okx

Web3 Security Beginner's Guide to Avoiding Pitfalls | Wallet Classification and Risks

时间:2024-04-15|浏览:257

background

As the crypto market becomes more and more popular, Web3 projects and gameplay are changing at a very fast pace, and players' emotions are getting more and more excited. As a result, players accidentally step into traps and get stolen or phished while participating in various new projects. In this context, combined with the information we have collected on and off the chain, we hope to expand a series of practical examples closely related to the security of user assets, so we have the Web3 Security Beginner's Guide to Avoiding Pitfalls.

We plan to integrate the risk points in the Web3 field as comprehensively as possible, and use examples as a background to help readers better identify and prevent risks. The main contents of this guide include but are not limited to: risks in the process of downloading and using wallets; pitfalls that may fall into when participating in various Web3 ecological projects; how to better identify whether signature authorization is dangerous; how to remedy it after it is unfortunately stolen, etc. (Ps. The content is tentative, and the plan cannot keep up with the changes in reality and the editor's ideas, so the final content may be more or less than planned)

Whether you are a beginner who wants to explore the unknown and novel world of Web3, but is overwhelmed by industry jargon, gameplay different from Web2, and unknown risks; or you are an old player of Web3, who has been trekking in the dark forest of blockchain for a while, has heard of and seen many "pitfalls", or even stepped on them, but is not very clear about the reasons for theft and how to avoid being damaged again, you can learn this pit avoidance guide with us. This guide aims to enable every user to better protect their assets and go further in the dark forest of blockchain.

As we all know, wallets are the entrance to the crypto world and the infrastructure of Web3, and their importance is self-evident. So without further ado, let’s introduce the first “appetizer” - wallet classification and risks.

Wallet Category

Browser Wallet

Browser wallets such as MetaMask, Rabby, etc. are installed as browser plug-ins in the user's browser (such as Google Chrome, Firefox, etc.). Browser wallets are usually easier to access and use, and do not require downloading or installing additional software.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://metamask.io/download/)

Web wallet (not recommended)

Web wallets allow users to access and manage crypto assets through a web browser. Although this method is more convenient, the risks behind it cannot be ignored. Web wallets generally encrypt mnemonics and store them in the browser's local storage, so they may be threatened by malware or network attacks.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://www.myetherwallet.com/wallet/access/software?type=overview)

Mobile Wallet

Mobile wallets work similarly to their web counterparts and are usually available as apps that users can download and install on their phones.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://token.im/download?locale=en-us)

Desktop Wallet

Desktop wallets were more common in the early days of cryptocurrency, and well-known ones include Electrum, Sparrow, etc. This type of wallet is an application installed on a computer, and private keys and transaction data are stored on the user's local device. The user has full control over his or her cryptocurrency private key.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://sparrowwallet.com/)

Hardware wallets

Hardware wallets are physical devices used to store cryptocurrencies and digital assets, such as Trezor, imKey, Ledger, Keystone, OneKey, etc. Hardware wallets provide a way to store private keys offline, which means that when using hardware wallets to interact with DApps, private keys will not be exposed online.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://shop.ledger.com/products/ledger-nano-s-plus/matte-black)

Paper wallet (not recommended)

A paper wallet is a cryptocurrency address and its private key printed on a piece of paper in the form of a QR code, and then cryptocurrency transactions are carried out by scanning the QR code.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://www.walletgenerator.net/?culture=zh¤cy=bitcoin)

Common risks of wallet

Download to fake wallet

Since many mobile phones do not support Google Play or because of network problems, many people will download wallets from other channels, such as third-party download sites, or directly search for a wallet with a browser, and then randomly click on a top-ranked link. In this way, there is a high probability that a fake wallet will be downloaded, because search engine advertising space and natural traffic can be purchased. Scammers can forge a fake wallet official website by purchasing top-ranked advertising space to trick users into visiting. The following figure shows the results of searching for TP wallet using Baidu:

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://mp.weixin.qq.com/s/NdwIE412MJ7y-O5f2OrSHA)

Purchased a fake wallet

Supply chain attacks are one of the main threats to hardware wallet security. If the user does not purchase a hardware wallet from an official store or authorized dealer, it is uncertain how many hands the wallet will pass through before it reaches the user, and whether the internal components have been tampered with. In the picture below, the hardware wallet on the right has been tampered with.

WEB3SECURITYBEGINNERSGUIDETOAVOIDINGPITFALLSWALLETCLASSIFICATIONANDRISKS

(https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/)

Trojans in your computer

If the computer is infected with a Trojan, the wallet will be affected by the malware. The SlowMist Security Team has written an article about the Redline Stealer Trojan that analyzes the formation process and impact of the risk in detail. Interested readers can click to view it. We recommend that users install antivirus software, such as Kaspersky, AVG, 360, etc., keep the real-time protection of the security software turned on, and update the latest virus database at any time.

Wallet vulnerabilities

Finally, you may have downloaded a genuine wallet, used it carefully, and the device and real environment are safe enough, but if there is a problem with the design of the wallet itself, it may also be attacked by hackers, and the users of the wallet will also suffer asset losses. This is why when choosing a wallet, you cannot only consider the convenience of the wallet, but also whether the wallet code is open source. External developers and auditors can find potential vulnerabilities through open source code and reduce the possibility of wallet attacks. Even if the wallet is unfortunately stolen due to a vulnerability, security personnel can quickly locate the vulnerability and remedy it in time.

Summarize

In this issue, we mainly introduced the classification of wallets and listed common risk points to help readers form a basic concept of wallet security. No matter which type or brand of wallet you choose, you should always keep the mnemonic and private key confidential and secure. You can consider integrating the advantages of different types of wallets and using multiple types of wallets together, such as using a combination of well-known hardware wallets + well-known software wallets to manage heavy assets, and using multiple well-known software wallets to manage light assets in a decentralized manner. In the next issue, we will introduce the pitfalls of downloading and purchasing wallets in detail, and welcome to follow us. (Ps. The wallet brands and pictures mentioned in this article are only for the purpose of assisting readers' understanding and do not constitute recommendations or guarantees)

热点: TO WALLET WEB

« 上一条| 下一条 »
区块链交流群

相关资讯

数藏交流群

合作伙伴

谈股票 非小号行情 币圈ICO官网 美白没斑啦 去玩呗SPA 借春秋 币圈官网 茶百科 宝宝起名 聚币网 元宇宙Web 趣开心资讯 代特币圈 天天财富 旅游资讯网 数字财经 趣玩币 起名取名网 數字黃金 兼职信息网 玩合约 皮卡丘资讯 币圈交流群 免费电影 培训资讯网 币圈论坛 谷歌留痕 百悦米 佩佩蛙官网 玩票票财经 黄金行情 借春秋财经 减肥瘦身吧 百科书库 爱网站 秒懂域名 宠物丫 妈妈知道 币爸爸 金色币圈 装修装饰网 今日黄金 周公解梦 二手域名
在区块链世界中,智能合约不仅是代码的信任,更是商业的革命。通过了解其在供应链、版权保护等领域的应用,您将真正体验到智能合约的无限可能性
区块链世界GxPiKaQiu.com ©2020-2024版权所有 桂ICP备16002597号-2