Wallet Security - Firefox Profiles

These days I made a fascinating and frightening discovery

I needed to clean up my computer, and I decided to format it, but in order not to have the rework of downloading all my plugins and favorites, I decided to simply copy my firefox profile to an external HD and save it to restore it on the computer later

My surprise came when when restoring the browser (on the completely formatted computer), my metamask came along, and it already had the seed! Just put the password again and that’s it, wallet recovered!

I didn’t think it was possible to extract a seed from a computer so easily, so simply and imperceptibly, and that’s why I decided to make this alert to everyone.

In addition to the obvious, if possible, having a hardware wallet, be very careful with who accesses your computer physically, and also be careful with automatic backups with firefox sync, because in the same way that just copying a folder, it is possible to have access to the entire the wallet (by simply discovering the browser’s local password) your seed may end up in the wrong hands that may have access to your sync login!

Take care APE friends, safety first!


Thank you for sharing this important information. :crossed_fingers:t5:


Thanks for the heads up :pray:


Thank you for the information, Leined! :heart_decoration:


Scary, huh?

This is the vector of attack for malicious downloads (file that looks like PDF but isn’t, etc) and other malware that gets executed locally.A hardware wallet protects from this, or you can use a dedicated laptop that never downloads anything and isn’t used for anything else except to sign transactions.


I totally agree with @Sasha. First thing I ever learnt from @apboatt was to always use a dedicated device. Then again, no security measure is foolproof so you’d always have to be vigilant. They are devices after all and very as much liable to intrusion.


Totally scary, thats why i keep value things on ledger and always keep my ledger on safe spot!!!


That’s a very easy task to do. And that issue isn’t just for the wallet security but for your credentials too. Everyone that have access to your browser’s profile files, they can easily steal any information about you… And guess what? If someone do that, he doesn’t need to know your passwords to log in the websites you are logged in, because if you have the “remember login” option checked, he will directly enter into your account without any warning sent to your mailbox. That’s a common issue, and that’s why people always say to not check that option of “remember login” in a computer that is accessible for others. There is a lot to say about this topic. Personal laptops are a little bit hard to steal this information, as someone needs to have access to the drive. If you have your BIOS (search what this is on the web, it’s a whole topic to talk about) protected with a password, no one can have access to your files except if someone removes the drive from your laptop and plug it into his computer…


I didn’t talk about malicious software. That’s the easiest way to steal information from someone because you don’t need access to the physical machine.

  1. I had no idea about that! Thank you, I will be more careful with who accesses my computer

what would you consider the safest browser?