Galxe has been hacked! How to Avoid Losing Money?
Since I work as a moderator, ambassador and, recently, a “DeFi expert” in several WEB3 projects, over the past few days I have had to answer many questions related to the hacking of the most popular website Galxe.
My experience in the field of IT and information security definitely came in handy here. I decided to create a step-by-step guide on securing your funds. and not “feed” criminals and, most importantly, how not to fall for such deception in the future! Attention: Whether you have connected to the site recently or not doesn’t matter, it will be useful for everyone to check your security!
The fact is that when you connect to scam pages, attackers don’t just steal your money one-time — when you sign a transaction, you often unknowingly confirm the concept of asset trust management. And the next time you deposit, the money will again be withdrawed off to the attackers.
Preparation: If you have connected to the site in the last 4 days, then initially you need to disconnect your wallet from the Galxe site (if you have not connected, you can skip this step), you can do this in the connected pages section. For example, in Metamask you can do it like this:
First of all, go to this page — enter the address of the wallet that is linked to your profile in Galxe into the window. We look at the status of the wallet in all possible networks (to the right of the address window, there is a network selection window).
If everything is fine and there are no confirmed accesses in any of the networks, go to the main page of the same service, connect the wallet and check for the presence of trust management contracts, and in general for all suspicious contracts, in all networks.
Switch to Google DNS by following this guide (for mobile and desktop computers): https://developers.google.com/speed/public-dns/docs/using Clear DNS cache following this guide: https://docs.cpanel.net/knowledge-base/dns/how-to-clear-your-dns-cache/
And finally:
- I recommend you use a separate “hot wallet” for all testnets, retrodrop activities, minting NFTs, making connections to unfamiliar sites, and shouldn’t not store large sums of money there.
- Store large amount of funds only in securely hidden hardware wallets separately from the hidden seed phrase written on paper.
- Use applications to pre-verify signing transactions:
https://revoke.cash/ru/extension
https://www.pocketuniverse.app/ - Always check what you sign — this is very important. I’m often “automatically” sign many transactions, but loosing vigilance in the WEB3 area and human errors in general are still the most common cases of losing money.
Thank you all for your attention! Be careful and follow safety precautions!
https://twitter.com/mulakhmetov