温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/vi/62788.html
点击访问原文链接

Rejecting “security claims,” wallet security is entering an era of verifiability. | Bee Network

进入原网站 导航首页
Rejecting “security claims,” wallet security is entering an era of verifiability. | Bee Network Login Tin tức thịnh hành Nền tảng khởi chạy meme Các tác nhân trí tuệ nhân tạo (AI) DeSci TopChainExplorer Dành cho Newbee Tiền xu 100 lần Trò chơi Ong Trang web cần thiết ỨNG DỤNG Phải Có Người nổi tiếng về tiền điện tử DePIN Tân binh cần thiết Máy dò bẫy Công cụ cơ bản Trang web nâng cao Trao đổi Công cụ NFT CHÀO, Đăng xuất Vũ trụ Web3 Trò chơi Ứng dụng phi tập trung (DApp) Tổ ong Nền tảng phát triển QUẢNG CÁO Tìm kiếm Tiếng Anh Nạp xu Đăng nhập Tải xuống Đại học Web3 Trò chơi Ứng dụng phi tập trung (DApp) Tổ ong QUẢNG CÁO trang chủPhân tích•Văn bản chính Rejecting “security claims,” wallet security is entering an era of verifiability.Phân tích2 tháng trước更新Wyatt 14.985 In 2025, Web3 will enter a new phase of “larger-scale and higher-frequency use,” and wallets will evolve rapidly from “mật mã storage tools” to on-chain entry points and transaction operating systems. Chợ research firm Fortune Business Insights predicts that the crypto wallet market will be worth approximately $12.2 billion in 2025 and could grow to $98.57 billion by 2034.

The expansion on the user side is equally evident: a16z crypto estimates in “State of Crypto 2025” that there are approximately 40-70 million active crypto users, while the number of crypto asset holders who “hold coins but are not necessarily active on the chain” is approximately 716 million; Crypto.com Research’s report also gives a figure that the number of global crypto holders will increase from 681 million to 708 million in the first half of 2025.

The rise in scale and penetration rate also amplifies security risks. It’s no longer just about “whether the contract has vulnerabilities,” but rather whether risks can be prevented in advance at key user points, such as clicking links, connecting wallets, signing authorizations, and transferring funds.

The attack surface in the on-chain world often extends beyond contract vulnerabilities, frequently encompassing low-barrier-to-entry phishing attacks, fake domains, impersonation of customer service, and authorization fraud – all considered “pre-transaction risks.” For example, Chainalysis’s bất chấpnition of “crypto drainers” (wallet drainers/phishing authorization tools) points out that these tools don’t steal account passwords, but rather trick users into connecting their wallets and approving malicious transactions, thereby directly transferring assets. Public data also shows that losses related to “wallet drainers” approached $500 million in 2024.

Therefore, improving the security of Web3 wallets will no longer focus solely on whether contracts have vulnerabilities, but will require further attention to how to proactively intercept risks at key points in user behavior, i.e., “pre-transaction security”.

Against this industry backdrop, “security” is becoming increasingly difficult to address with a mere slogan. Instead, it is more like a set of governance capabilities that need to be continuously proven: whether it can be verified, traced, and disclosed in a timely manner is becoming an important basis for users to choose a wallet.

From “security claims” to “an understandable list of security capabilities”
For a long time, wallet projects often touting security with phrases like “We’ve done audits,” “We have a white paper,” and “We take risk control very seriously.” However, with the industrialization of fraud and phishing, these “security claims” are losing their persuasiveness. The moment users actually get caught often occurs in extremely short interactions like clicking a link, connecting to a wallet, and signing an authorization. Chainalysis describes “crypto drainers” as a typical path: attackers impersonate legitimate pages, hướng dẫn users to complete authorizations, and then transfer their assets; their research even mentions cases of forging the Magic Eden page to carry out malicious transactions targeting Ordinals users.

Publicly available data is also driving the industry narrative towards greater “understandability.” Security Week, citing statistics from Scam Sniffer, reported that nearly $500 million in losses were caused by wallet emptyers in 2024, affecting over 332,000 victims—these incidents don’t require attackers to breach complex systems, but rather rely on users not understanding the risks during interaction. Meanwhile, Chainalysis, in its 2025 disclosure, estimated that on-chain fraud revenue in 2024 was at least $9.9 billion, and this figure could be revised upwards as more addresses are identified. When the risk primarily stems from “readability gaps on the user side,” wallet vendors must move security from backend engineering to the frontend of their communication.

As a result, more and more wallets in the industry are beginning to “productize” their security capabilities: instead of simply telling you “we are secure,” they break down protective actions into a list that users can understand—which tokens will be marked as high-risk, which transactions will trigger alerts, which addresses or DApps will be blocked, and why. The essence of this change is to rewrite security from a “qualification narrative” to an “interactive narrative”: allowing users to obtain actionable information before signing, rather than having to look at an audit PDF afterward.

In response to this trend, OKX Wallet’s newly launched and upgraded Security Center page provides a typical example of “checklist-based expression.” The page clearly outlines user-facing security capabilities as three “front lines of defense”: Mã thông báo risk detection, Transaction monitoring, and Address screening, each explained in a single sentence: “Marking high-risk tokens to reduce exposure to honeypots and malicious parties,” “Real-time cross-chain monitoring to identify suspicious on-chain activity,” and “Blocking interactions with malicious DApps and addresses.” The advantage of this approach is that even users unfamiliar with security terminology can quickly connect the information to their current actions—whether they should click, sign, or transfer funds.

Click here to access: OKX Wallet Security Landing Page Audit Report: https://web3.okx.com/zh-hans/security

More importantly, “understandable” does not equate to “talking to oneself.” On the same page, OKX Wallet also provides an entry point for “View audit reports,” linking the “capability list” with “third-party verification.” Furthermore, its Help Center’s audit report collection page further clarifies the audit scope, the number of issues found, and the status of fixes, allowing users to move from “understanding capabilities” to “verifying evidence” when needed.

The core value of this shift “from security claims to understandable checklists” lies not in making security sound more grandiose, but in making it more actionable: as fraud increasingly relies on inducement and disguise, the ability of wallets to provide risk warnings at interaction points and explain in language that users can understand “where it is dangerous, why it is dangerous, and what you should do” is becoming part of security capabilities and increasingly determines whether users will fall into a trap at a crucial step.

Audit information is “publicly accessible”: transforming third-party endorsements from “linked” to “verifiable chain of evidence.”
In the wallet industry, auditing has long faced a real problem: many projects have indeed “undergone audits,” but the information is scattered across announcements, PDFs, and social media reposts, making it difficult for ordinary users to quickly understand “who audited, what was audited, whether it was fixed, and when it was updated.” OKX Wallet’s more conspicuous move this time is to centralize publicly available third-party audit reports into a unified entry point and directly label them on the page as “Published on November 11, 2022, updated on November 17, 2025,” allowing users to immediately determine that this is not a one-off display but an continuously maintained information disclosure window.

Judging from the publicly available entries on this collection page, its scope of disclosure does not stop at the traditional audit object of “smart contracts”. Taking CertiK’s entry from 2024-05-23 as an example, the audit content clearly covers the key code paths of the mobile and front-end: including iOS/Android components, front-end ReactJS UI components and JS controllers that interact with the keyring, as well as multiple wallet SDK modules, and also provides the audit methods and conclusions.

On the same page, the entries for SlowMist are closer to the “new paradigm” of wallet evolution in the past two years—AA smart contract accounts, MPC keyless wallets, and Ordinals transaction modules are all listed as publicly auditable objects; in addition, the audit information for the “private key security module” is listed separately, stating directly that “the private key or mnemonic phrase is only stored on the user’s device and will not be sent to external servers,” using a clearer boundary description to respond to users’ core concerns about key security.

The value of this “centralized display” lies not only in more complete information, but more importantly in binding “new capabilities” and “verifiability” to the same entry point: as the wallet industry increasingly moves towards complex architectures such as AA and MPC, what users need most is not a statement like “we are secure”, but evidence that can be quickly verified—whether the audit scope covers key modules, what the methods are, whether the risks have been closed-loop repaired, and whether the information is continuously updated.

Meanwhile, according to OKX Wallet, after this upgrade, newly added audit reports and related information can be updated directly through configuration without the need for a new release. If this mechanism can operate stably in the long term, it actually shortens the path to “external verifiability,” rather than simply saving on R&D and release costs.

For users, this means that when an audit is added or a fix is completed, the public entry point can reflect the “latest status” more quickly, reducing the uncertainty of “only being able to judge based on forwarded screenshots/old links” in the critical risk window. For third-party observers and researchers, it is easier to form a traceable timeline: which modules were audited and when, what level of problems were found, when the fix was confirmed and publicly updated, thus truly turning “third-party endorsement” into a continuously verifiable chain of evidence, rather than a one-time PDF.

Bài viết này được lấy từ internet: Rejecting “security claims,” wallet security is entering an era of verifiability.

Related: BitMart Weekly Market Report (October 27 – November 2) Crypto Market Updates This Week Last week, the crypto market experienced a volatile session characterized by a surge, pullback, and weak recovery: BTC twice attempted to break through $116k but failed, retreating to a low of $106.3k before fluctuating between $109k and $111k. Multiple positive expectations (interest rate cuts, trade talks) failed to translate into sustained upward movement, with prices fluctuating more in line with stock market and risk appetite. ETH underperformed BTC, repeatedly falling below $4,000, dipping between $3,681 and $3,709 during the week, before recovering at the weekend but failing to hold above $4k. Funding flows diverged: BTC ETF saw a net inflow of approximately $0.90 billion last week, while ETH ETF experienced a net outflow of approximately $0.93 billion. On the derivatives side, CME ETH futures trading…

Phân tích #Tiền mã hóa ## định nghĩaHướng dẫn #Thị trường #Mã thông báo #Công cụ ## web3© 版权声明Mảng 上一 hình ảnh After researching how to leverage the market for prediction, I found that this problem is almost unsolvable. 下一 hình ảnh Odaily Editorial Team Tea Party (December 17) 相关文章 “The number one whale” Strategy hints at suspending share purchases, is BTC reaching a critical turning point? 6086cf14eb90bc67ca4fc62b 25.817 3 24-Hour Hot Coins and News | US SEC Delays Decision on Multiple Crypto ETF Applications; ZachXBT: BlockDAG Network an In 6086cf14eb90bc67ca4fc62b 26.450 3 The AI Agent upstart Swarm has grown 7 times in a week. What other potential projects are there in the ecosystem? 6086cf14eb90bc67ca4fc62b 39.151 1 Trump’s golden ticket to exoneration: CZ was granted amnesty and freedom, is there still hope for SBF? 6086cf14eb90bc67ca4fc62b 17.158 Pippin: Autonomous Agent Experiments on Solana 6086cf14eb90bc67ca4fc62b 15.955 BTC vượt qua ngưỡng $68.000, liệu có đạt mức cao mới vào tháng 10 không? 6086cf14eb90bc67ca4fc62b 34.927 3 Bee.com Cổng thông tin Web3 lớn nhất thế giới Đối tác đồng xuCá chép Binance CoinMarketCap CoinGecko Coinlive Giáp Tải xuống Bee Network APP và bắt đầu hành trình web3 Giấy trắng Vai trò Câu hỏi thường gặp © 2021–2026. Tất cả quyền được bảo lưu. Chính sách bảo mật | Điều khoản dịch vụ Tải xuống ứng dụng Bee Network và bắt đầu hành trình web3 Cổng thông tin Web3 lớn nhất thế giới Đối tác CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors Giấy trắng Vai trò Câu hỏi thường gặp © 2021–2026. Tất cả quyền được bảo lưu. Chính sách bảo mật | Điều khoản dịch vụ Tìm kiếm Tìm kiếmTrong trang webOnChainXã hộiTin tức 热门推荐: Thợ săn airdrop Phân tích dữ liệu Người nổi tiếng về tiền điện tử Máy dò bẫy Tiếng Việt English 繁體中文 简体中文 日本語 العربية 한국어 Bahasa Indonesia हिन्दी اردو Русский Tiếng Việt

智能索引记录