Where is the infrastructure for preventing hacking on the chain?

share
Where is the infrastructure for preventing hacking on the chain?

This article is authorized and reprinted from the author - Dongdong, who has been a high school math teacher since 2005 and the author of high school math textbooks published by Longteng Publishing House. In early 2021, he entered the cryptocurrency circle and became a small investor, fascinated by the rapid development and updates of blockchain. Currently, he is also a researcher at None Capital and manages a blog on Fanggezi, organizing and sharing information about blockchain.

Since the first Bitcoin was mined in 2009, up until early 2023, the market capitalization of decentralized finance DeFi has reached as high as $19.9 billion (November 2021).

With such a vast financial market, it naturally becomes a target for hackers. From as early as the Mt. Gox exchange being hacked in 2014 to recent incidents of NFT hacks, online wallet phishing, scams, or hacker attacks, such events continue to occur frequently.

Advertisement - Please scroll down for more content

According to DeFiLlama's on-chain data analysis, as of January 2023, the total amount hacked on decentralized finance DeFi platforms has reached a staggering $5.94 billion, with the past two years of 2021 and 2022 seeing the most frequent and significant incidents.

Hackers use various methods to launch attacks, from complex smart contract attacks or phishing attacks to common tactics like inducing users to authorize their wallets. This has increased the difficulty and risks for users using blockchain technology.

Common Wallet Authorization Scams on the Client Side

In general, common scam tactics will lead users to agree to wallet authorizations. Many people may not understand or carefully examine the authorization details on the authorization page, and by agreeing to the authorization, the following possibilities may occur:

  1. Authorization of the private key or mnemonic phrase to the other party's wallet, allowing hackers to access all assets in the wallet

Usually, when the private key or mnemonic phrase is leaked, hackers gain full access to the wallet, meaning they can freely transfer assets. Even if the user has not made any transactions, the assets in the wallet will be transferred. In this situation, no matter how the authorization is revoked, the user completely loses the ability to control the wallet.

In such cases, it is usually recommended to create a new wallet and transfer the assets to the new wallet as soon as possible.

2. Accidentally signing an unlimited authorization to a scam group during authorization

In Swap transactions, to avoid frequent authorizations for each transaction, users are asked to sign an unlimited authorization for a specific token on the platform during the first transaction. Generally, if it is a legitimate trading platform, there should not be a major issue. However, if hackers invade the trading platform website, or if the user signs an unlimited authorization to a scam group from the beginning, the hackers can freely transfer the authorized tokens from the user's wallet.

Usually, if you encounter this situation and still want to use the original wallet, you can first use authorization revocation tools to revoke the authorization and observe. Common tools for revoking authorization include Revoke and Debank.

3. Authorizing the transfer of assets up to the maximum value in the wallet

Some scam websites may indicate a price of 5U on the page, but in the authorization content, they request authorization for all assets in the wallet. If the user agrees to the authorization, the other party will transfer all coins from the wallet.

During authorization, you can check the Permission in the content to see if it displays Max Amount, or if the Amount to be transferred matches the price displayed on the webpage.

This type of authorization scam is mostly one-time, and will not continuously transfer tokens from the user's wallet. However, if you encounter this situation and still want to use the original wallet, it is recommended to first revoke the authorization using the aforementioned tools and then observe.

Reference: MetaMask Support

Where is the Foundation of Anti-Hacking on the Blockchain?

Scam groups take advantage of users' unfamiliarity and complexity with the authorization text. Many online wallets are making efforts in this regard. For example, the Phantom wallet on the Solana chain has created a list of scam and phishing addresses here. If the address a user is transacting with is on the list, a warning will be issued to the user.

Reference: Scam Airdrop Recycling! Phantom Wallet Introduces "NFT Destruction Feature" to Earn SOL After Destruction

As for MetaMask, a popular wallet used by many users, some projects are developing browser extensions as anti-hacking measures. For example, Pocket Universe can be installed as an extension on Google Chrome, Brave, Edge, and Firefox.

Once the extension is installed, it will check the security of the transaction before the user signs the authorization, and will automatically display the security of the authorization: if it is safe, it will be green; if it is a risky transaction, a red WARNING alert will pop up, informing the user of the consequences of the transaction.

Reference: Pocket Universe Official Website

In addition to Pocket Universe, other projects are also making efforts in anti-hacking infrastructure, such as Revoke, Blowfish Protect, and Taiwan's Trend Micro, all developing blockchain anti-hacking products to provide anti-fraud services.

Although the infrastructure for preventing fraud on the blockchain continues to develop, scams online are diverse and constantly evolving. When users conduct transactions using online wallets, they must be cautious and have a strong awareness of cybersecurity risks.

Further reading:

Celebrity NFTs Hacked Again, PROOF/Moonbirds Founder Loses Nearly Two Million USD in NFT

Hacker Incidents Abound! NFT Blue-Chip Collectors Lose 600ETH, RTFKT COO Has 19 CloneX Stolen

MetaMask Explains Wallet Update Scam Tactics, How to Correctly Update?

Authorization Revocation Website Revoke Launches Browser Plugin! Allows Pre-authorization Warning to Prevent Phishing Scams