OKX Web3 On-Chain Anti-Phishing Security Trading Guide
Aurthor: OKX Web3 As we enter a new cycle, the risks of on-chain interactions are becoming increasingly exposed with the rise in user activity. Phishers typically use methods such as creating counterfeit wallet websites, stealing social media accounts, creating malicious browser extensions, sending phishing emails and messages, and publishing fake applications to lure users into disclosing sensitive information, leading to asset losses. Phishing activities exhibit characteristics of diversity, complexity, and stealthiness. For example, phishers often create counterfeit websites that resemble legitimate wallet platforms, enticing users to input their private keys or mnemonic phrases. These counterfeit websites are usually promoted through social media, emails, or advertisements, misleading users into believing they are accessing legitimate wallet services, thereby stealing their assets. Additionally, phishers may impersonate wallet customer support or community administrators, sending users fake messages requesting wallet information or private keys, exploiting users’ trust in official channels to elicit private information and more. In summary, these cases highlight the threat of phishing to Web3 wallet users. To help users enhance their awareness of Web3 wallet security and protect their assets from losses, OKX Web3 has conducted in-depth community research and collected numerous phishing incidents encountered by Web3 wallet users. This has resulted in the identification of the four most common phishing scenarios faced by users. Through detailed case studies in different scenarios, using a combination of visuals and text, we have compiled the latest guide on how Web3 users can conduct secure transactions for everyone to study and reference. Malicious Information Sources 1. Popular Project Twitter Replies Replying through popular project Twitter accounts is one of the primary methods for spreading malicious information. Phishing Twitter accounts can replicate logos, names, verification marks, etc., to be identical to official accounts, even with follower counts in the tens of thousands. The only distinguishing factor is the Twitter handle (pay attention to similar characters), so users must stay vigilant. Additionally, fake accounts often deliberately reply to official tweets, but their replies contain phishing links, easily tricking users into thinking they are official links, leading to deception. Currently, some official accounts include “End of Tweet” messages in their tweets, warning users about the risk of phishing links in subsequent replies. 2. Stealing Official Twitter/Discord Accounts To enhance credibility, phishers may steal project or Key Opinion Leader (KOL) official Twitter/Discord accounts to post phishing links under official names. Many users easily fall victim to this. For example, Vitalik’s Twitter account and the official Twitter account of the TON project have been compromised, allowing phishers to publish false information or phishing links. 3. Google Search Ads Phishers sometimes use Google Search Ads to publish malicious links. Users may perceive these links as official domain names based on their browser displays, but clicking them redirects to phishing links. 4. Fake Apps Phishers also lure users through fake apps. For instance, downloading and installing a fake wallet released by a phisher can lead to private key leaks and asset losses. Phishers have modified Telegram installation packages, altering the on-chain addresses for receiving and sending tokens, resulting in user asset losses. 5. Countermeasures: OKX Web3 Wallet Supports Phishing Link Detection and Risk Alerts Currently, the OKX Web3 wallet supports phishing link detection and risk alerts to help users better address these issues. For instance, when users use the OKX Web3 plugin wallet to access websites via browsers, if the domain is a known malicious one, users receive immediate warning alerts. Additionally, when users use the OKX Web3 APP to access third-party DApps in the Discover interface, the OKX Web3 wallet automatically conducts risk detection on domains. If it’s a malicious domain, users are alerted and prevented from accessing it. Secure Wallet Private Keys 1. Project Interaction or Qualification Verification Phishers often disguise themselves as plugin wallet pop-up pages or any other webpage when users interact with projects or undergo qualification verification, asking users to fill in their mnemonic phrases/private keys. These are generally malicious websites, and users should be cautious. 2. Impersonating Project Customer Support or Administrators Phishers frequently impersonate project customer support or Discord administrators, providing website links for users to input mnemonic phrases or private keys. In such cases, the other party is a phisher. 3. Other Paths for Mnemonic Phrases/Private Key Leaks There are various paths for mnemonic phrases and private key leaks. Common ones include computers infected with Trojan horse malware, computers using fingerprint browsers for mining purposes, computers using remote control or proxy tools, screenshots of mnemonic phrases/private keys saved in albums but uploaded by malicious apps, backed up to the cloud but the cloud platform gets hacked, monitoring during the input of mnemonic phrases/private keys, physical access to mnemonic phrase/private key files or paper by individuals nearby, and developers pushing private key code to platforms like Github, etc. In conclusion, users need to securely store and use mnemonic phrases/private keys to better protect wallet assets. For example, as a decentralized self-custodial wallet, the OKX Web3 wallet offers various backup methods for mnemonic phrases/private keys, including iCloud/Google Drive cloud, manual, hardware, etc., making it one of the wallets with comprehensive private key backup methods on the market, providing users with a relatively secure private key storage method. Regarding private key theft issues, the OKX Web3 wallet supports popular hardware wallets such as Ledger, Keystone, Onekey, etc., providing users with comprehensive hardware wallet functions. The private keys of hardware wallets are stored in the hardware wallet device, controlled by users themselves, ensuring asset security. In addition, the OKX Web3 wallet has now launched MPC non-private key wallets and AA smart contract wallets, further simplifying private key issues for users. Four Classic Phishing Scenarios Scenario 1: Stealing Mainnet Tokens Phishers often name malicious contract functions as “Claim,” “SecurityUpdate,” etc., with suggestive names, but the actual function logic is empty, only transferring users’ mainnet tokens. Currently, the OKX Web3 wallet has introduced transaction pre-execution functionality, displaying asset and authorization changes after the transaction is on-chain, further reminding users to stay safe. Additionally, if the interacting contract or authorization address is a known malicious one, it triggers a red safety warning. Scenario 2: Similar Address Transfers When large transfers are monitored, phishers generate receiving addresses with the same initial digits as the target address, using “transferFrom” for zero-amount transfers or using fake USDT for transfers of specific amounts, polluting users’ transaction history. They hope users will copy incorrect addresses from transaction history for subsequent transfers, completing the fraud. Scenario 3: On-Chain Authorizations Phishers often induce users to sign “approve/increaseAllowance/decreaseAllowance/setApprovalForAll” transactions, or upgrade using “Create2” to generate pre-calculated new addresses, bypassing security checks and deceiving users into authorizing related actions. The OKX Web3 wallet provides security reminders for authorization transactions, warning users about the risks involved. Moreover, if the authorized address for a transaction is a known malicious one, it displays a red warning message to prevent users from being deceived. Scenario 4: Off-Chain Signatures In addition to on-chain authorizations, phishers also conduct phishing through off-chain signature inducements. For example, ERC-20 token authorizations allow users to authorize another address or contract a certain amount. The authorized address can transfer assets using “transferFrom,” which phishers exploit for scams. Currently, the OKX Web3 wallet is developing risk warning functions for such scenarios. When users sign offline signatures, if the parsed authorization address matches a known malicious address, users receive a risk warning. Other Phishing Scenarios Scenario 5: TRON Account Permissions This scenario is relatively abstract, where phishers control users’ assets by obtaining TRON account permissions. TRON account permissions are similar to EOS, divided into Owner and Active permissions, with options for multi-signature forms of control. For example, setting the Owner threshold to 2, with two addresses having weights of 1 and 2 respectively, where the first address is the user’s address with a weight of 1 that cannot operate the account independently. Scenario 6: Solana Token and Account Permissions Phishers modify the ownership of Solana tokens and accounts through “SetAuthroity,” transferring tokens to a new owner address. Once users fall for this, assets are transferred to the phisher. Additionally, if users sign “Assign” transactions, their regular account’s Owner is changed from System Program to a malicious contract. Scenario 7: EigenLayer’s queueWithdrawal Invocation Due to design mechanisms and other issues, this protocol can also be exploited by phishers. Based on the Ethereum middleware protocol EigenLayer, the “queueWithdrawal” invocation allows specifying another address as the withdrawer, and when users sign this transaction, the specified address can obtain the user’s staked assets after seven days. Follow us Wu Blockchain is free today. But if you enjoyed this post, you can tell Wu Blockchain that their writing is valuable by pledging a future subscription. You won't be charged unless they enable payments. |
Older messages
Cathie Wood Iinterview In HK: Bitcoin Price Prediction for 2030, HK Is a Leading Crypto Policy Pioneer
Tuesday, April 23, 2024
Editor | Wublockchain Here is the full transcript of the Hong Kong Web3 Festival: Please welcome the head of HashKey Singapore and CEO of HashKey Capital, Mr. DC, and the CEO and CIO of ARK Invest, Ms.
Impressions of the Hong Kong Web3 Conference: Exchanges fade, few excellent projects, KOL influence strengthens
Monday, April 22, 2024
Author | @tmel0211 Editor | Wublockchain Original link:https://x.com/tmel0211/status/1777871689092923636 After spending three days at the Hong Kong Web3 Conference, I have many thoughts that words
Asia's weekly TOP10 crypto news (Apr 15 to Apr 21)
Sunday, April 21, 2024
1. Japan's Liberal Democratic Party Releases 2024 Web3 White Paper link Last week, the ruling party of Japan, the Liberal Democratic Party (LDP), released the 2024 Web3 White Paper. The paper calls
Weekly Project Updates: Bitcoin Rune Forging is Thriving, Worldcoin to Launch Exclusive L2, Avail Airdropping 600 …
Saturday, April 20, 2024
1. Post Bitcoin Halving, On-Chain Rune Forging Activities Thrive link Following the Bitcoin halving, on-chain runic forging activities have become highly active, resulting in a surge in transaction
WuBlockchain Weekly: Bitcoin Halving, Hong Kong Approves Bitcoin and Ethereum Spot ETFs, Federal Reserve Not Lower…
Friday, April 19, 2024
1. Bitcoin Witnesses Its Fourth Halving This Week link Bitcoin is expected to undergo its fourth halving when the block height reaches 840000, anticipated to occur around April 20th at 8:10 (UTC+8).
You Might Also Like
Liquidation heatmap shows volatility ahead as Bitcoin drops to $57k
Sunday, May 5, 2024
Liquidation heatmap analysis forecasts turbulent times ahead for Bitcoin as it struggles to regain $57000. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Asia's weekly TOP10 crypto news (Apr 29 to May 5)
Sunday, May 5, 2024
1. Hong Kong Bitcoin Spot ETF Holds 4218 BTC Three Days After Launch link After three days of trading, the Hong Kong Bitcoin spot ETF holds a total of 4218 BTC. Among these holdings, the ChinaAMC
The Path to Reorganisation | BanklessDAO Weekly Rollup
Saturday, May 4, 2024
Catch Up With What Happened This Week in BanklessDAO ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Arthur Hayes predicts Bitcoin is poised for a steady rise in value
Saturday, May 4, 2024
Hayes believes Bitcoin's local bottom is in and predicted that the flagship crypto will steadily grind upward over the coming months. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Weekly Project Updates: LayerZero Initiates Sybil Hunt Operation, Eigenlayer Launches First Season Airdrop, Acquis…
Saturday, May 4, 2024
1. LayerZero: Phase One Network Snapshot Completed, Sybil Hunt Operation Initiate link On May 2nd, LayerZero Labs announced via Twitter that they had completed the Phase One snapshot at UTC time 11:59:
Coinbase surpasses expectations with Q1 revenue surge amid Bitcoin boom
Friday, May 3, 2024
A significant component of the revenues was a $650 million mark-to-market gain on digital assets held for investment, following new accounting standards adopted by the company. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Earn $FLOW with this
Friday, May 3, 2024
New Flow Quests just dropped on Flipside. Collect Top Shot NFTs while building your onchain score with Flipside's newest Quest. Get started now Flipside Crypto Get into a ~flow~ while you earn. A
NFT & Blockchain Gaming Weekly - 📈 NFT Lending Volume Exceeds US$2.1B in Q1
Friday, May 3, 2024
NFT Lending Volume Exceeds $2.1B in Q1, Led by Blend. Moonbirds changes copyright policy under Yuga Labs. "Gacha Grab" catapults Azuki NFT sales to $1.1M in a day. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
WuBlockchain Weekly: Federal Reserve Adopts Dovish Stance, Debut of Hong Kong Spot ETF, CZ Sentenced to Four Month…
Friday, May 3, 2024
1. Powell: Unemployment Rate Must Rise by Over 0.2% to Prompt Fed Interest Rate Cut link The Federal Reserve has acknowledged recent setbacks in combating inflation but indicated a higher likelihood of
Fidelity Bitcoin ETF’s $191 million outflow surpasses Grayscale as BlackRock records first redemptions
Thursday, May 2, 2024
All spot Bitcoin ETFs recorded outflows for the first time on record with $563 million leaving funds. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏