OKX WEB3: Classic Theft Cases Faced by Airdrop Hunters and How to Prevent Them
Author: OKX WEB3, WTF Academy
Translation: WuBlockchain
Classic Theft Cases Faced by Airdrop Hunters and How to Prevent Them
1. Fake accounts posting false airdrops. User A was browsing a popular project’s Twitter when they saw an airdrop announcement under the latest tweet. They clicked the announcement link to participate in the airdrop, which led to phishing. Currently, many phishers use fake official accounts to post false announcements under official tweets to lure users. Users should be cautious and discerning.
2. Official accounts being hijacked. The official Twitter and Discord accounts of a project were hacked. The hackers then posted a fake airdrop link on the project’s official accounts. Since the link was posted from official channels, User B did not doubt its authenticity and clicked the link to participate in the airdrop, only to be phished.
3. Malicious project teams. User C participated in a mining activity of a project, staking all their USDT assets in the project’s staking contract to earn higher rewards. However, the smart contract was neither rigorously audited nor open-sourced. The project team exploited a backdoor in the contract to steal all the assets User C had staked.
Common Security Risks in On-Chain Interactions
1. Airdrop Scams
Risk Overview: Some users frequently find a large number of unknown tokens in their wallet addresses. These tokens typically fail to trade on commonly used DEXs, prompting the user to visit the token’s official website for exchange. When users authorize transactions, they often grant permissions that allow the smart contract to transfer assets from their accounts, ultimately leading to asset theft. For example, the Zape airdrop scam saw many users suddenly receive large amounts of Zape tokens in their wallets, appearing to be worth tens of thousands of dollars. This led many to mistakenly believe they had unexpectedly become wealthy. However, this was a carefully designed trap. Since these tokens could not be found on legitimate platforms, many eager to cash out searched for the token’s supposed “official website.” After connecting their wallets as prompted, users believed they could sell these tokens, but once authorized, all assets in their wallets were immediately stolen.
Preventive Measures: To avoid airdrop scams, users must remain highly vigilant, verify information sources, and always obtain airdrop information from official channels (such as the project’s official website, official social media accounts, and official announcements). Protect your private keys and seed phrases, avoid paying any fees, and use community resources and tools to identify potential scams.
2. Malicious Smart Contracts
Risk Overview: Many unaudited or non-open-source smart contracts may contain vulnerabilities or backdoors, failing to ensure the safety of user funds.
Preventive Measures: Users should primarily interact with smart contracts that have been strictly audited by reputable auditing companies or check the project’s security audit reports. Additionally, projects with bug bounty programs typically have higher security assurances.
3. Authorization Management
Risk Overview: Excessive authorization to interacted contracts can lead to asset theft. For example: 1) If the contract is an upgradeable contract and the private key of the privileged account is leaked, attackers can use the private key to upgrade the contract to a malicious version, thereby stealing assets from authorized users. 2) If the contract has yet-to-be-identified vulnerabilities, excessive authorization may enable attackers to exploit these vulnerabilities in the future to steal funds.
Preventive Measures: In principle, only grant necessary authorization limits to interacted contracts, and regularly check and revoke unnecessary authorizations. When performing off-chain permit authorization signatures, be clear about the target contract, asset type, and authorization amount before proceeding.
4. Phishing Authorization
Risk Overview: Clicking on malicious links and being tricked into authorizing malicious contracts or users.
Preventive Measures: 1) Avoid blind signing: Ensure you understand the content of the transaction you are about to sign and that every step is clear and necessary. 2) Be cautious with authorization targets: If the authorization target is an EOA (Externally Owned Account) or an unverified contract, exercise increased caution. Unverified contracts may contain malicious code. 3) Use anti-phishing wallet plugins: Use wallet plugins with anti-phishing protection, such as the OKX Web3 wallet, which can help identify and block malicious links. 4) Protect seed phrases and private keys: Any website asking for your seed phrase or private key is a phishing site. Never enter these sensitive details on any website or application.
5. Malicious Airdrop Scripts
Risk Overview: Running malicious airdrop scripts can lead to the installation of malware on your computer, resulting in the theft of private keys.
Preventive Measures: Be cautious when running unknown airdrop scripts or airdrop software.
Classic Phishing Scenarios
1. Fake Website Phishing: Imitating official DApp websites to trick users into entering their private keys or seed phrases. Users should adhere to the primary rule of never providing their wallet’s private key or seed phrase to anyone or any website. Additionally, they should verify the correctness of the URL and preferably use official bookmarks to access commonly used DApps. Using reputable mainstream wallets like the OKX Web3 wallet can also help, as these wallets will alert users to detected phishing websites.
2. Stealing Mainnet Tokens: Malicious contract functions are named Claim, SecurityUpdate, AirDrop, etc., with misleading names, but their actual function logic is empty and only transfers users’ mainnet tokens.
3. Similar Address Transfers: Scammers generate addresses that have a few matching characters at the beginning and end with a related address of the user. They use transferFrom to perform 0 amount transfers or send fake USDT in certain amounts to pollute the user’s transaction history, hoping the user will copy the wrong address from the transaction history for subsequent transfers.
4. Impersonating Customer Support: Hackers impersonate customer support through social media or email, asking users to provide their private keys or seed phrases. Official customer support will never ask for private keys, so users should ignore such requests.
Security Precautions When Using Various Tools
1. Hardware Wallet Usage:
1.1 Regularly update the firmware and purchase through official channels.
1.2 Use it on a secure computer and avoid connecting it in public places.
2. Browser Plugin Usage:
2.1 Be cautious when using third-party plugins and tools; prefer reputable products such as the OKX Web3 wallet.
2.2 Avoid using wallet plugins on untrusted websites.
3. Transaction Analysis Tool Usage:
3.1 Use trustworthy platforms for transactions and contract interactions.
3.2 Carefully check the contract address and call methods to avoid misoperations.
4. Computer Device Usage:
4.1 Regularly update the computer system, update software, and patch security vulnerabilities.
4.2 Use reliable antivirus software and regularly scan the computer system for viruses.
How to More Safely Manage Multiple Wallets and Accounts
1. Diversify Risk:
1.1 Do not store all assets in one wallet; distribute storage to reduce risk. Choose different types of wallets according to the asset type and use case, such as hardware wallets, software wallets, cold wallets, and hot wallets.
1.2 Use multi-signature wallets to manage large amounts of assets for enhanced security.
2. Backup and Recovery:
2.1 Regularly backup seed phrases and private keys and store them in multiple secure locations.
2.2 Use hardware wallets for cold storage to prevent private key leakage.
3. Avoid Reusing Passwords:
Set strong, unique passwords for each wallet and account to reduce the risk of multiple accounts being compromised if one password is cracked.
4. Enable Two-Factor Authentication (2FA):
Enable 2FA for all accounts whenever possible to increase security.
5. Minimize Use of Automation Tools:
Reduce the use of automation tools, especially those that may store your information in the cloud or on third-party servers, to minimize the risk of data breaches.
6. Limit Access Permissions:
Only authorize trusted individuals to access your wallets and accounts, and limit their operational permissions.
7. Regularly Check Wallet Security:
Use tools to monitor wallet transactions to ensure no abnormal transactions occur. If you find any wallet’s private key has been compromised, immediately replace all affected wallets.
Protection Recommendations Against Slippage and MEV Attacks
1. Set Slippage Tolerance:
Due to the inherent delay in transactions being recorded on the blockchain and the potential for MEV attacks, users should set a reasonable slippage tolerance in advance to avoid transaction failures or financial losses caused by market fluctuations or MEV attacks.
2. Split Transactions:
Avoid making large transactions in one go. Instead, conduct transactions in batches to reduce the impact on market prices and lower the risk of slippage.
3. Use High Liquidity Trading Pairs:
When trading, choose trading pairs with ample liquidity to minimize slippage.
4. Use Front-Running Protection Tools:
For significant transactions, avoid using the public mempool. Instead, use specialized front-running protection tools to prevent transactions from being captured by MEV bots.
How to Protect On-Chain Privacy and Security
1. Multiple Wallet Management:Distribute assets across multiple wallets to reduce the risk of a single wallet being tracked or attacked.
2. Use Multi-Signature Wallets:Require multiple signatures to execute a transaction, enhancing security and privacy protection.
3. Cold Wallets:Store long-term assets in hardware wallets or offline storage to prevent online attacks.
4. Do Not Publicize Addresses:Avoid sharing your wallet address on social media or public platforms to prevent tracking by others.
5. Use Temporary Email Addresses:Use temporary email addresses when participating in airdrops or other activities to protect your personal information from being exposed.
If a Wallet Account is Stolen, What Should Users Do?
If a user discovers that their wallet has been stolen, the following urgent measures are recommended:
1. Emergency Response Measures
1.1 Immediate Fund Transfer:** If there are still funds in the wallet, they should be immediately transferred to a secure new address.
1.2 Revoke Authorizations:** Use management tools to revoke all authorizations immediately to prevent further losses.
1.3 Track Fund Movements:** Quickly track the movement of stolen funds and document the details of the theft to seek external assistance.
2. Community and Project Support
2.1 Seek Help from Project and Community: Report the incident to the project team and the community. Sometimes the project team can freeze or recover stolen assets. For example, USDC has a blacklist mechanism that can block fund transfers.
2.2 Join Blockchain Security Organizations: Join relevant blockchain security organizations or groups to leverage collective power to address the issue.
2.3 Contact Wallet Customer Support: Promptly contact the wallet’s customer support team for professional help and guidance.
Enhancing Security with AI
1. anomaly detection and intrusion detection: Utilize AI and machine learning models to analyze user behavior patterns and detect abnormal activities. For example, deep learning models can be used to analyze transaction behaviors and wallet activities to identify potential malicious actions or anomalies.
2. phishing website identification: AI can detect and block phishing websites by analyzing web page content and link characteristics, protecting users from phishing attacks.
3. malware detection: AI can detect new and unknown malware by analyzing the behavior and characteristics of files, preventing users from downloading and executing malicious programs.
4. automated threat response: AI can automate response measures, such as automatically freezing accounts or taking other protective actions upon detecting abnormal activities.
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish