🚨Two consecutive shots, hackers have targeted the information source of the Crypto circle—
Two days ago it was CMC, today it's Cointelegraph. Both were front-end hijacked, popping up wallet verification or airdrop pages that couldn't be closed.
On-chain data shows that CMC has confirmed 39 victims, with a total loss of approximately $18,500.
This amount is not large, but what is truly worrying is that the precision and disguise of this type of attack are becoming stronger—many people are completely unprepared for the information websites they browse daily, and their trust has become the biggest vulnerability.
📌 Retail investors must remember—
1⃣ Try not to connect your wallet on information websites
Even large sites like CMC, Cointelegraph, and The Block can be front-end hijacked.
Just read the news, try not to connect your wallet. All wallet connection operations should only be performed on official Dapps or official link pages.
2⃣ Use wallets + plugins with security prompts
Some wallets and plugins have 'simulated signature risk' warnings. If abnormal authorization occurs, a pop-up will directly prompt you.
Rabby Wallet: Automatically simulates contract calls, flags phishing risks.
Wallet Guard / Pocket Universe plugin: Automatically warns before signing.
GoPlus Plugin: Flags malicious contracts, filters phishing domains.
3⃣ Establish basic operating habits
After using any website, disconnect your wallet and do not leave connections open for long periods.
For actions involving authorization, be sure to confirm the object and permission type. SetApprovalForAll, Permit, and delegate are high-risk actions; be sure to confirm them clearly.
4⃣ Device isolation, one machine one purpose, reduce infection surface
Try not to connect your main wallet in your daily browser to check airdrops, earn points, or click pop-ups. Achieve one machine, one purpose: a dedicated machine for airdrops/farming, a cold machine for storing coins, and a hot machine for operations. Keep roles clear.
Main wallet: Only for storing coins, no connections, no random signing.
Airdrop/Farming wallet: Specifically for airdrops, minting NFTs, and completing tasks; do not store large assets.
Test wallet: Can be connected to unfamiliar projects for experimentation.
Also, try to use cold devices (old phones or independent browser configurations) for sensitive transactions.
Separate browser profiles. Do not use a Chrome plugin wallet for farming to perform major DeFi investment operations.
