Bitget Wallet (Previously BitKeep) DApp browser is an open Web3 gateway, allowing users to log in and access any DApp developed by independent projects by entering the URL. However, due to the variety of DApps on the market, if users encounter potentially risky signatures and authorize and sign phishing contracts when connecting wallets and authorizing signatures, their assets may be stolen.

For example, some phishing websites use the eth_sign signature to carry out blind signing fraud, inducing users to sign a message that seems harmless and they don’t understand, which may be a transfer instruction that could cause their funds to be transferred.

The latest version of Bitget Wallet (Previously BitKeep) Wallet upgraded the signature authorization security mechanism and risk reminders, including eth_sign risk signature reminders, as well as reminders for risk domain names, phishing websites, risk-receiving addresses, and contracts, to strengthen users’ asset security protection.

Prevent Risk Domain Name|Phishing Website Risk Reminder

Users often face the danger of phishing websites. For example, hackers or scammers use phishing websites and high-yield promises to attract users to connect and authorize wallets, obtain transfer permissions for users’ accounts, and steal their assets.

Therefore, Bitget Wallet (Previously BitKeep) has optimized the risk warnings for third-party websites as the first line of defense, issuing early warnings before users visit fraudulent websites and encounter phishing.

Bitget Wallet (Previously BitKeep) cooperates with third-party security agencies, accesses the open-source GitHub, and interfaces Go+ to identify phishing websites. When a user visits a DApp and opens an unknown link, Bitget Wallet (Previously BitKeep) will detect whether the website domain name is in the blacklist domain name database. If it is a phishing or risky website, Bitget Wallet (Previously BitKeep) will pop up a security prompt to warn the user that the website is risky.

Prevent Risk Address|Transfer Risk Reminder

When users transfer funds, in order to help users avoid security risks such as “Pixiu addresses”, abnormal token addresses, and risky contract addresses, Bitget Wallet (Previously BitKeep) identifies more than a dozen types of risky addresses and contracts by accessing the open-source security address database Go+ to conduct risk signs and reminders. When users transfer funds to these risky addresses or contracts, Bitget Wallet (Previously BitKeep) will remind users that the operation is risky.
For example, when it detects that the transfer and receiving address is risky, Bitget Wallet (Previously BitKeep) may pop up the following warning:

At the same time, please note that in view of the concealment and variability of fraudulent methods, not receiving a prompt does not mean that the operation is 100% safe. Users still need to be vigilant, strengthen their own judgment, and protect their own personal information and assets when visiting third-party websites and transferring money.

Prevent Risk Signature|eth_sign Risk Signature Reminder

One of the security risks faced by blockchain users comes from signature operations. Signature is the process of confirming the identity of the transaction initiator. It needs the wallet’s private key and encryption algorithm to digitally sign the instruction. Although signatures can be signed without going to the chain or even offline, this does not mean that there is no risk.

The signature of blockchain, especially the eth_sign signature, has great authority, which means that the user agrees to all subsequent signature types, so users and the team need to be cautious.

eth_sign is a potentially risky signature and is the signature that is used in many cases of fraud. Users may not fully understand what they are signing and cannot check what the signature represents because the input of eth_sign is not the text format, thus the meaning cannot be seen. This is like signing a contract written in a language that you can not read, which is called “blind signing”.

Malicious third parties may take advantage of this by inducing users to sign a message they do not understand, such as instructions for a transaction or smart contract, which could result in unlimited funds transfers.
In order to prevent such risks, Bitget Wallet (Previously BitKeep) will pop up a risk warning when the user uses eth_sign to sign a message, reminding the user that this operation may have potential risks, let the user carefully evaluate whether the signature operation is necessary and safe. Only after the user clicks Confirm will he enter the signature page.

On the basis of the above multiple security protections, Bitget Wallet (Previously BitKeep) will launch functions such as one-click deauthorization and authorization information sorting in the future. Bitget Wallet (Previously BitKeep) will also increase the active risk reminder of malicious authorization to improve the overall performance of the security system.

Bitget Wallet (Previously BitKeep) reminds our users to always be vigilant before authorizing, signing, or transferring on the chain. Please check the sources of information carefully and be aware of the risks involved. If you find any tokens, contracts, or DApps that seem to be risky, please report them to us immediately.

Feel free to reach out to us: WebsiteTwitterTelegramDiscord

Launching the Third Wave of BSTB Holder Privileges! Secure Your Chance at a 1,000 USDT Airdrop
Viewing Token Information on Bitget Wallet

Leave a Comment

Your email address will not be published. Required fields are marked *