Entering a new cycle, the risk of online interaction is increasingly exposed as user activity increases. Phishers typically use methods such as creating fake wallet websites, stealing social media accounts, creating malicious browser extensions, sending phishing emails and messages, and releasing fake applications to trick users into revealing sensitive information, resulting in asset loss. Phishing forms and scenarios exhibit characteristics such as diversity, complexity, and stealth.
For example, phishers usually create fake websites that resemble legitimate wallet websites to trick users into entering their private keys or mnemonic phrases. These fake websites are often promoted through social media, emails, or advertisements, misleading users into thinking that they are accessing legitimate wallet services, thereby stealing their assets. In addition, phishers may impersonate wallet customer service or community administrators on social media platforms, forums, or messaging applications, and send false messages to users, asking them to provide wallet information or private keys. This method takes advantage of users’ trust in official sources to trick them into disclosing personal information, and so on.
In summary, these cases highlight the threats of phishing to Web3 wallet users. In order to help users improve their awareness of Web3 wallet security and protect their assets from loss, OKX Web3 conducted in-depth community research and collected numerous phishing incidents experienced by Web3 wallet users. This led to the identification of the four most common typical phishing scenarios encountered by users. By using a combination of text and visuals, OKX Web3 has written the latest guide on how Web3 users can conduct secure transactions, providing a learning reference for everyone.
Table of Contents:
Toggle
Malicious information sources
Replying to popular project tweets
Stealing official Twitter/Discord accounts
Google search ads
Fake applications
Countermeasures: OKX Web3 Wallet supports phishing link detection and risk reminders
Wallet private key security
Engaging in project interaction or qualification verification
Impersonating project customer service or administrators
Other possible paths for mnemonic/private key leaks
4 Classic phishing scenarios
Scenario 1: Stealing mainchain tokens
Scenario 2: Transferring to similar addresses
Scenario 3: On-chain authorization
Scenario 4: Off-chain signatures
Other phishing scenarios
Scenario 5: TRON account permissions
Scenario 6: Solana token and account permissions
Scenario 7: EigenLayer calling queueWithdrawal
Explore the world on-chain, with safety first
Replying to popular project tweets
Furthermore, fake accounts often intentionally reply to official tweets, but the replies contain phishing links, easily leading users to believe that they are official links and falling for the scam. Currently, some official accounts add “End of Tweet” to their tweets to remind users of the risk of phishing links in subsequent replies.
Stealing official Twitter/Discord accounts
To increase credibility, phishers also steal official project or KOL Twitter/Discord accounts to release phishing links in the name of the official account. This makes it easy for many users to fall for the scam. For example, Vitalik’s Twitter account and the official Twitter account of the TON project have been hacked before, and phishers took the opportunity to release false information or phishing links.
Google search ads
Phishers sometimes use Google search ads to publish malicious links. From the name displayed in the browser, it appears to be an official domain, but when clicked, it redirects to a phishing link.
Fake applications
Phishers also use fake applications to deceive users. For example, when users download and install a fake wallet released by phishers, it leads to the leakage of their private keys and loss of assets. Phishers have modified Telegram installation packages in the past, changing the on-chain addresses for receiving and sending tokens, resulting in the loss of users’ assets.
Countermeasures: OKX Web3 Wallet supports phishing link detection and risk reminders
Currently, OKX Web3 Wallet supports phishing link detection and risk reminders to help users better deal with the above issues. For example, when users access a website through the OKX Web3 browser extension wallet, if the domain is a known malicious domain, they will receive an alert reminder in real-time. In addition, if users use the OKX Web3 APP to access third-party DApps through the Discover interface, OKX Web3 Wallet will automatically perform risk detection on the domain. If it is a malicious domain, it will intercept and remind users, prohibiting their access.
Engaging in project interaction or qualification verification
Phishers often pretend to be pop-up pages of browser wallets or any other web pages when users interact with projects or undergo qualification verification, requiring users to enter mnemonic phrases/private keys. These are usually malicious websites, and users should be vigilant.
Impersonating project customer service or administrators on Discord, and providing URLs for users to enter mnemonic phrases or private keys, indicates that the other party is a phisher.
There are many possible paths for the leakage of user mnemonic phrases and private keys, including malware software implanted in computers, fingerprint browsers used for browsing inappropriate content, remote control or proxy tools used on computers, mnemonic phrases/private keys stored in screenshot albums but uploaded by malicious apps to cloud platforms that are hacked, monitoring of the process of entering mnemonic phrases/private keys, physical acquisition of mnemonic phrase/private key files/paper by people around the user, and developers pushing private key code to GitHub, etc.
In conclusion, users need to securely store and use mnemonic phrases/private keys to better protect the security of their wallet assets. As a decentralized self-custody wallet, OKX Web3 Wallet currently provides various backup methods for mnemonic phrases/private keys, including iCloud/Google Drive cloud storage, manual backup, and hardware backup, making it one of the most comprehensive wallets on the market. It provides users with a more secure way to store private keys. In terms of private key theft, OKX Web3 Wallet supports popular hardware wallets such as Ledger, Keystone, and Onekey, which store private keys in the hardware wallet device, controlled by the users themselves, thus ensuring asset security. In other words, OKX Web3 Wallet allows users to securely manage their assets through hardware wallets while freely participating in on-chain token trading, NFT markets, and various DApp interactions. In addition, OKX Web3 Wallet has now launched MPC non-custodial wallets and AA smart contract wallets, helping users further simplify the issue of private keys.
Classic Phishing Scenarios:
Scenario 1: Stealing mainchain tokens
Phishers often give malicious contract functions names such as Claim and SecurityUpdate, which are enticing but have empty logic. They only transfer the user’s mainchain tokens. The OKX Web3 Wallet has launched a transaction pre-execution feature that displays the asset and authorization changes after the transaction is on-chain, further reminding users to pay attention to security. Additionally, if the interaction contract or authorization address is a known malicious address, a red security reminder will be displayed.
Scenario 2: Transferring to similar addresses
When monitoring large transfers, phishers generate and receive addresses that have the same first few digits as the user’s address. They use transferFrom to perform zero-value transfers or use fake USDT to perform transfers of certain amounts, contaminating the user’s transaction history. The phishers hope that the user will mistakenly copy the incorrect address from the transaction history for subsequent transfers, completing the scam.
Scenario 3: On-chain authorization
Phishers usually lead users to sign approve/increaseAllowance/decreaseAllowance/setApprovalForAll transactions and upgrade using Create2 to generate pre-calculated new addresses to bypass security checks and trick users into granting authorization. OKX Web3 Wallet provides security reminders for authorization transactions, prompting users to be cautious about these transactions. Additionally, if the authorization address in the transaction is a known malicious address, it will be displayed in red to warn users and prevent them from falling for the scam.
Scenario 4: Off-chain signatures
In addition to on-chain authorization, phishers also use off-chain signature methods to conduct phishing attempts. For example, ERC20 token authorization allows users to authorize a certain amount to another address or contract. The authorized address can transfer the user’s assets through transferFrom, which phishers exploit for fraudulent purposes. OKX Web3 Wallet is currently developing risk reminder features for such scenarios. When users sign offline signatures, the wallet resolves the authorized address from the signature. If it matches a known malicious address, it will provide users with risk reminders.
Scenario 5: TRON account permissions
This scenario is relatively abstract, where phishers obtain users’ TRON account permissions to control their assets. TRON account permissions are similar to EOS, divided into Owner and Active permissions, and can be set up in a multi-signature form. OKX Web3 Wallet provides security reminders for authorization transactions and prompts users to be aware of the risks. Additionally, if the authorization address in the transaction is a known malicious address, it will be displayed in red to warn users and prevent them from falling for the scam.
Scenario 6: Solana token and account permissions
Phishers use SetAuthroity to modify the Ownership of ATA token accounts, essentially transferring the tokens to a new owner address. Once users fall for this method, their assets are transferred to the phisher, and so on. In addition, if users sign Assign transactions, the ownership of their normal accounts will be changed from the System Program to a malicious contract.
Scenario 7: EigenLayer calling queueWithdrawal
Due to design mechanisms and other issues in the protocol itself, this scenario is easily exploited by phishers. Based on the EigenLayer intermediate software protocol on Ethereum, the queueWithdrawal call allows specifying another address as the withdrawer. If users fall for the phishing attempt and sign the transaction, seven days later, the specified address will be able to obtain the user’s pledged assets through completeQueuedWithdrawal.
Securely using Web3 Wallets is the key measure to protect assets, and users should take preventive measures to guard against potential risks and threats. They can choose the industry’s well-known and security-audited OKX Web3 Wallet to explore the on-chain world more securely and conveniently.
As the most advanced and feature-rich wallet in the industry, OKX Web3 Wallet is fully decentralized and self-custody, supporting users in experiencing on-chain applications in a one-stop manner. It currently supports 85+ public chains, with unified App, browser extension, and web versions, covering wallets, DEX, DeFi, NFT markets, and DApp exploration in five major areas. It also supports Ordinals Market, MPC, AA smart contract wallets, gas exchange, and hardware wallet connections. Furthermore, users can enhance wallet security by securely storing private keys and mnemonic phrases, regularly updating wallet applications and operating systems, handling links and information with caution, and enabling multi-factor authentication.
In conclusion, in the on-chain world, asset security is paramount. Users should remember these three Web3 security rules: do not enter mnemonic phrases/private keys on any web page, carefully click on wallet transaction interface confirmation buttons, and be aware that links obtained from Twitter/Discord/search engines may be phishing links.
The content provided in this article is official and does not represent the position or investment advice of this website. Readers must conduct their own careful evaluation.
Successful Conclusion of CoinEx Taiwan’s 7th Anniversary Celebration, Embracing the Arrival of the Web3 Era Hand in Hand with Users
Since its establishment in 2017, CoinEx has been a professional cryptocurrency trading pla…