applies for ANY app/dapp you see on the web, not just Eth95. Also keep in mind that this tool was originally designed to run locally.

Maybe we can put up a warning sign for people whenever the private key import option is chosen. That might be helpful?

[junhohong]

No proof at all, just wanted to flag. There could have been a hundred other pathways for me to get drained 😂. I think a warning could be helpful for clumsy users like me, or perhaps even just a general disclaimer that says that users should always double check what they're signing, don't import sensitive keys, etc.