#BNB

Overview of the introductory section

Blockchain technology, as a great invention, has revolutionized production relations and solved trust issues to some extent. However, there are many misconceptions in the actual application of blockchain, which are often exploited by criminals, leading to user asset losses. As a result, the blockchain world is described as a 'dark forest.' To help users protect their assets in this complex environment, SlowMist Technology founder Xu Qian has written the (Self-Rescue Manual for the Blockchain Dark Forest). This document serves as an introduction to the manual, covering core security principles in blockchain use, wallet management, privacy protection, human safety, common ways of wrongdoing, and countermeasures.

Core security principles

In the 'dark forest' of blockchain, users must remember two major security principles:

  1. Zero trust: Always maintain a skeptical attitude. Do not easily trust any information or platform, especially in scenarios involving asset security.

  2. Continuous verification: Verify any trusted objects and cultivate this verification ability as a habit.

Create a wallet

Wallets are the core tool in the blockchain world; correctly creating and managing wallets is the first step to security.

1. Choosing and installing a wallet

  • Download source: Obtain download links from official websites or industry-recognized platforms (such as CoinMarketCap) and avoid using software from unknown sources.

  • Installation and verification: When installing PC wallets, it is recommended to perform file consistency checks; for browser extension wallets, pay attention to the number of users and ratings; hardware wallets should be purchased from official channels, and care should be taken to prevent tampering.

  • Web wallets are not recommended: Online wallets carry high risks and should be avoided.

2. Management of mnemonic phrases

  • Sensitivity: The mnemonic phrase is the core of the wallet; ensure no one else is around or no cameras are present when generating it.

  • Randomness: Ensure the randomness of the mnemonic phrase to avoid easy cracking.

3. Keyless solutions

  • Custodial method: Users do not hold private keys and rely entirely on centralized platforms, suitable for beginners but with platform risks.

  • Non-custodial method: Users hold private keys or mnemonic phrases, providing higher security, but require certain technical capabilities.

Backup wallet

Backup is an important measure to prevent asset loss.

1. Types of mnemonic phrases and private keys

  • Plaintext mnemonic phrase: Usually consists of 12 English words.

  • Password-protected mnemonic phrase: Generate different seeds through a password to enhance security.

  • Multi-signature scheme: Multiple signatures are required to use funds, suitable for teams or high-security requirement scenarios.

  • Secret sharing scheme: Split the seed, needing a specified number of pieces for recovery.

2. Backup methods

  • Multiple backups: Combine various methods such as cloud storage (like Google Drive), written copies, device storage (such as hard drives, USB sticks), etc.

  • Encryption protection: Encrypt backup content and regularly verify that backups are usable.

Using wallets

The operational security of wallets directly relates to the security of user assets.

1. Cold wallets and hot wallets

  • Cold wallet: Used for long-term asset storage; observe wallet receiving assets, and use QR codes or USB for sending.

  • Hot wallet: Used when interacting with DApps (such as DeFi, NFT, GameFi, etc.); be cautious of malicious code, address replacement, and other risks.

2. DeFi security

  • Smart contract security: Avoid excessive permissions, add time locks or multi-signature mechanisms.

  • Frontend security: Prevent internal wrongdoing (such as replacing target contract addresses) and third-party supply chain attacks.

  • Communication security: Use HTTPS to prevent man-in-the-middle attacks.

3. Signature security

  • Cautious authorization: Avoid inadvertently authorizing NFTs or tokens.

  • Authorization revocation tools: Such as Revoke.cash, APPROVED.zone, Rabby extension wallet.

Privacy protection

Protecting privacy is an important component of security in the blockchain world.

1. Operating systems and devices

  • System updates: Install security updates in a timely manner.

  • Source of the program: Avoid downloading unofficial software.

  • Disk encryption: Enable disk encryption features.

2. Network and browser

  • Secure network: Avoid connecting to unfamiliar Wi-Fi; choose reputable routers and service providers.

  • Browser extensions: Only install necessary extensions and use privacy protection tools.

3. Passwords and authentication

  • Password manager: Use tools like 1Password, Bitwarden to ensure the security of your master password and email.

  • Two-factor authentication (2FA): Use tools like Google Authenticator.

4. Other tools

  • Scientific internet access: Ensure network security.

  • Email selection: Prefer to use high-security email services (such as Gmail, ProtonMail).

  • SIM card protection: Set a PIN code to prevent SIM card attacks.

Human safety

Human safety mainly involves social engineering attacks and psychological strategies.

1. Phishing attacks

  • Disguising official identity: Impersonating official personnel through platforms like Telegram, Discord for scams.

  • Anti-phishing measures: Do not trust links or files sent by strangers.

2. Privacy issues

  • Web3 privacy: Be aware of the public nature of on-chain data to avoid leaking sensitive information.

Ways to abuse blockchain

There are many ways to abuse the blockchain world, including but not limited to the following:

  • Coin theft: Stealing user assets through phishing, malicious code, etc.

  • Malicious mining: Using user devices for mining.

  • Ransomware: Encrypting user files and demanding ransom.

  • Money laundering and Ponzi schemes: Using the anonymity of blockchain for illegal fund transfers.

SlowMist Technology provides the SlowMist Hacked blockchain hacking archive, documenting relevant cases from history.

Response measures after theft

If user assets are stolen, remain calm and handle the situation:

  1. Stop-loss first: Quickly freeze relevant accounts or assets.

  2. Preserve the scene: Keep relevant evidence for later analysis.

  3. Trace and track: Use on-chain tools to trace the flow of funds.

  4. Case closure: Summarize lessons learned to avoid recurrence.

Common misconceptions

  1. Code Is Law: Code is law, but not absolutely secure.

  2. Not Your Keys, Not Your Coins: If you do not hold the private keys, you do not own the assets.

  3. In Blockchain We Trust: Trust must be built on verification.

  4. Cryptographic security is absolute security: Cryptographic security can also fail due to improper operation.

  5. Getting hacked is embarrassing: Being attacked is not shameful; what matters is learning the lesson.

Summary

(The Self-Rescue Manual for the Blockchain Dark Forest) is not only a security guide but also a practical manual. Users must put into practice what they learn after reading, master relevant skills, and continuously summarize and improve in actual operations. At the same time, the manual calls on users to share their experiences to jointly promote the development of blockchain security.

In addition, the manual pays tribute to global security legislation, cryptographic research, the efforts of engineers and ethical hackers, and thanks everyone who strives to create a safer world.