(August 10) O3 Swap using Poly Network cross-chain protocol was stolen with heavy losses.
Hackers reportedly took $610 million worth of assets, including USDT, ETH and Bitcoin, a DeFi record.
Not only many platforms like this, there are also a lot of friends around because of the error of operation to step on many traps, resulting in serious property losses, and even in the bull market zero, it is really terrible to see.
Here are a few typical examples to help you avoid these pitfalls.
01
The security level of trading platform is too low
Some time ago, a friend trading platform assets stolen, heavy losses.
I asked about the security Settings, but there was only one option for email verification, and Google secondary verification and SMS verification were not added. It is possible that the email password is consistent with the password of the trading platform, leading to the password leakage, and the assets were directly taken away by hackers.
Many people are not impressed by these verification details, and generally recommend setting the security level to SMS + email + Google Second authentication, especially when transferring money, and turning off the API altogether.
For beginners, it is easy to lose the private key due to the lack of cognition of wallet and so on. It is better to put the assets in the big trading platform, which is similar to the Internet platform we use daily. As long as you remember your mobile phone number, you can find it easily.
But for security, set a few more thresholds (email and Google secondary authentication).
At the same time, if possible, you are advised to use different mobile phones for the SMS verification code and Google secondary authentication code, in case the mobile phone is hijacked and the SMS verification code and Google secondary authentication are leaked at the same time.
Although this will be more difficult to use, the cost of hacking is also very high.
02
The private key and mnemonic are improperly stored
It is understood that a big V in the Internet circle lost the bitcoin worth tens of millions of yuan, actually because the mnemonic is put in the cloud notes, private key or mnemonic touching the network is relatively taboo.
If you want to preserve their assets in the wallet, the simplest is to look for a different phone, download good purse, wallet address and mnemonic words written down, if you worry about losing the mnemonic backup one more word, mobile phones and transfer password don't forget at the same time, but the mnemonic word can't give anyone know, mnemonic word or private key leak, no assets.
The nice thing about this is that if your phone breaks or you forget your money transfer password, you have two stored mnemonics to recover, and if you lose two mnemonics, you have your phone and your money transfer password.
If you lose your phone and your two mnemonics, your assets are gone.
Some friend for convenience, the private key directly or through the channel such as WeChat mnemonic word send, if their mobile phone security is not good, also is easy to reveal the private key, even if want to send to send, such as the middle section, only the hair end a few characters through telephone to inform the other party, is also a kind of higher security solutions.
Before there are friends misoperation, the mnemonic directly sent to the group, fortunately, acquaintances see, timely transfer his assets and inform, otherwise the consequences are very serious.
Retrieving similar events will be very troublesome. Due to the particularity of digital assets, it is slightly troublesome for relevant authorities to file cases, so it is better to prevent them in advance.
03
Access a phishing site and leak your private key
A lot of people are having a great time with airdrop this year, but a lot of bad guys are phishing you, giving you a fake link, saying the airdrop wants you to enter a mnemonic or private key, and all the assets are lost.
Use wallet to play DeFi or other NFT, please remember, the mnemonic private key is everything, you give this to others is equivalent to giving money to others, even if you want to lead the airdrop, also do not need the mnemonic and private key.
If it is true, it is suggested to operate through common mobile wallet, which has an advantage that many DeFi projects can be accessed through our common wallet (into TP IMtoken, wheat, etc.), some links are audited by the wallet side, the possibility of phishing is very small, and there is no need to input mnemonic words and private keys.
You just need to check if you're qualified.
If the usual wallet doesn't have this item, then I think you should be careful whether the airdrop is worth masturbating, especially if he needs you to use the mnemonic private key.
04
True and false li
And in some cases, it is found to be false Token, before I went to a cable group, said the HT move brick project, you as long as the play ETH wallet address to each other, you can receive a HT value several times, euphemistically called move brick ah of what, group chat content are zhang SAN made how many, how much li si made how many, how much hurry to operate,
If it's late, it's gone.
However, I questioned that you this HT is the official?
How does it work?
I got kicked out of the group chat.
In fact, this is fake, you can receive HT, but this is fake, it is not the one we think, it is a ghost.
When you recharge, you find that you can't pay the account and then find the customer service, the customer service said that you were cheated, this is false, so sometimes we also need to enlarge our eyes, to see whether the corresponding contract address and the official contract address is consistent.
Because it is too simple to send a project in Israel at present, many li Ghost, to carefully compare the contract address.
Other situations are similar, there are many hot project 1EO, some people say that there is a quota, can be released in advance, in fact, may be false.
05
The computer was hacked and the address was tampered with
Another situation is that when many of us operate, the address is copied and pasted, but sometimes our clipboard will be lost if it is hijacked and tampered with. Some friends lost more than 100 ETH just for this reason, which is also a pity.
Therefore, when we transfer money, we must repeatedly confirm the address is correct, even if you scan the code to transfer money, we also need to compare the target address is correct. Many times we inadvertently relax our vigilance, the target address is tampered, and then run to others.
06
summary
The above five cases are easy to encounter in the operation of some pits, these are living some examples, in order to their own property security, I hope we can be vigilant, not greedy for small gains, lest the penny drops the pound.
No comments:
Post a Comment