Security is the first lifeline of a wallet. For ordinary users, how to prevent hacker attacks? Cobo chief security consultant Darker (hereinafter referred to as "D") answers your questions.
1| How do hackers achieve their goals?
D: The main problem above is still a hijacking attack, by counterfeiting the page of the NEW website to visually deceive the victim, and then stealing the user's private key.
Attackers hijack network traffic at the network layer, for example: DNS hijacking, phishing sites, etc. However, most of the current centralized exchanges and escrow wallets generally use secure SSl communication, and asset security is less affected by this.
2| What situations are vulnerable to hacking?
D: This question is too broad. It can be briefly described from the perspective of security awareness:
Install untrusted software, APPs, plug-ins, etc.;
Connect to an untrusted network;
The same password or weak password is used in multiple places, and the private key is stored in multiple places.
3| How to identify phishing websites?
D: You can directly use third-party tools, such as Netcraft's official browser plug-in, and some anti-virus software also have a phishing blocking function. You can also easily identify phishing websites by yourself through the following aspects:
Pay close attention to the URL to determine if it is the correct domain name;
Check the connection security indicator to see if the website has an SSL digital certificate installed;
View certificate details;
On the basis of the above, it is also necessary to be vigilant about IDN domain names. When visiting some important websites, try to access by manually entering the URL, and do not easily click on hyperlinks.
4| What else should I pay attention to when preventing phishing attacks?
D: Pay attention to the following points:
Use unique account passwords, use password manager plugins such as 1password, lastpass;
Enable secondary verification, such as Google verification code;
Do not open suspicious links and attachments easily;
Use reliable antivirus software and keep it updated;
Avoid connecting to public Wi-Fi as much as possible;
Do not believe in all airdrops of tokens for the purpose of obtaining private keys.
5| How to keep the private key safe?
D: Because the private key information is very important, many people choose to back up the wallet private key file at multiple points. Too many backups or insecure backup points may lead to the leakage of the wallet private key.
It is best to use paper and pen to transcribe the wallet private key, and keep it yourself; of course, it is the safest to record it in your own brain.
6| How does Cobo prevent hacking?
D: Cobo wallet regards security as its lifeline since its establishment, and every line of code has undergone repeated security audits; the custodial wallet generates and uses encryption keys on the basis of HSMs that meet the FIPS 140-2 level 3 standard to ensure private keys. Safe, and has multi-signature, cold and hot isolation mechanism.
The Cobo security team regularly conducts simulated attacks on itself and reinforces potential security risks. Security is also a long-term and continuous process. Less talk and more action.