BEIJING: In September, Wu Caizeng became the victim of a phishing scam and lost 20,000 yuan ($2,800) worth of non-fungible tokens (NFTs). He posted a request for help on Twitter and revealed the thief's public blockchain address. However, he was left without a practical way to compensate for his losses due to the anonymity that pervades much of the cryptocurrency world.
He reprimanded himself for clicking a fake link in his post claiming to be from the official Twitter account of the game he played, saying "I'm so stupid." "I made a really simple mistake."
Messages on Discord, Twitter cards, Apple's Airdrop links, and even tokens on decentralized exchanges have all become entry points for crypto scams, which have increased in frequency in recent years. According to the 2022 Crypto Crime Report by blockchain data platform Chainalysis, cryptocurrency theft increased by more than 500% to US$3.2 billion last year.
Wu lives in China, where the issue is particularly serious as there is no legal protection for cryptocurrencies. Despite this, many people still continue to trade related assets to take advantage of opportunities in emerging markets. Web3 security firms have since emerged, promising to help people protect their blockchain-based assets.
Mike Lee, who left Chinese cybersecurity giant 360 Security Technology to found GoPlus Security in 2017, claimed that "security companies, 'white hat' hackers, and makers of specialized equipment form the main force driving Web3 security." are part."
Lee compared the services provided by his company to a decentralized variation of cybersecurity products provided by Russia's Kaspersky Lab. The service enables any Web3 application to use the GoPlus Application Programming Interface (API) to mark blockchain addresses with a red, yellow, or green mark as an indication of the risk level of the transaction. Web3 is a term used to refer to the decentralized World Wide Web through the use of blockchain and similar technologies.
With the rise in well-known cryptocurrency scams, the need for Web3 security solutions has become more apparent. Even famous people have fallen victim, including American actors Bill Murray and Seth Greene and Taiwanese mandopop sensation Jay Chow, who lost a priceless bored ape Yacht Club NFT to a phishing website in April. .
According to Xiamen-based blockchain security firm Slomist, more than US$27 trillion in cryptocurrency has been stolen through 827 hacks since 2012. The top three attacks were scams, sudden loan attacks and contract vulnerabilities.
According to Zhang Lianfeng, Chief Internet Security Officer of Slomist, there have been few improvements to Web3 security since the company was founded in 2018.
Zhang said users are still being attacked from left to right due to poor security awareness. “Now on even more fronts including cross-chain bridges, NFTs and decentralized finance.”
Fun Liu, a software engineer and former edtech employee in Shanghai, was inspired at the eth Shanghai hackathon in May to develop a security product from a repeat of similar scams since 2020. Scam Sniffer, a free Chrome browser extension for users, was created as one. The result and goal is to combat cryptocurrency scams on websites such as Twitter and Discord.
Liu said regular users should now have the means to protect themselves from con artists. Blockchain technology “is becoming more and more important due to its anonymity and tamper-proof nature, especially when users have limited devices.” The extension is open source and accessible on GitHub, where Liu also shared a list of over 1,700 domains and 300 wallet addresses that have been blacklisted.
These extensions are designed to help people who may not have the financial means of the companies that provide most of the crypto services.
According to Lee of GoPlus Security, security can give you a sense of the social class of the area. "Only 0.1% of the wealthy are adequately protected, while the other 99.9% use 99% of security resources." The current state of Web3 security is described.
However, no security solution is perfect, and due to China's official stance on cryptocurrencies, there are few legal channels for recourse when users like Wu are scammed.
Beijing clarified last year that all cryptocurrency trading in the country is prohibited after years of crackdowns. Regional courts have reached differing conclusions, and regulators have not been clear about whether digital assets like NFTs have any property protections.
A Beijing district court recognised cryptocurrencies as assets in May, which was viewed as creating a significant legal precedent. A user's accounts were shut down as a result of China's regulation, but a court last year declared that "cryptocurrency is not protected by law."
Similar decisions have been made this year by judges in places like the province of Fujian and the city of Tianjin. In none of thecases did any of the plaintiffs receive reimbursement for tokens that were lost.
Therefore, it is even more crucial for Chinese cryptocurrency users to take more responsibility for their own security. Wu claimed he has added security browser add-ons, double-checks wallet addresses before sending money, and avoids trading when he is ill or distracted in the future to protect himself.
All he could do when hacked was swallow the pain. According to security experts, it's crucial for people to act on their own. According to SlowMist's Zhang, "security has a so-called bucket effect, meaning one has to combine technical defences with human defences."
If the victim is held accountable for the stolen funds, we advise victims to get in touch with the police or security firms," he added. Large platforms typically compensate their users if any theft occurs due to negligence on their part.
Recently, SlowMist introduced for-profit crypto-tracking services that can support forensic analysis and investigations.
The security awareness of people needs to be improved, according to Zhang. Once that's taken care of, it will function much better than a collection of machines.