Latest Release of OKX Web3: On-Chain Anti-Phishing Security Trading Guide
Exploring the world of the blockchain, safety comes first. Users should remember these three safety rules: do not fill in mnemonics/private keys on any webpage, be cautious when clicking on wallet transaction interfaces and confirmation buttons, and be aware that links obtained from Twitter/Discord/search engines may be phishing links.
As we enter a new cycle, the risks of online interactions on the blockchain are increasingly exposed as users become more active. Phishers typically use methods such as creating fake wallet websites, stealing social media accounts, creating malicious browser plugins, sending phishing emails and information, and releasing fake applications to lure users into disclosing sensitive information, resulting in asset losses. Phishing forms and scenarios exhibit characteristics such as diversity, complexity, and stealth.
For example, phishers generally create fake websites that resemble legitimate wallet websites to trick users into entering their private keys or mnemonics. These fake websites often use social media, emails, or advertisements for promotion, misleading users into thinking that they are accessing legitimate wallet services, thereby stealing their assets. In addition, phishers may use social media platforms, forums, or instant messaging applications to impersonate wallet customer service or community administrators and send false messages to users, asking them to provide wallet information or private keys. This method exploits users’ trust in official sources to trick them into disclosing personal information.
In summary, these cases highlight the threat of phishing to Web3 wallet users. To help users improve their awareness of Web3 wallet security and protect their assets from loss, OKX Web3 has conducted in-depth community research and collected numerous phishing incidents experienced by Web3 wallet users. As a result, we have identified the four most common phishing scenarios encountered by users and have written the latest guide on how Web3 users can conduct secure transactions, using a combination of text and visual examples for different scenarios, as a learning reference for everyone.
Table of Contents:
Toggle
Malicious information sources
1. Replies to popular project Twitter posts
2. Theft of official Twitter/Discord accounts
3. Google search ads
4. Fake applications
5. Countermeasures: OKX Web3 wallet supports phishing link detection and risk alerts
Wallet private key security
1. Interacting with projects or verifying qualifications
2. Impersonating project customer service or administrators
3. Other possible pathways for mnemonics/private key leaks
4 Classic phishing scenarios
Scenario 1: Theft of main chain tokens
Scenario 2: Transfer to a similar address
Scenario 3: On-chain authorization
Scenario 4: Off-chain signatures
Other phishing scenarios
Scenario 6: Solana tokens and account permissions
Scenario 7: EigenLayer calling queueWithdrawal
Exploring the world of the blockchain, safety comes first
Malicious information sources
1. Replies to popular project Twitter posts
Replies to popular project Twitter posts are one of the main ways in which malicious information is spread. Phishing Twitter accounts can make their logos, names, and verification marks identical to official accounts, and even their follower counts can be in the tens of thousands. The only way to differentiate between the two is through the Twitter handle (pay attention to similar characters), so users must be vigilant.
In addition, fake accounts often deliberately reply to official tweets, but the replies contain phishing links, making it easy for users to mistake them for official links and fall victim to scams. Currently, some official accounts add “End of Tweet” to their tweets to remind users of the risk of phishing links in subsequent replies.
2. Theft of official Twitter/Discord accounts
To increase credibility, phishers may also steal project or KOL’s official Twitter/Discord accounts and release phishing links in the name of the official accounts. This often tricks many users into falling for the scam. For example, Vitalik’s Twitter account and the official Twitter account of the TON project have been hacked and used by phishers to release false information or phishing links.
3. Google search ads
Phishers sometimes use Google search ads to publish malicious links. The name displayed in the browser makes it appear to be an official domain, but clicking on the link will redirect to a phishing link.
4. Fake applications
Phishers also use fake applications to deceive users. For example, when a user downloads and installs a fake wallet released by a phisher, their private keys are exposed, leading to loss of assets. Phishers have even modified Telegram installation packages, changing the on-chain addresses for receiving and sending tokens, resulting in users losing their assets.
Countermeasures: OKX Web3 wallet supports phishing link detection and risk alerts
Currently, the OKX Web3 wallet supports phishing link detection and risk alerts to help users better cope with the above issues. For example, when a user visits a website using a browser through the OKX Web3 plugin wallet, if the domain name is a known malicious domain, the user will be immediately alerted. In addition, if a user uses the OKX Web3 app to access third-party DApps through the Discover interface, the OKX Web3 wallet will automatically perform a risk check on the domain name. If it is a malicious domain, the user will be intercepted and warned not to proceed.
Wallet private key security
1. Interacting with projects or verifying qualifications
Phishers often pretend to be a pop-up window of a browser plugin wallet or any other webpage when users interact with projects or verify qualifications, asking users to fill in mnemonics/private keys. These are generally malicious websites, and users should be vigilant.
2. Impersonating project customer service or administrators
Phishers often impersonate project customer service or Discord administrators and provide URLs for users to enter mnemonics or private keys. In such cases, the other party is a phisher.
3. Other possible pathways for mnemonics/private key leaks
There are many possible pathways for mnemonics and private key leaks, including computers being infected with Trojan viruses, computers using fingerprint browsers for malicious purposes, computers using remote control or proxy tools, mnemonics/private keys being stored in screenshot albums but uploaded and backed up by malicious apps to cloud platforms that have been hacked, monitoring of the mnemonic/private key input process, physical access to mnemonic/private key files/papers by people around the user, and developers pushing code including private keys to Github, etc.
In conclusion, users need to securely store and use mnemonics/private keys to better protect the security of their wallet assets. For example, as a decentralized self-custodial wallet, the OKX Web3 wallet offers multiple backup methods for mnemonics/private keys, including iCloud/Google Drive cloud storage, manual backups, and hardware backups. It has become one of the most comprehensive wallets on the market in terms of supporting private key backup methods, providing users with a more secure way to store private keys. In terms of the theft of user private keys, the OKX Web3 wallet supports mainstream hardware wallets such as Ledger, Keystone, and Onekey, where the private keys are stored inside the hardware wallet device, controlled by the user, ensuring asset security. In addition, the OKX Web3 wallet has now launched MPC non-private key wallets and AA smart contract wallets, further simplifying the private key issue for users.
4 Classic phishing scenarios
Scenario 1: Theft of main chain tokens
Phishers often name their malicious contract functions “Claim,” “SecurityUpdate,” and other enticing names, but the actual function logic is empty, only transferring the user’s main chain tokens. The OKX Web3 wallet now supports transaction pre-execution, displaying the asset and authorization changes after the transaction is on-chain, providing further reminders to users to be cautious. Additionally, if the interaction contract or authorization address is a known malicious address, a red safety alert will be displayed.
Scenario 2: Transfer to a similar address
When monitoring large transfers, phishers will generate and receive addresses with the same initial digits as the target address, using “transferFrom” to perform zero-value transfers or using fake USDT to perform transfers of a certain amount, contaminating the user’s transaction history. The phishers hope that the user will mistakenly copy the wrong address from the transaction history for subsequent transfers, completing the scam.
Scenario 3: On-chain authorization
Phishers usually induce users to sign approve/increaseAllowance/decreaseAllowance/setApprovalForAll transactions and upgrade to a pre-calculated new address using Create2, bypassing security checks to trick users into providing authorization. The OKX Web3 wallet provides security reminders for authorization transactions, reminding users of the risks associated with such transactions. Additionally, if the authorization address is a known malicious address, a red information alert will be displayed to prevent users from falling victim to the scam.
Scenario 4: Off-chain signatures
In addition to on-chain authorizations, phishers also use off-chain signatures to deceive users. For example, ERC20 token authorizations allow users to authorize a certain amount to another address or contract. The authorized address can transfer the user’s assets through “transferFrom,” which phishers take advantage of to commit fraud. The OKX Web3 wallet is currently developing a risk alert feature for this type of scenario. When a user signs an offline signature, the signing authorization address is analyzed. If it matches a known malicious address, a risk alert will be provided to the user.
Other phishing scenarios
Scenario 5: TRON account permissions
This type of scenario is relatively abstract. Phishers gain control of a user’s assets by obtaining permission to the user’s TRON account. TRON account permissions are similar to EOS and are divided into Owner and Active permissions. They can also be set up in a multi-signature form for permission control. For example, in the permission setting below, the Owner threshold is set to 2, and the two addresses have weights of 1 and 2, with the first address being the user’s address and having a weight of 1, which cannot operate the account independently.
Scenario 6: Solana tokens and account permissions
Phishers modify the ownership of ATA token accounts through SetAuthroity, effectively transferring the tokens to a new owner address. Once a user falls for this method, their assets will be transferred to the phisher, and so on. Additionally, if a user signs an Assign transaction, the Owner of their normal account will be changed from the System Program to a malicious contract.
Scenario 7: EigenLayer calling queueWithdrawal
Due to design mechanisms and other issues with the protocol itself, this scenario is also easily exploited by phishers. Based on the Ethereum middleware protocol EigenLayer, the queueWithdrawal call allows specifying another address as the withdrawer, and if a user signs this transaction, their pledged assets will be obtained by the specified address after seven days.
Exploring the world of the blockchain, safety comes first
Safe use of Web3 wallets is a crucial measure to protect assets. Users should take preventive measures to guard against potential risks and threats. They can choose industry-leading and security-audited wallets like OKX Web3 to explore the world of the blockchain more safely and conveniently.
As the most advanced and feature-rich wallet in the industry, the OKX Web3 wallet is fully decentralized and self-custodial. It supports a wide range of features and offers a one-stop solution for users to explore blockchain applications. It currently supports 85+ public chains and provides a unified experience across the app, browser plugin, and web interfaces, covering wallets, DEX, DeFi, NFT markets, and DApp exploration across five major areas, as well as supporting Ordinals market, MPC, and AA smart contract wallets, gas exchange, and hardware wallet connections. Additionally, users can enhance wallet security by securely protecting their private keys and mnemonics, regularly updating wallet applications and operating systems, handling links and information with caution, and enabling multi-factor authentication.
In conclusion, in the world of the blockchain, asset security is paramount. Users need to remember these three Web3 safety rules: do not fill in mnemonics/private keys on any webpage, be cautious when clicking on wallet transaction interfaces and confirmation buttons, and be aware that links obtained from Twitter/Discord/search engines may be phishing links.
OKX Web3