A few days ago, it was suddenly revealed that Binance funds were stolen, and these few days, it was revealed that OKX was stolen. It's really like eating the melons in the melon field one after another.


This caused many group members to be very confused and they were all asking if they could still keep their funds in the exchange?


I think this friend has not experienced the previous black swan incidents. It is a good thing to worry, but he is not used to the normal operation of the cryptocurrency circle yet, and in these cases, hackers targeted large investors.


It is the basic operation for experienced investors to spread their funds across several exchanges. There is no need to look at exchanges below the top five.


Let’s review the timeline of this incident and what happened to OKX.


To solve everyone's fud problem, is it possible that this is an employee resignation incident? Is it possible that Xu Mingxian is investigating in the direction of catching the traitor?


Of course this is just my guess, for the following reasons:


A few days ago, I burned more than 200 cookies during testing, and then there were several thefts. I can't help but wonder if it was an isolated incident!


I looked at the time of several thefts, some of which were exposed, and some were not exposed, but sent to me in private messages; I looked at the time, one person was robbed at around 1, 3, 4, 5, and 7 in the early morning. The time was too coincidental. In the early morning, Chinese people were all asleep. He was able to accurately pick out a group of Chinese customers with lax security measures. It's very strange! huangshiyuan17 at 1:30 a.m. AsAnEgg at 4:30 a.m.

图片

The stranger thefts will definitely be carried out in batches within a short period of time. They will not stretch the battle line so long and defeat them one by one. This is more like testing something or avoiding something.


The largest stolen account has not been exposed yet, but the information I obtained is that it appeared at around 7 a.m., with an amount close to 35 million. The largest amount was withdrawn last, which must be strange and not in line with common sense.


The stolen customers were all replaced with e and stolen, with an average of one user per hour. They are well aware of the internal risk control of OK withdrawals! It is still in the suspicion stage and further investigation and research is needed!


Here are some conditions to keep in mind:


1. Google Authenticator now follows your Google account. If your Google account is stolen, your secondary verification will also be stolen. So Google account must be protected. I use Yubikey for my two main Google accounts. That means that any new device must be verified by my physical Yubikey when logging in. Everyone must pay attention to this.


2. The Google verification code is managed locally. Later, the Google verification code was upgraded to email binding. If the email is stolen, the bound Google verification code can be restored to the new phone with one click. Recommendation: Do not use email binding. Google verification code, the best way to back up the Google verification code is to export it into several QR code pictures, store the electronic version separately or print it and save it.


3. Try to use Apple's system. It doesn't mean that Apple will never have problems, but it is still more secure than Windows system.


4. Never click on unfamiliar links, whether on your mobile phone or computer.


5. Try to delete the cache in your computer and don’t install too many developer versions of plugins. Use mainstream plugins and update them regularly.


6. Prevent the mobile phone from being monitored. A friend who works in the Internet and IT industry told me that mobile phones can be monitored to receive text messages. Xiaotiancai watches have this function and can receive text messages on behalf of others. Therefore, it is possible that some software has been implanted in the mobile phone. The most powerful thing is that the mobile phone is connected to a fake base station, which may monitor the text messages of the mobile phone. Suggestion: Still use Apple~~.


7. Don’t connect to unfamiliar WIFI. Don’t install any universal Wifi password. If you use someone else’s, you will also share yours.


8. Register a new email address and use it only for exchange verification. Keep it separate from your daily life and work, and physically eliminate it.


9. For large amounts of money, such as BTC, it is better to put them in a cold wallet if you don’t want to sell them.


10. Do not lend your transaction phone to anyone else and keep your password safe, including to your closest people.


11. Usually, do not post high-definition photos without angles to the Internet. Nowadays, AI is so powerful in synthesizing portraits and 3D printing technology is so awesome that many things will be too late once they happen.