In the WEB3 world, security has always been the top concern for everyone. How to better protect our assets, in addition to choosing safe tools, what is more important is our own security awareness and usage habits.<\/p>\n\n\n\n
\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n\n\n\n
MathWallet FunctionsRelated To Security Reminders<\/h4>\n\n\n\n
As a Multichain Wallet for Web3, while constantly enriching functions,we have also been doing our best in terms of security.<\/p>\n\n\n\n
- Blocking function for URL blacklist<\/strong><\/li><\/ul>\n\n\n\n
If a blank page appears when you visit the URL, it means that you are likely to visit the reported and blocked website, please be vigilant to avoid being deceived.<\/p>\n\n\n\n
(Welcome to report dangerous URLs, we will block them on our APP browser page after verification)<\/p>\n\n\n\n
- Scoring function for BNBChain contract’s security<\/strong><\/li><\/ul>\n\n\n\n
When you do the operation with the contract, you can see this position, there is a score. This is the Meter<\/strong> system from AvengerDAO<\/strong> that we plugged in , which can realize the scoring function of BNBChain contract security.<\/p>\n\n\n\n
![\"\"](\"https:\/\/mathwallet.oss-cn-hangzhou.aliyuncs.com\/blog\/2022\/11\/11.07\/%E5%9B%BE004%E5%90%88%E7%BA%A6%E6%89%93%E5%88%86.png\")
<\/figure>\n\n\n\nAvengerDAO<\/strong> is a unique community-run security infrastructure project designed to protect users on BNB Chain from possible exploits, scams and malicious actors.<\/p>
We are honored to be a part of AvengerDAO<\/strong> , and we continue our unwavering commitment to making the user experience on Web3 more secure and enjoyable<\/p>
About AvengerDAO:<\/strong><\/p>https:\/\/www.bnbchain.org\/en\/blog\/introducing-avengerdao-the-security-initiative-protecting-users-from-malicious-actors\/<\/a><\/cite><\/blockquote>\n\n\n\n
- Reminder function for TOKEN or NFT approval signature<\/strong><\/li><\/ul>\n\n\n\n
When you do the operation with the contract, if you see this reminder<\/strong> in this position, it means that this is an approval signature<\/strong>, and the target address will have the right to transfer the approval asset without any operation from you. So you need to be vigilant and ensure its safety before proceeding.<\/p>\n\n\n\n
(This reminder function can only identify some approval signatures, and only serves as a reminder. When performing any operation, you should confirm it again and again to ensure asset security)<\/strong><\/p>\n\n\n\n
![\"\"](\"https:\/\/mathwallet.oss-cn-hangzhou.aliyuncs.com\/blog\/2022\/11\/11.07\/%E5%9B%BE005%E6%8E%88%E6%9D%83%E6%8F%90%E9%86%92.png\")
<\/figure>\n\n\n\n- Approval management function for EVM public chain<\/strong><\/li><\/ul>\n\n\n\n
On the wallet page of the MathWallet APP, click the button in the upper right corner, and in the pop-up list, click the “Approvals<\/strong>” button<\/p>\n\n\n\n
![\"\"](\"https:\/\/mathwallet.oss-cn-hangzhou.aliyuncs.com\/blog\/2022\/11\/11.07\/%E5%9B%BE007%E6%8E%88%E6%9D%83%E7%AE%A1%E7%90%86.png\")
<\/figure>\n\n\n\nYou will jump to REVOKE<\/strong>, a third-party DAPP that supports approvals management<\/strong>.<\/p>\n\n\n\n
Through the DAPP, you can check the on-chain approval status of your wallet address, and you can revoke any time. This DAPP supports all EVM public chains.<\/p>\n\n\n\n
![\"\"](\"https:\/\/mathwallet.oss-cn-hangzhou.aliyuncs.com\/blog\/2022\/11\/11.07\/%E5%9B%BE006%E6%8E%88%E6%9D%83%E7%AE%A1%E7%90%86.png\")
<\/figure>\n\n\n\n\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2013<\/p>\n\n\n\n
In order to further improve security awareness, we can learn about the common methods used by scammers<\/p>\n\n\n\n
(General reasons for theft: 1. Private key leakage; 2. Contract approval)<\/strong><\/p>\n\n\n\n
Some Cases<\/h4>\n\n\n\n
- Case 1: Phishing website steals private key <\/strong><\/li><\/ul>\n\n\n\n
AA is a new user entering the WEB3 world for the first time. The scammer put up special discounted items on a certain platform and trade with AA. Provide AA with a phishing website, guide him to download a pirated APP, and defraud his private key<\/strong> .Then the scammer transfers AA’s assets away.<\/p>Please remember the only official website of MathWallet:
mathwallet.org<\/a><\/strong><\/cite><\/blockquote>\n\n\n\n![\"\"](\"https:\/\/mathwallet.oss-cn-hangzhou.aliyuncs.com\/blog\/2022\/11\/11.07\/%E5%9B%BE002%E5%81%87%E5%AE%98%E7%BD%91%E6%8F%90%E9%86%92.jpg\")
<\/figure>\n\n\n\n- Case 2: Fraud DAPP and Malicious Approve<\/strong><\/li><\/ul>\n\n\n\n
BB has been in the WEB3 world for a while, and has a certain understanding of the basic functions of the wallet.<\/p>
Through a certain social platform, BB learned about an unknown DAPP. And heard that it can make money, so he followed the tutorial given by others and interacted with it. One of the signatures was malicious approval<\/strong> . Subsequently, one of the tokens in the wallet account were secretly and totally transferred without any operation by BB.<\/p>
What is malicious approval:<\/strong><\/p>https:\/\/blog.mathwallet.org\/?p=3638<\/a><\/cite><\/blockquote>\n\n\n\n
- Case 3: Malicious approval disguised as a transfer page<\/strong><\/li><\/ul>\n\n\n\n
CC is trading with someone else, but this person is actually a scammer. The scammer provided CC with a QR code and guided him to scan the QR code to transfer token. The QR code jumps to a website, and the scammer carefully crafted it into a transfer page. As long as CC performs a signature operation, he will be maliciously approval<\/strong>. Subsequently, one of the tokens in the wallet account were secretly and totally transferred without any operation by CC.<\/p>(Tip: When using the mathwallet app, scan the QR code on the wallet token transfer page. If the QR code is not a wallet address, but a link, the app will pop up a window to prompt the link address details)<\/strong><\/cite><\/blockquote>\n\n\n\n
If you have other cases, please provide them to us to remind more people and avoid being deceived<\/p>\n\n\n\n
\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2013<\/p>\n\n\n\n
Raise safety awareness and Develop good usage habits<\/h4>\n\n\n\n
In the WEB3 world, security always comes first.<\/p>\n\n\n\n
Remember:<\/strong><\/p>\n\n\n\n
- Keep the mnemonic word and private key, and do not send it to others<\/strong><\/li>
- Avoid mnemonics word and private keys touching the Internet<\/strong><\/li>
- Don’t click on links provided by strangers<\/strong><\/li>
- Don’t use unfamiliar third-party DAPPs<\/strong><\/li>
- When performing on-chain operations, double-check the signature content<\/strong><\/li>
- Regularly check the on-chain approval of wallet addresses<\/strong><\/li><\/ul>\n\n\n\n
If you want to know more, you can read the previous security-related articles:<\/p>\n\n\n\n
Security Guide of Math Wallet<\/a>
Caution Malicious Approve<\/a>
10 MathWallet Safety Tips<\/a>
How to report scam DApp?<\/a>
How to prevent fraud in discord\/telegram community?<\/a><\/p><\/blockquote>\n\n\n\n - Avoid mnemonics word and private keys touching the Internet<\/strong><\/li>
- Keep the mnemonic word and private key, and do not send it to others<\/strong><\/li>
- Case 3: Malicious approval disguised as a transfer page<\/strong><\/li><\/ul>\n\n\n\n
- Case 2: Fraud DAPP and Malicious Approve<\/strong><\/li><\/ul>\n\n\n\n
- Case 1: Phishing website steals private key <\/strong><\/li><\/ul>\n\n\n\n
- Approval management function for EVM public chain<\/strong><\/li><\/ul>\n\n\n\n
- Reminder function for TOKEN or NFT approval signature<\/strong><\/li><\/ul>\n\n\n\n
- Scoring function for BNBChain contract’s security<\/strong><\/li><\/ul>\n\n\n\n