I am a KOL in the security track of Kaijuan. I will not bet on other tracks because I cannot win.
In the past two days, people have been panicked because of the theft of coins from users. It seems that many related tweets and public account information are emphasizing why the exchange does not pay and why such a thing has happened to such a top exchange. How to ensure the security of accounts in the future?
In fact, it is very simple. The user also told the story himself, but there are still many people who do not know the truth and are denouncing why there is no compensation. According to the user's self-report, because he downloaded the Chrome plug-in Aggr, the cookie information stored in the web client was stolen, and the coins were stolen through the counter-knocking method.
Here is an explanation of what Cookie is. Simply put, it is a small database of the web page. When we log in to any website on the web page, the authenticated user authorization information returned will be stored in the Session or Cookie. The next time we request, we will first get the authorization information from the local to verify. If it is valid, we will log in without password. If it is invalid, we will jump to the login page. It is obvious that the stolen is a valid Cookie.
The storage and use of cookies here are completely in accordance with industry standards. More than 99.99% of the websites on the Internet do this, so it is completely understandable that Binance does not compensate for this problem, because the cookie was stolen due to the user's own download of the plug-in.
For example, because of your poor custody, your bank card and bank password were known by others and the money was taken away. Then you asked the bank for the loss of this money?
I sympathize with this brother and also warn everyone to always pay attention to protecting the security of their accounts, but there is no need to be too nervous. Many people use multiple browsers, or even multiple physical hosts for isolation. I can only say one thing: it is unnecessary. Don't click, look, or download randomly. It's better than anything else.
In addition, some people are worried about whether the problem of cookie theft will occur on the mobile phone. For IOS, don't think about it. Those who jailbreak themselves are another matter. For Android, this thing is called SQLlite, which is theoretically possible (it's just a little more difficult than web pages). As the old saying goes, don't click, look, or download randomly. It's better than anything else.
Finally, I would like to dispel a recent rumor about the suspicion about facial verification for withdrawing coins caused by a problem with the AI facial video of a competitor. To put it simply, that AI facial video involves the facial information of the exchange account, while the facial function for withdrawing coins is facial verification on the mobile phone. This facial information is not that facial information.Unless there is a problem with the facial recognition of the mobile phone system itself, there will be no problem with the facial recognition of the withdrawal verification function module, and it has nothing to do with the exchange.
