OKX Web3 & GoPlus: On-chain Security Monitoring and Post-incident Recovery

Author: OKX Web3

Introduction

The OKX Web3 wallet has specially curated the "Security Special Edition" column to address various types of on-chain security issues. By sharing real cases that happen around users, in collaboration with experts or institutions in the security field, we aim to provide dual perspectives for sharing and answering questions. This approach helps to systematically summarize and clarify security trading rules, with the goal of enhancing user security education while helping users learn to protect their private keys and wallet assets.

On-chain security offense and defense is like an endless game of "hide and seek."

Users must always hide their assets well and ensure security protection.

Even if "caught by hackers," they should not panic and learn to remedy the situation quickly.

In previous issues, we have extensively introduced risk identification and security protection based on real user cases, covering private key security, MEME trading security, on-chain rug pull security, device security, DeFi interaction security, and more, providing a comprehensive overview.

As the saying goes, "It's never too late to mend the fold after the sheep are lost." This issue is the 06th edition of the Security Special, featuring the emerging blockchain security team GoPlus, who will share content related to on-chain security monitoring and post-incident rescue from a practical guide perspective, for everyone's learning and exchange.

GoPlus Security Team: Thank you for the invitation. We are committed to building a security network for Web3 users, focusing on providing permissionless security data and end-user service environments. Technically, GoPlus integrates advanced AI modules and currently serves over 10,000 partners, with daily calls to user security data exceeding 21 million times, supporting more than 20 public chains.

OKX Web3 Wallet Security Team: Hello everyone, we are very happy to share today. The OKX Web3 Security team is mainly responsible for building various security capabilities for OKX in the Web3 field, such as smart contract security audits, wallet security capability construction, on-chain project security monitoring, etc., providing multiple protective services for product security, fund security, transaction security, and contributing to the maintenance of the entire blockchain security ecosystem.

Sharing Some Real User Cases of Successful On-Chain Security Protection or Rescue

GoPlus Security Team: There are many such cases, and we will share two.

Case 1: A user from the GoPlus community reported that their EVM address was attacked by a hacker's poisoning technique. The hacker sent a small amount of tokens to the target user's wallet and forged an address with the same first five and last three characters, misleading the user into thinking it was their commonly used transfer address. However, due to the use of on-chain protection and monitoring security services, over $20K in losses were successfully prevented.

The main event process was as follows: while the user was making an Ethereum transfer, the security monitoring and on-chain interception services played a key role. The monitoring service detected that a suspicious poisoning address sent a small amount of tokens to the user's wallet and blacklisted that address. However, the user was unaware of this and had already attempted to transfer some funds to this forged address. Fortunately, the user used a secure RPC service in their wallet, and after the transaction was initiated, the interception service intervened immediately, successfully stopping the transaction. The system automatically issued an alert, notifying the user that the transaction address did not match their commonly used address and that there might be a risk.

After receiving the notification, the user paused the transfer transaction and used relevant inspection tools to verify, confirming that the address was a known poisoning address. The system showed that this address had been associated with multiple fraudulent activities in the past few days. The user promptly canceled the transfer, avoiding sending funds to an address controlled by hackers. Afterwards, the user cleaned up their list of commonly used transfer addresses, deleting all addresses of unknown origin to prevent similar incidents from happening again.

Case 2: Utilizing Front Running to Successfully Transfer Assets On-Chain

Another user discovered that their EVM private key had been stolen, and the hacker had transferred all ETH to another wallet. The hacker set up monitoring and automated programs so that whenever the user transferred ETH to the stolen address as Gas, the Gas would be automatically transferred away by the hacker. However, by promptly utilizing front-running services, the user successfully front-ran the remaining NFTs and token assets, transferring them all to a secure new address.

With our help, the user used front-running technology for rescue. By using the front-running service, they prepared a series of high-priority transactions, leveraging monitoring and raising Gas fees to increase transaction speed, ensuring these transactions were packaged by miners before the hacker's monitoring program could act. The user first transferred their NFTs and remaining token assets in batches to multiple intermediate addresses, ultimately successfully rescuing the remaining assets and preventing over $10K in losses.

These two cases illustrate that whether during or after an incident, the reasonable use of tools and security services can timely reduce financial losses and mitigate risks.

OKX Web3 Wallet Security Team: Due to users encountering phishing, private key leaks, and other incidents, we have provided extensive assistance to help them successfully recover their losses.

Case 1: User A accidentally entered their private key on a phishing website, resulting in the theft of their Ethereum (ETH). Fortunately, the user's other ERC20 tokens, such as USDC, had not yet been stolen. After User A sought help, we engaged in in-depth communication and organized a team to assist them. By using Flashbots for transaction bundling, we submitted the Gas payment transaction and the transaction to transfer valuable tokens together, processing them in the same block, successfully rescuing the user's remaining assets.

Case 2: User B mistakenly entered a phishing website while checking airdrop information, which required the user to authorize a known risky address. The OKX Web3 wallet identified that the address belonged to a blacklist and successfully intercepted the authorization request, preventing potential asset risks.

Case 3: A protocol C was attacked, and all addresses authorized to that protocol faced asset risks. The OKX Web3 wallet security team responded swiftly to this incident, listing the protocol's vulnerable contract as a risky address, reminding users during authorization, effectively avoiding greater losses.

These cases demonstrate that users not only need to update their emergency measures against phishing and protocol attacks but can also leverage security tools and seek help from professional security teams. However, the most important thing is that users need to start from themselves and learn to protect their wallets and assets.

How Can Users Better Understand Their Wallet Security Status and Manage Wallet Security?

GoPlus Security Team: To better understand and manage their wallet security status, users can take the following detailed measures.

1. Regularly Check Authorizations

2. Use Authorization Management Tools

• Leverage authorization management tools: By using some commonly used authorization management tools, users can regularly check the smart contracts they have authorized. These tools can help users list all authorized contracts and mark those that are rarely used or may pose risks.
• Contract Risk Assessment: Use these tools to assess the risks of contracts, check the security of contract code and historical records, and identify potential risks.

1. Revoke Unnecessary Authorizations:

• Easy Revocation: Through authorization management tools, users can easily revoke those contract authorizations they no longer need. This not only reduces potential security risks but also prevents malicious contracts from exploiting authorized permissions.
• Regular Maintenance: Regularly maintain authorizations to keep the authorization list concise and secure, ensuring that only necessary contracts have permissions.

1. Wallet Monitoring

2. Use Monitoring Tools

• Real-time Monitoring: Use some wallet monitoring tools, such as Etherscan's address monitoring service or GoPlus's security monitoring tools, to monitor wallet activities in real-time. This way, users can receive timely alerts when authorization changes, abnormal transactions, address poisoning, or other security events occur.
• Detailed Reports: These monitoring tools typically provide detailed reports and logs, recording all activities of the wallet, making it easier for users to review and analyze.

1. Custom Alerts

• Set Alert Parameters: Set custom alerts based on transaction amounts, frequency, and other parameters. Users can define different types of alerts, such as large transaction alerts, frequent transaction alerts, and authorization change alerts.
• Timely Response: Once an alert is triggered, users should promptly check and take necessary measures to prevent further losses. These alerts can be sent to users via email, SMS, or in-app notifications.

1. Other Security Measures

2. Regular Backup and Recovery

• Backup Private Keys and Mnemonic Phrases: Regularly back up the wallet's private keys and mnemonic phrases, and securely store them in multiple locations, such as offline storage devices, encrypted USB drives, or paper backups. Ensure backups are not accessible to unauthorized individuals.
• Test Recovery Process: Regularly test the wallet's recovery process to ensure it can be quickly and effectively restored when needed. This includes importing private keys or mnemonic phrases, restoring all wallet functions, and verifying that the recovered wallet can be used normally.

1. Use Hardware Wallets

• Security of Hardware Wallets: Use hardware wallets to store large assets, as they provide higher security since private keys never leave the device, preventing them from being stolen by hackers.
• Regularly Update Firmware: Ensure that the firmware of the hardware wallet is kept up to date, as manufacturers regularly release security updates and patches to address the latest security threats.

OKX Web3 Wallet Security Team: Generally, users can strengthen wallet security management in the following aspects:

1. Use Wallet Security Tools

   Many wallets and security tools can help users manage authorizations and enhance security.

   1) Commonly used browser wallet extensions allow users to manage DApp permissions. Users can view and revoke authorized DApps and regularly check authorized DApp websites to revoke permissions for unnecessary sites.

   2) Use websites to check and revoke wallet authorizations. Users can connect their wallets to view all authorized smart contracts and choose to revoke permissions they no longer need.

2. Regularly Check Wallet Authorizations

   Regularly check the authorization status of your wallet to ensure there are no excessive or suspicious authorizations.

   1) Connect to Revoke.cash or similar tools.

   2) View the list of all authorized smart contracts.

   3) Revoke authorizations for DApps that are no longer in use or suspicious.

   4) Ensure that wallet software is always kept up to date to receive the latest security updates and bug fixes.

3. Enhance Personal Security Awareness

   1) Be vigilant against phishing attacks: Do not click on unknown links or download unknown files.

   2) Use strong passwords and two-factor authentication: Set strong passwords for wallet accounts and enable two-factor authentication (2FA) to increase security.

How Can Users Perceive On-Chain Security Events and Timely Protect Their Assets?

GoPlus Security Team: Users should learn to monitor in real-time and timely block malicious on-chain transactions as much as possible.

Why is real-time monitoring necessary? Real-time monitoring of on-chain transactions is crucial for protecting user assets. As more hackers and scam groups engage in on-chain fraud, identifying hidden risks in transactions becomes exceptionally difficult. Many users lack the necessary security knowledge and technical skills to fully understand and prevent these threats. Real-time monitoring can help users promptly identify abnormal activities, such as unauthorized transactions, large transfers, or frequent transaction operations, and quickly take measures to prevent losses. Additionally, real-time monitoring can detect and block malicious operations, such as phishing, hacking, and smart contract vulnerabilities, thereby safeguarding users' asset security. When security events occur, real-time monitoring can immediately notify users, enabling them to take swift action, such as freezing accounts, canceling authorizations, or reporting incidents, thus minimizing losses. By providing a transparent environment, real-time monitoring can also enhance users' trust in wallets and platforms, allowing them to view transaction and authorization statuses at any time, improving the user experience.

To achieve real-time monitoring of on-chain transactions and block malicious transactions, users can take the following measures:

First, adopt monitoring and response systems. Users can set custom transaction alerts based on transaction amounts, frequency, and other parameters, and receive alert information via email, SMS, or in-app notifications. This not only helps users accurately monitor wallet activities but also issues alerts at the first sign of abnormal transactions, allowing users to take swift action to prevent further losses.

Using blockchain analysis tools is also an important method. By using public chain network browsers and other blockchain analysis platforms, users can monitor their wallet's transaction history and activities, deeply analyze transaction patterns and counterparties. The detailed data and analysis functions provided by these platforms can help users identify potential risky transactions and take timely action. Additionally, blockchain analysis tools can help users track the flow of funds and detect and prevent possible fraudulent activities.

Moreover, using unobtrusive risk control protection can significantly enhance users' security experience. Secure RPC or secure wallet products can help users achieve unobtrusive risk control protection by analyzing users' transaction behaviors and environments in real-time in the background, automatically identifying and assessing potential security threats. This protection mechanism does not require users to perform complex operations, running automatically and providing protection, reducing the difficulty of user operations. For example, some advanced secure RPC services can help users analyze the security risks of each transaction and intelligently intercept dangerous transactions. Users only need to bind their wallets to the corresponding monitoring and blocking services, and the system will automatically protect their asset security.

By combining these measures, users can achieve comprehensive real-time monitoring of on-chain transactions, effectively block malicious transactions, and safeguard their asset security. Through unobtrusive risk control protection, real-time monitoring, and intelligent blocking technologies, users can conduct on-chain transactions in a more convenient and secure environment. Whether ordinary users or professional investors, these technologies provide them with strong security guarantees, allowing them to participate in the blockchain ecosystem with greater peace of mind.

Real-time monitoring not only helps users cope with current security threats but also enhances their ability to prevent potential risks in the future. As blockchain technology continues to develop and application scenarios expand, security issues will become increasingly complex and diverse. By continuously learning and applying the latest security technologies and tools, users can maintain a high level of vigilance against new threats and timely adjust and optimize their security strategies. Ultimately, real-time monitoring, intelligent blocking, and unobtrusive risk control will become indispensable security tools for users in on-chain transactions, safeguarding their digital assets.

OKX Web3 Wallet Security Team: With frequent on-chain security events, users need to understand how to timely perceive these events and protect their assets. Here are some specific methods and tools that can help users improve their on-chain security awareness and take appropriate asset protection measures.

1. Follow Security Vendors' Security Event Twitter Accounts

• Security Vendor Twitter: Follow the Twitter accounts of blockchain security vendors to stay updated on the latest on-chain security dynamics and attack methods.
• Keep an Eye on the Latest Attack Methods: Especially pay attention to the latest attack methods against the same type of protocols to prevent hackers from exploiting common vulnerabilities to attack other protocols, leading to user fund losses. Therefore, withdraw investments from related types of protocols when necessary to avoid losses due to similar security vulnerabilities.

1. Use On-Chain Monitoring Tools

• Real-Time Monitoring Tools: Use on-chain monitoring tools like OKLink's address balance monitoring to keep an eye on changes in protocol TVL (Total Value Locked), or use some security vendors' protocol monitoring tools to monitor the security of mainstream protocols in real-time and promptly alert users when issues are detected.

1. Pay Attention to Project Compensation Dynamics

• Compensation Plans: For already occurred attack events, users can pay attention to the compensation dynamics of the project parties.
• Track Announcements: Some project parties will publish information about compensation plans on their official websites, social media, and announcement channels.
• Report Losses: Affected users should promptly report their losses and participate in compensation plans according to the project's guidance.

1. Revoke Authorizations for Vulnerable Contracts

• Use relevant tools to check and revoke authorizations for vulnerable contracts to prevent funds from being stolen again.

How to Avoid Easily Becoming a Target of Phishing Attacks During On-Chain Transactions?

GoPlus Security Team: Users should try to avoid becoming targets of phishing attacks during on-chain transactions by strengthening protection in the following aspects.

To avoid becoming a target of phishing attacks during on-chain transactions, the main points are as follows:

1. Verify Sources

• Official Channels: Never click on unknown links, especially those received in private messages in emails, Twitter, or Discord. Ensure that all transaction and login operations are conducted through official websites or official DApps. Users can bookmark commonly used websites and applications to avoid accidentally entering fake sites. They can also enhance their judgment by checking if well-known users follow the Twitter account.
• Check URLs: Carefully check the website's URL to ensure it is spelled correctly and contains a security certificate (HTTPS). Phishing sites often use domain names similar to real websites but with slight differences.

1. Secure Browser Extensions

• Install Browser Extensions: Install some security browser extensions that have transaction simulation and phishing site identification functions. These extensions can monitor and block phishing sites in real-time. They typically check if the visited site is in the known phishing site database and issue warnings when risks are detected. They can also simulate transactions, informing users of the consequences of their actions and providing early warnings.
• Regular Updates: Ensure that browser extensions and other security software are always kept up to date to ensure they can identify and block the latest phishing attack methods.

1. Enhance Vigilance and Recognition Skills

• Emails and Messages: Be highly vigilant against any emails and messages requesting personal information, passwords, mnemonic phrases, or private keys. Legitimate services will not ask for this information via email or messages.
• Check Senders: Even if an email appears to come from a familiar source, carefully check the sender's email address. Sometimes, phishers disguise themselves as legitimate senders, using slight spelling errors or forged domain names to deceive.

1. Fund Management

• Multi-Wallet Management: Store assets across multiple wallets rather than concentrating them in one wallet. This way, even if one wallet is attacked, the assets in other wallets can be protected.
• Combination of Cold and Hot Wallets: Store the majority of assets in offline cold wallets, keeping only a small amount in online hot wallets for daily transactions. Cold wallets are not connected to the internet, providing higher security.
• Regular Checks: Regularly check the security status and transaction records of each wallet, revoke unnecessary excess authorizations, and promptly identify and address abnormal situations.

OKX Web3 Wallet Security Team: As the on-chain ecosystem develops, users' on-chain interactions are becoming increasingly active, necessitating heightened security awareness. Users should take multiple measures to reduce the risk of becoming phishing attack targets and protect their wallets and assets.

1. Verify Websites and Addresses: Before entering private keys or conducting transactions, always verify that the URL of the website being accessed is correct, especially when clicking links from emails or social media. For blockchain addresses, use known security services like the OKLink browser to verify the legitimacy of the address.
2. Use Hardware Wallets: Hardware wallets can provide an extra layer of security for crypto assets. Even if a user's computer is infected or they accidentally access a phishing site, the hardware wallet ensures that private keys do not leave the device.
3. Do Not Authorize Easily: When authorizing operations for smart contracts, always confirm the content and source of the contract. Only authorize trusted contracts or those that have undergone sufficient community audits.
4. Utilize Security Tools and Services: Install and use anti-phishing and malware protection tools, such as browser extension programs, which can help identify and block access to known malicious websites.
5. Stay Vigilant: Be cautious of any urgent requests asking you to provide private keys or conduct transfers. Attackers often exploit users' anxiety and impatience to induce decision-making.
6. Enhance Self-Security Awareness: Regularly update your security knowledge and stay informed about the latest phishing attack methods and blockchain security dynamics. Consider participating in relevant online courses or reading blockchain security guides.

How Can Users Avoid Participating in Scam Projects During On-Chain Transactions?

GoPlus Security Team: First, we need to understand what scam tokens are. Scam tokens are cryptocurrency tokens created by malicious actors. Their purpose from the outset is to implement rug pulls, and these tokens are typically designed to defraud investors of their funds, while the tokens themselves have no real value or utility. Once investors purchase these tokens, they often find that they cannot sell them for various reasons or suffer significant losses during transactions. Common scam tokens include those that restrict selling functions, impose trading cooldowns, hide transaction fees, or deceive users in other ways. Users can take the following measures to avoid purchasing scam tokens.

1. Verify Contract Addresses:

• Check Information: Before purchasing a token, confirm that the smart contract address of the token is correct. Ensure that the contract address matches the one provided by the project officially and obtain this information through official channels, such as the official website, white paper, or official social media.
• Review Contract Code: If you have a technical background, you can review the token's smart contract code to check for anomalies or malicious code. If you lack relevant knowledge, rely on trusted contract auditing tools or services.
• Use Blockchain Browsers: Use blockchain browsers to view detailed information about the token contract, including the distribution of token holders, transaction history, etc., to ensure that the contract does not have obvious risk characteristics.

1. Use Trusted Tools:

• Token Risk Identification Tools: Use some commonly used token risk identification tools to scan whether the token contract contains malicious code. These tools can check for common scam characteristics, such as inability to sell or hidden fees.
• Contract Analysis Platforms: Utilize blockchain contract analysis platforms to view the transaction history and contract code of the token. Pay attention to the distribution of token holders and be wary of tokens that are highly concentrated in a few addresses.
• Automated Monitoring Tools: Use tools that can automatically monitor new tokens and their risk characteristics to timely identify and avoid potential scam tokens.

1. Community and Reputation:

• Social Media and Community Feedback: Check the community reputation of the token and the feedback from other users on social media platforms like Twitter and Reddit. Understand whether the project is supported and trusted by the community, and avoid purchasing tokens that have been reported or discussed as scams multiple times.
• Project Information Transparency: Assess the transparency of the project team, such as the backgrounds of team members, the project's technical white paper, and development roadmap. Legitimate projects typically disclose detailed team and technical information.
• Participate in Community Discussions: Actively engage in community discussions about the token project to understand the latest developments and users' actual experiences, which can help judge the project's credibility.

1. Small-Scale Testing:

• Test Transactions: Before making large purchases, conduct small-scale test transactions. By performing small-scale tests, verify whether the buying and selling functions of the token operate normally, ensuring that you do not purchase tokens that cannot be sold.
• Monitor Transaction Fees: Pay attention to transaction fees and slippage during small transactions, checking for abnormally high fees or hidden trading conditions.
• Observe Market Reactions: After conducting small-scale tests, observe the market's response to the token and its trading activity to assess whether it exhibits normal market behavior.

1. Be Wary of High-Yield Promises:

• Unrealistic Promises: Be cautious of tokens that promise high yields and quick returns. Scam tokens often exploit investors' greed by promising unrealistic high returns to attract funds.
• Identify Risk Signals: High yields often come with high risks. For projects that claim "guaranteed profits," maintain a high level of vigilance to avoid being lured by short-term high returns.
• Consult Professional Opinions: Before investing, consider consulting professionals for their risk assessments of the project.

1. Rational Investment:

• Stay Rational and Cautious: Do not be tempted by short-term high yields; always conduct thorough research and risk assessments. Investment decisions should be based on detailed analysis and rational judgment rather than emotional impulses.
• Diversify Investments: Do not invest all funds into a single token or project. Diversifying investments can reduce overall risk, ensuring that even if some investments fail, significant losses are avoided.

OKX Web3 Wallet Security Team: With frequent rug pull incidents from on-chain projects, users should heighten their vigilance. For example:

1. Research Project Background: Before purchasing any token, thoroughly research the project. Understand the project's vision, team members, white paper, roadmap, and other relevant information. Look for community discussions about the project to gauge others' opinions.
2. Watch for Warning Signals: Some warning signals may indicate that a token is a scam or untrustworthy. For example, anonymous teams, exaggerated promises, and lack of transparency. If you notice any warning signals, it's best to remain cautious and avoid purchasing such tokens.
3. Use Token Scanning Tools: Utilize token scanning features provided by wallets like OKX Web3 Wallet, which analyze tokens from multiple aspects, including contract code, on-chain behavior, and community feedback, to detect potential scam behaviors.
4. Review Contracts: On Ethereum or other smart contract platforms, you can view the token contract code. Reviewing contracts can help determine the credibility of the token. If the contract code contains suspicious logic or is not open-sourced, exercise greater caution.
5. Stay Vigilant: Do not easily trust recommendations from strangers or promotional messages circulated in communities. If you hear overly optimistic promises about a project, be skeptical and maintain rationality.

How Can Users Prevent Being Targeted by On-Chain MEV Attacks and Avoid Financial Losses?

GoPlus Security Team: To prevent financial losses from MEV (Miner Extractable Value) attacks, users can take the following detailed measures.

1. Use Dedicated Tools

• Anti-MEV Features: Users can enable anti-MEV features in their wallets by utilizing specially designed trading tools or plugins. These tools can identify and avoid potential MEV attacks, protecting users' transactions from being exploited by miners and other attackers.
• Transaction Protection Services: Some platforms offer transaction protection services that can batch send or obfuscate users' transactions to reduce the risk of MEV attacks. These services can help users execute large transactions more securely.

1. Diversify Transaction Timing:

• Avoid Peak Times: Avoid making large transactions during peak trading times, as MEV attacks are more active during these periods. Peak times are usually when the market is highly volatile or significant news is released. Choosing to trade during lower volume periods can effectively reduce the likelihood of being attacked.
• Scheduled Transactions: Use scheduled transaction features to spread large transactions over multiple time points, reducing the risk of exposure to MEV attacks for any single transaction.

1. Utilize Privacy Technologies:

• Privacy Nodes: Users can send transactions to privacy nodes (like Flashbots) to ensure that transactions are executed normally. Flashbots can send transactions directly to miners, bypassing the public transaction pool, thus avoiding MEV attacks. However, this method may result in slightly slower transaction confirmation speeds, as transactions must wait for blocks to be mined to confirm their status.
• Obfuscate Transactions: Use transaction obfuscation techniques to split transactions into multiple small transactions and send them mixed, increasing the obscurity of transactions and reducing the risk of being attacked.

1. Diversified Strategies:

• Spread Transactions: Do not concentrate all transactions at the same time or on the same platform. Diversifying risks reduces the likelihood of being targeted. By spreading transactions, it becomes difficult for attackers to predict and intercept all transactions, lowering overall risk.
• Use Multiple Trading Platforms: Utilize multiple trading platforms and tools to avoid conducting all transactions on a single platform, reducing the chances of concentrated attacks.

1. Choose High-Liquidity Trading Pools:

• High Liquidity Pools: Try to select trading token pools with high liquidity and abundant LPs (Liquidity Providers) to avoid slippage losses and MEV attacks due to insufficient liquidity. High liquidity pools can absorb larger transaction volumes, reducing the risk of transaction manipulation.
• Review Trading Depth: Before executing trades, check the depth of the trading pool and the liquidity of the trading pair to ensure that transactions can proceed smoothly without causing significant price fluctuations.

1. Set Reasonable Slippage Tolerance:

• Slippage Protection: Set reasonable slippage tolerance on trading platforms to prevent transaction prices from deviating from expectations. Setting slippage too high increases the risk of MEV attacks, while setting it too low may lead to transaction failures. Adjust slippage tolerance based on market conditions to achieve optimal protection.

1. Continuous Monitoring and Strategy Adjustment:

• Transaction Monitoring: Continuously monitor your transaction activities to promptly identify and respond to potential MEV attacks. Use analysis tools and monitoring services to track the execution status of transactions and market reactions.
• Adjust Strategies: Based on transaction monitoring results and market changes, timely adjust transaction strategies and protective measures to ensure that transactions remain secure.

OKX Web3 Wallet Security Team: We have distilled several core points, including:

1. Pay attention to trading depth and set slippage: Monitor trading depth, split large transactions into smaller ones, execute multiple times, and set slippage protection to reduce the likelihood of being attacked.
2. Use privacy-protecting nodes: Choose nodes with privacy protection features to prevent transactions from being public, such as Flashbot privacy RPC nodes.
3. Choose trusted wallets and applications: Use reputable wallets and applications that provide MEV protection (such as the native DApp of OKX Wallet) and avoid using unknown or unverified services.

What to Do If User Wallet Assets Are Stolen?

GoPlus Security Team: Many users often lose assets that could have been recovered or rescued due to a lack of experience or methods for handling the situation after discovering that their wallet assets have suddenly disappeared. To help users take the correct actions quickly after asset theft, here are several key remedial measures:

Step 1: Transfer Remaining Tokens in the Wallet

• Create a New Wallet: Immediately create a new wallet address, ensuring that the new wallet address and private key are secure and not leaked.
• Transfer Assets: Quickly transfer the remaining tokens in the wallet to the newly created wallet to prevent further theft of remaining assets.
• Revoke Authorizations: Use authorization management tools to revoke all unnecessary smart contract authorizations in the old wallet, further protecting remaining assets.
• Use Rescue Tools: If necessary, use some rescue tools and front-running services to quickly recover losses. These services can help prioritize asset transfers, avoiding detection by the hacker's monitoring program regarding the Gas needed for transferring assets.

Step 2: Identify the Root Cause of the Theft

1. Check Devices and Accounts

• Device Security Check: Check the device used to access the wallet to ensure there is no malware, viruses, or spyware. Use trusted antivirus software for a comprehensive scan.
• Account Security Check: Check accounts related to the wallet, such as trading platforms and email, to ensure these accounts have not been hacked.

1. Locate the Cause of the Theft

• Private Key Theft: If the private key is stolen, hackers can fully control the wallet and transfer all assets. If it is an EVM wallet private key leak, hackers can transfer all assets across multiple EVM-compatible chains. Check for signs of private key or mnemonic phrase leaks, such as entering private keys or mnemonic phrases on phishing websites.
• Unauthorized Authorizations: Check if malicious smart contracts were authorized without knowledge. Use Etherscan or other blockchain browsers to view authorization history and identify abnormal authorizations.
• Malicious Signatures: Confirm whether malicious transactions or information were signed. Especially check for unknown or suspicious signatures signed through DApps or other services.

1. Review Transaction Records:

• Analyze Transaction History: Use blockchain browsers (such as Etherscan, BscScan) to view the wallet's transaction records, identifying suspicious transactions and unexplained fund flows.
• Gather Evidence: Record detailed information about suspicious transactions, including transaction IDs, transaction times, counterpart addresses, etc., to provide evidence for subsequent reporting and investigation.

Step 3: Report to Authorities

1. Report to the Police

• Contact Local Police: Quickly contact local law enforcement to report the wallet asset theft incident. Provide detailed transaction records and evidence to help the police understand the case.
• File a Case: Complete necessary forms and documents as required by the police to ensure the case is formally filed. Provide as many clues and evidence as possible to assist the police in their investigation.

1. Maintain Communication

• Regular Follow-Up: Regularly contact the police to inquire about the case's progress and provide any new clues or information.
• Assist in Investigation: Actively cooperate with the police investigation, providing any required information and support.

Step 4: Seek Help from Professional Security Agencies and Request Relevant Exchanges to Freeze Stolen Funds Based on the Fund Flow

1. Contact Professional Security Agencies

• Professional Assistance: Contact blockchain security companies or professional security agencies for assistance. Professional agencies can provide technical support to help trace and analyze the flow of stolen funds.
• Fund Tracking: Utilize professional blockchain analysis tools to trace the flow path of stolen funds and identify the exchanges and final receiving addresses of the funds.

1. Request Exchanges to Freeze Funds

• Contact Exchanges: Contact the relevant exchanges where the stolen funds are flowing, providing detailed transaction records and evidence, and request their assistance in freezing the stolen funds.
• Provide Evidence: Submit the police's case filing proof, transaction records, and analysis reports to the exchanges, proving that the funds are stolen assets and requesting their cooperation in freezing them.
• Continuous Follow-Up: Maintain communication with the exchanges, regularly following up on the handling progress of frozen funds to ensure the stolen assets are recovered as soon as possible.

OKX Web3 Wallet Security Team: When blockchain users' wallet assets are stolen, remedial measures may be limited, as the decentralization and immutability of blockchain make it generally impossible to reverse confirmed transactions. Here are some possible remedial measures:

1. Take Immediate Action

   1) Analyze the Cause of the Theft

• If authorized to a hacker's address, immediately revoke the authorization on the authorization platform.
• If it is a private key leak, conduct comprehensive security checks, identify the cause of the private key leak, reinstall the system, and then change wallets.

2) Asset Rescue

• If there are still some assets in the wallet that have not been transferred or assets in DeFi projects, asset rescue can be conducted to reduce losses.

3) Track Fund Flow

• You can find white hats or members of the security community to monitor the flow of funds. If the funds flow to an exchange is detected, you can apply to freeze the account.

1. Report to Relevant Authorities

   1) Provide Feedback to Wallet Customer Service Regarding the Issue

   2) Report to the Police, providing all relevant information about the theft incident. This information can help users freeze the exchange account when the funds flow to the exchange.

2. Seek Help from the Blockchain Community

   1) Post announcements on relevant blockchain social media like Twitter. Sometimes the community will assist in tracking and stopping the flow of stolen funds.

   2) Offer a bounty to incentivize white hats or community members to help recover assets.

3. Prevention

   1) Conduct educational training to learn more about how to protect oneself from future attacks.

   2) Use cold wallets to store the majority of assets offline.

   3) Securely back up keys.

In summary, although the characteristics of blockchain technology make it challenging to recover stolen assets, prompt action and the adoption of multiple remedial measures can help minimize losses and prevent future risks.

Finally, thank you for reading the 06th issue of the OKX Web3 Wallet "Security Special Edition." In the final issue, we will summarize the content of the "Security Special Edition" series, serving as a conclusion that includes real cases, risk identification, and practical security operations. Stay tuned!

Disclaimer:

This article is for reference only and is not intended to provide (i) investment advice or recommendations; (ii) offers or solicitations to buy, sell, or hold digital assets; or (iii) financial, accounting, legal, or tax advice. Holding digital assets (including stablecoins and NFTs) involves high risks and may fluctuate significantly, even becoming worthless. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation. You are responsible for understanding and complying with applicable local laws and regulations.