The concept of blockchain is now understood by more people, and blockchain-based digital wallets have become the main way for people to understand and participate in the blockchain ecosystem. People have become accustomed to centralized data processing methods, and this kind of thinking and habits may bring huge risks to the security of their assets. For example, the most basic downloading and using of a genuine digital wallet may become a "stumbling block" for novices, because fake wallet websites and fake wallets have now appeared in large numbers on the Internet.
The article in this issue will summarize the concept, user usage habits, and thinking mode analysis; the identification and prevention of fake websites and fake wallets.
What is blockchain
Blockchain is a distributed ledger technology with the following characteristics:
Decentralization: The blockchain is jointly maintained and managed by nodes distributed on the network, without institutional or individual control and management. This decentralized feature makes the blockchain more secure, transparent and fair.
Immutability: Every piece of data on the blockchain is recorded in a block, and these blocks are linked to each other through encryption algorithms. Therefore, once the operation recorded on the blockchain is confirmed, It cannot be tampered with or deleted, ensuring the authenticity and integrity of the data.
Transparency: Since the blockchain is a public, decentralized ledger, each participant can view all execution records on the network, ensuring data transparency and fairness.
High security: The blockchain uses complex cryptographic algorithms to ensure data security and privacy protection. At the same time, the decentralized characteristics also make the blockchain more difficult to be attacked or tampered with.
Programmability: Blockchain can realize automated execution and operations through smart contracts. It is highly programmable and can meet the needs of different scenarios.
Centralized and decentralized services
Centralized services:
Refers to services controlled and managed by one or more institutions or individuals. These institutions or individuals have decision-making, management and control rights. Users need to provide them with personal information, credit evaluation and other information to use these services. Centralized services are usually provided by some large institutions or companies, such as social media platforms, e-commerce platforms, online payment platforms, etc.
Decentralized services:
Decentralized services refer to a form of services provided through distributed networks and protocols without the need for control and management by institutions or individuals. These services are usually completed collaboratively by nodes and users in a distributed network and do not rely on institutional control and management. A typical application of decentralized services is in the field of blockchain technology.
Decentralized systems are less susceptible to attack and control, and they are more flexible and customizable. Decentralized services are usually transparent, and users can view the status and operation of the service in real time, thereby gaining more trust and support.
The risk of centralized thinking
Centralized thinking is a centralized way of thinking that focuses security control and management on institutions or individuals. On the contrary, decentralized thinking is a decentralized way of thinking that puts security and credibility first and pursues distributed architecture and autonomy, which can be more secure and credible.
If you use a decentralized self-hosted wallet using a centralized way of thinking, you will subjectively think that assets are saved and managed in the wallet. As long as your password is not revealed, others cannot control your assets. Therefore, you should be more casual when choosing to use a wallet, and install it using a search link or an installation package sent by others. When you use a fake wallet, the mnemonic words and private keys you imported or created will be leaked, eventually leading to the loss of assets.
Due to the unique anonymity and non-tamperability of the blockchain, the results of successful execution on the chain become uninterruptible, and no one can freeze the address or assets of the stolen person on the chain. Therefore, the use of decentralized self-hosted wallets must be through the official website or a secure and unified platform, such as the App Store or Google Play. The results in all other search platforms are not trustworthy.
Fake official website scam
The emergence of fake websites is mainly because fraudsters use Internet technology to apply templates and materials from official websites, making users mistakenly think that they are regular wallet websites. They will also use methods such as website ranking optimization to improve the visibility and ranking of the website in search engines, thereby attracting more traffic and potential customers. Fake websites are the main way for users to download fake wallets, so fraudsters will make a lot of articles on fake websites. The following are the search results of a mainstream search tool for the keyword "TP wallet".
With such a huge amount of fake link data, users will suffer asset losses if they access and use any of the fake wallets.
fake wallet scam
Fake wallets are made by fraudsters who decompile apk or ipa, add the private key and mnemonic data upload function created or imported to the wallet, repackage and distribute it to fake websites for downloading. Once the user downloads and uses a fake wallet to import private keys, mnemonic phrases and other content, these data will be automatically synchronized to the fraudster's server, thereby stealing the user's assets or monitoring the user's assets, ultimately leading to the loss of the user's assets. The following is a display of the multi-client after installation of the fake wallet provided in the fake website.
The genuine Android wallet, whether it is the official website version or the Google Play version, can only have one client in the wallet, so if you find that multiple clients can coexist on your phone, it means you have encountered a fake wallet.
The genuine iOS wallet can only be downloaded through the App Store platform. Please check the wallet name: TP Wallet, developer: [TP Global Ltd].
The wallet version number can be viewed in the download interface of the official website. If there is any client higher than the official version, it will definitely be a fake wallet. There are very few fake wallets such as version 1.3.7. These wallets can be verified through the installation package. Hash value verification tutorial to verify.
How to avoid fake official websites and fake wallets
To use the genuine wallet, you need to go through the official website: www.tokenpocket.pro and www.tpwallet.io, or download it from the App Store or Google Play. Do not use the websites and installation packages provided by the search platform, and do not trust anyone who actively chats with you privately and sends fake links or fake wallet installation packages.
On the premise of using a genuine wallet, do a good job in offline backup and storage of private key mnemonics, and do a good job in authorization protection. Do not use third-party links and authorizations from unknown sources at will. During the transfer process, the payment address and amount must be checked. Check carefully. In addition, TokenPocket also supports cold wallets, multi-signature wallets and hardware wallets, which are suitable for different scenarios and can better protect assets.
Several factors for asset security
When using a decentralized self-hosted wallet, the risks that affect asset security mainly focus on the following three ways:
First, the problem of private key mnemonic leakage. For example, using fake wallets, fake customer service to induce fraud, participating in phishing websites, and personal custody issues (storing private keys and mnemonics online, such as chat tool favorites, photo albums, cloud network disks, etc.), these are all possibilities. Cause leakage problems;
Second, malicious authorization issues (nearly hundreds of scams such as verification code websites, purchasing gift cards, fake activity links, fake airdrops, QR code scanning, etc.);
Third, relatively "low-level" scams such as "zero amount" and "same address ending number" use carelessness to copy the wrong payment address and transfer money.
Therefore, in daily use, we supplement and learn relevant knowledge based on the above risk factors, carefully check every prompt information that appears in the wallet, and enhance anti-fraud awareness so that our assets can have better security guarantees.