Recently, there have been frequent on-chain adventure security incidents with #x402 , and friends who are new to the blockchain may need to have some understanding of wallet management.

Common ways wallets get hacked:

1. Designated asset authorization. For example, authorizing a certain amount of $USDC to a specific smart contract (protocol); if this contract can be upgraded maliciously, it can call your authorized amount of $USDC within the specified range at will.

2. Private key/mnemonic phrase leakage. For example, if you downloaded a phishing package or a malicious plugin locally, a hacker can remotely obtain your local hot wallet's private key within seconds and empty your wallet.

Preventive measures:

1. Separate a funds wallet and a spending wallet. The funds wallet is mainly used to manage active funds and verified contracts, while the spending wallet holds a small amount of funds for high-risk opportunities. The funds wallet can use the @OneKeyHQ hardware wallet solution.

2. Regularly check authorizations. Pay special attention to the authorizations for stablecoins and Permit authorizations, especially the funds wallet can periodically revoke old contract authorizations to prevent upgrade attacks. Tool: @RevokeCash

3. When interacting with new contracts, be cautious about the authorization amount; only authorize as much as you intend to use, and consume it in one go.

4. Do not download plugins and apps from unknown sources, whether you are a Win or Mac user.