Final chapter of the security special issue | OKX Web3: Safeguarding user assets
introduction
OKX Web3 specially plannedSafety特刊》栏目,针对不同类型的链上安全问题进行专期解答。通过最发生在用户身边最真实案例,与安全领域专家人士或者机构共同联合,由不同视角进行双重分享与解答,从而由浅入深梳理并归纳安全交易规则,旨在加强用户安全教育的同时,帮助用户从自身开始学会保护私钥以及钱包资产安全。
Thank you for your company all the way~
Finally! The "Security Special Issue" series initiated by the OKX Web3 Wallet Security Team has come to an end~
Don’t put it in your favorites and let it gather dust! Don’t wait a while to learn it either!
The safety of your wallet and assets is no small matter, you must keep it in mind~~
1. Content Review
First of all, I would like to express my sincere gratitude to guests from the security field such as SlowMist, CertiK, WTF Academy, OneKey, BlockSec and GoPlus for their joint support for this series of content. We started with the most real cases happening around users and sorted out the risk types, advanced tools, safety rules, protection suggestions, etc. in different scenarios.
Looking back at the entire series, it has covered 6 popular scenarios in the field of cryptographic security, including private key security, MEME transaction security, wool security, device security, and DeFi security. While aiming to strengthen user security education, it also hopes to help users learn to protect their private keys and wallet asset security from themselves. Users can read on demand:
Security Special Issue 01 | OKX Web3 & SlowMist: Sharing Experience of "Hundreds of Scams"
Security Special Issue 02 | OKX Web3 & CertiK: MEME "Big Adventure" and Security "Truth"
Security Special Issue 04 | OKX Web3 & OneKey: Add some "buff" to device security
Security Special Issue 06 | OKX Web3 & GoPlus: On-chain security monitoring and post-event rescue
In general, current security incidents are characterized by diversity, concealment, and complexity, but most of them are caused by users beingstealIt may be caused by fraudulent use of your private key or mnemonic phrase, such as fake airdrops, fake websites, fake customer service, etc. Therefore, you should always be vigilant, do not easily click on unfamiliar links, leak information to strangers, enter unfamiliar websites, etc., and do not easily leak your private key and mnemonic phrase.
Please remember: in the encrypted world, safety comes first.
2. OKX Wallet’s Latest Security Updates
Secondly, as a self-hosted wallet, the private keys and assets of the OKX Web3 wallet are completely controlled by the user. The OKX Web3 wallet will protect the user's security and privacy 24 hours a day. So we will share with you some OKX Web3 wallet security updates in the final chapter.
Currently, the OKX Web3 wallet has officially launched the Security Center. Users can go there by clicking the relevant banner on the Web3 wallet webpage, or by clicking: https://www.okx.com/zh-hans/web3/security?source=gtm to view. The center covers five major aspects, including code open source, multi-party audit, and vulnerability bounty program, and supports public verification by users, aiming to create a safer Web3 ecosystem.
First, in terms of multi-party audits, the security standards of OKX Web3 Wallet have been tested and verified by third-party security audit companies. The audit reports of SlowMist and Certik are now public and users can view them at any time. In the future, OKX Web3 Wallet will continue to be regularly audited by reputable security audit companies to ensure asset security.
Second, in terms of code open source, OKX Web3 wallet has completed the core code open source, including mnemonics, private keys, MPC and other core algorithms, and has undergone technicalCommunityExtensive verification and implementation details are accepted by users who can freely view and audit them on GitHub, which is more open and transparent.
Third, in terms of intercepting third-party risks, OKX Web3 wallet can help users filter high-riskToken和域名,守护资产免受威胁。截止目前,已经为用户拦截恶意域名153K+、相似域名1.5M+、高风险代币1.28M+、高风险交易153K+。
Fourth, the OKX Web3 wallet has also launched a bug bounty program to encourage users and developers to submit service errors and security vulnerabilities, and has prepared generous bug bounties to work with users to build wallet security.
While redefining the wallet experience, the OKX Web3 wallet protects the security of users' assets and strives to protect users so that they can embark on their on-chain exploration journey more safely.
3. 7X24 hours security escort
As the industry's leading one-stop Web3 portal, OKX Web3 Wallet provides 24/7 security protection for user assets, such as:
1. In terms of private key security
To ensure the security of the user's wallet private key, the entire underlying OKX Web3 wallet is not connected to the Internet. The user's mnemonic and private key related information are all encrypted and stored locally on the user's device. The relevant SDK is also open source and has been technically tested.CommunityExtensive verification, more open and transparent. In addition, OKX Web3 Wallet has also conducted strict security audits through cooperation with well-known security agencies such as SlowMist.
In addition, in order to better protect our users, the OKX Web3 security team has provided strong security protection for private key management and is continuously iterating and upgrading. Here is a brief sharing:
1) Two-factor encryption. Currently, most wallets usually use a password to encrypt the mnemonic and save the encrypted content locally. However, if the user is infected with a Trojan virus, the Trojan will scan the encrypted content and monitor the password entered by the user. If the scammer monitors it, the encrypted content can be decrypted to obtain the user's mnemonic. In the future, the OKX Web3 wallet will use a two-factor method to encrypt the mnemonic. Even if the scammer obtains the user's password through the Trojan, he will not be able to decrypt the encrypted content.
2) Private key copying is safe. Most Trojans will detect private keys when users copy them.stealThe information in the user's clipboard can be taken, resulting in the leakage of the user's private key. We plan to help users reduce the risk of private key information theft by increasing the security of the user's private key copying process, such as copying part of the private key and clearing the clipboard information in a timely manner.
2. At the level of APP & data security
OKX Web3 Wallet uses a variety of methods to reinforce the App, including but not limited to algorithm obfuscation, logic obfuscation, code integrity detection, system library integrity detection, application tamper-proofing, and environmental security detection. It minimizes the probability of users being attacked by hackers when using the App. At the same time, it can also prevent the black industry from repackaging our App to the greatest extent, reducing the probability of downloading fake Apps.
In addition, in terms of Web3 wallet data security, we use the most advanced hardware security technology and chip-level encryption to encrypt sensitive data in the wallet. The encrypted data is bound to the device chip. If the encrypted data is stolen, no one can decrypt it.
3. At the level of third-party testing
We provide many security mechanisms to protect user funds:
1) Risky domain name detection: When a user accesses a DAPP, the OKX Web3 wallet will perform detection and analysis at the domain name level. If the user accesses a malicious DAPP, it will be blocked or reminded to prevent the user from being deceived.
2) Pixiupan token detection: OKX Web3 wallet supports comprehensive Pixiupan token detection capabilities, actively blocking Pixiupan tokens in the wallet to prevent users from trying to interact with Pixiupan tokens.
3) Address tag library: OKX Web3 wallet provides a rich and complete address tag library. When users interact with suspicious addresses, OKX Web3 wallet will give timely warnings.
4) Transaction pre-execution: Before a user submits any transaction, the OKX Web3 wallet will simulate the transaction and display the asset and authorization change results for the user’s reference. The user can judge whether the result meets expectations based on the result, so as to decide whether to continue submitting the transaction.
5) Integrated DeFi applications: OKX Web3 wallet has integrated services of various mainstream DeFi projects. Users can safely interact with integrated DeFi projects through OKX Web3 wallet. In addition, OKX Web3 wallet will also recommend paths for DeFi services such as DEX and cross-chain bridges to provide users with the best DeFi services and the best Gas solutions.
6) Black address tag library: OKX Web3 wallet has established a rich black address tag library to prevent users from interacting with known malicious addresses. The tag library is continuously updated to respond to changing security threats and ensure the security of user assets.
7) More security services: OKX Web3 wallet is gradually adding more security features and building more advanced security protection services, which will better and more efficiently protect the assets of OKX Web3 wallet users.
4. Other aspects
1) Security plug-in: OKX Web3 wallet provides built-in anti-phishing protection to help users identify and block potential malicious links and transaction requests, enhancing the security of user accounts.
2) 24-hour online support: OKX WebXiaobai Navigation3Wallet provides customers with 24-hour online support, promptly follows up on incidents of customer asset theft and fraud, and ensures that users can get help and guidance quickly.
3) User Education: OKX Web3 Wallet regularly publishes security tips and educational materials to help users improve their security awareness and understand how to prevent common security risks and protect their assets.
OKX Web3 Wallet attaches great importance to the security of user assets and continues to invest in protecting user assets, providing multiple security mechanisms to ensure the security of users' digital assets.
4. Security is an eternal topic in the encryption industry
In the wave of the digital age, the encryption industry, as an emerging and rapidly developing field, is increasingly attracting global attention.cryptocurrencyandBlockchainWith the widespread application of technology, various security issues cannot be ignored.Blockchain技术为加密货币提供了较高的安全性,但钱包本身的安全性却受到多种因素的影响,比如私钥安全、网络钓鱼、或者用户的操作失误导致私钥泄漏等等。
The decentralized nature of Web3 wallets enables users to fully control their digital assets without relying on any central agency or third-party services. However, this also means that users need to bear the responsibility for the security of their assets. Users should fully realize the importance of wallet and asset security and take effective measures to ensure it.
安全可靠的Web3钱包能够提升用户对加密行业的信任度。在加密货币和区块链技术不断发展的今天,用户对于资产安全的需求越来越强烈。作为平台或者钱包,则应该不断通过技术创新、安全教育等多方面的努力,为用户提供一个安心、便捷的资产管理平台。为加密行业的健康发展提供坚实的安全保障。
Safety is no small matter, it concerns you and me.
Disclaimer:
This article is for reference only and is not intended to provide (i) investment advice or investment recommendations; (ii) an offer or solicitation to buy, sell or hold digital assets; or (iii) financial, accounting, legal or tax advice. Holding digital assets (including stablecoins and NFTs) involves high risks and may fluctuate significantly or even become worthless. You should carefully consider whether trading or holding digital assets is suitable for you based on your financial situation. Please be responsible for understanding and complying with local applicable laws and regulations.
The article comes from the Internet:Final chapter of the security special issue | OKX Web3: Safeguarding user assets
It is difficult to judge whether the story is true or not. The only thing that is certain is that the retail investors are the ones who are alone behind the story and do not get any benefits. With the launch of ETFs, players' expectations for altcoins on ETH have increased. The rising price of ETH continues to ignite the altcoin market. In addition, the positive attitude of the US election towards cryptocurrencies has made the already lively MEME track even more exciting.