Introduction | OKX Web3 has specially planned the "Security Special Issue" column to answer different types of on-chain security issues. Through the most real cases happening around users, in collaboration with experts or institutions in the security field, dual sharing and answers from different perspectives are conducted, so as to sort out and summarize the rules of safe transactions from the shallow to the deep, aiming to strengthen user security education while helping users learn to protect their private keys and wallet assets from themselves.
One day, someone suddenly gave you a wallet address private key worth $1 million. Would you want to transfer the money immediately?
If so, this article is tailor-made for you.
This article is the first issue of OKX Web3's "Security Special Issue". We have specially invited the well-known security organizations in the crypto industry that have experienced "hundreds of frauds" - the SlowMist Security Team and the OKX Web3 Security Team, to share the most real cases encountered by users, full of practical information! 
SlowMist Security Team: Thank you very much for the invitation from OKX Web3. As an industry-leading blockchain security company, SlowMist mainly serves customers through security audits and anti-money laundering tracking and tracing, and has built a solid threat intelligence cooperation network. In 2023, SlowMist assisted customers, partners and public hacking incidents to freeze funds totaling more than 12.5 million US dollars. I hope to continue to output valuable things with awe for the industry and security.
OKX Web3 Security Team: Hello everyone, I am very happy to share this. The OKX Web3 Security Team is mainly responsible for the security capability building of the OKX Web3 wallet, providing multiple protection services such as product security, user security, and transaction security. While protecting the security of user wallets 24/7, it also contributes to maintaining the security ecosystem of the entire blockchain.
Q1: Can you share some real theft cases?
SlowMist Security Team: First, most of the cases are because users store their private keys or mnemonics online. For example, users often use cloud storage services such as Google Docs, Tencent Docs, Baidu Cloud, WeChat Collection, and Memos to store private keys or mnemonics. Once these platform accounts are collected by hackers and successfully "crashed into the database", private keys can be easily stolen.
Second, after users download fake apps, their private keys are leaked. For example, multi-signature scams are one of the most typical cases. Fraudsters induce users to download fake wallets and steal wallet mnemonics, and then immediately modify the account permissions of the user's wallet: the wallet account permissions are changed from the user himself to the user and the fraudster, thereby seizing control of the wallet account. Such fraudsters tend to be patient and wait for the user's account to accumulate a certain amount of encrypted assets before transferring them all at once.
OKX Web3 Security Team: SlowMist has outlined two main types of private key thefts. The second type, where fraudsters use fake apps to steal user private keys, is essentially a Trojan program. This type of Trojan program steals user private keys by obtaining access to user input methods, photos, and other permissions. Compared to IOS users, Android users encounter more Trojan virus attacks. Here are two simple cases:
Case 1: A user reported that his wallet assets were stolen. After our team communicated with the user and investigated, we found that he had previously downloaded and installed a disguised data platform software through Google search. This software was a Trojan program. However, when the user searched for the platform software, its link appeared in the top 5 of Google search, causing the user to mistakenly think it was the official software. In fact, many users do not distinguish the links provided by Google, so it is easy to encounter Trojan attacks in this way. We recommend that users perform daily security protection through firewalls, antivirus software, and Hosts configuration.
Case 2: A user reported that his wallet assets were stolen when he invested in a DeFi project. However, through our analysis and investigation, we found that there was no problem with the DeFi project itself. User B’s wallet assets were stolen because he was targeted by an official customer service representative of the DeFi project when he commented on the project on Twitter. Under the guidance of the fake customer service representative, he clicked on the fake link and entered the mnemonic, which led to the theft of his wallet assets.
It can be seen that the scammers' methods are not sophisticated, but users need to be more aware of the problem and never disclose their private keys easily. In addition, our wallet has issued a security risk warning for this malicious domain name. 
Q2: Is there an optimal way to keep private keys? What alternatives are there to reduce reliance on private keys?
SlowMist Security Team: Private keys or mnemonics are actually a single point of failure. Once stolen or lost, they are difficult to recover. Currently, new technologies such as secure multi-party computing (MPC), social authentication technology, Seedless/Keyless, pre-execution and zero-knowledge proof technology are helping users reduce their reliance on private keys.
Take MPC as an example. First, MPC technology means that all participants perform complex joint calculations to complete a task, while their data remains private and secure and is not shared with other participants. Second, MPC wallets, in layman's terms, use MPC technology to securely break a private key into multiple pieces, which are jointly managed by multiple parties; or simply multiple parties jointly generate a virtual key. The latter may be more common because no one has ever seen the complete private key. In short, the core idea of MPC is to disperse control rights to achieve the purpose of dispersing risks or improving disaster preparedness, effectively avoiding security issues such as single point failures.
Note that MPC involves a word called Keyless, which can be understood as "without mnemonics" or "without private keys". However, this "without" does not mean that there is no key in the actual sense, but that users do not need to back up mnemonics or private keys, and cannot perceive their existence. So about Keyless wallets, you need to understand these 3 points:
1. When creating a Keyless wallet, private keys will not be created or stored at any time or place.
2. When signing transactions, private keys are not involved and cannot be reconstructed at any time.
3.Keyless wallets do not generate or save complete private keys and seed phrases at any time.
OKX Web3 Security Team: There is no perfect way to keep private keys at present. However, our security team recommends using hardware wallets, saving private keys by hand, setting up multi-signatures, and decentralized storage of mnemonics to manage private keys. For example, decentralized storage of mnemonics means that users can divide mnemonics into 2 or more groups for storage to reduce the risk of mnemonics being stolen. For another example, setting up multi-signatures means that users can select trusted people to sign together to determine the security of the transaction.
Of course, to ensure the security of the user's wallet private key, the entire underlying system of the OKX Web3 wallet is not connected to the Internet. The user's mnemonic and private key related information are all encrypted and stored locally on the user's device. The relevant SDK is also open source and has been widely verified by the technical community, making it more open and transparent. In addition, the OKX Web3 wallet has also conducted strict security audits through cooperation with well-known security organizations such as SlowMist.
In addition, in order to better protect our users, the OKX Web3 security team is providing and planning more powerful security capabilities for private key management, and is continuously iterating and upgrading. Here is a brief summary:
1. Two-factor encryption. Currently, most wallets usually use a password to encrypt the mnemonic and save the encrypted content locally. However, if the user is infected with a Trojan virus, the Trojan will scan the encrypted content and monitor the password entered by the user. If the scammer monitors it, the encrypted content can be decrypted to obtain the user's mnemonic. In the future, the OKX Web3 wallet will use a two-factor method to encrypt the mnemonic. Even if the scammer obtains the user's password through the Trojan, he will not be able to decrypt the encrypted content.
2. Private key copying security. Most Trojans will steal information from the user's clipboard when the user copies the private key, resulting in the leakage of the user's private key. We plan to help users reduce the risk of private key information theft by increasing the security of the user's private key copying process, such as copying part of the private key, clearing the clipboard information in time, and other methods or functions.
Q3: Starting from the theft of private keys, what are the common phishing methods currently?
SlowMist Security Team: According to our observations, phishing activities are gradually increasing every month.
First, wallet drainers currently pose the main threat to current phishing activities and continue to attack ordinary users in various forms.
Wallet Drainers are a type of cryptocurrency-related malware that is deployed on phishing websites to trick users into signing malicious transactions, thereby stealing their wallet assets. For example, the more active wallet drainers include:
1. Pink Drainer uses social engineering to obtain Discord Token and conduct phishing. Social engineering is generally understood as obtaining users' private information through communication.
2. Angel Drainer will conduct social engineering attacks on domain name service providers. After obtaining the relevant permissions of the domain name account, Angel Drainer will modify the DNS resolution and redirect users to fake websites, etc.
Second, the most common one is blind signature phishing. Blind signature means that when a user interacts with a project, he does not know what he needs to sign or authorize, so he clicks confirm without knowing what, which leads to the theft of funds. Regarding blind signature phishing, let's give a few examples:
Case 1: For example, eth_sign. eth_sign is an open signature method that allows any hash to be signed, which means it can be used to sign transactions or any data. However, it is difficult for users without technical knowledge to understand the content of the signature, which poses a certain risk of phishing. Fortunately, more and more wallets have begun to issue security reminders for this type of signature, which can avoid some asset loss risks to a certain extent.
Case 2: Permit signature phishing. We all know that in ERC20 currency transactions, users can call the approve function for authorization, but the permit function allows users to generate signatures off-chain and then authorize a specified user to use a certain amount of tokens. Attackers use the permit method to phish. When the victim visits the phishing website, the attacker asks the user to sign the permit authorization through the website. After the user signs, the attacker can get the signed data. The attacker calls the permit function of the token contract and passes in the signature data and then broadcasts it to the chain to obtain the authorization amount of the token, thereby stealing the user's token.
Case 3: Hidden create2 technique. create2 allows developers to predict the address of a contract before deploying it to the Ethereum network. Based on create2, attackers can generate temporary new addresses for each malicious signature. After deceiving users to grant permission to sign, attackers can create contracts at this address and transfer users' assets. Because they are blank addresses, these addresses can bypass some phishing plugins and security companies' monitoring alerts, so they are very hidden and users can easily fall into the trap.
In short, for phishing websites, users can identify the official website of the project before interacting, and pay attention to whether there are malicious signature requests during the interaction. They should also be wary of submitting mnemonics or private keys, and remember not to leak mnemonics or private keys anywhere.
OKX Web3 Security Team: We have studied common phishing methods and provided multi-dimensional security protection on the product side. Here is a brief sharing of the main types of phishing methods that users have encountered so far:
The first category is fake airdrops. Hackers usually generate addresses with similar beginnings and ends for the victim's address, and make small transfers, 0U transfers, or airdrops of fake token transfers to the user. Such transactions will be displayed in the user's transaction history. If the user accidentally copies and pastes the wrong address, it will cause asset losses. For this type of attack, the OKX Web3 wallet can identify its historical transactions and mark them as risky. At the same time, when the user transfers money to its address, it will issue a security risk warning. 
The second type is the induced signature type. Usually hackers will comment on Twitter, Discord, TG and other public places of well-known projects, and publish fake DeFi project URLs or airdrop URLs to induce users to click, thereby stealing user assets. In addition to the eth_sign, permit, create2 and other signature phishing mentioned by SlowMist, there are also some others:
Method 1: Directly transfer and steal main chain tokens. Hackers often name malicious contract functions with misleading names such as Claim, SeurityUpdate, etc., while the actual function logic is empty, so as to only transfer the user's main chain tokens. Currently, the OKX Web3 wallet has launched a pre-execution function, which can display asset changes and authorization changes after the transaction is on the chain, and warn users of security risks.
Method 2: On-chain authorization. Hackers usually induce users to sign approve / increaseAllowance / decreaseAllowance / setApprovalForAll transactions, which allow hackers to transfer the user's token assets to a specified address and monitor the user's account in real time after the user signs. Once the corresponding assets are transferred in, they will be transferred away immediately. The security protection process against phishers is a confrontation and a continuous escalation process.
Although most wallets will perform security risk detection on the authorized addresses of hackers, the attackers' attack methods are also upgrading. For example, by using the characteristics of create2, the attackers will pre-calculate the new address. Because the new address is not in the safe black address library, it can easily bypass the security detection. The attacker will wait until there is a fish to take the bait, and then deploy the contract to the address and transfer the user's funds. For example, we have recently found that many attackers will make users authorize the uniswap.multicall contract. Because this contract is a contract of a formal project, it can also bypass the detection of security products.
Method 3: Permission change: including tron permission change and solana permission change. First, in tron permission change, multi-signature is a feature of the tron chain. In many phishing websites, phisher will disguise the transaction of changing account permissions as a transfer transaction. If the user accidentally signs the transaction, the user's account will become a multi-signature account, and the user will lose control of his account. Second, in solana permission change, the phisher will modify the Owner of the ATA account of the user's token through SetAuthority. Once the user signs the transaction, the owner of the ata account will become the phisher, so that the phisher can get the user's assets.
Other methods: In addition, due to the design mechanism of the protocol itself and other issues, it is also easy to be exploited by phishers. Based on the queueWithdrawal call of EigenLayer, the middleware protocol of Ethereum, other addresses can be specified as withdrawers. The user was phished and signed the transaction. Seven days later, the specified address obtained the user's pledged assets through completeQueuedWithdrawal.
The third type is uploading mnemonics. Attackers usually provide disguised airdrop projects or fake new listing tools to induce users to upload private keys or mnemonics. See the above for specific cases. In addition, sometimes they will disguise themselves as plug-in wallet pop-ups to induce users to upload mnemonics.
Q4: Differences in attack methods between hot wallets and cold wallets
OKX Web3 Security Team: The difference between hot wallets and cold wallets is that the private keys are stored in different ways. The private keys of cold wallets are generally stored offline, while hot wallets are usually stored in a networked environment. Therefore, the security risks of cold wallets and hot wallets are different. The security risks of hot wallets have been fully discussed above and will not be expanded.
The security risks of cold wallets mainly include:
First, there are risks of social engineering and physical attacks, and risks in the transaction process. Regarding the risks of social engineering and physical attacks, since cold wallets are usually stored offline, there is a possibility that attackers may use social engineering means to disguise themselves as relatives or friends to access cold wallets.
Second, as a physical device, it may be damaged or lost. The risk of the transaction process refers to the fact that during the transaction, the cold wallet will also encounter the aforementioned various airdrops, induced signatures and other attack methods.
Q5: Just like what is mentioned at the beginning, “giving away high-value wallet private keys”, what other alternative phishing traps are there?
SlowMist Security Team: Yes, "deliberately giving away high-value wallet private keys" is a very classic case. It has appeared many years ago, but people are still deceived until now. This scam is actually the scammer deliberately leaking the private key mnemonic. After you import the private key mnemonic into the wallet, the attacker monitors your wallet at all times. Once you transfer ETH, it will be transferred to you immediately. This kind of method takes advantage of the user's greed for small profits. The more people import, the higher the handling fee, and the greater the loss.
Secondly, some users may think "I have nothing worth attacking", and this low defense mentality will make users vulnerable to attacks. Anyone's information (such as email, password, bank information, etc.) is valuable to attackers. Some users even think that as long as they don't click on the links in spam emails, they will not be threatened, but some phishing emails may implant malware through pictures or attachments.
Finally, we need to have an objective understanding of "security", that is, there is no absolute security. Moreover, the methods of phishing attacks have evolved in many ways and developed very quickly. Everyone should continue to learn and improve their own security awareness, which is the most reliable.
OKX Web3 Security Team: Guarding against third-party phishing traps is indeed a complex issue, because phishermen often take advantage of people's psychological weaknesses and common security negligence. Many people are usually very cautious, but when they encounter a sudden "big pie", they often relax their vigilance and magnify their greed, which leads to being deceived. In this process, human weaknesses will be greater than technology. Even if there are more security measures, users will ignore them in the short term. In retrospect, they will find that they have been deceived. We must be clear that "there is no free lunch in the world", always pay attention to vigilance and pay attention to security risks, especially in the dark forest of blockchain.
Q6: Suggestions for users to improve private key security
SlowMist Security Team: Before answering this question, let’s first sort out how general attacks steal users’ assets. Attackers generally steal users’ assets in the following two ways:
Method 1: Trick users into signing malicious transaction data to steal assets, such as tricking users into authorizing or transferring assets to attackers
Method 2: Trick users into entering their wallet mnemonics on a malicious website or app, such as tricking and tricking users into entering their wallet mnemonics on a fake wallet page
Now that we know how attackers steal wallet assets, we need to guard against possible risks:
Prevention 1: Try to achieve what you see is what you sign. It is said that the wallet is the key to enter the Web3 world. The most important thing for user interaction is to refuse blind signatures. Before signing, you must identify the signed data and know what the transaction you are signing is for. Otherwise, give up signing.
Prevention 2: Don't put all your eggs in one basket. Wallets can be managed in different levels according to different assets and usage frequencies, so that the risk of assets can be controlled. Wallets participating in activities such as airdrops are used frequently, so it is recommended to store small assets. Large assets are generally not used frequently, so it is recommended to store them in cold wallets and ensure that the network environment and physical environment are safe when using them. If you can, use hardware wallets as much as possible. Since hardware wallets generally cannot directly export mnemonics or private keys, the threshold for the theft of mnemonics and private keys can be increased.
Prevention Three: Various phishing techniques and incidents emerge one after another. Users must learn to identify various phishing techniques on their own, improve safety awareness, educate themselves to avoid being deceived, and master self-rescue capabilities.
Prevention 4: Don’t be impatient or greedy, and verify from multiple parties. In addition, if users want to learn more about asset management solutions, they can refer to the "Crypto Asset Security Solution" produced by SlowMist. To learn more about security awareness and self-education, they can refer to the "Blockchain Dark Forest Self-Help Manual".
OKX Web3 Security Team: As the only credential for accessing and controlling wallet crypto assets, it is extremely important to protect the security of wallet private keys.
Prevention 1: Understand your DApp. When investing in on-chain DeFi, you must fully understand the DApp you are using to prevent asset losses caused by visiting fake DApps. Although our OKX Web3 wallet has conducted risk detection and prompts for DApps with multiple strategies, attackers will continue to update their attack methods and bypass security risk detection. Users must keep their eyes open when investing.
Prevention 2: Understand your signature. When signing on-chain transactions, users must confirm the transaction and make sure they understand the details of the transaction. They must be cautious about transactions they do not understand and do not sign blindly. The OKX Web3 wallet will parse on-chain transactions and offline signatures, simulate execution, and display the results of asset changes and authorization changes. Users can focus on the results before trading to see if they meet expectations.
Prevention 3: Understand the software you download. When downloading auxiliary trading and investment software, make sure it is downloaded from the official platform and use anti-virus software to scan it in time after downloading. If you download malicious software, the Trojan will obtain the user's mnemonic or private key by means of screenshot monitoring clipboard, memory scanning, uploading cache files, etc.
Prevention 4: Improve security awareness and keep private keys properly. Try not to copy mnemonics, private keys and other important information, do not take screenshots, and do not save such information to a third-party cloud platform.
Prevention 5: Strong password & multi-signature. When using passwords, users should increase the complexity of passwords as much as possible to prevent hackers from blasting them after obtaining the private key encrypted files. During the transaction process, if there is a multi-signature mechanism, it must be used. In this way, if one party's mnemonic or private key is leaked, it will not affect the overall transaction.
