SlowMist Cosine: Phishing with the first and last number is a probability game. Users can deal with it by using whitelists, visual identification, etc.
SlowMist founder Yu Xian posted on social media that for the phishing attacks at the beginning and end, hackers are playing a fishing net attack, and those who are willing to take the bait are playing a probability game. Prevention methods include but are not limited to: visually verifying whether the wallet address of key steps is correct, not just looking at the beginning and end; ignoring wallet transaction history, as historical record pollution is easy to manipulate; transfer/trade risk control, large amounts transferred to the target address that appears for the first time or some kind of transaction operation (such as a target address being a strange contract), the wallet will make risk control reminders; whitelist address mechanism; wallet address portrait ability, and so on.
SlowMist: Beware of watering hole attacks launched by malicious attackers using WordPress plugin vulnerabilities
SlowMist Security has issued a warning that attackers have recently been exploiting vulnerabilities in WordPress plugins to inject malicious JS code into normal websites and launch watering hole attacks. These attacks involve popping up malicious windows when users visit the site, deceiving them into executing malicious code or performing Web3 wallet signatures, thereby stealing their assets. It is recommended that sites using WordPress plugins check for vulnerabilities, update plugins in a timely manner, and avoid being attacked. When visiting any website, users should carefully identify the downloaded programs and Web3 signature content to avoid downloading malicious programs or having their assets stolen due to malicious signatures.