Security Special Issue 01 | OKX Web3 & Slow Mist: Experience Sharing from "Hundred Frauds"
OKX Web3 has specially planned a "Security Special Edition" column to address various types of on-chain security issues. Through the most real cases occurring around users, in collaboration with experts or institutions in the security field, dual sharing and answers are provided from different perspectives, thereby systematically sorting and summarizing security trading rules from shallow to deep. The aim is to enhance user security education while helping users learn to protect their private keys and wallet assets safely.One day, suddenly someone sends you a wallet address private key worth 1 million dollars. Would you want to transfer the money immediately?
If so, then this article is tailored for you.
This article is the first issue of OKX Web3's "Security Special Edition," featuring the well-known security institution in the crypto industry that has experienced "hundreds of scams" - the SlowMist Security Team, along with the OKX Web3 Security Team. They will share real cases encountered by users, packed with valuable insights!
SlowMist Security Team: Thank you very much for the invitation from OKX Web3. SlowMist, as an industry-leading blockchain security company, mainly serves a wide range of clients through security audits and anti-money laundering tracking services, and has built a solid threat intelligence collaboration network. In 2023, SlowMist assisted clients, partners, and publicly hacked incidents in freezing funds totaling over 12.5 million dollars. We hope to continue providing valuable insights with a sense of reverence for the industry and security.
OKX Web3 Security Team: Hello everyone, we are very happy to share today. The OKX Web3 Security Team is mainly responsible for building the security capabilities of the OKX Web3 wallet, providing multiple protective services such as product security, user security, and transaction security, guarding user wallet security 24/7 while contributing to the maintenance of the entire blockchain security ecosystem.
Q1: Can you share some real theft cases?
SlowMist Security Team: First, most cases occur because users store their private keys or mnemonic phrases online. For example, users often use cloud storage services like Google Docs, Tencent Docs, Baidu Cloud, WeChat favorites, and notes to store private keys or mnemonic phrases. Once these platform accounts are hacked and "credential stuffing" is successful, private keys can be easily stolen.
Second, users downloading fake apps have led to private key leaks. For instance, the multi-signature scam is one of the most typical cases where fraudsters induce users to download counterfeit wallets and steal wallet mnemonic phrases, then immediately modify the user's wallet account permissions: changing the wallet account permissions from the user alone to jointly held by the user and the fraudster, thus seizing control of the wallet account. Such fraudsters often remain patient, waiting for the user's account to accumulate a certain amount of crypto assets before transferring everything at once.
OKX Web3 Security Team: SlowMist has outlined two main situations where private keys are stolen, and the second type, where fraudsters use fake apps to steal user private keys, essentially involves Trojan programs. These Trojan programs steal user private keys by gaining access to user input methods, photos, and other permissions. Android users are more frequently targeted by Trojan virus attacks compared to iOS users. Here are two cases to share:
Case One: A user reported that their wallet assets were stolen. After our team communicated and investigated with the user, we found that it was due to the user previously downloading and installing a disguised data platform software through a Google search, which turned out to be a Trojan program. However, because the link appeared in the top 5 of Google search results, the user mistakenly thought it was official software. In fact, many users do not discern the links provided by Google, making them vulnerable to Trojan attacks. We recommend that users implement daily security measures through firewalls, antivirus software, and Hosts configuration.
Case Two: A user reported that their wallet assets were stolen while investing in a certain DeFi project. However, through our analysis, we found that the DeFi project itself was not problematic. User B's wallet assets were stolen because they were targeted by someone impersonating the official customer service of that DeFi project while commenting on Twitter about the project. Guided by this impersonator, the user clicked on a fake link and entered their mnemonic phrase, leading to the theft of their wallet assets.
This shows that the methods used by scammers are not sophisticated, but users need to enhance their discernment awareness and should never easily leak their private keys. Additionally, our wallet has issued security risk warnings regarding this malicious domain.
Q2: Is there a best method for private key storage? What alternative solutions currently exist to reduce reliance on private keys?
SlowMist Security Team: Private keys or mnemonic phrases are essentially a single point of failure; once stolen or lost, it is difficult to recover. Currently, new technologies such as secure multi-party computation (MPC), social authentication technology, Seedless/Keyless, pre-execution, and zero-knowledge proof technology are helping users reduce their reliance on private keys.
Taking MPC as an example, first, MPC technology refers to all parties involved performing complex joint computations to complete a task while keeping their data private and secure, not sharing it with other parties. Second, an MPC wallet, in simple terms, uses MPC technology to securely split a private key into multiple pieces, managed collectively by multiple parties; or simply generates a virtual key collaboratively, which is more common since no one has ever seen the complete private key. In summary, the core idea of MPC is to decentralize control to mitigate risks or enhance disaster recovery, effectively avoiding security issues such as single points of failure.
Note that MPC involves a term called Keyless, which can be understood as "without mnemonic phrases" or "without private keys." However, this "without" does not mean that there are no keys in the actual sense, but rather that users do not need to back up mnemonic phrases or private keys and are unaware of their existence. Therefore, regarding Keyless wallets, three points need to be understood:
During the creation of a Keyless wallet, the private key is never created or stored at any time or place.
When signing transactions, the private key is not involved, and the private key is never reconstructed at any time.
Keyless wallets do not generate or save complete private keys and seed phrases at any time.
OKX Web3 Security Team: Currently, there is no perfect method for private key storage. However, our security team recommends using hardware wallets, handwritten private key storage, setting up multi-signatures, and decentralized storage of mnemonic phrases for private key management. For example, decentralized storage of mnemonic phrases means that users can split their mnemonic phrases into two or more groups for storage, reducing the risk of mnemonic phrase theft. Additionally, setting up multi-signatures means that users can select trusted individuals to co-sign to determine the security of transactions.
Of course, to ensure the security of users' wallet private keys, the entire underlying system of the OKX Web3 wallet is offline. Users' mnemonic phrases and private key-related information are all encrypted and stored locally on the user's device, and the relevant SDK is also open-source, having undergone extensive validation by the technical community, making it more public and transparent. Furthermore, the OKX Web3 wallet has also conducted strict security audits in collaboration with well-known security institutions like SlowMist.
In addition, to better protect our users, the OKX Web3 security team is providing and planning more robust security capabilities for private key management, which is continuously being iterated and upgraded. Here are a few simple points to share:
Two-factor encryption. Currently, most wallets typically encrypt mnemonic phrases with passwords, storing the encrypted content locally. However, if a user is infected with a Trojan virus, the Trojan can scan the encrypted content and monitor the user's input password. If the password is intercepted by a scammer, they can decrypt the content and obtain the user's mnemonic phrase. In the future, the OKX Web3 wallet will adopt a two-factor approach to encrypt mnemonic phrases, ensuring that even if a scammer obtains the user's password through a Trojan, they cannot unlock the encrypted content.
Private key copy security. Most Trojans will steal information from the user's clipboard when they copy the private key, leading to private key leakage. We plan to enhance the security of the user's private key copying process, such as copying part of the private key, timely clearing clipboard information, and other methods or functions to help users reduce the risk of private key information theft.
Q3: Starting from private key theft, what are the common phishing methods currently?
SlowMist Security Team: According to our observations, phishing activities are gradually increasing every month.
First, current wallet drainers constitute the main threat in phishing activities, continuously attacking ordinary users in various forms.
Wallet drainers are a type of malware related to cryptocurrency, deployed on phishing websites to trick users into signing malicious transactions, thereby stealing users' wallet assets. For example, currently active wallet drainers include:
The Pink Drainer, which uses social engineering to obtain Discord tokens and conduct phishing. Social engineering can be simply understood as extracting users' private information through communication.
The Angel Drainer, which conducts social engineering attacks on domain service providers. After gaining access to domain account permissions, the Angel Drainer modifies DNS resolution pointing and redirects users to fake websites, etc.
Second, the most common method remains blind signing phishing. Blind signing means that users do not know what they are signing or authorizing when interacting with a project, leading them to confirm without understanding, resulting in asset theft. Here are a few examples of blind signing phishing:
Example 1: For instance, ethsign. ethsign is an open signature method that allows signing of any hash, meaning it can be used to sign transactions or any data, and generally, users without technical background find it difficult to understand the content of the signature, which poses a certain phishing risk. Fortunately, more and more wallets are starting to provide security alerts for such signatures, which can help avoid some asset loss risks.
Example 2: Permit signature phishing. We all know that in ERC20 token transactions, users can call the approve function to authorize, but the permit function allows users to generate signatures off-chain and then authorize a specified user to use a certain amount of tokens. Attackers use the permit method for phishing; when victims visit phishing websites, attackers trick users into signing permit authorizations. After the user signs, the attacker can obtain the signed data, call the token contract's permit function with the signed data, and broadcast it on-chain to gain token authorization, thereby stealing the user's tokens.
Example 3: The covert create2 method. create2 allows developers to predict the address of a contract before deploying it to the Ethereum network. Based on create2, attackers can generate temporary new addresses for each malicious signature. After deceiving users into granting permission signatures, attackers can create contracts at this address and transfer users' assets. Since it is a blank address, these addresses can bypass some phishing plugins and security company monitoring alerts, making them highly covert and easy for users to fall victim.
In summary, for phishing websites, users can verify the official website of the project before interacting and pay attention to whether there are malicious signature requests during the interaction. They should be cautious about submitting mnemonic phrases or private keys and remember not to leak mnemonic phrases or private keys anywhere.
OKX Web3 Security Team: We have researched common phishing methods and provided multi-dimensional security protection on the product side. Here are a few of the main phishing methods encountered by users:
The first type is fake airdrops. Hackers typically generate addresses that are similar to the victim's address and conduct small transfers, 0U transfers, or fake token transfer airdrops. These transactions will appear in the user's transaction history, and if the user accidentally copies and pastes the wrong address, it can lead to asset loss. In response to such attacks, the OKX Web3 wallet can identify historical transactions and mark them as risky, while providing security risk alerts when users transfer to those addresses.
The second type is inducement signatures. Hackers often comment in public places like Twitter, Discord, and TG for well-known projects, posting fake DeFi project URLs or airdrop URLs to lure users into clicking, thereby stealing user assets. In addition to the signature phishing methods mentioned by SlowMist, such as eth_sign, permit, and create2, there are also some others:
Method 1: Direct transfer to steal main chain tokens. Hackers often name malicious contract functions with enticing names like Claim, SecurityUpdate, etc., while the actual function logic is empty, thereby only transferring the user's main chain tokens. Currently, the OKX Web3 wallet has launched a pre-execution feature that can display asset changes and authorization changes after transactions go on-chain, providing security risk alerts to users.
Method 2: On-chain authorization. Hackers usually induce users to sign approve/increaseAllowance/decreaseAllowance/setApprovalForAll transactions, which allow hackers to transfer users' token assets to specified addresses. After the user signs, they monitor the user's account in real-time, and once corresponding assets are transferred in, they immediately transfer them away. The security protection process against phishers is a form of resistance and an ongoing upgrade process.
Although most wallets conduct security risk detection on hackers' authorized addresses, attackers' methods are also evolving. For example, by utilizing create2's characteristics, attackers can pre-calculate new addresses, which do not exist in the security blacklist, allowing them to easily bypass security detection. Attackers wait for a catch before deploying contracts at that address and transferring users' funds. For instance, we have recently discovered that many attackers make users authorize the uniswap.multicall contract, as this contract belongs to a legitimate project, thus bypassing security product detection.
Method 3: Permission changes, including Tron permission changes and Solana permission changes. First, in Tron permission changes, multi-signature is a feature of the Tron chain. In many phishing websites, phishers disguise transactions that change account permissions as transfer transactions. If users accidentally sign this transaction, their accounts will become multi-signature accounts, and they will lose control over their accounts. Second, in Solana permission changes, phishers modify the owner of the user's token's ATA account through SetAuthority. Once the user signs this transaction, the owner of that ATA account will become the phisher, allowing them to access the user's assets.
Other methods: Additionally, due to issues with the design mechanisms of the protocols themselves, they can also be easily exploited by phishers. For example, the middleware protocol EigenLayer based on Ethereum allows specifying other addresses as withdrawers through the queueWithdrawal call. If users are phished and sign this transaction, after seven days, the specified address can obtain the user's staked assets through completeQueuedWithdrawal.
The third type is uploading mnemonic phrases. Attackers often provide disguised airdrop projects or fake new tools to lure users into uploading private keys or mnemonic phrases, as seen in the examples above. Additionally, they may sometimes disguise themselves as plugin wallet pop-ups to induce users to upload mnemonic phrases.
Q4: Differences in attack methods between hot wallets and cold wallets
OKX Web3 Security Team: The difference between hot wallets and cold wallets lies in how private keys are stored. Cold wallets generally store private keys offline, while hot wallets typically store them in an online environment. Therefore, the security risks for cold wallets and hot wallets will differ. The security risks for hot wallets have already been comprehensively covered, so we will not elaborate further.
The security risks for cold wallets mainly include:
First, social engineering and physical attack risks, as well as transaction process risks. The social engineering and physical attack risk refers to the possibility of attackers using social engineering methods to impersonate family or friends to gain access to the cold wallet's permissions since cold wallets are usually stored offline.
Second, as a physical device, it may be damaged or lost. The transaction process risk refers to the fact that during transactions, cold wallets may also encounter various attacks such as airdrops and inducement signatures mentioned earlier.
Q5: Just like the opening statement about "gifting high-value wallet private keys," what other alternative phishing traps exist?
SlowMist Security Team: Yes, "deliberately gifting high-value wallet private keys" is a very classic case that has been around for many years, yet people still fall for it today. This scam involves scammers intentionally leaking private key mnemonic phrases. Once you import the private key mnemonic phrase into your wallet, the attacker monitors your wallet at all times. Once you transfer ETH, they immediately transfer it away. This method exploits users' psychology of wanting to take advantage of small gains; the more people who import, the higher the fees, and the greater the losses.
Additionally, some users may think, "I have nothing worth attacking," and this low defensive mindset can make users vulnerable to attacks. Anyone's information (such as email, password, bank information, etc.) is valuable to attackers. Some users even believe that as long as they do not click on links in spam emails, they will not be threatened. However, some phishing emails may implant malware through images or attachments.
Finally, we need to have an objective understanding of "security," which is that there is no absolute security. Moreover, phishing attack methods evolve rapidly and diversely, so everyone should continuously learn and enhance their self-security awareness, which is the most reliable approach.
OKX Web3 Security Team: Preventing third-party phishing traps is indeed a complex issue because phishers often exploit people's psychological weaknesses and common security oversights. Many people are usually very cautious, but when faced with an unexpected "big pie," they often let their guard down and amplify their greed, leading to being scammed. In this process, human weaknesses can outweigh technology; even with more security measures, users may overlook them in the short term, only to realize later that they have been scammed. We must be clear that "there is no free lunch," and always stay vigilant, paying attention to security risks, especially in the dark forest of blockchain.
Q6: Suggestions for users to enhance private key security
SlowMist Security Team: Before answering this question, let's first outline how attackers generally steal users' assets. Attackers typically steal users' assets through the following two methods:
Method One: Deceiving users into signing malicious transaction data for asset theft, such as tricking users into authorizing or transferring assets to attackers.
Method Two: Deceiving users into entering their wallet's mnemonic phrases on malicious websites or apps, such as tricking and luring users into entering their mnemonic phrases on fake wallet pages.
Knowing how attackers steal wallet assets, we need to take precautions against potential risks:
Prevention One: Try to ensure that what you see is what you sign. It is said that wallets are the keys to entering the Web3 world; the most important thing for user interaction is to refuse blind signing. Before signing, users should identify the data being signed and understand what the transaction is for; otherwise, they should forgo signing.
Prevention Two: Don't put all your eggs in one basket. By managing wallets in layers based on different assets and usage frequency, users can keep asset risks under control. Wallets participating in airdrops and other activities, due to their higher usage frequency, are recommended to store small amounts of assets. Large assets, which are generally not frequently used, should be stored in cold wallets, ensuring that the network and physical environments are safe when used. If possible, use hardware wallets, as they generally cannot directly export mnemonic phrases or private keys, thus raising the threshold for mnemonic phrase and private key theft.
Prevention Three: Various phishing methods and events are constantly emerging. Users should learn to identify various phishing methods, enhance their security awareness, engage in self-education to avoid being scammed, and master self-rescue abilities.
Prevention Four: Don't rush or be greedy; verify from multiple sources. Additionally, if users want to learn more comprehensive asset management solutions, they can refer to the "Cryptocurrency Asset Security Solutions" produced by SlowMist for more security awareness and self-education, or refer to the "Self-Rescue Manual for the Blockchain Dark Forest."
OKX Web3 Security Team: As the only credential for accessing and controlling wallet crypto assets, protecting wallet private key security is crucial.
Prevention One: Know your DApp. When investing in on-chain DeFi, it is essential to have a comprehensive understanding of the DApp being used to prevent asset loss from accessing fake DApps. Although our OKX Web3 wallet has implemented various risk detection and alerts for DApps, attackers continuously update their attack methods and bypass security risk detection. Users must remain vigilant when investing.
Prevention Two: Understand your signatures. When users sign on-chain transaction signatures, they must confirm the transaction and ensure they understand the details. They should be cautious with transactions they do not comprehend and avoid blind signing. The OKX Web3 wallet will parse on-chain transactions and offline signatures, simulating execution to display asset changes and authorization changes. Users can focus on these results before transactions to see if they meet expectations.
Prevention Three: Know the software you download. When downloading auxiliary trading and investment software, ensure it is downloaded from official platforms, and promptly scan it with antivirus software. If malicious software is downloaded, Trojans can obtain users' mnemonic phrases or private keys through methods such as screenshotting, clipboard monitoring, memory scanning, and uploading cached files.
Prevention Four: Enhance security awareness and properly safeguard private keys. Avoid copying mnemonic phrases, private keys, and other important information; do not take screenshots, and do not save such information on third-party cloud platforms.
Prevention Five: Strong passwords & multi-signatures. When using passwords, users should increase the complexity of their passwords as much as possible to prevent hackers from cracking them after obtaining encrypted files. In transactions, if there is a multi-signature mechanism, it should be used, so that if one party's mnemonic phrase or private key is leaked, it will not affect the overall transaction.
