Original title: "Security Special Issue 06｜OKX Web3 & GoPlus: On-chain security monitoring and post-event rescue"

Original source: OKX

Introduction｜OKX Web3 wallet has specially planned the "Security Special Issue" column to provide special answers to different types of on-chain security issues. Through the most real cases happening around users, in conjunction with experts or institutions in the security field, dual sharing and answers from different perspectives, we will sort out and summarize the rules of safe transactions from the shallow to the deep, aiming to strengthen user security education while helping users learn to protect their private keys and wallet asset security from themselves.

On-chain security attack and defense is like a never-ending "hide and seek"

Users should always hide their assets and take good security protection

Even if they are "caught by hackers", they should not panic and learn to remedy quickly

In the previous issues, we started from real user cases and spent a lot of space to introduce risk identification and security protection, covering private key security, MEME transaction security, on-chain hair safety, device security, DeFi interaction security, etc., which is already very comprehensive.

As the saying goes, it is never too late to mend the fold after the sheep have been lost. This issue is the 06th special issue of security. The GoPlus security team, a new blockchain security team, is invited to share the content related to on-chain security monitoring and post-event first aid from the perspective of practical operation guides, only for everyone to learn and communicate.

GoPlus Security Team:Thanks for the invitation. We are committed to building a Web3 user security network, focusing on providing permissionless secure data and end-user service environment. In terms of technical architecture, GoPlus integrates advanced artificial intelligence modules. It has currently served more than 10,000 partners, calls user security data more than 21 million times per day, and supports more than 20 public chains.

OKX Web3 Wallet Security Team:Hello everyone, I am very happy to be able to share this. The OKX Web3 Security team is mainly responsible for the construction of various security capabilities of OKX in the Web3 field, such as smart contract security audits, wallet security capability construction, on-chain project security monitoring, etc., providing users with multiple protection services such as product security, fund security, and transaction security, and contributing to the maintenance of the entire blockchain security ecosystem.

Share some real, successful on-chain security protection or rescue cases of users

GoPlus Security Team:There are many such cases, and we will share two.

Case 1: A user from the GoPlus community reported that his EVM address was attacked by a hacker using poisoning techniques. The hacker sent a small amount of tokens to the target user's wallet and forged an address with the same first 5 and last 3 characters, inducing the user to mistakenly believe that this was his commonly used transfer address. However, due to the use of on-chain protection and monitoring security services, the loss of more than 20K US dollars was successfully prevented.

The main incident was: when the user made an Ethereum transfer, security monitoring and on-chain interception services played a key role. The monitoring service detected that a suspicious poisoning address sent a small amount of tokens to the user's wallet and blacklisted the address. But at this moment, the user was unaware of this and had already tried to transfer part of the funds to this fake address. Fortunately, the user used the secure RPC service in the wallet. After the transaction was sent, the interception service immediately intervened and successfully blocked the transaction. The system automatically issued an alarm to inform the user that the transaction address did not match the commonly used address and there might be risks.

After receiving the notification, the user suspended the transfer transaction and used relevant inspection tools to verify that the address was a known poisoning address. The system shows that the address has been associated with multiple fraudulent activities in the past few days. The user canceled the transfer in time to avoid transferring funds to the address controlled by the hacker. Afterwards, the user cleaned up his list of commonly used transfer addresses and deleted all addresses of unknown origin to prevent similar incidents from happening again.

Case 2: Using Front Running to successfully transfer assets on the chain

Another user of ours found that his EVM private key was stolen, and the hacker had transferred all the ETH to other wallets. The hacker also set up monitoring and automation programs so that whenever the user transferred ETH as Gas to the stolen address, the Gas would be automatically transferred by the hacker immediately. But in the end, by using the front-running service in time, the remaining NFTs and remaining Token assets were successfully taken away and all transferred to a safe new address.

With our help, the user used the front-running technology to rescue. Through the front-running service, a series of high-priority transactions were prepared, and the transaction speed was increased by monitoring and raising the Gas fee to ensure that these transactions were packaged by miners before the hacker's monitoring program monitored and placed orders. The user first quickly transferred the NFTs and remaining Token assets in the account to multiple intermediate addresses in batches, and finally successfully rescued the remaining assets. Prevented the loss of more than 10K US dollars in assets.

Through these two cases, we can see that, whether during or after the incident, the reasonable use of tools and security services can timely reduce capital losses and resist risks.

OKX Web3 Wallet Security Team:Due to the incidents of phishing and private key leakage, we provided a lot of assistance to help them successfully recover their losses.

Case 1: User A accidentally entered his private key on a phishing website, resulting in the theft of his Ethereum (ETH). Fortunately, the user's other ERC20 tokens, such as USDC, have not been stolen. After user A asked for help, we had in-depth communication and organized a team to help him. By using Flashbots to bundle transactions, we submitted the transaction for paying Gas and the transaction for transferring value tokens together, processed them in the same block, and successfully rescued the user's remaining assets.

Case 2: User B mistakenly entered a phishing website when querying airdrop information. The website required the user to authorize a known risky address. OKX Web3 wallet identified that the address was on the blacklist and successfully intercepted the authorization request, preventing potential asset risks.

Case 3: A certain protocol C was attacked, and all addresses authorized to the protocol were facing asset risks. The OKX Web3 wallet security team responded quickly to this incident, listed the protocol-related vulnerability contracts as risky addresses, and reminded users when they authorized, effectively avoiding greater losses.

The above cases show that users should not only update emergency measures to deal with phishing and protocol attacks, but also use security tools and seek help from professional security teams. But most importantly, users first need to start with themselves and learn to protect their wallets and assets.

How can users better understand the security status of their wallets and manage the security status of their wallets?

GoPlus Security Team:In order to better understand and manage the security status of their wallets, users can take the following detailed measures.

1. Check authorization regularly

1. Use authorization management tools

• With the help of authorization management tools: Using some commonly used authorization management tools, users can regularly check authorized smart contracts. These tools can help users list all authorized contracts and mark those that are not often used or may be risky.

• Contract risk assessment: Use these tools to conduct risk assessment on contracts, view the security and history of contract codes, and identify potential risks.

2. Cancel unnecessary authorization:

• Easy cancellation of authorization: Through the authorization management tool, users can easily cancel the authorization of contracts that are no longer needed. This not only reduces potential security risks, but also prevents malicious contracts from using authorized permissions to operate.

• Regular maintenance: Perform authorization maintenance regularly to keep the authorization list concise and secure, and ensure that only necessary contracts have permissions.

2. Wallet monitoring

1. Use monitoring tools

• Real-time monitoring: Use some wallet monitoring tools, such as Etherscan's address monitoring service and GoPlus's security monitoring tool, to monitor wallet activities in real time. In this way, users can receive timely reminders when authorization changes, abnormal transactions, address poisoning or other security incidents occur.

•Detailed reports: These monitoring tools usually provide detailed reports and logs that record all activities of the wallet, which is convenient for users to review and analyze.

2. Customized alerts

•Set alert parameters: Set customized alerts based on parameters such as transaction amount and frequency. Users can define different types of alerts, such as large transaction alerts, frequent transaction alerts, authorization change alerts, etc.

•Timely response: Once an alert is triggered, users should check and take necessary measures in time to prevent further losses. These alerts can be sent to users via email, SMS or in-app notifications.

III. Other security measures

1. Regular backup and recovery

•Backup private keys and mnemonics: Regularly back up the private keys and mnemonics of the wallet and store them securely in multiple locations, such as offline storage devices, encrypted USB drives or paper backups. Ensure that the backups are not accessed by unauthorized personnel.

• Test the recovery process: Regularly test the wallet recovery process to ensure that the wallet can be quickly and effectively restored when needed. This includes importing private keys or mnemonics, restoring all functions of the wallet, and verifying that the restored wallet can be used normally.

2. Use hardware wallets

• Security of hardware wallets: Use hardware wallets to store large assets. Hardware wallets can provide higher security because their private keys will never leave the device to prevent them from being stolen by hackers.

• Update firmware regularly: Ensure that the firmware of the hardware wallet is kept up to date. Manufacturers will regularly release security updates and patches to address the latest security threats.

OKX Web3 Wallet Security Team: Generally, users can use the following aspects to strengthen the security management of wallets

1. Use wallet security tools

Many wallets and security tools can help users manage authorization and improve security

1) Common browser wallet plug-ins allow users to manage DApp permissions. You can view and revoke authorized DApps, regularly check authorized dapp websites, and deauthorize unnecessary websites

2) Use the Check and Revoke Wallet Authorization website. Users can view all authorized smart contracts by connecting to their wallets and choose to revoke permissions that are no longer needed.

2. Check wallet authorization regularly

Regularly check your wallet authorization status to ensure that there is no redundant or suspicious authorization

1) Connect to Revoke.cash or similar tools.

2) View the list of all authorized smart contracts.

3) Revoke DApps that are no longer used or suspicious authorizations.

4) Ensure that the wallet software is always up to date to obtain the latest security updates and vulnerability fixes.

3. Improve personal security awareness

1) Beware of phishing attacks: Do not click on unknown links or download unknown files.

2) Use strong passwords and two-factor authentication: Set a strong password for your wallet account and enable two-factor authentication (2FA) to increase security.

How users perceive on-chain security events and protect their assets in time

GoPlus Security Team:Users should learn to monitor in real time and block malicious on-chain transactions in a timely manner as much as possible.

Why is real-time monitoring needed? Real-time monitoring of on-chain transactions is essential to protecting user assets. As more and more hackers and fraud gangs are involved in on-chain fraud, it has become extremely difficult to identify hidden risks in transactions. Many users lack the necessary security knowledge and technical capabilities to fully understand and prevent these threats. Real-time monitoring can help users identify abnormal activities in a timely manner, such as unauthorized transactions, large transfers, or frequent trading operations, and take quick measures to prevent losses. In addition, real-time monitoring can detect and prevent malicious operations such as phishing, hacking, and smart contract vulnerabilities, thereby protecting users' assets. When a security incident occurs, real-time monitoring can immediately notify users, allowing them to take quick action, such as freezing accounts, canceling authorization, or reporting incidents, thereby minimizing losses. By providing a transparent environment, real-time monitoring can also enhance users' trust in wallets and platforms, allowing users to check transaction and authorization status at any time and improve the user experience.

In order to achieve real-time monitoring of on-chain transactions and block malicious transactions, users can take the following measures:

First, adopt a monitoring and response system. Users can set custom transaction alerts based on parameters such as transaction amount and frequency, and receive alert information in a timely manner through email, SMS or in-app notifications. This not only helps users accurately monitor wallet activities, but also issues alerts as soon as abnormal transactions are discovered, allowing users to take quick measures to prevent further losses.

Using blockchain analysis tools is also an important means. By using blockchain analysis platforms such as public chain web browsers, users can monitor the transaction history and activities of their wallets and conduct in-depth analysis of transaction patterns and counterparties. The detailed data and analysis functions provided by these platforms can help users identify potential risky transactions and take timely action. In addition, blockchain analysis tools can also help users track the flow of funds and detect and prevent possible fraud.

In addition, using non-sensitive risk control protection can significantly improve the user's security experience. Safe RPC or safe wallet products can help users achieve seamless risk control protection, automatically identify and evaluate potential security threats through real-time analysis of users' transaction behaviors and environments in the background. This protection mechanism does not require users to perform complex operations, but automatically runs and provides protection, reducing the difficulty of user operation. For example, some advanced secure RPC services can help users analyze the security risks of each transaction and intelligently intercept dangerous transactions. Users only need to bind their wallets to the corresponding monitoring and blocking services, and the system will automatically protect the security of users' assets.

Combined with these measures, users can achieve comprehensive real-time monitoring of on-chain transactions, effectively block malicious transactions, and ensure the security of their assets. Through seamless risk control protection, real-time monitoring and intelligent blocking technology, users can conduct on-chain transactions in a more convenient and secure environment. Whether it is ordinary users or professional investors, these technologies provide them with strong security guarantees, allowing them to participate in the blockchain ecosystem with greater peace of mind.

Real-time monitoring can not only help users deal with current security threats, but also enhance their ability to prevent potential risks in the future. With the continuous development of blockchain technology and the expansion of application scenarios, security issues will become increasingly complex and diverse. By continuously learning and applying the latest security technologies and tools, users can remain highly alert to new threats and adjust and optimize their security strategies in a timely manner. Ultimately, real-time monitoring, intelligent blocking, and imperceptible risk control will become indispensable security tools for users in on-chain transactions, safeguarding their digital assets.

OKX Web3 Wallet Security Team:On-chain security incidents occur frequently, and users need to understand how to perceive these incidents in a timely manner and protect their assets. The following are some specific methods and tools that we hope will help users improve their on-chain security perception and take appropriate asset protection measures.

1. Pay attention to the security vendors’ security incidents on Twitter

•Security vendors’ Twitter: Pay attention to the blockchain security vendors’ Twitter accounts to learn about the latest security trends and attack methods on the chain.

•Pay attention to the latest attack methods: Pay attention to the latest attack methods of the same type of protocols, especially to prevent hackers from using common vulnerabilities to attack other protocols, resulting in user capital losses. Therefore, if necessary, withdraw investment in related types of protocols to avoid capital losses due to the same type of security vulnerabilities.

2. Use on-chain monitoring tools

•Real-time monitoring tools: Use on-chain monitoring tools such as OKLink’s address balance monitoring to pay attention to changes in the protocol TVL (total locked volume) in real time, or use protocol monitoring tools provided by some security vendors to monitor the security of mainstream protocols in real time and remind users in time when problems are found.

3. Pay attention to the compensation dynamics of the project party

•Compensation plan: For the attacks that have already occurred, users can pay attention to the compensation dynamics of the project party.

•Follow up the announcement: Some project parties will release information about the compensation plan on their official website, social media and announcement channels.

•Declare losses: The damaged users should report the losses in time and participate in the compensation plan according to the guidance of the project party.

4. Cancel the authorization of the vulnerable contract

•Revoke.cash: Use relevant tools to check and revoke the authorization of the vulnerable contract to prevent the funds from being stolen again

How to avoid being easily targeted by phishing attacks when conducting on-chain transactions?

GoPlus Security Team:When trading on the chain, users should try to avoid becoming the target of phishing attacks. You can strengthen protection from the following aspects.

In order to avoid becoming a target of phishers when trading on the chain, there are mainly the following points:

1. Verify the source

•Official channels: Never click on links from unknown sources, especially links in private chats received in Email, Twitter, and Discord. Make sure all transactions and login operations are performed through the official website or official dapp. You can collect or bookmark commonly used websites and applications to avoid entering fake websites. You can also check whether it is official by whether there are well-known users following in Twitter Followers.

• Check the URL: Double-check the URL of the website to make sure it is spelled correctly and contains a security certificate (HTTPS). Phishing websites often use domain names that are similar to real websites, but there will be slight differences.

Second, safe browser extensions

• Install browser extensions: Install some safe browser extensions with transaction simulation and phishing website identification functions. These extensions can monitor and block phishing websites in real time. The extension usually checks whether the visited website is in the database of known phishing websites and issues a warning when risks are found. At the same time, it can simulate transactions, inform the consequences of actions, and provide early warnings.

• Regular updates: Make sure browser extensions and other security software are always kept up to date to ensure that they can identify and block the latest phishing attack methods.

Third, improve vigilance and identification skills

• Emails and messages: Be highly vigilant about any emails and messages that ask for personal information, passwords, mnemonics, and private keys. Legitimate services will not ask for this information through emails or messages.

• Check the sender: Even if the email appears to be from a familiar source, double-check the sender's email address. Sometimes phishers will pretend to be legitimate senders and deceive through subtle spelling errors or fake domain names.

Fourth, Fund Management

• Multi-wallet management: Store assets in multiple wallets instead of concentrating them in one wallet. This way, even if one wallet is attacked, the assets in other wallets can be protected.

• Combination of hot and cold wallets: Store most of the assets in offline cold wallets, and only keep a small amount of assets in online hot wallets for daily transactions. Cold wallets are not connected to the network and are more secure.

• Regular inspections: Regularly check the security status and transaction records of each wallet, cancel unnecessary and redundant authorizations, and promptly detect and handle abnormal situations.

OKX Web3 Wallet Security Team:With the development of the on-chain ecosystem, user on-chain interactions have become increasingly active, and there is a greater need to improve security awareness. Try to take multiple measures to reduce the risk of becoming a target of phishing attacks and protect the security of wallets and assets.

1. Verify the website and address: Before entering a private key or making a transaction, be sure to verify that the URL of the website you are visiting is correct, especially when clicking on an email or social media link to access it directly. For blockchain addresses, use known security services such as the OKLink browser to verify the legitimacy of the address.

2. Use hardware wallets: Hardware wallets can provide an extra layer of security for crypto assets. Even if the user's computer is infected or accidentally visits a phishing website, the hardware wallet can ensure that the private key does not leave the device.

3. Don't authorize easily: When authorizing operations on smart contracts, be sure to confirm the content and source of the contract. Only authorize contracts that you trust or have been fully audited by the community.

4. Use security tools and services: Install and use anti-phishing and malware protection tools, such as web browser extensions, which can help identify and block access to known malicious websites.

5. Stay vigilant: Be wary of any urgent requests for your private key or transfer. Attackers often use users' nervousness and impatience to induce them to make decisions.

6. Improve your own security awareness: Regularly update your security knowledge and pay attention to the latest phishing attack methods and blockchain security trends. You can take relevant online courses or read blockchain security guides.

How can users avoid participating in scam projects when trading on the chain

GoPlus Security Team:First, we need to understand what scam tokens are. Scam tokens are cryptocurrency tokens created by malicious actors. They are created for the purpose of implementing rug pulls. These tokens are usually designed to defraud investors of their funds, and the tokens themselves have no real value or use. Once investors purchase these tokens, they often find that these tokens cannot be sold for various reasons, or suffer huge losses during the transaction process. Common scam tokens include those that deceive users by limiting the sale function, trading cooldowns, hiding transaction fees, or otherwise. Users can avoid buying scam tokens by taking the following measures.

1. Verify the contract address:

• Check the information: Before purchasing a token, confirm that the smart contract address of the token is correct. Make sure that the contract address is consistent with the official one provided by the project, and obtain this information through official channels, such as the official website, white paper, or official social media.

• Review the contract code: If you have a technical background, you can review the smart contract code of the token to check whether there is any abnormality or malicious code. If you do not have relevant knowledge, you can rely on reliable contract audit tools or services.

• Use a blockchain browser: Use a blockchain browser to view the detailed information of the token contract, including the distribution of token holders, transaction history, etc., to ensure that the contract has no obvious risk characteristics.

2. Use trusted tools:

• Token risk identification tools: Use some commonly used token risk identification tools to scan token contracts for malicious code. These tools can check whether the contract has common scam features, such as inability to sell, hidden fees, etc.

• Contract analysis platform: Use the blockchain contract analysis platform to view the transaction history and contract code of the token. Pay attention to the distribution of token holders and be wary of tokens that are highly concentrated in a few addresses.

• Automatic monitoring tools: Use tools that can automatically monitor new tokens and their risk features to promptly detect and avoid potential scam tokens.

3. Community and reputation:

• Social media and community feedback: Check the community reputation of the token and the feedback from other users on social media such as Twitter and Reddit. Understand whether the project is supported and trusted by the community, and avoid buying tokens that have been repeatedly reported or discussed as scams.

•Project information transparency: Investigate the information transparency of the project team, such as the background of team members, the technical white paper of the project, the development roadmap, etc. Formal projects usually disclose detailed team and technical information.

•Participate in community discussions: Actively participate in community discussions of token projects to understand the latest progress of the project and the actual experience of users, and judge the credibility of the project.

4. Small-amount testing:

•Test transactions: Before making large purchases, conduct small-amount test transactions. Through small-amount testing, verify whether the buying and selling functions of the tokens are working properly to ensure that you will not buy Pixiu coins that cannot be sold.

•Monitor transaction fees: Pay attention to transaction fees and slippage during small-amount transactions, and check whether there are abnormally high fees or hidden transaction conditions.

•Observe market reactions: After conducting small-amount testing, observe the market reaction and trading activity of the token to evaluate whether it has normal market performance.

5. Beware of high-yield promises:

• Unrealistic promises: Beware of token projects that promise high returns and quick returns. Scam tokens often take advantage of investors' greed and promise unrealistic high returns to attract funds.

• Identify risk signals: High returns are often accompanied by high risks. For projects that claim to be "guaranteed to make money without losses", stay highly alert and avoid being tempted by short-term high returns.

• Consult professional opinions: Before investing, you can consult professionals and listen to their risk assessment of the project.

6. Rational investment:

• Stay rational and cautious: Don’t be tempted by short-term high returns, and always conduct sufficient research and risk assessment. Investment decisions should be based on detailed analysis and rational judgment, not emotionally driven.

• Diversified investment: Don’t invest all your funds in a single token or project. Diversified investment can reduce overall risk and ensure that even if some investments fail, there will be no significant losses.

OKX Web3 Wallet Security Team: Rug pull incidents on chain projects are common, and users should be more vigilant. For example:

1. Research the background of the project: Before buying any token, be sure to research the project in depth. Understand the project’s vision, team members, white papers, roadmaps, and other aspects. Find community discussions on the project to understand what others think of the project.

2. Pay attention to warning signs: Some warning signs may indicate that the token is a scam or untrustworthy. For example, anonymous teams, exaggerated promises, lack of transparency, etc. If you find any warning signs, it is best to be vigilant and not buy such tokens easily.

3. Use token scanning tools: You can use the token scanning function provided by OKX Web3 wallet, etc. The token scanning tool conducts a comprehensive analysis from multiple levels such as contract code, on-chain behavior, community feedback, etc., which can detect whether the token is fraudulent to a certain extent.

4. Review the contract: On Ethereum or other smart contract platforms, you can view the code of the token contract. Reviewing the contract can help you determine whether the token is credible. If the contract code contains suspicious logic or is not open source, you need to be more careful.

5. Stay vigilant: Don't easily believe recommendations from strangers or promotional copywriting in the community. If you hear a project's overly beautiful promises, be more skeptical and stay rational.

How users can prevent MEV attacks on the chain and avoid financial losses

GoPlus Security Team:To prevent losing funds due to MEV (Miner Extractable Value) attacks, users can take the following detailed measures.

1. Use special tools

• Anti-MEV function: Users can turn on the anti-MEV function in their wallets and use specially designed trading tools or plug-ins. These tools can identify and avoid potential MEV attacks and protect users' transactions from being exploited by miners and other attackers.

•Transaction protection service: Some platforms offer transaction protection services that can send or confuse users' transactions in batches to reduce the risk of being attacked by MEV. These services can help users perform large transactions more safely.

2. Disperse transaction time:

•Avoid peak periods: Avoid large transactions during peak trading periods, as MEV attacks are more active during these periods. Peak periods are usually periods of high market volatility or major news releases. Choosing periods with lower trading volume to trade can effectively reduce the probability of being attacked.

•Timed transactions: Use the timed transaction function to disperse large transactions to multiple time points to reduce the risk of a single transaction being exposed to MEV attacks.

3. Utilize privacy technology:

•Privacy nodes: Users can send transactions to some privacy nodes (such as Flashbots) to ensure that the transactions are executed normally. Flashbots can send transactions directly to miners, bypassing the public transaction pool, thereby avoiding being attacked by MEV. However, this method may cause transaction confirmation to be slightly slower, because the transaction needs to wait for the block to be on the chain to confirm its status.

• Confusion transactions: Use transaction confusion technology to split transactions into multiple small transactions and send them mixed, increase the concealment of transactions, and reduce the risk of being attacked.

4. Diversification strategy:

• Dispersed transactions: Do not concentrate all transactions at the same time or on the same platform to disperse risks and reduce the possibility of being targeted. By dispersing transactions, it is difficult for attackers to predict and intercept all transactions, reducing the overall risk.

• Use multiple trading platforms: Utilize multiple trading platforms and tools to avoid conducting all transactions on a single platform and reduce the possibility of being attacked by a centralized attack.

5. Choose a trading pool with sufficient LP:

•High liquidity pool: Try to choose a trading token pool with high liquidity and sufficient LP (liquidity providers) to avoid slippage losses and MEV attacks caused by insufficient liquidity. High liquidity pools can absorb larger trading volumes and reduce the risk of trading manipulation.

•Review trading depth: Before trading, check the depth of the trading pool and the liquidity of the trading pair to ensure that the transaction can proceed smoothly and will not cause large price fluctuations.

6. Set a reasonable slippage tolerance:

•Slippage protection: Set a reasonable slippage tolerance on the trading platform to prevent the transaction price from deviating from expectations. Too high a slippage setting will increase the risk of being attacked by MEV, while too low a slippage setting may lead to transaction failure. Adjust the slippage tolerance according to market conditions to achieve the best protection effect.

7. Continuous monitoring and adjustment strategies:

• Transaction monitoring: Continuously monitor your own trading activities to promptly detect and respond to potential MEV attacks. Use analytical tools and monitoring services to track the execution of transactions and market reactions.

• Adjustment strategy: According to the transaction monitoring results and market changes, timely adjust the transaction strategy and protection measures to ensure that the transaction is always in a safe state.

OKX Web3 Wallet Security Team:We have refined several core points, including:

1. Pay attention to transaction depth and set slippage: Pay attention to transaction depth, divide large transactions into small transactions, execute multiple times, and set slippage protection to reduce the probability of being attacked.

2. Use privacy-protected nodes: Select rbc nodes with privacy protection functions to prevent transactions from being made public, such as flashbot privacy RPC nodes.

3. Choose trusted wallets and applications: Use reputable wallets and applications that provide mev protection (such as OKX wallet native DAPP), and avoid using unknown or unverified services.

Once the user's wallet assets are stolen, how to remedy it?

GoPlus Security Team:Many users find that their wallet assets are suddenly gone, and because they do not have good experience or methods to deal with it, they often lose the assets that could have been recovered or rescued. In order to help users take the right action quickly after their assets are stolen, the following are several key remedial measures:

Step 1: Transfer the remaining tokens in the wallet

• Create a new wallet: Create a new wallet address immediately to ensure that the new wallet address and private key are safe and not leaked.

• Transfer assets: Quickly transfer the remaining tokens in the wallet to the newly created wallet to prevent the remaining assets from being stolen.

• Cancel authorization: Use the authorization management tool to cancel all unnecessary smart contract authorizations in the old wallet to further protect the remaining assets.

• Use rescue tools: Use some rescue tools and preemptive services to quickly recover losses when necessary. These services can help transfer assets first to avoid being automatically transferred by hackers’ monitoring programs. Gas required for transferring assets

Step 2: Find the root cause of the theft

1. Check the device and account

•Device security check: Check the device used to access the wallet to ensure that there is no malware, virus or spyware. Use trusted antivirus software to perform a comprehensive scan.

•Account security check: Check accounts related to the wallet, such as trading platforms, emails, etc., to ensure that these accounts have not been hacked.

2. Locate the cause of the theft

•Private key theft: If the private key is stolen, the hacker can fully control the wallet and transfer all assets. If the EVM wallet private key is leaked, the hacker can transfer all assets from multiple EVM-compatible chains. Check for signs of private key or mnemonic leakage, such as entering the private key or mnemonic through a phishing website.

•Authorization fraud: Check whether malicious smart contracts have been authorized without knowing it. Use Etherscan or other blockchain browsers to view the authorization history and identify abnormal authorizations.

•Malicious signature: Confirm whether malicious transactions or information have been signed. Especially for operations signed by DApp or other services, identify unknown or suspicious signatures.

3. Review transaction records:

•Analyze transaction history: Use blockchain browsers (such as Etherscan, BscScan) to view the transaction records of the wallet and identify suspicious transactions and unknown fund flows.

•Collect evidence: Record detailed information of suspicious transactions, including transaction ID, transaction time, other party's address, etc., to provide evidence for subsequent alarm and investigation.

Step 3: Report to the police

1. Report to the police

•Contact local police: Contact local law enforcement agencies as soon as possible to report the theft of wallet assets. Provide detailed transaction records and evidence to help the police understand the case.

•Filing an investigation: Fill out the necessary forms and documents as required by the police to ensure that the case is officially filed. Provide as many clues and evidence as possible to help the police conduct an investigation.

2. Keep communicating

•Regular follow-up: Contact the police regularly to understand the progress of the case and provide any new clues or information.

•Assist in the investigation: Actively cooperate with the police investigation and provide any information and support required.

Step 4: Seek help from professional security agencies and seek relevant exchanges to freeze the stolen funds based on the capital chain

1. Contact professional security agencies

•Professional assistance: Contact blockchain security companies or professional security agencies and ask for their help. Professional agencies can provide technical support to help track and analyze the flow of stolen funds.

•Fund tracking: Use professional blockchain analysis tools to track the flow path of stolen funds and identify the exchanges and final receiving addresses to which the funds flow.

2. Request the exchange to freeze funds

•Contact the exchange: Contact the relevant exchanges to which the stolen funds flow, provide detailed transaction records and evidence, and ask them to assist in freezing the stolen funds.

•Provide evidence: Submit the police's case filing certificate, transaction records and analysis reports to the exchange to prove that the funds are stolen assets, and ask the exchange to cooperate in freezing.

•Continuous follow-up: Keep in touch with the exchange, regularly follow up on the progress of frozen funds, and ensure that the stolen assets are recovered as soon as possible.

OKX Web3 Wallet Security Team:When a blockchain user's wallet assets are stolen, remedial measures may be limited because the decentralization and immutability of blockchain make it generally impossible to revoke a transaction once it is confirmed. Here are some possible remedial measures:

I. Take immediate action

1) Analyze the cause of the theft

• If the authorization is given to the hacker address, you need to cancel the authorization immediately on the authorization platform.

• If the private key is leaked, you need to conduct a full range of security tests to identify the cause of the private key leak, reinstall the system and then replace the wallet.

2) Asset rescue

• If there are still some assets in the wallet that have not been transferred, or assets in the defi project, you can rescue the assets to reduce losses.

3) Track the flow of funds

• You can find white hats or security community members to monitor the flow of funds. If you find that the funds are flowing to the exchange, you can apply to freeze their accounts.

2. Report to relevant departments

1) Feedback the problem to the wallet customer service

2) Call the police and report the theft to the police, providing all relevant information. This information can help users freeze the exchange account when they find that the funds are flowing to the exchange.

3. Seek help from the blockchain community

1) Post an announcement on relevant blockchain social media such as twitter. Sometimes the community will help track and prevent the flow of stolen funds

2) Offer bounties to motivate white hats or community members to help recover assets.

Fourth, Prevention

1) Conduct education and training to learn more about how to protect yourself from future attacks.

2) Use cold wallets and store most of your assets in offline wallets.

3) Safely back up your keys

In short, although the characteristics of blockchain technology make it difficult to recover stolen assets, quick action and multiple remedial measures can help minimize losses and prevent future risks.

Finally, thank you for reading the 06th issue of the OKX Web3 Wallet "Security Special Issue" column. We will summarize the content of the "Security Special Issue" series in the last issue. As the final issue, there are not only real cases, risk identification, but also security operation dry goods. Stay tuned!

This article is from a contribution and does not represent the views of BlockBeats.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia