The market is once again experiencing an unremarkable high-level fluctuation. Since mid-May, BTC has had two consecutive long positive lines reaching 71K. The rise is fierce, but it is not enough to stir the numb nerves of retail investors. The main reason is that no one buys BTC and the market lacks other money-making effects.

If you want the market to become active, BTC still needs to break through the previous high, and some new scams will come out. Just wait quietly and hold on to Bitcoin and Ethereum. Don’t think it’s easy. On the one hand, you have to restrain yourself from being FOMOed by various wealth codes and making swing losses. On the other hand, you have to be careful of being stolen.

Previously, I almost had my money stolen because I accidentally clicked on a Twitter ad promotion link. Before that, a lot of Ethereum was stolen from me when I was playing Xpet. Before that, my ARB airdrop was looted.

The thefts have become even more serious in the past two days. Yesterday, someone posted on Twitter that someone stole 1 million US dollars from Binance through a counter-trading method; at the end of May, someone stole more than 2 million US dollars from OKX. It seems that this is more uncomfortable than being robbed, just like sleeping in your own home with the door locked, and a stranger asked the property management to open the door and raped you...

Let’s talk about the outlines of the two incidents. In the Binance theft incident, the hacker did not get the account password and two-factor authentication (2FA) of the guy, so he could only take the money away through the “counter-knocking” method.

The specific operation is that the hacker buys tokens in USDT trading pairs with good liquidity such as DASH, PYR, ENA, and then places sell orders exceeding the market price in pools with poor liquidity such as DASH/BTC, PYR/BTC, ENA/USDC, and finally uses the account of that buddy to open leverage to buy, which is called cross-trading.

So why can the account be operated without an account password? According to the victim's investigation, it was done by directly manipulating the account by hijacking the web page Cookies. Cookies are small texts sent by the website to your web page, and their purpose is to make it easier for you to log in next time.

The OKX incident was even more outrageous. The hacker changed the phone number, email address and Google Authenticator by clicking on the "Forgot password" button to log in, and the AI-synthesized video...

This incident has caused many people to panic. Even the leading exchanges are like this. What is there to believe in? What should we do?

There is no better way. Decentralization has many advantages, but to achieve it requires "high quality" at the whole social level, because there is no way to complain, and all responsibilities and consequences must be borne by oneself.

Now it is a massacre, because the attackers (hackers, fraud gangs) are far more powerful than the users who trade in cryptocurrencies.

Moreover, the industry is still imperfect. New things and new technologies will bring new loopholes. A tall tree attracts the wind. In the encryption industry, countless hackers are fishing where there is a lot of money, constantly trying to attack these places to make money.

Defense itself has a lag, there will always be loopholes, and loopholes will only be discovered after being attacked, and then they will be filled. The devil is always one step ahead of the saint. Until the entire industry is perfected and there are no major breakthroughs in the underlying infrastructure, it will "appear to be safer", but it still needs to be constantly updated and maintained.

However, CEX, as a transit station in the crypto industry, is a transition from centralization to decentralization. It is almost a place where everyone who enters the crypto industry must stop. The money earned is the trust, and risk control should be put first. There is no third-party custody now. The money is simply handed over to CEX, or even to CEX's wallet. Responsibility must be taken.

Of course, there are many objective factors, such as the industry is very new and hackers have many means of attack, but this is the corresponding obligation of making money. This is what the exchange needs to pay for, especially the kind of AI face-changing that can fool people out of money, which is unacceptable.

Binance and OKX should have an explanation, it depends on what kind of explanation. When Alipay was developing in the past, its slogan was "If you are stolen, I will pay you back", which was very well-organized. At the very least, from a marketing perspective, it would be better to pay the final word and set a benchmark than to spend hundreds of millions of dollars a year on various activities to attract new users.

There is no need to pay for all the losses later. Alipay is now cooperating with insurance companies. Is there a 1 million yuan compensation line? In the future, cryptocurrencies can also develop the insurance industry, and they don’t have to bear all the losses themselves. It’s time to start decentralized insurance.

Don't panic, everyone. Many people are creating panic. They say you should pay attention to safety, isolate, make it traceless, don't use plug-ins, etc., but there is no such thing as a thousand-day defense against thieves. You also have to look at your own pockets. You only have so much money, and you still want to do so much. Then don't do anything or airdrop.

The security protection level is linked to your own funds. Don’t mess with the money in the main account, put it in an Apple phone, and get another one for regular transactions and airdrops.

Just be careful not to click on unknown links. Most of the thefts are caused by airdrops and token distribution. If you go to the official website, you can avoid many problems.

Another point that needs to be mentioned is that not everyone is suitable for using cold wallets. Many people heard that Binance and OKX are not safe and need to use cold wallets, so they went to use them. But the premise is that you have to know how to use it! Ladies and Gentlemen, many people don’t know how to use cold wallets by themselves. At this time, when you transfer out, either you transfer to the wrong chain, or it is stolen in the middle, or you are defrauded-----this is your own fault, and it is useless to find anyone. If you put it in BN or OKX, if it is not your own fault, at least there is a possibility of recovery. If it is out, it is all gone.

Therefore, you need to learn how to use and master some basic tools, and put your money in a cold wallet only after you make a lot of money. You should think about how to make more money, don't you think?