- Topic
20k Popularity
12k Popularity
44k Popularity
16k Popularity
39k Popularity
18k Popularity
7k Popularity
3k Popularity
95k Popularity
28k Popularity
- Pin
- 🚨 Gate Alpha Ambassador Recruitment is Now Open!
📣 We’re looking for passionate Web3 creators and community promoters
🚀 Join us as a Gate Alpha Ambassador to help build our brand and promote high-potential early-stage on-chain assets
🎁 Earn up to 100U per task
💰 Top contributors can earn up to 1000U per month
🛠 Flexible collaboration with full support
Apply now 👉 https://www.gate.com/questionnaire/6888
- 🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Blockchain asset security alert: Human errors frequently lead to huge losses. Five key points for personal wallet management.
Blockchain security incidents are frequent, how to protect personal assets?
In recent years, with the rise of decentralized finance ( DeFi ) and non-fungible tokens ( NFT ) and other on-chain products, user assets have gradually shifted from centralized platforms to decentralized wallets, cross-chain bridges, and lending protocols. However, incidents of on-chain projects and user assets being stolen have occurred frequently, leading to the blockchain being jokingly referred to as a "hacker's ATM."
Some of these security incidents stem from code vulnerabilities, while others are due to human negligence. For example, on September 20, 2022, a certain crypto market maker experienced a theft of $160 million.
Human error leads to huge losses
After the incident, the founder of the market maker stated on social media that the company's decentralized finance and over-the-counter trading businesses were unaffected, with solvency still at twice the remaining equity. He emphasized that the funds of users with market-making agreements with the company are secure. Out of the 90 assets that were stolen, only two have a nominal value exceeding $1 million, making a large-scale sell-off unlikely.
Security company analysis found that the hacker's address is associated with a certain anonymous trading platform and mainstream exchanges. Approximately 73% of the stolen funds were stablecoins, 8% were WBTC, and 6% were ETH. The attacker deposited $114 million into a decentralized exchange for liquidity provision.
Security experts speculate that the reason for the theft may be that the market maker used a third-party tool with vulnerabilities to create wallet addresses. The company's founder later admitted that they did use such a tool in June to create wallets, aiming to optimize transaction fees. Although the company took measures after learning about the tool's vulnerabilities, due to internal operational errors, they failed to timely revoke the signing permissions for the affected addresses.
Regarding the recovery of funds, the company stated that it is willing to offer a 10% bounty to the hacker, approximately 16 million US dollars. Although this incident was caused by internal human error, the company stated that it will not dismiss employees, change its strategy, or stop its DeFi business.
However, on-chain data shows that the company has over $200 million in DeFi debts to multiple counterparties, with the largest being a $92 million USDT loan due in October. If the stolen funds cannot be recovered in time, the company may face a debt crisis.
Suffer losses again due to human factors
It is worth noting that this is not the first time that the market maker has suffered losses due to human factors. In June 2022, while providing liquidity services for a certain Layer 2 project, a mismanagement of addresses led to the theft of 20 million tokens.
At that time, the Layer 2 project foundation invited market makers to provide liquidity services and allocated 20 million tokens as a temporary grant. However, the receiving address provided by the market makers was a multi-signature address on the Ethereum mainnet, rather than an address on the Layer 2 network. This resulted in the market makers being unable to access these tokens, and hackers took the opportunity to deploy their own multi-signature contract and control these tokens.
Fortunately, the hacker later returned most of the tokens, and the market maker promised to repay the remaining part.
Personal Asset Protection Suggestions
In light of the significant losses incurred by institutions due to human error, individual users should pay more attention to asset security. Here are a few suggestions:
Avoid using third-party tools to create wallets: Third-party tools may have security risks, and you should stick to using native cryptocurrency wallets.
Consider using multi-signature: For wallets that store large amounts of assets, multi-signature can effectively reduce risk.
Handle private keys with caution: Do not copy and paste to save private keys, as third-party applications on the device may have access to the clipboard.
Carefully check the authorization operations: When using DeFi products, it is essential to verify the authenticity of the website domain name and smart contract address.
Reasonable management of authorization limits: Try to avoid unlimited authorization and promptly revoke unnecessary authorizations after use. You can manage authorizations through the token approval checker feature of the blockchain explorer.
In the Blockchain world, security is paramount. Since on-chain assets are difficult to recover after being stolen and are often not protected by law, users should exercise extra caution when performing on-chain operations and do their utmost to protect the security of their assets.