Don't wait until you're hacked: Web3 security prevention guide
TechFlow Selected TechFlow Selected
Don't wait until you're hacked: Web3 security prevention guide
The mistakes I've made, you don't have to make again.
Navigating Web3 tides with focused insightsAuthor: Ye Su
After Bybit lost $1.5 billion, the reputable infini was hacked again.
I also suffered major losses from hackers several years ago. This morning, our company is conducting internal security training, so I'd like to share some personal lessons and prevention guidelines:
Emerging Attack Methods in the Last Two Years
1. Impersonation (Social Engineering)
Hackers often disguise themselves as customer service, well-known figures, friends, or investment opportunities to obtain your private key or recovery phrase. Stay vigilant and avoid clicking unknown links.
This is the hardest type of attack to prevent. Hackers have impersonated our company on Twitter/Tg to send direct-message scams. They usually pose as someone scheduling a call or discussing investment opportunities, sending fake decks, Zoom links, and websites to install malware.
2. Internal Infiltration
The ultimate tactic used by North Korean hackers, shared firsthand by the founder of a top-tier CEX. Hackers apply for jobs and infiltrate companies, typically working in asset management, security architecture, or finance departments. After about six months of lying low, they carry out internal attacks.
3. Similar Addresses
Hackers can generate addresses with identical first and last five characters within seconds—e.g., ten addresses starting with 0x1234 and ending with 56abc.
Hackers often mimic large wallet transactions using similar addresses for phishing. Always verify at least 5–6 characters in the middle of the address and transaction ID when transferring funds; better yet, double-check every step.
4. Public WiFi
Avoid using public Wi-Fi to prevent asset theft via malware or trojans. Hackers can directly breach devices through Wi-Fi. Be cautious with networks in hotels, parties, or even other people's homes. Use your own hotspot whenever possible.
Establishing Principles
1. Zero Trust Principle
In the blockchain world, never easily trust anyone or any tool. Independently verify all transactions and signing operations to ensure their source is trustworthy.
Even if your close friend messages you asking to front money, confirm it via phone, video, or in person.
2. A Gentleman Does Not Stand Beneath a Crumbling Wall
At the first sign of rumors (such as hacks or insolvency), immediately distance yourself from the risk. Only after ensuring safety should you consider anything else.
Never believe in "too big to fail." When FTX collapsed, both ArkStream and I avoided disaster by withdrawing funds on day one.
For additional preventive measures, refer to SlowMist's Blockchain Dark Forest Self-Protection Handbook.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@allen_su1024
