My concern is specifically with the WEB wallet that runs at URL TomoWallet - The Secure Wallet for TomoChain
It is a very bad idea to submit seed phrase / private key to a website. Earlier this week, multiple DeFi websites were hacked via DNS modification.
The hackers put up identical websites, except it gave Metamask error and asked for seed phrase to continue usage. All the replacement websites had working SSL certificates issued by Cloudflare. Looked very legit!!
This is why I always had concerns about TomoWallet asking for seed phrase to login. This is very dangerous/ this DNS hack because it impacted multiple projects including Cream Finance, Pancake Swap, etc. appears to be exploited at Cloudflare, meaning the projects had no control. How does Tomochain protect its DNS?
hacker even made working SSL certificate so that the URL has a padlock icon.
SIR there must be a better way to do this than providing ‘seed’ to access Tomowallet. this is incredibly unsafe design
