On June 14, according to Slow Fog's CISO 23pds, Slow Fog received an emergency call last night that a certain investor's cold wallet containing 50 million yuan worth of cryptocurrency was completely looted. It is reported that the investor's 'cold wallet' was purchased through Douyin, and the private key was stolen at the moment of generation, with the huge assets laundered through Huiwang within hours.
23pds warns that investors must purchase cold wallets through official channels; the so-called 'brand new and unopened' or 'special discount flash sale' cold wallets online are 99% fake and may have been tampered with.
I previously wrote an article (no need to trust any software wallets or hardware wallets, generate cold wallets offline by yourself), and today I am taking the risk of losing my account to reveal a bit here.
1. The problem is not with Douyin; JD, Taobao, Pinduoduo, and Xianyu are all the same.
2. If you want a cold wallet, the easiest way is to purchase it directly from the official channels of well-known hardware wallet manufacturers. After buying, reset it and generate a new wallet. Of course, this is not entirely safe, as hardware wallets may be tampered with in the circulation channel.
3. Therefore, the best approach is to generate your own mnemonic phrase. Then import it into multiple offline software wallets and offline hardware wallets for cross-validation.
4. First, you need to find the (list of 2048 mnemonic words); I believe you are smart enough to find it.
5. Then randomly select 11 words from the list of 2048 words. Remember, it must be random.
6. Why not find 12? Because directly finding 12 could likely result in invalid mnemonic words. The twelfth one needs to be derived by yourself.
7. How to collide? Open your offline wallet, and make sure you are offline. Otherwise, it may be stolen. Then import the first 11 mnemonic words you found. The twelfth mnemonic word needs to be randomly selected from the 2048 mnemonic words. If the prompt is invalid, choose another one. If it's valid, congratulations, note down your wallet address.
8. Import the twelve mnemonic words you found into another brand's offline wallet. Remember, it must be offline. Check if the wallet addresses are the same. Why do this? Because both software offline wallets and hardware offline wallets may be tampered with. You can import into other brands' offline wallets for cross-validation to see if the generated wallet addresses are the same.
9. If the generated wallet addresses are the same, congratulations! You have obtained a self-generated cold wallet address that does not rely on any software wallets or hardware wallets. All software wallets and hardware wallets only provide offline cross-validation and do not participate in the generation of mnemonic phrases or private keys.
10. Delete your software wallets, reset your phone or computer, reset your hardware wallet, and erase all traces. After that, the devices that participated in generating the wallet address should never connect to the internet again. If possible, melt and destroy these devices on the spot.
11. Logically, this should be secure enough. However, it is not enough. First, recharge a small amount of coins and observe for a few months or years to fully confirm its safety.
12. In this way, if your coins can still be stolen, there is only one possibility: your room has been equipped with surveillance cameras.
I can't say too much about the specific details; previously, I wrote an article teaching how to save 0.1 Bitcoin, and my account was lost.
Most people can already understand this.
