According to the monitoring of its security risk monitoring, early warning and blocking platform, a large cryptographer suffered a phishing attack, which caused a loss of 10,000 US dollars. The key vulnerability is that the signature we often mentioned was stolen when we worked with spinach, a blockchain security researcher, earlier. Please be wary of revealing the signature phishing security research article. This article describes in detail how attackers use functions to launch phishing attacks on users, and the attack principles and articles used in this incident. The attack methods described in are basically the same, but only for the contracts that support this function, which can be all contracts. In this article, let's take a look at what attackers generally use to trick users into signing fraudulent information and some security precautions. What is signature phishing signature? It is a specific digital signature mechanism to simplify the authorization operation in some cases. It is a security verification method based on blockchain technology and cryptography principles. In traditional digital signatures, The signer needs to have a private key to sign specific data and transmit the signed data to the verifier together with the public key. The verifier uses the corresponding public key to verify the validity of the signature. However, the signature adopts a different method, which allows the holder to grant access to specific operations by signing a special authorization message without directly transmitting the private key to the licensee. Fishing is to use the user's careless verification or understanding of the authorized operation to obtain unauthorized information. Authorized authority or sensitive information This kind of attack takes advantage of the user's trust in the authorization process or signature mechanism to produce forged authorization operations or signature requests by deceiving users. What signature phishing attacks hackers usually take to forge authorization requests? An attacker may create a seemingly legitimate authorization request to defraud users' trust. This may involve forged applications or websites that require users to provide their authorization or signature to perform an operation to mislead users. An attacker may do so by deceiving users. Misoperation to carry out attacks, for example, they may create a seemingly harmless button, but actually trigger an unauthorized operation by users. Attackers may induce users to carry out authorized operations by forging pages similar to normal authorized pages. These pages are usually designed almost exactly like normal authorized pages to deceive users and make them believe that they are interacting with legitimate applications or services. Social engineering attackers may use social engineering skills to send Sending phishing emails, text messages or social media messages to guide users to click on malicious links or enter forged authorization pages. How to prevent some phishing attacks considering signatures? Previously, researcher Spinach gave us some effective preventive measures to understand and identify the signature format of signature content, which usually includes and these key formats. If you want to enjoy the convenience and low cost, you must learn to identify this signature format. It is a good choice for us to download security plug-ins. Readers and friends recommend that the following anti-phishing plug-in can identify most phishing websites in the field and protect everyone's wallets and assets. Anti-phishing plug-ins download and store assets separately from interactive wallets. If you have a large number of assets, it is recommended that all assets be put in a cold wallet. Putting a small amount of money in an interactive wallet on the chain can greatly reduce the loss when encountering phishing scams. Identify whether the nature of tokens supports the function. More and more tokens may use this extended protocol to realize the function. You need to pay attention to whether the token you hold supports this function. If so, you must be extra careful about the transaction or manipulation of the token. For each unknown signature, you must also strictly check whether it is the signature of the function. If you are cheated, there are still tokens on other platforms. You need to make a perfect rescue plan. When you find that you have been cheated, but you still have tokens on other platforms by means of pledge, you need to extract them and transfer them to a safe address. You need to know that the hacker may always monitor the balance of your address tokens, because he has your signature. As long as tokens appear on your stolen address, the hacker can directly transfer them out. At this time, it is necessary to formulate a perfect token rescue process. The two processes of extracting tokens and transferring tokens need to be carried out together, and hacker transactions cannot be inserted into them. Transfer can be used, which requires some blockchain knowledge and code skills. You can also find a professional security company, such as a team, to use the transaction escape script to achieve it. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=61352