2026-01-08 00:28:32

Don't wait until the next malicious attack occurs to realize the importance of auditing your security system. Now is the time to act and strengthen your supply chain defenses.

Start with these straightforward steps: adopt anti-phishing multi-factor authentication methods (Passkeys/WebAuthn are much more reliable than traditional SMS), regularly refresh and reconfigure your API token permissions, and review the access permissions of third-party applications.

It may sound like basic security hygiene, but these fundamental measures are truly capable of blocking most common attacks.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

17 Likes

Reward
17
6
Repost
Share

Comment

0/400

FrogInTheWell

· 01-10 04:19

Huh? It's the same old story... but honestly, I've seen too many people go bankrupt due to phishing scams. SMS really should be phased out. The API permissions are the most easily overlooked part; most people never check what third-party apps have installed. It's worth taking this seriously this time.

View OriginalReply0

Degen4Breakfast

· 01-09 05:15

It's the same old story, but to be honest, it really works. Those who have been phished understand that feeling of frustration. --- passkey is really awesome, no more worries about SIM card being swapped. --- Supply chain issues are indeed easy to overlook; if a permission isn't revoked, it can be disastrous. --- I just want to know how many people actually review third-party permissions, or if they all wait until something happens to regret it. --- Basic work is the most annoying but also the most life-saving, that's just how it is. --- Basically, it's the difference between diligent people and lazy ones; right now, you're being scolded, but later you'll be the one taking the hit.

View OriginalReply0

RooftopReserver

· 01-08 00:58

Haha, really, waiting until the issue becomes serious to patch the vulnerabilities is too late. It's better to quickly establish a solid basic defense now for safety.

View OriginalReply0

SerumSurfer

· 01-08 00:52

Fuck your mother, really. It's the same old story again... But on the other hand, it's true. Only after being hacked do you realize the regret.

View OriginalReply0

FOMOSapien

· 01-08 00:48

Haha, really, only when attacked do you remember to do an audit, but by then it's too late... Passkeys really blow SMS verification out of the water. --- It's true that the supply chain defense line is important, but most people are too lazy to take action, only regretting when something happens. --- Getting the basic defense line right can save a lot of trouble, but nobody wants to put in the effort... --- I often forget to regularly review API permissions, looks like I need to set a reminder. --- WebAuthn is indeed great, but user experience needs to be improved; not all wallets support it. --- So instead of hoping zero-day vulnerabilities won't appear, it's better to clean up your own house. --- Third-party permission audits are really easy to overlook; sometimes you forget what permissions you've granted.

View OriginalReply0

ForkItAllDay

· 01-08 00:30

How many times do I have to say it? Some people still wait until they get hacked before thinking about doing an audit... I'm really speechless. API permissions definitely need attention; otherwise, third-party applications could secretly drain your resources without you knowing. Passkeys are more reliable than SMS. Isn't that obvious? It should have been fully adopted long ago. Once the basic work is done, most amateurs' attacks automatically bypass, there's nothing mysterious about it. I have to review third-party authorizations every month. It's a hassle, but it's definitely better than getting hacked. It sounds simple, but in practice, no one really sticks to finishing it, right?

View OriginalReply0