Founder of Slow Mist:Emergency Treatment after Stolen:what should you do when you get stolen?
Especially with NFT being so hot these days, security awareness will only be established if tokens are stolen. Of course I don’t want everyone to be stolen, it’s just that many times I see many people who are very nervous, confused, and maybe even anxious after being stolen leading to a second injury. link: Stop loss firstA stop is a way to stop a loss from magnifying it, and there are at least two stages: 1. the immediate rush stage. What is happening now is the most urgent, for example, you have seen that hackers are transferring your assets one after another, what should you do? Hurry up and get the rest of the assets out of here. If you have experience in jumping the gun, just do it. Depending on the type of asset, if it is the kind that can be frozen on the chain, contact as much as possible to freeze. Those who have the ability to do on-chain tracking analysis and find that funds are transferred to a centralized platform can be contacted to do the necessary risk control. 2. After the situation control stage. After the situation is stabilized, the focus should be on figuring out how not to have secondary and tertiary damage. Protect the sceneIf you find that your assets have been stolen, be calm, take a deep breath for three times and protect the scene. There are a few experiences for reference: 1. For computers, servers and other networked devices, once these are the main site of the accident, immediately cut off the network, but do not shut down (the power supply continues). Some people say that if it is a destructive virus, do not shut down, the local system files are destroyed by the virus. You are right, if you can react faster than the virus… 2. Unless you can do it yourself, wait for a security professional to intervene. This is critical, we encountered quite a few situations: when we intervene to do the analysis, the scene is already in disarray, and even key evidence (such as logs, virus files) appear to be cleaned up. The absence of a well-preserved crime scene can cause great interference to the subsequent analysis and traceability. Analyze the causesThe purpose of analyzing the cause is to understand the adversary and output a hacker portrait. This time the incident report is very important, also called Post Mortem Report. We have met many people who came to consult us after their coins were stolen, and it is very difficult for many of them to express themselves clearly, let alone produce a clear accident report. But I think expression can be practiced or drawn out from a gourd. For example, at least the following points should be explained. 1. Summary 1: Who, when, what happened, and how much total damage? 2. summary 2: Wallet address, hacker wallet address, coin type, quantity, a table is clearer. 3. Process description: This point is the most difficult, here you need to describe all aspects of the details of this accident process points, which will even analyze the various traces related to the hacker, the final output of the hacker portrait (which includes the motive for evil) We are specifically in the docking, the template will be much more complex, step by step. Sometimes human memory is also problematic, and there is even a deliberate concealment of key information leading to wasted time or delayed excellent timing. So in the actual docking, the consumption is really big and we need to use our experience to guide the work well. Eventually issue an incident report with the person who lost the coins or the project, and keep this incident report updated. Trace back to the sourceAccording to Rocca’s law: any invasion will leave traces. As long as we check carefully, we will always find something. The process of investigation is actually forensic analysis and traceability. We will do traceability according to the hacker’s portrait from forensic analysis and continuously enrich this hacker’s portrait, which is a dynamic and iterative process. Traceability consists of two major parts. 1. On-chain intelligence: Analyze the direction of funds for wallet addresses, such as into centralized exchanges, mixed coin platforms, etc., and monitor and warn of new transfers. 2. Off-chain intelligence: The hacker’s IP, device information, email and richer information from the collision of these points, including behavioral information. Based on this intelligence, the tracking and tracing work will be very much, and even require the intervention of law enforcement units. Closing the caseOf course, we all want to have a good ending, and there are public events in history that we’ve been heavily involved in that have a good ending, just to name a few: 1. Lendf.Me, valued at $25 million SIL Finance, valued at $12.15 million Poly Network, valued at $610 million There are many more that we have personally experienced that are unannounced good endings, okay endings. But most of them are bad endings, which is a shame. We have accumulated a lot of valuable experience in these processes and hope to improve the ratio of good outcomes by another step in the future. I’m not going to elaborate on it in detail because it requires a huge amount of knowledge, some of which I’m not good at. According to different scenarios, we need to master the following skills: Smart contract security analysis and forensics On — chain fund transfer analysis and evidence collection Web security analysis and forensics Linux server security analysis and forensics Windows security analysis and forensics MacOS security analysis and forensics Mobile phone security analysis and forensics Malicious code analysis and forensics Network equipment or platform security analysis and evidence collection Personnel safety analysis and forensics… Almost everything. If you’re familiar with this, you’ll know that I mentioned all of this in the black manual that I published a little while ago. In particular, I want to emphasize it again. Welcome to refer to more security knowledge for Web3 users: CH:https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook/blob/main/README_CN.md#%E8%A2%AB%E7%9B%97%E4%BA%86%E6%80%8E%E4%B9%88%E5%8A%9E EN:https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook#what-to-do-when-you-get-hacked If you liked this post from Wu Blockchain, why not share it? |
Older messages
WuBlockchain Weekly:$OP & Rate Hike & Taper & Top News & Insights
Saturday, June 4, 2022
1、The probability of the Fed raising rates by 50 basis points by June is 96.8% and tapering is on US Treasury Secretary Yellen will meet with Federal Reserve Chairman Powell to discuss inflation issues
VC Monthly Report:$4.219 billion in May, down 38.2% from April 2022 and up 97.8% from May 2021
Wednesday, June 1, 2022
According to Dove Metrics, there were 169 open investment projects of crypto VC this month, including 170 rounds, down 24.2% from the previous month (224 rounds in April 2022), and 28.8% from the
TSE Sponsored:Global Crypto Mining News (May 23 to May 29)
Monday, May 30, 2022
1. Ethereum Core developers seem to be in consensus that ETH's difficulty bomb should be delayed by two to four months. Furthermore, Ethereum developers are keen on not delaying the difficulty bomb
Conflux co-founder How did StepN on BNBchain collapse?
Sunday, May 29, 2022
Author: @forgivenever Stepn is currently in a recession, where the Solana chain is still maintaining the economic cycle, but the Bsc chain has completely burst the bubble. This article is a brief
WuBlockchain Weekly:Terra2.0、STEPN CHINA BAN、Winter is coming and Top10 News
Friday, May 27, 2022
1、Terra releases airdrop details, 2.0 is coming, and everything seems to be settling down link Terra officials have now confirmed that Terra 2.0 is expected to on May 28th, 2022 at around 06:00 AM UTC,
You Might Also Like
Polygon leads in EVM efficiency as DeFi users favor low transaction costs
Sunday, April 28, 2024
DeFi activity analysis finds side chain solutions like Polygon more cost-effective, although Ethereum secures most transaction fees. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Asia's weekly TOP10 crypto news (Apr 22 to Apr 28)
Sunday, April 28, 2024
1. Hong Kong Bitcoin and Ethereum Spot ETF to Launch on April 30 link On April 27, the Hong Kong Stock Exchange announced the inclusion of several ETF shares into the Central Clearing and Settlement
A Path Forward: Retro Funding and Revitalization | BanklessDAO Weekly Rollup
Sunday, April 28, 2024
Catch Up With What Happened This Week in BanklessDAO ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Polkadot community backs SnowBridge for seamless Ethereum integration
Saturday, April 27, 2024
The SnowBridge proposal has enjoyed unanimous community support and could go live in 28 days. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Weekly Project Updates: Binance Launches Renzo on Launchpool, EOS Introduces New Tokenomics, $SAFE Begins Circulat…
Saturday, April 27, 2024
1. Starknet Foundation Announces Airdrop Redistribution of STRK to Three User Categories link The Starknet Foundation has announced that it will distribute STRK tokens through a retroactive airdrop to
OP's Superchain Vision | Layer 2 Review
Friday, April 26, 2024
Quick Reads and Hot Links Covering the People and Projects Who Are Scaling Ethereum ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Investor exodus from Bitcoin ETFs as BlackRock and Fidelity see significant outflows
Friday, April 26, 2024
BlackRock see back-to-back zero flows as Fidelity's FBTC records first outflow. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Raise your onchain score
Friday, April 26, 2024
New Quests just dropped. Claim APT while you increase your chain score and build your reputation, helping with potential airdrop eligibility Flipside Crypto Hey there, A new Aptos Quest dropped. Claim
NFT & Blockchain Gaming Weekly - 📈 Runes Dominated BTC Transactions Post-Halving
Friday, April 26, 2024
Runes Dominated BTC Transactions Post-Halving. Telegram to tokenise stickers & emojis as NFTs. ApeCoin price drops 66% amid BAYC decline. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
WuBlockchain Weekly: SEC Expected to Reject Ethereum Spot ETF, ConsenSys Sues SEC, CZ trial is approaching and Top…
Friday, April 26, 2024
1. BlackRock's Bitcoin Spot ETF Achieves 70 Consecutive Days of Net Inflows link BlackRock is very pleased with the performance of its Bitcoin spot ETF (IBIT). Since its launch in January of this