账户安全
16,833 views
5 Discussing
Hot
Latest
See original
#账户安全
《Encrypted Asset Security Sharing Series》
Today, there were 3 cases of account asset theft, and all of them were huge amounts (about 1 million U)
In these thefts today, hackers seem to have taken control of user accounts and can force transactions and asset withdrawals, rather than profiting through counter-trading. The reasons behind this are still under investigation. It seems that the victims did not enable 2FA secondary verification
In addition to the most common phishing attacks in the crypto circle (clicking on phishing links intentionally or unintentionally), some tips are summarized:
1. Use mobile apps, try not to use web apps
2. Do not download plugins randomly, and do not click on unfamiliar links randomly
3. Be sure to enable 2FA secondary verification, SMS, email, Google Authenticator, etc.
4. Remember to cancel the signature in time after completing the interaction (for example, when the gas is low)
5. It is best to use Apple devices, which are more secure
6. Telegram Discord Don’t believe any private messages on Twitter. For example, you may be pulled into a group that looks very similar to the official one in Telegram.
7. Identify whether a Twitter post is an official one by looking at the number and quality of your common friends.
8. Don’t randomly click on links to small projects such as staking and lottery (fishing for small profits)
9. To interact, you must go to the official website. Don’t use Google to search for the official website address. Enter the official website from the official Twitter or Coingecko marked website. Cross-certify through multiple channels (official accounts may also be hacked and hackers may attach phishing links)
10. Don’t put all your assets in one place, whether it is a cold wallet or somewhere else, especially don’t put them in a place that you may not control
11. When using a cold wallet, especially for large assets, never connect to the Internet and do not interact with it. Store a small amount of funds in a hot wallet for interaction, and separate hot and cold
12. Understand the importance of mnemonics. With mnemonics, you can restore your wallet and the assets in it anywhere. Don’t enter mnemonics anywhere.
13. When creating a wallet, it is safest if the private key does not touch the network
14. The best way to use an interactive wallet is to use a combination of hot and cold wallets.
15. Develop the habit of doing test transfers, transfer a small amount of funds into a wallet to see if it can be transferred out. If the signature cannot be transferred out due to inadequate settings, the assets will be zero, and only paper wealth will remain.
《Encrypted Asset Security Sharing Series》
Today, there were 3 cases of account asset theft, and all of them were huge amounts (about 1 million U)
In these thefts today, hackers seem to have taken control of user accounts and can force transactions and asset withdrawals, rather than profiting through counter-trading. The reasons behind this are still under investigation. It seems that the victims did not enable 2FA secondary verification
In addition to the most common phishing attacks in the crypto circle (clicking on phishing links intentionally or unintentionally), some tips are summarized:
1. Use mobile apps, try not to use web apps
2. Do not download plugins randomly, and do not click on unfamiliar links randomly
3. Be sure to enable 2FA secondary verification, SMS, email, Google Authenticator, etc.
4. Remember to cancel the signature in time after completing the interaction (for example, when the gas is low)
5. It is best to use Apple devices, which are more secure
6. Telegram Discord Don’t believe any private messages on Twitter. For example, you may be pulled into a group that looks very similar to the official one in Telegram.
7. Identify whether a Twitter post is an official one by looking at the number and quality of your common friends.
8. Don’t randomly click on links to small projects such as staking and lottery (fishing for small profits)
9. To interact, you must go to the official website. Don’t use Google to search for the official website address. Enter the official website from the official Twitter or Coingecko marked website. Cross-certify through multiple channels (official accounts may also be hacked and hackers may attach phishing links)
10. Don’t put all your assets in one place, whether it is a cold wallet or somewhere else, especially don’t put them in a place that you may not control
11. When using a cold wallet, especially for large assets, never connect to the Internet and do not interact with it. Store a small amount of funds in a hot wallet for interaction, and separate hot and cold
12. Understand the importance of mnemonics. With mnemonics, you can restore your wallet and the assets in it anywhere. Don’t enter mnemonics anywhere.
13. When creating a wallet, it is safest if the private key does not touch the network
14. The best way to use an interactive wallet is to use a combination of hot and cold wallets.
15. Develop the habit of doing test transfers, transfer a small amount of funds into a wallet to see if it can be transferred out. If the signature cannot be transferred out due to inadequate settings, the assets will be zero, and only paper wealth will remain.
See original
In recent years, cases of cryptocurrency theft have occurred frequently, and how to properly protect our assets has become a top priority. The following are 12 key suggestions to help you better protect your crypto assets: 1. Whitelist withdrawal: Set the exchange to only allow whitelist withdrawals to increase security. 2. Official website download: Make sure to download and install the genuine desktop or mobile app from the official website. 3. Short-term cookies: Shorten the validity of cookies, increase login difficulty, and improve security. 4. Unified login name: Exchanges, wallets, and mnemonics should use the same person's name or mobile phone to log in. 5. Timely exit: Apps or browsers involving funds should be exited in time after use, and do not stay online all the time. 6. Manage plug-ins and cookies: Clean Chrome plug-ins and old cookies regularly to avoid security risks. 7. Multi-browser backup: Buy two browsers to log in separately and put them in different locations to prevent one from being damaged or lost. 8. Clean browser: Use a clean browser without plug-ins to log in to cryptocurrency assets. 9. System security: Remember to install antivirus software for Windows systems and perform regular antivirus. Apple mac systems are relatively safe, but you still need to pay attention. 10. Email reminder: The email used to register the exchange should be set up with a mobile phone reminder to detect and respond to hacker intrusions in a timely manner.
11. Safe storage: Do not store mnemonics or private keys in chat software such as QQ, WeChat, Alipay, or use WPS or Baidu Cloud storage to prevent them from being stolen by crawler software.
12. Segmented storage: Divide the mnemonics or private keys into two parts and place them on different platforms. Even if one part is leaked, the account password and fund password can be modified in time. #账户安全 #账户 #BTC走势分析 #MegadropLista
11. Safe storage: Do not store mnemonics or private keys in chat software such as QQ, WeChat, Alipay, or use WPS or Baidu Cloud storage to prevent them from being stolen by crawler software.
12. Segmented storage: Divide the mnemonics or private keys into two parts and place them on different platforms. Even if one part is leaked, the account password and fund password can be modified in time. #账户安全 #账户 #BTC走势分析 #MegadropLista
See original
Recently, I have seen many posts about the theft of exchange users' assets. Apple devices are not absolutely safe. Here are some safety suggestions:
1. Exchange account security
• Enable two-factor authentication (2FA): Regardless of whether you use any exchange such as OKX, Binance, Bitget, Gate, etc., it is recommended to enable 2FA.
• Store keys offline: Do not save the authentication key online, copy it in a notebook and keep it properly, and do not back it up on electronic devices.
• Google Authenticator: Check whether the verification code is synchronized to the Google account. It is recommended to cancel cloud synchronization and reset it.
2. Check the activity of devices regularly
• Check "Exchange Device Management" regularly and remove unused devices to prevent abnormal activities.
3. Manage the withdrawal whitelist
• Apple users: You can set a "pass key" instead of the exchange withdrawal whitelist, and perform face verification every time you withdraw money to the Web3 wallet.
Finally, do not download suspicious software on the mobile phone used for money, do not use free WiFi, and do not lend it to others to ensure the safety of the device and assets.
#账户安全
1. Exchange account security
• Enable two-factor authentication (2FA): Regardless of whether you use any exchange such as OKX, Binance, Bitget, Gate, etc., it is recommended to enable 2FA.
• Store keys offline: Do not save the authentication key online, copy it in a notebook and keep it properly, and do not back it up on electronic devices.
• Google Authenticator: Check whether the verification code is synchronized to the Google account. It is recommended to cancel cloud synchronization and reset it.
2. Check the activity of devices regularly
• Check "Exchange Device Management" regularly and remove unused devices to prevent abnormal activities.
3. Manage the withdrawal whitelist
• Apple users: You can set a "pass key" instead of the exchange withdrawal whitelist, and perform face verification every time you withdraw money to the Web3 wallet.
Finally, do not download suspicious software on the mobile phone used for money, do not use free WiFi, and do not lend it to others to ensure the safety of the device and assets.
#账户安全
See original
I am a KOL in the security track of Kaijuan. I will not bet on other tracks because I cannot win.
In the past two days, people have been panicked because of the theft of coins from users. It seems that many related tweets and public account information are emphasizing why the exchange does not pay and why such a thing has happened to such a top exchange. How to ensure the security of accounts in the future?
In fact, it is very simple. The user also told the story himself, but there are still many people who do not know the truth and are denouncing why there is no compensation. According to the user's self-report, because he downloaded the Chrome plug-in Aggr, the cookie information stored in the web client was stolen, and the coins were stolen through the counter-knocking method.
Here is an explanation of what Cookie is. Simply put, it is a small database of the web page. When we log in to any website on the web page, the authenticated user authorization information returned will be stored in the Session or Cookie. The next time we request, we will first get the authorization information from the local to verify. If it is valid, we will log in without password. If it is invalid, we will jump to the login page. It is obvious that the stolen is a valid Cookie.
The storage and use of cookies here are completely in accordance with industry standards. More than 99.99% of the websites on the Internet do this, so it is completely understandable that Binance does not compensate for this problem, because the cookie was stolen due to the user's own download of the plug-in.
For example, because of your poor custody, your bank card and bank password were known by others and the money was taken away. Then you asked the bank for the loss of this money?
I sympathize with this brother and also warn everyone to always pay attention to protecting the security of their accounts, but there is no need to be too nervous. Many people use multiple browsers, or even multiple physical hosts for isolation. I can only say one thing: it is unnecessary. Don't click, look, or download randomly. It's better than anything else.
In addition, some people are worried about whether the problem of cookie theft will occur on the mobile phone. For IOS, don't think about it. Those who jailbreak themselves are another matter. For Android, this thing is called SQLlite, which is theoretically possible (it's just a little more difficult than web pages). As the old saying goes, don't click, look, or download randomly. It's better than anything else.
Finally, I would like to dispel a recent rumor about the suspicion about facial verification for withdrawing coins caused by a problem with the AI facial video of a competitor. To put it simply, that AI facial video involves the facial information of the exchange account, while the facial function for withdrawing coins is facial verification on the mobile phone. This facial information is not that facial information.Unless there is a problem with the facial recognition of the mobile phone system itself, there will be no problem with the facial recognition of the withdrawal verification function module, and it has nothing to do with the exchange.
#账户被盗 #账户安全
In the past two days, people have been panicked because of the theft of coins from users. It seems that many related tweets and public account information are emphasizing why the exchange does not pay and why such a thing has happened to such a top exchange. How to ensure the security of accounts in the future?
In fact, it is very simple. The user also told the story himself, but there are still many people who do not know the truth and are denouncing why there is no compensation. According to the user's self-report, because he downloaded the Chrome plug-in Aggr, the cookie information stored in the web client was stolen, and the coins were stolen through the counter-knocking method.
Here is an explanation of what Cookie is. Simply put, it is a small database of the web page. When we log in to any website on the web page, the authenticated user authorization information returned will be stored in the Session or Cookie. The next time we request, we will first get the authorization information from the local to verify. If it is valid, we will log in without password. If it is invalid, we will jump to the login page. It is obvious that the stolen is a valid Cookie.
The storage and use of cookies here are completely in accordance with industry standards. More than 99.99% of the websites on the Internet do this, so it is completely understandable that Binance does not compensate for this problem, because the cookie was stolen due to the user's own download of the plug-in.
For example, because of your poor custody, your bank card and bank password were known by others and the money was taken away. Then you asked the bank for the loss of this money?
I sympathize with this brother and also warn everyone to always pay attention to protecting the security of their accounts, but there is no need to be too nervous. Many people use multiple browsers, or even multiple physical hosts for isolation. I can only say one thing: it is unnecessary. Don't click, look, or download randomly. It's better than anything else.
In addition, some people are worried about whether the problem of cookie theft will occur on the mobile phone. For IOS, don't think about it. Those who jailbreak themselves are another matter. For Android, this thing is called SQLlite, which is theoretically possible (it's just a little more difficult than web pages). As the old saying goes, don't click, look, or download randomly. It's better than anything else.
Finally, I would like to dispel a recent rumor about the suspicion about facial verification for withdrawing coins caused by a problem with the AI facial video of a competitor. To put it simply, that AI facial video involves the facial information of the exchange account, while the facial function for withdrawing coins is facial verification on the mobile phone. This facial information is not that facial information.Unless there is a problem with the facial recognition of the mobile phone system itself, there will be no problem with the facial recognition of the withdrawal verification function module, and it has nothing to do with the exchange.
#账户被盗 #账户安全