Update by evilcos, for DarkHandBook.io
Blockchain dark forest selfguard handbook
Master these, master the security of your cryptocurrency.
🔥Website: https://darkhandbook.io/
🇨🇳中文版:《区块链黑暗森林自救手册》
这里会列一些我个人总结的、围绕黑手册的扩展阅读,基本都会是 Twitter Thread 形式。
闪电网络通道科普一例:
https://twitter.com/evilcos/status/1628945985811660800
如果你的 Discord token 被钓了,但被你及时发现,以下哪个做法并不能阻止黑客使用你的 Discord token 权限?
https://twitter.com/evilcos/status/1628018317893181440
被钓鱼网站钓走钱包签名后,相关资产被盗了,这个钱包还安全吗?
https://twitter.com/evilcos/status/1625387330117992449
Twitter 链接预览 User-Agent 欺骗钓鱼:
https://twitter.com/evilcos/status/1624268782993821696
闪电网络地址等有关科普:
https://twitter.com/evilcos/status/1621380824867430400
NFT 钓鱼 Apetainz 的 UI 伪装欺骗
https://twitter.com/evilcos/status/1619504230586535936
删除 MetaMask 扩展时,私钥/助记词文件会如何?
https://twitter.com/evilcos/status/1615540204441591814
当你电脑中相关木马后,木马是如何黑掉你的 MetaMask 的
https://twitter.com/evilcos/status/1615931120457220100
为什么 WETH 一个签名就被钓走
https://twitter.com/evilcos/status/1615220059299000324
Web3 Cybersecurity Academy - Enhancing user asset security Lesson 1
https://twitter.com/1nf0s3cpt/status/1614612129671438343
Telegram 盗号导致盗币
https://twitter.com/evilcos/status/1611541986120732672
APTOS 钓鱼
https://twitter.com/evilcos/status/1610910301934989313
讨论钱包的一个关键安全点
https://twitter.com/evilcos/status/1607721007837769728
Solana 钓鱼
https://twitter.com/evilcos/status/1607558572921217027
警惕密码管理器永久删除风险
https://twitter.com/evilcos/status/1606889696436813825
关于 LastPass 被黑
https://twitter.com/evilcos/status/1606615478277132289
一个有趣的“被盗”案例
https://twitter.com/evilcos/status/1605826949850374144
NFT 零元购技术解析
https://twitter.com/evilcos/status/1604067276265000960
Discord token 废弃方式,三选一:
- 主动登出账号,不是关闭页面;
- 修改密码;
- 添加 2FA 或修改 2FA。
MetaMask CLAIM REWARDS 欺骗
https://twitter.com/evilcos/status/1600356939845640193
看去像乱码的签名是否有风险
https://twitter.com/evilcos/status/1599258003798396929
零转载骗局
https://twitter.com/evilcos/status/1598245354951974913
钓鱼网页模仿 MetaMask 弹框
https://twitter.com/evilcos/status/1597813536323170304
波场(Tron)多重签名骗局
https://twitter.com/evilcos/status/1596374505751924736
突破钓鱼网页反调试
https://twitter.com/evilcos/status/1594514681401835520
MetaMask Security Update 欺骗
https://twitter.com/evilcos/status/1593588745353060352
当 Connect 一个钓鱼网站,会有安全风险吗?
https://twitter.com/evilcos/status/1593579289726709760
钱包「签名」和「授权」的区别
https://twitter.com/evilcos/status/1592888608364511233
Uniswap swapExactTokensForTokens 钓鱼
https://twitter.com/evilcos/status/1591783549505511426
假币安 App 钓鱼
https://twitter.com/evilcos/status/1589921365393805312
OpenSea 签名认证请求
https://twitter.com/evilcos/status/1588722701669404672
signTypedData 用成“盲签”的感觉
https://twitter.com/evilcos/status/1588522243285716994
双因素认证(2FA)安全的话题
https://twitter.com/evilcos/status/1587674436710584321
OpenSea upgradeTo 钓鱼
https://twitter.com/evilcos/status/1585909695990022145
DAI/USDC 等的 permit 签名钓鱼
https://twitter.com/evilcos/status/1581215108910309377
eth_sign 盲签钓鱼
https://twitter.com/evilcos/status/1579449487302725647
几种签名钓鱼区别:eth_sign/personal_sign/signTypedData
https://twitter.com/evilcos/status/1578988023945269248
OpenSea 空投假 Offer 骗局
https://twitter.com/evilcos/status/1576747276684259328
Punycode 字符欺骗钓鱼
https://twitter.com/evilcos/status/1563739097893462016
BGP 劫持案例与科普
https://twitter.com/evilcos/status/1560881728910426113
DNS Hijacking(劫持)案例与科普
https://twitter.com/evilcos/status/1557222249958350848
授权钓鱼识别技巧:0xa22cb465 即 setApprovalForAll
https://twitter.com/evilcos/status/1548581215648694273
被盗了怎么办?
https://twitter.com/evilcos/status/1533288715065634817
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent