How do hackers achieve their goals?
The biggest challenges facing wallet security is still a hijacking attack, where an attacker may create a fake website that impersonates the look and feel of the main website to visually deceive the user, and then steal the user's private key. Attackers usually hijack network traffic at the network layer (e.g., DNS hijacking, phishing sites). Because most exchanges and escrow wallets use Secure Sockets Layer (SSL) communications, however, asset security is less affected by hijacking attacks.
What situations are vulnerable to hacking?
- Install untrusted software, applications, plug-ins, etc.
- Connect to an untrusted network
- Use the same password across devices or use a weak password
- Store the private key in multiple places
How to identify phishing websites?
You can use third-party tools (e.g., Netcraft's official browser plug-in) and anti-virus software. You are also recommended to adopt the following best practices to better identify phishing websites:
- Pay close attention to the URL to determine if it is the correct domain name
- Check the connection security indicators to see if the website has an SSL digital certificate installed and review the certificate details
- Be vigilant about Internationalized Domain Names (IDNs)
What else should I pay attention to to prevent phishing attacks?
- Generate unique and strong passwords using password managers (e.g., 1password, LastPass)
- Enable secondary verification such as Google Authenticator
- Do not open suspicious links and attachments easily
- Use reliable antivirus software and keep it updated
- Try to avoid connecting to public Wi-Fi as much as possible
- Be aware of fraudulent token airdrops
How does Cobo prevent hacking?
The foremost priority in all our endeavors is the security of your digital assets. Cobo adopts a multi-layer defense system for complete protection against various attack vectors. Our security measures include but are not limited to:
- Every line of code on Cobo has undergone repeated security audits.
- Cobo’s security team conducts simulated attacks on its platform on a regular basis to ensure zero vulnerabilities. We are battle-tested with zero security incidents since inception.
- Cobo utilizes a battle-tested policy engine, bank-grade Hardware Security Modules (HSM) that meet the FIPS 140 Level 3 standards, Intel Software Guard Extensions (SGX), a 3-tier private key storage architecture, and global key distribution to deliver the highest level of security for your valuable assets.
- Cobo offers multi-factor authentication (e.g., Cobo Guard) as an extra level of protection against unauthorized access. Users must also provide multiple pieces of evidence to prove their identity.
- Cobo conducts regular software updates and security patches to protect the platform against security risks.