Security Special Issue 06|OKX Web3 GoPlus: On-chain security monitoring and post-event rescue

1 months ago
This article is approximately 6535 words,and reading the entire article takes about 9 minutes
We have specially invited the GoPlus security team, a new blockchain security team, to share content related to on-chain security monitoring and post-incident first aid from the perspective of practical guidelines.

Introduction: OKX Web3 Wallet has specially planned the Security Special Issue column to provide special answers to different types of on-chain security issues. Through the most real cases happening around users, in collaboration with experts or institutions in the security field, dual sharing and answers are conducted from different perspectives, so as to sort out and summarize the rules of safe transactions from the shallow to the deep, aiming to strengthen user security education while helping users learn to protect their private keys and wallet asset security from themselves.

On-chain security attack and defense is like a never-ending game of hide-and-seek

Users should always hide their assets and take good security measures

Even if you are caught by hackers, dont panic and learn to remedy the situation quickly.

In the previous few issues, we started from real user cases and spent a lot of space to introduce risk identification and security protection, covering private key security, MEME transaction security, on-chain security, device security, DeFi interaction security, etc., which is already very comprehensive.

As the saying goes, it is never too late to mend. This is the 6th special issue on security. We invite the new blockchain security team GoPlus to share the content related to on-chain security monitoring and post-event first aid from the perspective of practical operation guides, for everyone to learn and communicate.

Security Special Issue 06|OKX Web3  GoPlus: On-chain security monitoring and post-event rescue

GoPlus Security Team: Thank you for the invitation. We are committed to building a Web3 user security network, focusing on providing permissionless secure data and end-user service environment. In terms of technical architecture, GoPlus integrates advanced artificial intelligence modules and currently serves more than 10,000 partners, calling user security data more than 21 million times a day, and supporting more than 20 public chains.

OKX Web3 Wallet Security Team: Hello everyone, I am very happy to share this. The OKX Web3 Security team is mainly responsible for the construction of various security capabilities of OKX in the Web3 field, such as smart contract security audits, wallet security capability construction, on-chain project security monitoring, etc., providing users with multiple protection services such as product security, fund security, and transaction security, and contributing to maintaining the entire blockchain security ecosystem.

Share some real, successful on-chain security protection or rescue cases of users

GoPlus Security Team: There are many such cases, we will share two.

Case 1: A user from the GoPlus community reported that his EVM address was attacked by a hacker using poisoning techniques. The hacker sent a small amount of tokens to the target users wallet and forged an address with the same first 5 digits and last 3 digits, tricking the user into thinking that this was their usual transfer address. However, due to the use of on-chain protection and monitoring security services, the loss of more than 20K USD was successfully prevented.

The main course of events is as follows: when a user made an Ethereum transfer, security monitoring and on-chain interception services played a key role. The monitoring service detected that a suspicious poisoning address sent a small amount of tokens to the users wallet and blacklisted the address. However, the user was unaware of this at the moment and had already tried to transfer part of the funds to this fake address. Fortunately, the user used the secure RPC service in the wallet. After the transaction was sent, the interception service immediately intervened and successfully blocked the transaction. The system automatically issued an alarm to inform the user that the transaction address did not match the commonly used address and there might be risks.

After receiving the notification, the user suspended the transfer transaction and used relevant inspection tools to verify that the address was a known poisoned address. The system showed that the address was associated with multiple fraud activities in the past few days. The user canceled the transfer in time to avoid transferring funds to the address controlled by the hacker. Afterwards, the user cleaned up his list of commonly used transfer addresses and deleted all addresses of unknown origin to prevent similar incidents from happening again.

Case 2: Using Front Running to successfully transfer assets on the chain

Another user of ours found that his EVM private key was stolen, and the hacker had transferred all the ETH to other wallets. The hacker also set up monitoring and automation programs so that whenever the user transferred ETH as Gas to the stolen address, the Gas would be automatically transferred away by the hacker immediately. But in the end, by using the preemptive service in time, the remaining NFTs and remaining token assets were successfully preempted and transferred to a safe new address.

With our help, the user used preemptive technology to rescue. Through the preemptive service, a series of high-priority transactions were prepared, and the transaction speed was increased by monitoring and raising the gas fee to ensure that these transactions were packaged by miners before the hackers monitoring program monitored and placed orders. The user first quickly transferred the NFTs and remaining token assets in the account to multiple intermediate addresses in batches, and finally successfully rescued the remaining assets. The loss of more than 10K US dollars in assets was prevented.

These two cases show that, whether during or after the incident, the rational use of tools and security services can timely reduce financial losses and resist risks.

OKX Web3 Wallet Security Team: Because users encountered incidents such as phishing and private key leakage, we provided a lot of assistance to help them successfully recover their losses.

Case 1: User A accidentally entered his private key on a phishing website, resulting in the theft of his Ethereum (ETH). Fortunately, the users other ERC 20 tokens, such as USDC, have not been stolen. After user A asked for help, we had in-depth communication and organized a team to help him. By using Flashbots to bundle transactions, we submitted the transaction for paying Gas and the transaction for transferring value tokens together and processed them in the same block, successfully rescuing the users remaining assets.

Case 2: User B mistakenly entered a phishing website when searching for airdrop information. The website required the user to authorize a known risky address. The OKX Web3 wallet identified that the address was on the blacklist and successfully intercepted the authorization request, preventing potential asset risks.

Case 3: A certain protocol C was attacked, and all addresses authorized to the protocol were facing asset risks. The OKX Web3 wallet security team responded quickly to the incident, listed the vulnerable contracts involved in the protocol as risky addresses, and reminded users when they authorized, effectively avoiding greater losses.

The above cases show that users should not only update emergency measures to deal with phishing and protocol attacks, but also use security tools and seek help from professional security teams. But most importantly, users need to start with themselves and learn to protect their wallets and assets.

How can users better understand the security status of their wallets and manage the security of their wallets?

GoPlus Security Team: In order to better understand and manage the security status of their wallets, users can take the following detailed measures.

1. Regularly check authorization

1. Use authorization management tools

• With authorization management tools: Users can regularly check authorized smart contracts using some commonly used authorization management tools. These tools can help users list all authorized contracts and mark those that are not frequently used or may pose risks.

• Contract Risk Assessment: Use these tools to conduct risk assessments on contracts, review the security and history of contract code, and identify potential risks.

2. Cancel unnecessary authorization:

• Easy cancellation of authorization: Through the authorization management tool, users can easily cancel the authorization of contracts that are no longer needed. This not only reduces potential security risks, but also prevents malicious contracts from using authorized permissions to operate.

• Regular maintenance: Perform authorization maintenance regularly to keep the authorization list concise and secure, and ensure that only necessary contracts have permissions.

2. Wallet Monitoring

1. Use monitoring tools

• Real-time monitoring: Use some wallet monitoring tools, such as Etherscan’s address monitoring service and GoPlus’ security monitoring tool, to monitor wallet activities in real time. This way, users can receive timely alerts when authorization changes, abnormal transactions, address poisoning or other security incidents occur.

• Detailed reports: These monitoring tools usually provide detailed reports and logs that record all wallet activities for easy review and analysis by users.

2. Customized Alerts

• Set alert parameters: Set custom alerts based on transaction amount, frequency, etc. Users can define different types of alerts, such as large transaction alerts, frequent transaction alerts, authorization change alerts, etc.

• Timely response: Once an alert is triggered, users should check and take necessary measures in time to prevent further losses. These alerts can be sent to users via email, SMS or in-app notifications.

3. Other safety measures

1. Regular backup and recovery

• Back up your private keys and mnemonics: Back up your wallet’s private keys and mnemonics regularly and store them securely in multiple locations, such as offline storage devices, encrypted USB drives, or paper backups. Make sure the backups are not accessible to unauthorized personnel.

• Test the recovery process: Regularly test the wallet recovery process to ensure that the wallet can be quickly and effectively restored when needed. This includes importing private keys or mnemonics, restoring the full functionality of the wallet, and verifying that the restored wallet can be used normally.

2. Use a hardware wallet

• Security of hardware wallets: Use hardware wallets to store large amounts of assets. Hardware wallets can provide higher security because their private keys never leave the device, preventing them from being stolen by hackers.

• Update firmware regularly: Make sure your hardware wallet’s firmware is kept up to date. Manufacturers regularly release security updates and patches to address the latest security threats.

OKX Web3 Wallet Security Team: Generally, users can use the following aspects to strengthen the security management of their wallets

1. Use wallet security tools

Many wallets and security tools can help users manage authorization and improve security

1) Common browser wallet plug-in that allows users to manage DApp permissions. You can view and revoke authorized DApps, regularly check authorized DApp websites, and deauthorize unnecessary websites.

2) Use the website to check and revoke wallet authorization. Users can view all authorized smart contracts by connecting to their wallet and choose to revoke permissions that are no longer needed.

2. Check wallet authorization regularly

Check your wallet authorization status regularly to ensure there are no redundant or suspicious authorizations.

1) Connect to or similar.

2) View the list of all authorized smart contracts.

3) Revoke DApps that are no longer in use or suspicious authorizations.

4) Make sure your wallet software is always up to date to get the latest security updates and bug fixes.

3. Improve personal safety awareness

1) Beware of phishing attacks: Do not click on unknown links or download unknown files.

2) Use strong passwords and two-factor authentication: Set a strong password for your wallet account and enable two-factor authentication (2FA) for added security.

How do users perceive security incidents on the chain and protect their assets in a timely manner?

GoPlus Security Team: Users should learn to monitor in real time and block malicious on-chain transactions as soon as possible.

Why is real-time monitoring necessary? Real-time monitoring of on-chain transactions is essential to protecting user assets. As more and more hackers and fraud gangs are involved in on-chain fraud, it has become extremely difficult to identify hidden risks in transactions. Many users lack the necessary security knowledge and technical capabilities to fully understand and prevent these threats. Real-time monitoring can help users promptly identify abnormal activities, such as unauthorized transactions, large transfers, or frequent trading operations, and take quick measures to prevent losses. In addition, real-time monitoring can detect and block malicious operations such as phishing, hacking, and smart contract vulnerabilities, thereby protecting the security of users assets. When a security incident occurs, real-time monitoring can immediately notify users, allowing them to take quick action, such as freezing accounts, canceling authorization, or reporting incidents, thereby minimizing losses. By providing a transparent environment, real-time monitoring can also enhance users trust in wallets and platforms, allowing users to view transaction and authorization status at any time and improve the user experience.

In order to achieve real-time monitoring of on-chain transactions and block malicious transactions, users can take the following measures:

First, a monitoring and response system is used. Users can set custom transaction alerts based on transaction amounts, frequency and other parameters, and receive alert information in a timely manner via email, SMS or in-app notifications. This not only helps users accurately monitor wallet activities, but also issues alerts as soon as abnormal transactions are discovered, allowing users to take quick action to prevent further losses.

Using blockchain analysis tools is also an important means. By using blockchain analysis platforms such as public chain web browsers, users can monitor the transaction history and activities of wallets and conduct in-depth analysis of transaction patterns and counterparties. The detailed data and analysis functions provided by these platforms can help users identify potential risky transactions and take timely actions. In addition, blockchain analysis tools can also help users track the flow of funds and detect and prevent possible fraud.

In addition, using seamless risk control protection can significantly improve the users security experience. Secure RPC or secure wallet products can help users achieve seamless risk control protection, automatically identify and evaluate potential security threats through real-time analysis of users transaction behaviors and environments in the background. This protection mechanism does not require users to perform complex operations, but runs automatically and provides protection, reducing the difficulty of user operations. For example, some advanced secure RPC services can help users analyze the security risks of each transaction and intelligently intercept dangerous transactions. Users only need to bind their wallets to the corresponding monitoring and blocking services, and the system will automatically protect the security of users assets.

Combined with these measures, users can achieve comprehensive real-time monitoring of on-chain transactions, effectively block malicious transactions, and protect the safety of their assets. Through imperceptible risk control protection, real-time monitoring and intelligent blocking technology, users can conduct on-chain transactions in a more convenient and secure environment. Whether ordinary users or professional investors, these technologies provide them with strong security guarantees, allowing them to participate in the blockchain ecosystem with greater peace of mind.

Real-time monitoring can not only help users deal with current security threats, but also improve their ability to prevent potential risks in the future. With the continuous development of blockchain technology and the expansion of application scenarios, security issues will become increasingly complex and diverse. By continuously learning and applying the latest security technologies and tools, users can remain highly alert to new threats and adjust and optimize their security strategies in a timely manner. Ultimately, real-time monitoring, intelligent blocking, and imperceptible risk control will become indispensable security tools for users in on-chain transactions, protecting their digital assets.

OKX Web3 Wallet Security Team: On-chain security incidents occur frequently, and users need to understand how to perceive these incidents in a timely manner and protect their assets. The following are some specific methods and tools that we hope can help users improve their on-chain security perception and take appropriate asset protection measures.

1. Follow the security vendor’s security incident Twitter

• Security vendor Twitter: Follow the blockchain security vendor’s Twitter account to learn about the latest on-chain security trends and attack methods.

• Pay attention to the latest attack methods: Pay attention to the latest attack methods of the same type of protocol, especially to prevent hackers from using common vulnerabilities to attack other protocols and cause user capital losses. Therefore, if necessary, withdraw investment in related types of protocols to avoid capital losses caused by the same type of security vulnerabilities.

2. Use on-chain monitoring tools

• Real-time monitoring tools: Use on-chain monitoring tools such as OKLink’s address balance monitoring to pay close attention to changes in the protocol TVL (total locked value) in real time, or use protocol monitoring tools provided by some security vendors to monitor the security of mainstream protocols in real time and promptly alert users when problems are found.

3. Pay attention to the compensation dynamics of the project party

• Compensation plan: For attacks that have already occurred, users can pay attention to the project’s compensation updates.

• Follow-up announcements: Some project parties will release information about compensation plans on their official websites, social media, and announcement channels.

• Report losses: Damaged users should report losses in a timely manner and participate in the compensation plan according to the guidance of the project party.

4. Cancel authorization of the vulnerable contract

• Use relevant tools to check and revoke authorization for vulnerable contracts to prevent funds from being stolen again

How can you avoid becoming an easy target for phishers when conducting on-chain transactions?

GoPlus Security Team: When trading on the chain, users should try to avoid becoming the target of phishers. They can strengthen protection from the following aspects.

In order to avoid becoming a target of phishers when trading on the chain, there are mainly the following points:

1. Verify the source

• Official channels: Never click on links from unknown sources, especially those received in private chats via email, Twitter, or Discord. Make sure all transactions and logins are done through official websites or official dapps. You can save or bookmark frequently used websites and apps to avoid entering fake websites. You can also check if there are well-known users following them in Twitter Followers to strengthen your judgment of whether it is official.

• Check the URL: Double-check the website’s URL to make sure it is spelled correctly and contains a secure certificate (HTTPS). Phishing sites often use domain names that are similar to the real site, but with minor differences.

2. Secure browser extensions

• Install browser extensions: Install some secure browser extensions with transaction simulation and phishing website identification functions. These extensions can monitor and block phishing websites in real time. The extensions usually check whether the visited website is in the database of known phishing websites and issue warnings when risks are found. At the same time, they can simulate transactions, inform the consequences of actions, and provide early warnings.

• Regular updates: Make sure browser extensions and other security software are always up to date to ensure they can identify and block the latest phishing attack methods.

3. Improve vigilance and identification skills

• Emails and messages: Be wary of any emails and messages that ask for personal information, passwords, recovery phrases, and private keys. Legitimate services will not ask for this information via email or messages.

• Check the sender: Even if the message appears to be from a familiar source, double-check the senders email address. Phishers sometimes try to impersonate a legitimate sender by using subtle spelling errors or fake domain names.

IV. Fund Management

• Multi-wallet management: Store assets in multiple wallets instead of concentrating them in one wallet. This way, even if one wallet is attacked, the assets in other wallets can be protected.

• Combination of hot and cold wallets: Store most of your assets in offline cold wallets, and keep only a small amount of assets in online hot wallets for daily transactions. Cold wallets are not connected to the Internet and are more secure.

• Regular inspection: Regularly check the security status and transaction records of each wallet, cancel unnecessary and redundant authorizations, and promptly detect and handle abnormal situations.

OKX Web3 Wallet Security Team: As the on-chain ecosystem develops, user on-chain interactions become more active, and it is even more necessary to raise awareness of security protection. Try to take multiple measures to reduce the risk of becoming a target of phishing attacks and protect the security of wallets and assets.

1. Verify the website and address: Before entering a private key or making a transaction, always verify that the URL of the website you are visiting is correct, especially when clicking on an email or social media link to access it directly. For blockchain addresses, use a known secure service such as OKLink Browser to verify the legitimacy of the address.

2. Use a hardware wallet: Hardware wallets can provide an extra layer of security for crypto assets. Even if the users computer is infected or accidentally visits a phishing website, the hardware wallet can ensure that the private key does not leave the device.

3. Don’t authorize easily: When authorizing operations on smart contracts, be sure to confirm the content and source of the contract. Only authorize contracts that you trust or have been fully reviewed by the community.

4. Leverage security tools and services: Install and use anti-phishing and malware protection tools, such as web browser extensions, which can help identify and block access to known malicious websites.

5. Be vigilant: Be wary of any urgent requests for your private key or transfer. Attackers often take advantage of users’ nervousness and impatience to induce them to make decisions.

6. Improve your own security awareness: Update your security knowledge regularly and pay attention to the latest phishing attack methods and blockchain security trends. You can take relevant online courses or read blockchain security guides.

How can users avoid participating in fraudulent projects when trading on the chain?

GoPlus Security Team: First, we need to understand what scam tokens are. Scam tokens are cryptocurrency tokens created by malicious actors. They are created for the purpose of implementing rug pulls, and these tokens are usually designed to defraud investors of their funds, while the tokens themselves have no real value or use. Once investors purchase these tokens, they often find that these tokens cannot be sold for various reasons, or they suffer huge losses during the transaction process. Common scam tokens include those that deceive users by limiting the sale function, trading cooldowns, hiding transaction fees, or otherwise. Users can avoid buying scam tokens by taking the following measures.

1. Verify the contract address:

• Verify information: Before purchasing tokens, confirm that the smart contract address of the token is correct. Make sure the contract address is consistent with the official one provided by the project, and obtain this information through official channels, such as the official website, white paper or official social media.

• Review the contract code: If you have a technical background, you can review the smart contract code of the token to check for abnormalities or malicious code. If you do not have relevant knowledge, you can rely on reliable contract audit tools or services.

• Use a blockchain browser: Use a blockchain browser to view detailed information about the token contract, including the distribution of token holders, transaction history, etc., to ensure that the contract has no obvious risk characteristics.

2. Use trusted tools:

• Token risk identification tools: Use some common token risk identification tools to scan token contracts for malicious code. These tools can check whether the contract has common scam features, such as inability to sell, hidden fees, etc.

• Contract analysis platform: Use the blockchain contract analysis platform to view the transaction history and contract code of the token. Pay attention to the distribution of token holders and be wary of tokens that are highly concentrated in a few addresses.

• Automated monitoring tools: Use tools that can automatically monitor new tokens and their risk characteristics to promptly detect and avoid potential scam tokens.

3. Community and word of mouth:

• Social Media and Community Feedback: Check out the community reputation of the token and feedback from other users on social media such as Twitter, Reddit, etc. Find out if the project is supported and trusted by the community and avoid buying tokens that have been repeatedly reported or discussed as scams.

• Project information transparency: Examine the information transparency of the project team, such as the background of team members, the projects technical white paper, development roadmap, etc. Formal projects usually disclose detailed team and technical information.

• Participate in community discussions: Actively participate in community discussions of token projects, understand the latest progress of the projects and users’ actual experience, and judge the credibility of the projects.

4. Small amount test:

• Test Transaction: Before making a large purchase, conduct a small test transaction. Through small test, verify whether the buying and selling functions of the token are working properly, and ensure that you do not buy Pixiu coins that cannot be sold.

• Monitor transaction fees: Pay attention to transaction fees and slippage on small transactions, and check for unusually high fees or hidden trading conditions.

• Observe market reaction: After conducting a small-scale test, observe the market’s reaction to the token and trading activity to assess whether it has normal market performance.

5. Be wary of high-yield promises:

• Unrealistic promises: Be wary of token projects that promise high yields and quick returns. Scam tokens often exploit investors’ greed and promise unrealistically high returns to attract funds.

• Identify risk signals: High returns are often accompanied by high risks. Be highly vigilant about projects that claim to be “guaranteed profits” and avoid being tempted by short-term high returns.

• Seek professional advice: Before investing, you can seek the advice of professionals and listen to their risk assessment of the project.

6. Rational investment:

• Stay rational and cautious: Don’t be tempted by short-term high returns, and always conduct adequate research and risk assessment. Investment decisions should be based on detailed analysis and rational judgment, rather than emotion-driven.

• Diversify your investments: Don’t put all your money into a single token or project. Diversifying your investments can reduce overall risk and ensure that even if some investments fail, you will not suffer significant losses.

OKX Web3 Wallet Security Team: Rug pull incidents by on-chain projects are common, and users should be more vigilant. For example:

1. Research the project background: Before buying any token, always research the project in depth. Learn about the project’s vision, team members, whitepaper, roadmap, etc. Find community discussions about the project to understand what others think about the project.

2. Watch out for warning signs: Some warning signs may indicate that a token is a scam or untrustworthy. For example, anonymous teams, overly exaggerated promises, lack of transparency, etc. If you find any warning signs, it is best to be vigilant and not buy such tokens easily.

3. Use token scanning tools: You can use the token scanning function provided by OKX Web3 wallet, etc. The token scanning tool conducts a comprehensive analysis from multiple levels such as contract code, on-chain behavior, community feedback, etc., and can detect whether the token is fraudulent to a certain extent.

4. Review the contract: On Ethereum or other smart contract platforms, you can view the code of the token contract. Reviewing the contract can help you determine whether the token is trustworthy. If the contract code contains suspicious logic or is not open source, you need to be more careful.

5. Stay vigilant: Do not easily believe recommendations from strangers or promotional materials sent in social networks. If you hear overly good promises about a project, be more skeptical and stay rational.

How can users prevent MEV attacks on the chain and avoid financial losses?

GoPlus Security Team: To prevent losing funds due to MEV (Miner Extractable Value) attacks, users can take the following detailed measures.

1. Use special tools

• MEV-proof feature: Users can enable MEV-proof features in their wallets, using specially designed trading tools or plugins. These tools can identify and avoid potential MEV attacks, protecting users’ transactions from being exploited by miners and other attackers.

• Transaction protection services: Some platforms provide transaction protection services that can send or confuse users’ transactions in batches to reduce the risk of being attacked by MEV. These services can help users perform large transactions more safely.

2. Disperse trading time:

• Avoid peak periods: Avoid making large transactions during peak trading periods, as MEV attacks are more active during these periods. Peak periods are usually when the market is volatile or when major news is released. Choosing periods with lower trading volume to trade can effectively reduce the probability of being attacked.

• Scheduled transactions: Use the scheduled transaction function to spread large transactions over multiple time points, reducing the risk of a single transaction being exposed to MEV attacks.

3. Leverage privacy technology:

• Privacy nodes: Users can send transactions to some privacy nodes (such as Flashbots) to ensure that the transactions are executed normally. Flashbots can send transactions directly to miners, bypassing the public transaction pool, thereby avoiding MEV attacks. However, this method may cause transaction confirmation to be slightly slower because the transaction needs to wait for the block to be on the chain to confirm its status.

• Confused transactions: Use transaction obfuscation technology to split transactions into multiple small transactions and send them together to increase the confidentiality of transactions and reduce the risk of attacks.

4. Diversification strategy:

• Distribute transactions: Do not concentrate all transactions at the same time or on the same platform to spread the risk and reduce the possibility of being targeted. By dispersing transactions, it is difficult for attackers to predict and intercept all transactions, reducing the overall risk.

• Use multiple trading platforms: Utilize multiple trading platforms and tools to avoid conducting all transactions on a single platform and reduce the possibility of centralized attacks.

5. Choose a trading pool with sufficient LP:

• High liquidity pool: Try to choose a trading token pool with high liquidity and sufficient LP (liquidity providers) to avoid slippage losses and MEV attacks caused by insufficient liquidity. High liquidity pools can absorb larger trading volumes and reduce the risk of trading manipulation.

• Review trading depth: Before making a trade, check the depth of the trading pool and the liquidity of the trading pair to ensure that the transaction can proceed smoothly and will not cause large price fluctuations.

6. Set a reasonable slippage tolerance:

• Slippage protection: Set a reasonable slippage tolerance on the trading platform to prevent the transaction price from deviating from expectations. Too high a slippage setting will increase the risk of being attacked by MEV, while too low a slippage setting may cause transaction failure. Adjust the slippage tolerance according to market conditions to achieve the best protection effect.

7. Continuously monitor and adjust strategies:

• Transaction monitoring: Continuously monitor your own trading activities to detect and respond to potential MEV attacks in a timely manner. Use analytical tools and monitoring services to track the execution of transactions and market reactions.

• Adjust strategies: Adjust trading strategies and protection measures in a timely manner based on transaction monitoring results and market changes to ensure that transactions are always safe.

OKX Web3 Wallet Security Team: We have extracted several key points, including:

1. Pay attention to transaction depth and set slippage: Pay attention to transaction depth. Large transactions can be divided into small transactions, executed multiple times, and slippage protection can be set to reduce the probability of being attacked.

2. Use privacy-protected nodes: Use RBC nodes with privacy protection functions to prevent transactions from being made public, such as the Flashbot privacy RPC node.

3. Choose trusted wallets and applications: Use reputable wallets and applications that provide mev protection (such as OKX wallet native DAPP), and avoid using unknown or unverified services.

Once the user’s wallet assets are stolen, how to remedy the situation?

GoPlus Security Team: Many users find that their wallet assets are suddenly missing. Due to lack of good experience or methods, they often lose the assets that could have been recovered or rescued. In order to help users take correct actions quickly after their assets are stolen, the following are several key remedial measures:

Step 1: Transfer the remaining tokens in the wallet

• Create a new wallet: Create a new wallet address immediately, ensuring that the new wallet address and private key are safe and not leaked.

• Transfer assets: Quickly transfer the remaining tokens in the wallet to the newly created wallet to prevent the remaining assets from being further stolen.

• Cancel authorization: Use the authorization management tool to cancel all unnecessary smart contract authorizations in the old wallet to further protect the remaining assets.

• Use rescue tools: Use some rescue tools and preemptive services to quickly recover losses when necessary. These services can help prioritize the transfer of assets and prevent hackers’ monitoring programs from automatically transferring the Gas required to transfer assets.

Step 2: Find the root cause of the theft

1. Check your device and account

• Device Security Check: Check the device you use to access your wallet to ensure it is free of malware, viruses, or spyware. Perform a full scan using trusted antivirus software.

• Account security check: Check accounts related to the wallet, such as trading platforms, emails, etc., to ensure that these accounts have not been hacked.

2. Reasons for location theft

• Stolen private key: If the private key is stolen, the hacker can take full control of the wallet and transfer all assets. If the EVM wallet private key is leaked, the hacker can transfer all assets from multiple EVM-compatible chains. Check for signs of private key or mnemonic leakage, such as entering the private key or mnemonic through a phishing website.

• Authorization fraud: Check whether malicious smart contracts have been authorized without knowing it. Use Etherscan or other blockchain browsers to view the authorization history and identify abnormal authorizations.

• Malicious signatures: Confirm whether malicious transactions or information have been signed. In particular, operations signed by DApps or other services, identify unknown or suspicious signatures.

3. Review transaction records:

• Analyze transaction history: Use blockchain browsers (such as Etherscan, BscScan) to view the transaction records of the wallet and identify suspicious transactions and unknown fund flows.

• Collect evidence: Record detailed information of suspicious transactions, including transaction ID, transaction time, counterparty address, etc., to provide evidence for subsequent alarm and investigation.

Step 3: Report to the police

1. Report to the police

• Contact the local police: Contact the local law enforcement agency as soon as possible to report the theft of your wallet assets. Provide detailed transaction records and evidence to help the police understand the case.

• Filing a case for investigation: Fill out necessary forms and documents as required by the police to ensure that the case is formally filed. Provide as many clues and evidence as possible to help the police conduct an investigation.

2. Keep communicating

• Regular follow-up: Contact the police regularly to learn about the progress of the case and provide any new clues or information.

• Assist with the investigation: actively cooperate with the police investigation and provide any information and support required.

Step 4: Seek help from professional security agencies and seek help from relevant exchanges to freeze the stolen funds based on the funding chain

1. Contact a professional safety agency

• Professional assistance: Contact blockchain security companies or professional security agencies and ask for their help. Professional agencies can provide technical support to help track and analyze the flow of stolen funds.

• Funds tracing: Use professional blockchain analysis tools to track the flow of stolen funds and identify the exchanges and final receiving addresses to which the funds flow.

2. Request the exchange to freeze funds

• Contact the exchange: Contact the relevant exchange where the stolen funds flowed, provide detailed transaction records and evidence, and ask them to assist in freezing the stolen funds.

• Provide evidence: Submit the police case filing certificate, transaction records and analysis reports to the exchange to prove that the funds are stolen assets and request the exchange to cooperate in freezing them.

• Continuous follow-up: Maintain communication with the exchange and regularly follow up on the progress of frozen funds to ensure that the stolen assets are recovered as soon as possible.

OKX Web3 Wallet Security Team: When a blockchain users wallet assets are stolen, remedies may be limited because the decentralization and immutability of the blockchain make it generally impossible to revoke a transaction once it is confirmed. Here are some possible remedies:

1. Take immediate action

1) Analyze the reasons for the theft

• If the authorization is given to a hacker address, you need to cancel the authorization immediately on the authorization platform.

• If the private key is leaked, a comprehensive security check is required to determine the cause of the private key leak, reinstall the system and then replace the wallet.

2) Asset rescue

• If there are still some assets in the wallet that have not been transferred, or assets in the defi project, you can rescue the assets to reduce losses.

3) Tracking the flow of funds

• You can find white hats or security community members to monitor the flow of funds together. If you find that the funds are flowing to an exchange, you can apply to freeze their account.

2. Report to relevant departments

1) Report the issue to the wallet customer service

2) Report the theft to the police and provide all relevant information. This information can help users freeze their exchange accounts if they find that funds have flowed to the exchange.

3. Seek help from the blockchain community

1) Publish announcements on relevant blockchain social media such as Twitter. Sometimes the community will help track and prevent the flow of stolen funds.

2) Provide bounty rewards to encourage white hats or community members to help recover assets.

4. Prevention

1) Seek education and training to learn more about how to protect yourself from future attacks.

2) Use cold wallets and store most of your assets in offline wallets.

3) Securely back up your keys

In summary, while the characteristics of blockchain technology make it difficult to recover stolen assets, quick action and taking multiple remedial measures can help minimize losses and prevent future risks.

Finally, thank you for reading the 6th issue of the OKX Web3 Wallet Security Special Issue. We will summarize the contents of the Security Special Issue series in the last issue. As the final issue, it will not only include real cases, risk identification, but also security operation tips. Stay tuned!


This article is for reference only and is not intended to provide (i) investment advice or investment recommendations; (ii) an offer or solicitation to buy, sell or hold digital assets; or (iii) financial, accounting, legal or tax advice. Holding digital assets (including stablecoins and NFTs) involves high risks and may fluctuate significantly or even become worthless. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation. Please be responsible for understanding and complying with local applicable laws and regulations.

Original article, author:欧易OKX。Reprint/Content Collaboration/For Reporting, Please Contact;Illegal reprinting must be punished by law.

ODAILY reminds readers to establish correct monetary and investment concepts, rationally view blockchain, and effectively improve risk awareness; We can actively report and report any illegal or criminal clues discovered to relevant departments.

Recommended Reading
Editor’s Picks