The losses I have suffered, you need not suffer again.
Author: Ye Su
After Bybit was hacked for $1.5 billion, the reputable infini was also attacked by hackers.
A few years ago, I also suffered significant losses due to hackers. This morning, the company was conducting internal security training, and I would like to share some personal lessons and prevention guidelines:
Emerging Methods of Attack in the Past Two Years
1. Friend Impersonation (Social Engineering)
Hackers often disguise themselves as customer service, celebrities, friends, or investment opportunities to obtain your private keys or mnemonic phrases. Stay vigilant and do not click on unfamiliar links.
This is the hardest type of attack to prevent. Our company was impersonated by hackers on Twitter/Tg for private message scams. Hackers usually pose as someone you know, suggesting a phone call to discuss investment opportunities, and send fake decks, Zoom links, and websites to implant viruses.
2. Internal Penetration
The ultimate trick of North Korean hackers, shared by a founder of a leading CEX. Hackers apply for jobs to infiltrate the company, usually in asset management, security architecture, or finance departments. After about six months, they carry out internal attacks.
3. Similar Addresses
Hackers can generate addresses with the first 5 and last 5 characters being identical in just a few seconds, for example, 10 addresses starting with 0x1234 and ending with 56abc.
Hackers typically mimic transactions from large wallets and use similar addresses for phishing. Always verify the Txid and at least 5-6 characters in the middle of the address before transferring, and it’s best to verify at every step.
4. Public WiFi
Avoid using public Wi-Fi to prevent asset theft due to malware or trojans. Wi-Fi can be directly hacked into devices, so be cautious with hotel, party, or even someone else's Wi-Fi. Try to use your own hotspot as much as possible.
Principles to Establish
1. Zero Trust Principle
In the blockchain world, do not easily trust anyone or any tool. All transactions and signature operations should be independently verified to ensure the source is trustworthy.
Even if your homie privately asks you to cover a payment, confirm with them via phone/video/face-to-face.
2. A Gentleman Does Not Stand Under a Dangerous Wall
If there are rumors (of theft/shortfall), immediately distance yourself from the location of the risk, ensuring safety before considering other issues.
Never believe in "too big to fail." FTX collapsed, and both ArkStream and I avoided disaster by withdrawing funds on the first day.
For basic preventive operations, everyone can refer to SlowMist's Blockchain Dark Forest Self-Rescue Handbook.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
