Original | Odaily Planet Daily
Author | Nan Zhu
Yesterday, user X @CryptoNakamao
wrote a post
stating that his browser cookies were hijacked due to the malicious Chrome plugin Aggr, and hackers used this to manipulate his Binance account, resulting in a loss of $1 million through spoofing.
In response to this incident,
Binance issued a statement
stating that the reason for the incident was that the user’s computer had been hacked. It took the security customer service 1 minute and 19 seconds to handle the user’s freeze request. Investigating spoofing transactions and confirming the suspect’s account across platforms takes time. As of the current investigation results, Binance had not noticed any relevant information about the AGGR plugin before this incident. Therefore, compensation cannot be provided for such incidents.
This incident once again sounded the security alarm for the vast number of users. Due to the increasing professionalism of hackers, it is often difficult to save the situation after a security incident occurs. Therefore, although how to strengthen security measures is a well-known topic, it is worth prioritizing. Odaily will summarize common attacks and defense methods in this article.
Freeze Account with One Click
First, in response to this incident, if you discover that you have been hacked but your funds have not been completely transferred, how can you protect the remaining funds as quickly as possible? In addition to transferring funds to other accounts, you can also protect your account by disabling it with one click. After disabling the account, you need to contact customer service to unfreeze it.
Disabling the account needs to be done through the Binance App. First, enter the settings interface, then there will be an “Account Security” section at the bottom of the interface, and finally enter the “Manage Account” section at the bottom of the section. Click on “Disable Account” and confirm. The current
official guide
provided by Binance is the 2018 version, and the specific execution process is quite different from the journalist’s current practice. It is recommended that users confirm and familiarize themselves with the specific location in advance.
Chrome Plugins
Chrome plugins are essential for Crypto users, so it is not realistic to not use plugins. So how can you use Chrome safely? Users can do the following:
Check the permissions of browser plugins and disable unused ones.
Open multiple browsers and assign different browsers to different business needs with different security levels.
All Chrome plugins are recommended to be accessed through the links provided by the official X account, and it is not recommended to use Google search, let alone X search. Searching through these channels can easily encounter phishing links that are paid to be placed at the top, resulting in losses. The official has an obligation to keep the X account links correct and even compensate users in the event of an attack.
Viewing Installed Plugin Permissions
Regarding the principles and security issues of Chrome extensions, SlowMist has already
explained in an article
. 23pds, the Chief Security Officer of SlowMist, pointed out that the most crucial part is the manifest.json file, which determines the permissions of the plugin.
How to view the permission range? Users can enter the chrome://extensions interface, which includes all the installed plugins on the browser. After clicking on the details, you can see the permission range of the plugin. For plugins with the permission “Read and change all your data on all websites,” extra caution is needed.
Multiple Browsers
Users can use different browsers for different security level needs to enhance security protection. For example, on the browser used to log in to the exchange, do not install any plugins. For browsers related to on-chain funds, only install basic tools like secure wallets.
There are two common ways to open multiple Chrome browsers:
The first method is to use the official account switching method for multiple browsers. In the account interface in the upper right corner of Chrome, users can choose to add a temporary guest account or a Google account. After adding, click on “Add Account” to open a new browser interface. Browsers opened with different accounts run independently, and plugins cannot engage in malicious activities across browsers. Compared to the next method, this method has the advantage of being able to synchronize plugins in the cloud.
Another common method for batch creation is to use shortcuts based on the computer.
Users can copy one or any number of Chrome shortcuts on the computer, then right-click on the shortcut to enter the properties interface, and enter the target address at the end with
to create a brand new independent Chrome browser (note that there is a space at the beginning). This method is faster than the previous method but requires attention as all data is stored locally, so it is necessary to backup key data such as wallet keys.
Clipboard Permissions
Due to the popularity of TG Bot, many users often directly copy and paste keys. In this scenario, it is recommended not to copy the complete key at once. Instead, manually input a few letters and avoid the risk of clipboard monitoring. In addition, it is crucial to close the clipboard reading permissions for both the app and the web page. For web users, you can enter the following link chrome://settings/content/clipboard to close the reading permissions for websites. In special cases, it can be re-enabled, greatly improving security.
X Platform Fake Account Scam
In recent months, there have been frequent cases of fake official accounts on X platforms posting malicious phishing links. These accounts often have a verified badge, and their usernames are identical to the official ones, with only slight differences in the account handles, making it difficult to detect at a glance.
For such scams, it is recommended that users install the
Scam Sniffer plugin
, which will scan X platform accounts and alert users to fake official accounts in the comment section.
Other Basic Security Awareness
In addition to the security operations that can be manually checked and toggled, there are many basic security elements at the awareness level, including:
Do not trust any private message links on TG and DC, only trust links and information published by official accounts.
Try not to expose mnemonic phrases and keys to the internet, especially avoid taking pictures of mnemonic phrases with a phone.
Avoid installing remote control software like TeamViewer and AnyDesk on computers involving large sums of money.
Set up 2FA for exchange accounts involving large sums of money and log out after use.
Decentralization means that security issues will never disappear, and losses are difficult to recover. Hacker attack methods are constantly evolving, and only by protecting ourselves can we truly survive. It is essential to prioritize basic security measures.
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.