Monad Airdrop被黑？慢雾余弦：有人 Wallet 地址被偷偷换了

Question

[Coin World] On November 25, the Slow Fog security team member Yu Xian issued an important reminder: Many people may not have received the Monad Airdrop at all, so it's urgent to check if the wallet Address bound at that time is correct.

A user called Onefly fell victim to this - the address linked on the Airdrop page was secretly replaced with that of a hacker, and the official process sent the coins over, resulting in everything ending up in the hacker's pocket. Yu Xian had heard a white hat hacker mention this before, claiming that there is a rather hidden vulnerability.

What is the problem? If someone is watching you and hijacks your session on the Monad Airdrop page, they can stealthily change the receiving Address without you needing to confirm the authorization again. By the time you realize it, the money has already flown away.

So hurry up and verify the bound address, don't wait until the Airdrop disappears before you regret it. Session hijacking is not a new attack method, but being able to change the address directly on the claim page without triggering secondary verification is indeed a bit careless.

View Original

DegenWhisperer · Accepted Answer

Wow, session hijacking can change the Address directly without secondary verification? This is too absurd, hurry up and check your bound Address.

AirdropHunter420 · Answer

I need to hurry and check if my Address has been tampered with, this is so disgusting.

LiquidationWatcher · Answer

Damn, here we go again. Is it really possible to hijack the conversation and change the address without any verification? How crappy does the code have to be?

Let me check my bound address... all good, all good.

What is the project team doing? Even the airdrop can get hacked like this.

Onefly really took a huge loss this time, totally cleaned out.

Better hurry and ask the official team if there’s any way to recover it. There should be some records, right?

GhostWalletSleuth · Answer

Damn, is it session hijacking again? Monad&#39;s security awareness is really lacking.

Quickly check your address, don&#39;t get taken without knowing it.

How could such a low-level vulnerability be overlooked? How did the officials audit it?

It feels like this airdrop has had a lot of issues from the very beginning, no wonder the reputation has collapsed recently.

Haven&#39;t we learned enough from last year&#39;s lessons? Not even adding two-factor authentication?

I checked once, luckily I wasn&#39;t swapped, but this is really quite creepy.

CrossChainMessenger · Answer

Hurry up and check your bound address, everyone. The session hijacking tricks are too clever.

This wave from Monad really raises a question mark. Is the official security review a bit lax?

Changing the address in a session hijack doesn&#39;t require a second verification? This vulnerability is simply a hacker&#39;s carnival.

How many people really fell for it? It feels like more than just Onefly got played for suckers.

That&#39;s why I never put too much information on the airdrop page; it&#39;s too dangerous, bro.

Thanks to Slow Fog for the timely reminder, otherwise, there would be people losing everything.

Web3 is like this; you have to protect yourself. The project party can&#39;t be relied on.

Hurry up and change your password and wallet. This incident with Monad really raises awareness.

As for session hijacking, how many people never thought it would happen to them?