🚨Two consecutive attacks, hackers have targeted the information sources of the Crypto circle——

A few days ago it was CMC, today it is Cointelegraph, both have been front-end hijacked, popping up wallet verification or airdrop pages that cannot be closed.

On-chain data shows that CMC has confirmed 39 victims, with total losses of about 18,500 USD.

This amount is not large, but what is truly concerning is the increasing precision and disguise of such attacks—many people are completely unguarded against the information websites they browse daily, and their sense of trust has ironically become the biggest flaw.

📌 Retail investors must remember——

1⃣ Try not to connect wallets on information websites

Even major sites like CMC, Cointelegraph, and The Block can be subject to front-end hijacking.

Read news just to read news, try not to connect wallets. All wallet connection operations should only be done on official Dapps or official link pages.

2⃣ Use wallets + plugins with security alerts

Some wallets and plugins have “simulation signature risk” warnings, and will provide pop-up alerts if abnormal authorizations occur.

Rabby Wallet: Automatically simulates contract calls and marks phishing risks.

Wallet Guard / Pocket Universe plugin: Automatic alerts before signing.

GoPlus Plugin: Marks malicious contracts and filters phishing domains.

3⃣ Establish basic operational habits

After using any website, disconnect the wallet connection, and do not leave long-term connections open.

For actions involving authorization, be sure to confirm the target and permission type. SetApprovalForAll, Permit, and delegate are high-risk actions that must be confirmed clearly.

4⃣ Device isolation, one device for one purpose, reduce the infection surface

Try not to connect your main wallet in your daily browser to check airdrops, earn points, or click pop-ups; use one device for one purpose: a dedicated device for airdrops, a cold device for storing coins, and a hot device for operations, clearly defining roles.

Main wallet: only for storing coins, not connecting, not signing randomly.

Airdrop wallet: specifically for airdrops, minting NFTs, and completing tasks, without storing large assets.

Test wallet: can connect to unfamiliar projects for experimentation.

Additionally, try to use cold devices (old phones or standalone browser configurations) for sensitive transactions.

Separate browser profiles, do not use the airdrop Chrome plugin wallet for significant DeFi investment operations.