Trending News: Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market goLinkedIn Recruitment Phishing AnalysisGold hits record high How long will it take for Bitcoin to beTrump adviser David Sacks’ “clearance drama”Meme currency market review: How many people have caught the Golden Dog in the past year?3 Reasons Why Ethereum Still Being Bullish After Slump to 17-Month LowJudicial disposal of virtual currencies: Beware of becoming illegal financial activitiesFinancial advisors and large brokerage firms drive the next wave of Bitcoin ETF adoptionBTC ETF Next Process: Financial Advisors and Big Institutions Lead the Expansion WaveSudden news: Trump’s stake in BinanceLogical analysis of Binance’s share reduction and MGX investment: Valuation Motivation and Market InfluenceEthereum Prague Upgrade In-depth Research Report: Ecological Impact and Future OutlookCan the Pectra upgrade reshape the Ethereum ecosystem?Binance surrenders to the UAEGolden Encyclopedia | What role does gold, oil, and BTC play in the US reserves?How did Meme coins go from online jokes to crypto culture engines?Users don’t want VC coins or meme coins. So what do users want?a16z: Exploring the efficient and secure path of zkVM
Mon. Apr 21st, 2025
Trending News: Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerator’s first batch of 8 selected projectsWhich one is more “just” between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trump’s tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoin’s extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trump’s overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto tradingDeepSeek accelerates web3 transformation and changes corporate value and risk management modelsThis is the truth Trump is being stabbed by Japanese institutionsInterpretation of SEAL: Sui’s decentralized key management solutionWho made Trump change his mindTrump’s 180-degree turn What happened in the 18 hours of changing the global marketReciprocal tariffs are suspended, crypto markets are surging, and only China is in troubleQuick view of Binance HODLer Phase 14 Airdrop Project Babylon (BABY)US Senator: What status should Bitcoin have in the United States?Coingecko: Which listed companies are major BTC holders?Sei Lianchuang: Expanding EVM requires L1 instead of L2The full text of the latest speech by Trump’s think tank: The essence of the United States’ “reciprocal tariffs”Vitalik’s latest speech: Why speed up L2 confirmation?How to speed upEthereum Pectra Upgrade: Is it a milestone or another gimmick?CZ Fireside Dialogue: HODL Strategy Challenges, Survival Rules under Market VolatilityStablecoin earnings guideMusk openly criticizes the tariff faction and calls for Europe and the United States to establish a free trade zone with zero tariffsEmily Parker: 2025 Web3 trends int and US and AsiaEmily Parker: How to bridge the Web3 assets and traditional capitalGMGN Co-founder Haze’s speechXiao Feng Hong Kong’s latest speech: Why is it said that public chains are a new generation of financial infrastructureSolana Lily’s speechBitcoin will benefit from the ebb of the US dollar reserve system and the global de-dollarization trendFrom traditional replication to innovation Can Backpack seize the future?Saylor’s $200 trillion BTC strategy: U.S. BTC domination and immortalityEthereum’s two major upgrades to Pectra and Fusaka are explained in detail. What will be brought to ETH?Coingecko: How do investors view the potential of crypto AI technology?Galaxy: Research on the current situation of Futarchy governance system and on-chain forecast marketThe latest updates from ETH and Solana: What are the things to pay attention to?Golden Encyclopedia | What is address poisoning attack? How to avoid it?Quick view of Binance HODLer’s latest airdrop project Particle NetworkWill Celestia pose a threat to Ethereum?Ethereum supply tightening: a prelude to a price rebound or a temporary fog?BSC Meme’s popularity remains unabated for a week. Can it really work this time?Galaxy: The Twilight Road to Web3 GamesEthereum declines, PVP prevails, misses the summer of 2020Why invest in AR?How Bitcoin Takes Over Wall StreetThe lively thrill of CZ and MEME BNB Chain is in progressPoW mining does not constitute securities issuance. No registration is required. See what the US SEC said.PumpFun fills up the Swap puzzle, the first encrypted dApp outline appearsTrump: The United States will dominate cryptocurrencies and next-generation financial technologyWhy are North Korean hackers so good at stealing cryptocurrencies?Why can BSC successfully replicate the Solana Ecological Meme miracle?Hacker storm resurfaces: OKX suspends DEX, Binance winsAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraAnalysis of the crypto market in 2025: MEME boom and cold thinking in the Trump eraEthereum price falls into a “cursed” downward trend and may continue throughout the yearStrategic Reserves and Game of Thrones II: The Encrypted Order in the Trump AgeRAY rose by more than 22% in 24 hours: Raydium LaunchLab In-depth Research ReportPectra upgrade countdown Vitalik explains the “Wallet Security” strategy in detailIt turns out that this is how BSC gets rich by beating dogsThe Middle East is coming, and the Golden Dogs are constantly on the BSC chainMubarak soared by 1300 times CZ has added several more A8 players to BSCBankless: What are native Rollups?Bitwise: Why is it said that the tariff war triggered a sharp pullback in BTC is a buying opportunityBTC pullback nearly 30% When will institutional funds returnEthereum Don’t let newcomers downThe narrative of altcoin ETF is not working?Time of liquidity ebb: Who is protecting the Tower of Babel of Ethereum?The next major upgrade to Bitcoin?Evaluation of OP_CAT and OP_CTVMake encryption great again Trump helps Wall StreetThe latest speech by former vice president of the central bank: The rise and challenge of cryptocurrenciesBitcoin’s crossroads: Bear or new highs, where will the market goLinkedIn Recruitment Phishing AnalysisGold hits record high How long will it take for Bitcoin to beTrump adviser David Sacks’ “clearance drama”Meme currency market review: How many people have caught the Golden Dog in the past year?3 Reasons Why Ethereum Still Being Bullish After Slump to 17-Month LowJudicial disposal of virtual currencies: Beware of becoming illegal financial activitiesFinancial advisors and large brokerage firms drive the next wave of Bitcoin ETF adoptionBTC ETF Next Process: Financial Advisors and Big Institutions Lead the Expansion WaveSudden news: Trump’s stake in BinanceLogical analysis of Binance’s share reduction and MGX investment: Valuation Motivation and Market InfluenceEthereum Prague Upgrade In-depth Research Report: Ecological Impact and Future OutlookCan the Pectra upgrade reshape the Ethereum ecosystem?Binance surrenders to the UAEGolden Encyclopedia | What role does gold, oil, and BTC play in the US reserves?How did Meme coins go from online jokes to crypto culture engines?Users don’t want VC coins or meme coins. So what do users want?a16z: Exploring the efficient and secure path of zkVM
Mon. Apr 21st, 2025

Web3 Security Beginner’s Guide to avoid pitfalls, risk of leaking fake wallets and private keys

background

Wallets play a crucial role in the Web3 world. They are not only storage tools for digital assets, but also necessary tools for users to trade and access DApps.In the previous issue of Web3 security introduction to avoid pitfalls, we mainly introduced the classification of wallets and listed common risk points to help readers form basic wallet security concepts.With the popularization of cryptocurrency and blockchain technology, black market has also set its sights on the funds of Web3 users. According to the stolen form received by the Slow Fog Security Team, it can be seen that many users were downloaded/purchased for fake wallets.Steal.Therefore, in this issue we will explore why fake wallets are downloaded/purchased, and the risks of private keys/mnemonic words leaked, and will also provide a series of security suggestions to help users ensure the security of their funds.

Download to fake wallet

Since many phones do not support Google Play Store or because of network problems, many people will download wallets from other channels, such as:

Third-party download site

Some users will download wallets through third-party download sites such as apkcombo, apkpure, etc. These sites often claim that their apps are downloaded from the Google Play Store image, but how is their real security?The Slow Fog Security Team has conducted an investigation and analysis of third-party sources of fake Web3 wallets, and the results show that the wallet version provided by the third-party download site apkcombo does not actually exist.Once the user creates a wallet or imports a wallet mnemonic in the start interface, the fake wallet will send mnemonics and other information to the server of the phishing website.

Search Engine

The ranking of the search engine is available, which leads to the fact that the fake official website ranking is still higher than the real official website. Therefore, it is not recommended that users directly search for the wallet through the search engine, and then click the top-ranked link to download the wallet., this is very likely to enter a fake official website and download it to a fake wallet.If users are not sure what the official website address is, it is difficult to tell whether this is a fake website based on the website display page alone, because the fake website produced by the scammer is very similar to the real official website, and can be faked to be real, so it is notIt is recommended that users click on links shared by other users on Twitter or other platforms, which are mostly phishing links.

Relatives and friends/pig killing plate

Keep zero trust in the dark forest of blockchain. Your relatives and friends may not have any idea of ​​harming you, but they may be fake to download the wallet, but it is not stolen yet, so if you use the QR code they share/Download the wallet with a link, and it is also possible to download it to a fake wallet.

The Slow Fog Security Team has received many stolen forms of pig killing incidents. The scammer’s routine is to first gain the trust of the victim, then guide the victim to participate in cryptocurrency investment and share the download link of the fake wallet. The final result is the victim.He was cheated of his relationship and lost his funds.Therefore, users should be vigilant against netizens, especially when the other party invites you to invest or posts unknown links to you, don’t trust them easily.

Telegram

On Telegram, by searching for well-known wallets, we found some false official groups. Scammers will claim that the group is the official channel of a certain wallet, and even remind users in the group to identify the only official official website link, but these links are allIt’s fake.

Application Store

It should be noted that the applications in the official application mall are not necessarily safe. Some criminals induce users to download fraudulent apps by purchasing keyword rankings and other means. Please pay attention to the identification.

So, how can users avoid downloading fake wallets?

Official website download

The ability to find a real official website is not only used when downloading a wallet, but also when users participate in Web3 projects in the future, so we will talk about how to find the correct official website here.

Users may directly search for the project party on Twitter, and then judge whether this is an official account based on the number of followers, registration time, and whether there is a blue or gold label. However, these can be faked. We have been doing real and fake projects before.Fang | Beware of the article “Great Imitation Number Fishing” in the comment area has told you about the black and gray products that sell high Imitation Numbers.Therefore, it is recommended that new novices pay attention to some security companies, security practitioners, well-known media, etc. in the industry on Twitter to see if they have followed the official accounts you found.

(https://twitter.com/DefiLlama)

Through the above method, users are likely to find the real official Twitter account, but we still need to do multi-party verification. After all, it is common for official Twitter account to be hacked, and hackers will also replace the official website links on the official account with fake official website links., so users need to compare the official website link you just found with the links found through other channels (such as DefiLlama, CoinGecko, CoinMarketCap, etc.):

(https://defilama.com/)

(https://landing.coingecko.com/links/)

After finding and confirming the official website link, it is recommended that users save the link to the bookmark so that they can directly find the correct link from the bookmark next time, without having to re-find and confirm each time, reducing the probability of entering the fake official website.

Application Store

Users can download wallets through official app stores such as Apple Store, Google Play Store, etc., but before downloading, you must first check the application developer information to ensure that it is consistent with the official developer identity, and you can also refer to the application score and download volume.etc.

Official version verification

Some readers who see this may wonder, how to verify whether the wallet they downloaded is a real wallet?Users can do file consistency verification. This operation is to compare the hash values ​​of the file to determine whether the file has changed during the transfer or stored procedure.The user only needs to drag the apk file downloaded previously into the file hash verification tool. This tool will use hash functions (such as MD5, SHA-256, etc.) to generate the hash value of the file. If this value is given by the officialThe hash value matches, it is a real wallet; if it does not match, it is a fake wallet.What should I do if the user verifies that his wallet is fake?

1. First, you need to confirm the scope of the leak. If you just download a fake wallet but don’t enter the private key/mnemonic word, then you just need to delete the app and re-download the official version.

2. If the private key/mnemonic word has been imported into the fake wallet, it means that the private key/mnemonic word has been leaked. Please download the genuine wallet on the official website and import the private key/mnemonic word, and create a new address to quickly transfer the transferableassets.

3. If your cryptocurrency is unfortunately stolen, we will provide free community assistance services for case assessment, only if you need to submit the form in accordance with the classification guidelines (stolen funds/scam/scam ransomware).At the same time, the hacker address you submitted will also be synchronized to the InMist Threat Intelligence Cooperation Network for risk control.(Note: Chinese form is submitted to https://aml.slowmist.com/cn/recovery-funds.html, and English form is submitted to https://aml.slowmist.com/recovery-funds.html)

Purchase a fake hardware wallet

The above situation is why you download a fake wallet and the solution. Let’s talk about why you buy a fake hardware wallet.

Some users choose to buy hardware wallets online malls, but this kind of hardware wallet in unofficial authorized stores has a very big security risk, because before the wallet is in the hands of users, how many people will it go through, whether the internal components have been tampered with?These are all uncertain.If the internal components have been tampered with, it is difficult to see the problem from the appearance and function.

(https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/)

Here are some of the ways we provide to deal with hardware wallet supply chain attacks:

Official channel purchase:This is the most effective solution to supply chain attacks.Do not buy hardware wallets from unofficial channels, such as online malls, purchasing agents, netizens, etc.

Check the appearance:After getting the wallet, check whether there are any signs of damage to the outer packaging. This is the most basic thing, although the hacker is likely to not be exposed at this step.

Official website real machine verification:Some hardware wallets provide official real-time machine verification services. When users initialize their wallets, the device will prompt the user to perform official real-time machine verification.If the equipment is tampered with during transportation, it will not be verified by the official website.

Dismantling the machine and self-destructing mechanism:You can choose to purchase a hardware wallet with a disassembled self-destruction mechanism. When someone tries to open the hardware wallet and tamper with internal components, the self-destruction mechanism will be triggered. All sensitive information in the security chip will be automatically erased, and the device will not be able to continue to use it.

Risk of private key/mnemonic word leakage

Through the above content, everyone should learn how to download or purchase a real wallet, so how to keep the private key/mnemonic words is another problem.Private key/mnemonic is the only voucher for restoring the wallet and controlling the assets.The private key is a 64-bit hexadecimal string composed of letters and numbers, while the mnemonic word is generally composed of 12 words.The Slow Fog Security Team here reminds that if the private key/mnemonic word is leaked, the wallet assets are very likely to be stolen. Let’s take a look at several common reasons for the leakage of private key/mnemonic word:

Improper confidentiality:Users may tell their relatives and friends the private key/mnemonic words and ask them to help save them, but the funds are stolen by relatives and friends.

Network storage or transfer of private keys/mnemonic words:Although some users know that private keys/mnemonic words should not be told to others, they will save private keys/mnemonic words through WeChat collection, taking photos, screenshots, cloud storage, memos, etc.Once these platform accounts are collected by hackers and successfully compromised, the private key/mnemonic words are easily stolen.

Copy and paste private key/mnemonic words:Many clipboard tools and input methods upload users’ clipboard records to the cloud, exposing private keys/mnemonics to an unsafe environment.Moreover, Trojan software can also steal information from the clipboard when the user copies the private key/mnemonic words. Therefore, it is not recommended that the user copy and paste the private key/mnemonic words. This seemingly unproblematic behavior actually exists very much.Large risk of leakage.

So how to avoid private key/mnemonic word leakage?

First, don’t tell anyone the private key/mnemonic words, including relatives and friends.Secondly, try to choose physical media to save private keys/mnemonic words to avoid hackers from obtaining private keys/mnemonic words through cyber attacks and other means.For example, copy private keys/mnemonic words onto good quality paper (can also be plastic sealed) or use mnemonic words to save.In addition, setting up multiple signatures and storing private keys/mnemonics can also improve the security of private keys/mnemonics.Regarding how to back up private keys/mnemonic words, you can read the “Blockchain Dark Forest Self-Rescue Manual” produced by Slow Mist: https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook/blob/main/README_CN.md.

Summarize

This issue of the article mainly explains the risks when downloading/purchasing a wallet, how to find the authenticity of the wallet and verify the authenticity of the wallet, as well as the risk of leakage of private keys/mnemonic words.I hope this issue can help you take the first step to enter the dark forest. In the next issue, we will explain the risks when using your wallet, such as being fished, signed, and authorized. Welcome to follow up.(Ps. The brands and pictures mentioned in this article are for the purpose of assisting readers’ understanding only and do not constitute recommendations or guarantees).

    • jakiro

    Related Posts

    DeepSeek accelerates web3 transformation and changes corporate value and risk management models
    DeepSeek accelerates web3 transformation and changes corporate value and risk management models

    As a cutting-edge technology, DeepSeek is profoundly changing the digital transformation path of enterprises and the ecological pattern of decentralized applications, and changing the trial and risk management model of…

    Continue reading
    Emily Parker: 2025 Web3 trends int and US and Asia
    Emily Parker: 2025 Web3 trends int and US and Asia

    Next, Emily Parker, an advisor to China and Japan for the Global Blockchain Business Council, will be invited to give a speech on the stage. His topic is “2025 Web3…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Bitcoin

    Historic Trend: Bitcoin is Being a Safe-Habiting Asset

    • By jakiro
    • April 19, 2025
    • 19 views
    Historic Trend: Bitcoin is Being a Safe-Habiting Asset
    Meme

    What makes cryptocurrency rug pull events happen frequently?

    • By jakiro
    • April 18, 2025
    • 17 views
    What makes cryptocurrency rug pull events happen frequently?
    Research Report

    Wintermute Ventures: Why do we invest in Euler?

    • By jakiro
    • April 18, 2025
    • 15 views
    Wintermute Ventures: Why do we invest in Euler?
    People

    Can Trump fire Powell?What economic risks will it bring?

    • By jakiro
    • April 18, 2025
    • 15 views
    Can Trump fire Powell?What economic risks will it bring?
    Research Report

    Glassnode: Are we experiencing a bull-bear transition?

    • By jakiro
    • April 18, 2025
    • 16 views
    Glassnode: Are we experiencing a bull-bear transition?
    Research Report

    The Post Web Accelerator’s first batch of 8 selected projects

    • By jakiro
    • April 17, 2025
    • 35 views
    The Post Web Accelerator’s first batch of 8 selected projects
    Home
    News
    School
    Search