
Security Special Issue 03 | OKX Web3 & WTF Academy: Grinding for rewards one second, hacked the next?
TechFlow Selected TechFlow Selected

Security Special Issue 03 | OKX Web3 & WTF Academy: Grinding for rewards one second, hacked the next?
Inviting renowned security experts 0xAA and the OKX Web3 Wallet Security Team to provide practical guidance on common security risks and preventive measures for "farming" participants.
Introduction
OKX Web3 Wallet has specially launched the "Security Special" series, offering targeted solutions for various types of on-chain security issues. Through real-life cases happening to users and in collaboration with experts or organizations in the security field, this series provides dual perspectives and insights, systematically organizing and summarizing secure transaction rules from basic to advanced levels. It aims not only to strengthen user education on security but also to help users learn how to protect their private keys and wallet assets starting from themselves.
Farming aggressively like a tiger, but with a security score of -5?
For high-frequency on-chain users, security is always the top priority for farmers.
Today, two on-chain "pit-avoidance kings" will teach you how to implement safety protection strategies.
This is the third issue of the Security Special, featuring renowned industry security expert 0xAA and the OKX Web3 Wallet security team, who will explain common security risks and preventive measures for farmers from a practical guide perspective.

WTF Academy: Thank you very much for the invitation from OKX Web3. I'm 0xAA from WTF Academy. WTF Academy is an open-source Web3 university that helps developers get started with Web3 development. This year, we incubated a Web3 rescue project called RescuETH (On-chain Rescue Team), focusing on rescuing remaining assets from users' stolen wallets. So far, we've successfully rescued over 3 million RMB worth of stolen assets across Ethereum, Solana, and Cosmos.
OKX Web3 Wallet Security Team: Hello everyone, we're excited to share with you today. The OKX Web3 Wallet Security Team is primarily responsible for building various security capabilities within OKX's Web3 domain, such as wallet security features, smart contract security audits, and on-chain project monitoring. We provide multi-layered protection services including product security, fund security, and transaction security, contributing to the overall blockchain security ecosystem.
Q1: Please share some real cases where farmers encountered risks
WTF Academy: Private key leakage is one of the major security risks faced by farming users. Essentially, a private key is a string of characters used to control crypto assets—anyone possessing the private key can fully access, transfer, and manage the corresponding assets. Once leaked, attackers can unauthorizedly access and steal users' funds, leading to financial loss. Therefore, I'll focus on sharing several cases involving private key theft.
Alice (pseudonym) was tricked by hackers on social media into downloading malicious software, which resulted in her private key being stolen. Malicious software comes in many forms, including mining scripts, games, meeting apps, token-sniping bots, sandwich bots, etc., so users need to enhance their security awareness.
Bob (pseudonym) accidentally uploaded his private key to GitHub, allowing others to obtain it and quickly resulting in asset theft.
Carl (pseudonym) trusted a fake customer service agent who proactively contacted him in an official project Telegram group, revealing his seed phrase, after which his wallet assets were stolen.
OKX Web3 Wallet Security Team: There are many such risk cases—we’ve selected several classic ones that users often encounter while farming.
First type: Fake airdrops posted by impersonating accounts. User A found an airdrop announcement under the latest tweet of a popular project while browsing Twitter and clicked the link to participate, ultimately falling victim to phishing. Many scammers now create fake official accounts and post false announcements below legitimate tweets to lure users. Users should be cautious and vigilant.
Second type: Official account hijacking. A project’s official Twitter and Discord accounts were hacked, and the attacker then posted a fake airdrop link through these official channels. Since the link appeared to come from an official source, User B didn’t question its authenticity, clicked the link, and ended up being phished.
Third type: Encountering malicious project teams. User C participated in a mining activity of a certain project and deposited all their USDT into the project’s staking contract to earn higher rewards. However, the smart contract had neither undergone rigorous auditing nor been open-sourced. As a result, the project team exploited a backdoor in the contract to steal all assets deposited by User C.
For farming users who may manage dozens or even hundreds of wallets, protecting wallet and asset security is extremely important and requires constant vigilance and enhanced security awareness.
Q2: Common security risks and protective measures for high-frequency users during on-chain interactions
WTF Academy: For farmers and all Web3 users, the two most common current security risks are phishing attacks and private key leaks.
The first is phishing attacks: Hackers usually impersonate official websites or applications, luring users to click via social media or search engines. Then, on phishing sites, they trick users into transacting or signing, thereby obtaining token approvals and stealing assets.
Prevention measures: First, users are advised to access official websites and apps only through official channels (e.g., links in official Twitter bios). Second, use security plugins to automatically block known phishing sites. Third, when visiting suspicious websites, consult professional security experts to verify legitimacy.
The second is private key leakage: Already discussed above, so no further elaboration here.
Prevention measures: First, avoid downloading suspicious software from unofficial sources if your computer or phone has a wallet installed. Second, remember that official customer service rarely initiates private messages and never asks you to send or enter your private key or seed phrase on fake websites. Third, if your open-source project requires using a private key, configure the .gitignore file properly to ensure the key isn't uploaded to GitHub.
OKX Web3 Wallet Security Team: We’ve summarized five common security risks in on-chain interactions and listed protective measures for each.
1. Airdrop scams
Risk overview: Users often find numerous unknown tokens suddenly appearing in their wallet addresses. These tokens typically fail when traded on common DEXs, prompting pages suggesting users visit the token’s “official” website to exchange them. When authorizing transactions there, users often grant smart contracts permission to transfer all account assets, eventually leading to total asset theft. For example, the Zape airdrop scam: Many users unexpectedly received large amounts of Zape coins worth hundreds of thousands of dollars, making them believe they’d struck gold. In reality, it was a carefully crafted trap. Since these tokens couldn’t be verified on正规 platforms, eager users searched for the “official” site based on the token name. After connecting their wallet, they believed they could sell the tokens—but once authorization was granted, all their wallet assets were immediately stolen.
Protection measures: Stay highly alert against airdrop scams. Verify information sources strictly—always obtain airdrop details from official channels such as project websites, official social media accounts, and official announcements. Safeguard your private keys and seed phrases, never pay any fees, and leverage community knowledge and tools to identify potential scams.
2. Malicious smart contracts
Risk overview: Unaudited or non-open-source smart contracts may contain vulnerabilities or backdoors, making user fund safety unguaranteed.
Protection measures: Interact only with smart contracts rigorously audited by reputable firms, and carefully review project audit reports. Additionally, projects offering bug bounties generally have better security assurance.
3. Authorization management:
Risk overview: Over-authorizing interacting contracts may lead to fund theft. Examples include: 1) Upgradable contracts—if the privileged account's private key is leaked, attackers can upgrade the contract to a malicious version and steal authorized users’ assets. 2) If undiscovered vulnerabilities exist in the contract, excessive authorization might allow attackers to exploit them later to steal funds.
Protection measures: Authorize only necessary amounts to interacting contracts, and regularly check and revoke unnecessary authorizations. When performing off-chain permit signature authorization, clearly understand the target contract, asset type, and authorization amount—think before acting.
4. Phishing authorization
Risk overview: Clicking malicious links and being tricked into authorizing malicious contracts or accounts.
Protection measures: 1) Avoid blind signing: Always understand what you’re signing before confirming any transaction—ensure every step is clear and necessary. 2) Be cautious about authorization targets: Exercise extreme caution when authorizing EOA addresses (Externally Owned Accounts) or unverified contracts, as they may contain malicious code. 3) Use anti-phishing plugin wallets: Use wallets with built-in phishing protection, such as OKX Web3 Wallet, which can help identify and block malicious links. 4) Protect seed phrases and private keys: Any website requesting your seed phrase or private key is a phishing site—never enter these sensitive details anywhere.
5. Malicious farming scripts
Risk overview: Running malicious farming scripts may install trojans on your computer, leading to private key theft.
Protection measures: Be extremely cautious when running unknown farming scripts or software.
In summary, we urge users to remain cautious at all times and diligently protect their wallet and asset security during on-chain interactions.
Q3: Outline classic phishing types and tactics, and how to identify and avoid them?
WTF Academy: I’d like to reframe this question from another angle: Once a user discovers their assets have been stolen, how can they determine whether it was due to a phishing attack or private key leakage? Users can typically distinguish between these two types of attacks based on their characteristics:
1) Characteristics of phishing attacks: Hackers usually obtain authorization for one or multiple assets within a single wallet via phishing websites, then steal those assets. Generally, the number and types of stolen assets correspond directly to what was authorized on the phishing site.
2) Characteristics of private key/seed phrase leakage: Hackers gain full control over all assets across all chains in one or more wallets. Therefore, if any of the following signs appear, it's likely a private key leak:
1) Native tokens were stolen (e.g., ETH on Ethereum), since native tokens cannot be authorized.
2) Assets across multiple chains were stolen.
3) Assets from multiple wallets were stolen.
4) Multiple assets from a single wallet were stolen, even though the user clearly remembers not having authorized them.
5) No authorization (Approval event) occurred before or within the same transaction as the token theft.
6) Gas sent to the wallet is immediately transferred away by the hacker.
If none of the above apply, it’s more likely a phishing attack.
OKX Web3 Wallet Security Team: To minimize phishing risks, keep two points in mind: 1) Never enter your seed phrase or private key on any webpage; 2)
Ensure you're accessing official links and click confirmation buttons in wallet interfaces cautiously.
Next, we’ll share some typical phishing scenarios to help users better understand them intuitively.
1. Fake website phishing: Impersonating official DApp websites to trick users into entering private keys or seed phrases. Therefore, the primary rule is never to provide your wallet private key or seed phrase to anyone or any website. Secondly, verify URLs carefully—use official bookmarks for frequently used DApps and rely on trusted mainstream wallets like OKX Web3 Wallet, which warns users about detected phishing sites.
2. Stealing native chain tokens: Malicious contract functions named Claim, SecurityUpdate, AirDrop, etc., appear legitimate but actually only transfer users’ native chain tokens while doing nothing else.

3. Similar address transfers: Scammers generate addresses matching the first and last few digits of a user’s related address via address collision. They then poison the user’s transaction history using zero-value transfers via transferFrom or small-value fake USDT transfers, hoping the user copies the wrong address from history during future transfers.
4. Impersonating customer service: Hackers pose as support staff via social media or email, asking users to provide private keys or seed phrases. Official support will never request this—simply ignore such requests.
Q4: What security considerations should advanced farmers keep in mind when using various tools?
WTF Academy: Given the wide variety of tools involved in farming, users should strengthen their security defenses when using these tools, such as:
1. Wallet security: Ensure private keys or seed phrases aren’t leaked—don’t store them in unsafe locations or enter them on unknown/untrusted websites. Back up seed phrases or private keys securely, such as on offline storage devices or encrypted cloud storage. Additionally, users holding high-value assets may consider using multi-signature wallets for added security.
2. Preventing phishing attacks: Always double-check URLs when visiting relevant websites and avoid clicking on links from unknown sources. Obtain download links and information only from project official websites or official social media, avoiding third-party sources.
3. Software security: Install and update antivirus software to prevent malware and virus attacks. Also, regularly update wallets and other blockchain-related tools to ensure the latest security patches are applied. Due to past security flaws in fingerprint browsers and remote desktops, we don’t recommend using them.
By following these practices, users can further reduce security risks when using various tools.
OKX Web3 Wallet Security Team: Let’s start with a publicly disclosed industry case.
For instance, BitBrowser offered features like multi-account login, preventing window association, and simulating independent PC information, gaining popularity among some users. However, a series of security incidents in August 2023 exposed its hidden risks. Specifically, BitBrowser’s “plugin data sync” feature allowed users to upload plugin data to cloud servers and quickly migrate it to new devices by entering a password. While designed for convenience, this feature posed security risks. Hackers infiltrated the server and obtained users’ wallet data. Using brute-force techniques, they cracked wallet passwords from the data and gained access. Server logs showed the extension cache server was illegally downloaded in early August (latest log entry August 2). This incident reminds us that while enjoying convenience, we must remain vigilant about potential security threats.
Therefore, ensuring the tools you use are secure and reliable is crucial to avoid hacker attacks and data breaches. Generally, users can improve security from the following dimensions:
1. Hardware wallet usage: 1) Regularly update firmware and purchase only through official channels. 2) Use on secure computers and avoid connecting in public places.
2. Browser plugin usage: 1) Be cautious with third-party plugins and tools—prefer reputable products like OKX Web3 Wallet. 2) Avoid using wallet plugins on untrusted websites.
3. Transaction analysis tool usage: 1) Use trusted platforms for transactions and contract interactions. 2) Carefully verify contract addresses and call methods to avoid mistakes.
4. Computer device usage: 1) Regularly update operating systems and software to patch security vulnerabilities. 2) Install reliable antivirus software and routinely scan for viruses.
Q5: How can farmers securely manage multiple wallets and accounts compared to using a single wallet?
WTF Academy: Given farmers’ high frequency of on-chain interactions and simultaneous management of multiple wallets and accounts, special attention to asset security is essential.
1. Use hardware wallets: Hardware wallets allow managing multiple wallet accounts on a single device, with each account’s private key stored securely within the hardware, significantly enhancing overall security.
2. Segregate security strategies & operation environments: First, segregate by purpose—users can diversify risk by separating wallets based on different uses, such as airdrop wallets, trading wallets, and storage wallets. For example, hot wallets for daily transactions and farming activities, cold wallets for long-term storage of critical assets—this way, even if one wallet is compromised, others remain safe.
Second, separate operation environments: Use different devices (e.g., phone, tablet, computer) to manage different wallets, preventing a single device’s compromise from affecting all wallets.
3. Password management: Set strong, unique passwords for each wallet account—avoid reusing or slightly modifying passwords. Consider using a password manager to securely maintain distinct passwords for each account.
OKX Web3 Wallet Security Team: Securely managing multiple wallets and accounts isn’t easy for farmers. Here are several dimensions to enhance wallet security:
1. Risk diversification: 1) Don’t store all assets in one wallet—distribute storage to reduce risk. Choose different wallet types (hardware, software, cold, hot) based on asset type and purpose. 2) Use multi-signature wallets for managing large-value assets to increase security.
2. Backup and recovery: 1) Regularly back up seed phrases and private keys, storing them in multiple secure locations. 2) Use hardware wallets for cold storage to prevent private key exposure.
3. Avoid password reuse: Set strong, unique passwords for each wallet and account to reduce the risk of one breach compromising others.
4. Enable two-factor authentication (2FA): Wherever possible, enable 2FA on all accounts to add an extra layer of security.
5. Limit use of automation tools: Minimize reliance on automated tools, especially those storing your data on cloud or third-party servers, to reduce data leak risks.
6. Restrict access permissions: Only allow trusted individuals to access your wallets/accounts, and limit their operational privileges.
7. Regularly check wallet security status: Use tools to monitor wallet transactions and ensure no anomalies occur. If any private key leakage is detected, immediately replace all affected wallets.
Beyond the above, there are many other considerations. Regardless, users should strive to secure wallets and assets across multiple dimensions rather than relying solely on one approach.
Q6: What are the recommended protections regarding slippage and MEV attacks relevant to farmers?
WTF Academy: Understanding and defending against slippage and MEV attacks is crucial, as these risks directly impact transaction costs and asset security.
Regarding MEV attacks, common types include: 1) Front-running—miners or bots execute identical trades before a user’s transaction to profit. 2) Sandwich attacks—miners insert buy and sell orders around a user’s trade to profit from price fluctuations. 3) Arbitrage—exploiting price differences across blockchain markets.
Users can mitigate these risks by using MEV protection tools to submit transactions through private miner channels instead of broadcasting publicly on-chain. Alternatively, reduce transaction visibility time by minimizing mempool dwell time, using higher gas fees to speed up confirmation, and avoiding large transactions concentrated on a single DEX platform.
OKX Web3 Wallet Security Team: Slippage refers to the difference between expected and actual execution prices, commonly occurring during high market volatility or low liquidity. MEV attacks involve exploiting information asymmetry and transaction privileges for excess profits. Below are common protective measures for both scenarios:
1. Set appropriate slippage tolerance: Due to transaction latency and potential MEV attacks, users should set reasonable slippage tolerance during trades to avoid failed transactions or fund losses caused by market swings or MEV.
2. Batch trading: Avoid large single transactions—split into smaller batches to reduce market impact and lower slippage risk.
3. Use highly liquid trading pairs: Trade with pairs having sufficient liquidity to minimize slippage.
4. Use front-run protection tools: For critical transactions, avoid the mempool—use specialized anti-front-running tools to prevent MEV bots from capturing your trade.
Q7: Can users use monitoring tools or professional methods to regularly detect wallet account anomalies?
WTF Academy: Yes, users can employ various monitoring tools and professional methods to regularly monitor and detect abnormal wallet activities. These approaches help enhance account security and prevent unauthorized access or potential fraud. Here are some effective monitoring and detection methods:
1) Third-party monitoring services: Many platforms now offer detailed wallet activity reports and real-time alerts.
2) Use security plugins: Some security tools can automatically block certain phishing sites.
3) Built-in wallet features: Wallets like OKX Web3 can automatically detect and warn about suspected phishing sites and suspicious contracts.
OKX Web3 Wallet Security Team: Numerous companies and organizations now offer tools for wallet address monitoring. Based on publicly available industry data, we’ve compiled the following:
1. Blockchain monitoring tools: Use blockchain analytics tools to monitor abnormal transactions and fund changes in wallet addresses, and set up transaction notifications.
2. Secure wallets: Professional wallets like OKX Web3 support transaction simulation to detect suspicious transactions in advance and can block interactions with malicious sites and contracts.
3. Alert systems: Send balance or transaction change alerts via SMS, email, or app notifications based on user-defined conditions.
4. OKLink Token Approval Checker: Check wallet approvals for DApps and promptly revoke unnecessary ones to prevent abuse by malicious contracts.

Q8: How to protect on-chain privacy security?
WTF Academy: While blockchain’s transparency brings many benefits, it also means user transaction activity and asset information could be misused—making on-chain privacy increasingly important. Users can protect personal identity privacy by creating and using multiple addresses. We do not recommend using fingerprint browsers due to numerous past security vulnerabilities.
OKX Web3 Wallet Security Team: More and more users are now paying attention to privacy protection. Common practices include:
1. Multi-wallet management: Distribute assets across wallets to reduce the risk of a single wallet being tracked or attacked.
2. Use multi-signature wallets: Require multiple signatures to execute transactions, enhancing both security and privacy.
3. Cold wallets: Store long-held assets in hardware or offline storage to prevent online attacks.
4. Do not disclose addresses: Avoid sharing your wallet address on social media or public platforms to prevent tracking.
5. Use temporary emails: When participating in airdrops or other events, use disposable email addresses to protect personal information.
Q9: What should users do if their wallet account is compromised? Are there any efforts or mechanisms in place to assist victims and protect user assets?
WTF Academy: We’ll address this separately for phishing attacks and private key/seed phrase leaks.
First, in the case of a phishing attack: Assets authorized to hackers are typically transferred and nearly impossible to recover. However, remaining assets in the user’s wallet are relatively safe. The RescuETH team recommends the following actions:
1) Revoke authorizations given to the hacker
2) Contact security firms to track stolen assets and hacker addresses.
Second, in the case of private key/seed phrase leakage: All valuable assets in the user’s wallet are transferred to the hacker—these are almost unrecoverable. However, assets currently non-transferable (e.g., locked staked assets or pending airdrops) can still be rescued—this is our main rescue target. The RescuETH team recommends:
1) Immediately check for any assets not yet moved by the hacker—if found, transfer them to a secure wallet right away. Sometimes hackers
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News













