As the on-chain ecosystem continues to expand, on-chain transactions have gradually evolved into an indispensable daily operation for Web3 users. The migration of user assets from centralized platforms to decentralized networks is accelerating, and this trend also means that the responsibility for asset security is shifting from the platform to the users themselves. In the on-chain environment, users need to be responsible for every step of interaction, whether it is importing wallets, accessing DApps, or signing authorization and initiating transactions, any blind signing or operation error may become a security risk, leading to serious consequences such as private key leakage, authorization abuse, or phishing attacks.
Despite the fact that mainstream wallet plugins and browsers are gradually integrating features such as phishing detection and risk alerts, it is still difficult to completely avoid risks solely relying on the passive defenses of tools in the face of increasingly complex attack methods. To help users more clearly identify potential risk points in on-chain transactions, our security team has compiled a comprehensive list of high-risk scenarios based on practical experience, along with protective suggestions and tips for tool usage, and developed a systematic on-chain transaction security guide to assist every Web3 user in building a "self-controlled" security defense.
Core Principles of Secure Trading:
Do not sign blindly: Never sign transactions or messages that you do not understand.
Reverification: Be sure to verify the accuracy of relevant information multiple times before conducting any transactions.
One|Security Transaction Advice
Secure trading is key to protecting digital assets. Research shows that using secure wallets and two-factor authentication (2FA) can significantly reduce risks. Here are specific recommendations:
Use a secure Wallet:
Choose reputable wallet providers, such as hardware wallets like Ledger or Trezor, or software wallets like Metamask. Hardware wallets provide offline storage, reducing the risk of online attacks, and are suitable for storing large amounts of assets.
Double-check transaction details:
Always verify the receiving address, amount, and network (for example, ensure you are using the correct chain, such as Ethereum or BNB Chain) before confirming a transaction to avoid losses due to input errors.
Enable Two-Factor Authentication (2FA):
If the trading platform or Wallet supports 2FA, be sure to enable it to enhance asset security, especially when using hot wallets.
Avoid using public Wi-Fi:
Do not conduct transactions on public Wi-Fi networks to prevent phishing attacks and man-in-the-middle attacks.
Two | How to conduct secure transactions
A complete DApp transaction process consists of multiple stages: Wallet installation, accessing DApp, connecting Wallet, message signing, transaction signing, and post-transaction processing. Each stage carries certain security risks, and the following will sequentially introduce the precautions in actual operations.
Note: This session mainly discusses the security interaction process on Ethereum and various EVM-compatible chains; tools and specific technical details used on other non-EVM chains may vary.
1: Wallet Installation:
Currently, the mainstream usage of DApp is to interact through browser extension Wallets. The mainstream Wallets used in EVM chains include MetaMask and others.
When installing the Chrome add-on wallet, you need to make sure that you download and install it from the Chrome Web Store, and avoid installing it from a third-party website, in case you install wallet software with a backdoor. Conditional users are advised to use a combination of hardware wallets to further improve overall security in the custody of private keys.
When installing the wallet backup seed phrase (usually a recovery phrase of 12-24 words), it is recommended to store it in a safe place, away from digital devices (for example, write it on paper and keep it in a safe).
2: Access DApp
Phishing is a common tactic used in Web3 attacks. A typical case is to induce users to access phishing DApp applications in the name of airdrops, and induce users to sign token authorization, transfer transactions, or token authorization signatures after connecting to the wallet, resulting in asset loss.
Therefore, when accessing DApp, users need to stay vigilant and avoid falling into the trap of web phishing.
Before accessing the DApp, please confirm the correctness of the website address. Suggestion:
Avoid direct access through search engines: Phishing attackers may rank their phishing sites higher by purchasing advertising space.
Avoid clicking on links in social media: URLs posted in comments or messages may be phishing links.
Repeatedly verify the correctness of the DApp website: this can be cross-checked through various DApp markets like DefiLlama, official social media accounts of the project party, and more.
Add secure websites to your browser favorites: access them directly from the favorites later.
After opening the DApp webpage, a security check of the address bar is also required:
Check if the domain name and website look like a counterfeit.
Check if it is an HTTPS link, the browser should display a lock.
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
On-chain interaction zero pitfalls, please keep the Web3 security trading guide.
As the on-chain ecosystem continues to expand, on-chain transactions have gradually evolved into an indispensable daily operation for Web3 users. The migration of user assets from centralized platforms to decentralized networks is accelerating, and this trend also means that the responsibility for asset security is shifting from the platform to the users themselves. In the on-chain environment, users need to be responsible for every step of interaction, whether it is importing wallets, accessing DApps, or signing authorization and initiating transactions, any blind signing or operation error may become a security risk, leading to serious consequences such as private key leakage, authorization abuse, or phishing attacks.
Despite the fact that mainstream wallet plugins and browsers are gradually integrating features such as phishing detection and risk alerts, it is still difficult to completely avoid risks solely relying on the passive defenses of tools in the face of increasingly complex attack methods. To help users more clearly identify potential risk points in on-chain transactions, our security team has compiled a comprehensive list of high-risk scenarios based on practical experience, along with protective suggestions and tips for tool usage, and developed a systematic on-chain transaction security guide to assist every Web3 user in building a "self-controlled" security defense.
Core Principles of Secure Trading:
One|Security Transaction Advice
Secure trading is key to protecting digital assets. Research shows that using secure wallets and two-factor authentication (2FA) can significantly reduce risks. Here are specific recommendations:
Choose reputable wallet providers, such as hardware wallets like Ledger or Trezor, or software wallets like Metamask. Hardware wallets provide offline storage, reducing the risk of online attacks, and are suitable for storing large amounts of assets.
Always verify the receiving address, amount, and network (for example, ensure you are using the correct chain, such as Ethereum or BNB Chain) before confirming a transaction to avoid losses due to input errors.
If the trading platform or Wallet supports 2FA, be sure to enable it to enhance asset security, especially when using hot wallets.
Do not conduct transactions on public Wi-Fi networks to prevent phishing attacks and man-in-the-middle attacks.
Two | How to conduct secure transactions
A complete DApp transaction process consists of multiple stages: Wallet installation, accessing DApp, connecting Wallet, message signing, transaction signing, and post-transaction processing. Each stage carries certain security risks, and the following will sequentially introduce the precautions in actual operations.
Note: This session mainly discusses the security interaction process on Ethereum and various EVM-compatible chains; tools and specific technical details used on other non-EVM chains may vary.
1: Wallet Installation:
Currently, the mainstream usage of DApp is to interact through browser extension Wallets. The mainstream Wallets used in EVM chains include MetaMask and others.
When installing the Chrome add-on wallet, you need to make sure that you download and install it from the Chrome Web Store, and avoid installing it from a third-party website, in case you install wallet software with a backdoor. Conditional users are advised to use a combination of hardware wallets to further improve overall security in the custody of private keys.
When installing the wallet backup seed phrase (usually a recovery phrase of 12-24 words), it is recommended to store it in a safe place, away from digital devices (for example, write it on paper and keep it in a safe).
2: Access DApp
Phishing is a common tactic used in Web3 attacks. A typical case is to induce users to access phishing DApp applications in the name of airdrops, and induce users to sign token authorization, transfer transactions, or token authorization signatures after connecting to the wallet, resulting in asset loss.
Therefore, when accessing DApp, users need to stay vigilant and avoid falling into the trap of web phishing.
Before accessing the DApp, please confirm the correctness of the website address. Suggestion:
After opening the DApp webpage, a security check of the address bar is also required: