TokenPocket 2024 Wallet Security Report

Your Wallet Security, Our Top Priority.

TokenPocket jointly prepares this report in collaboration with authoritative security agencies — SlowMist, presenting a comprehensive overview of TokenPocket’s efforts and achievements in safeguarding user assets in 2024.

The report highlights the main security issues faced by wallet users, explores security challenges in the blockchain field with industry data, and protects users' on-chain asset security!

Key Points

1. 2024 Security Achievements: TokenPocket has rolled out multiple security upgrades, including fake wallet detection, malicious approval interception, and private key protection measures, offering users comprehensive asset protection.
2. Assets Security Issues: The report lists common security threats faced by wallet users over the past year, such as fake wallets, mnemonic leakage, trojan attacks, and more.
3. Industry Security Data Analysis: Based on authoritative reports and data from the blockchain security sector, the report analyzes the widespread nature of fraud techniques and their impacts.
4. Security Recommendations: Using TokenPocket’s security detection services and guides, users can avoid potential risks and safeguard their assets.

Introduction

The rapid pace of the blockchain industry in 2024 is truly astonishing. People are enjoying the efficiency and convenience brought by decentralized applications. However, at the same time, blockchain security threats are escalating. Issues like fake wallets, trojan attacks, and malicious approvals continue to emerge.

As a global leader in multi-chain wallets, TokenPocket has always placed users at the core of our mission. Through innovative technologies, educational efforts, and industry collaboration, we have provided users with multiple layers of protection, building a robust security defense. This article will delve into our efforts and the industry dynamics surrounding wallet security in 2024.

TokenPocket Security Achievements

In 2024, TokenPocket continued to deepen its focus on technological innovation and security defense, effectively protecting users’ assets with significant achievements:

• Blocked Fraudulent Websites: Blocked over 500,000 fraudulent and phishing websites throughout the year.
• Marked Risky Addresses: Identified and flagged over 300,000 high-risk addresses.
• Token Detection Service: Conducted over 68.25 million token security checks, helping users identify disguised tokens and fake projects, and preventing asset losses.
• Approval Detection Service: Performed over 100 million approval detection services, significantly reducing the risk approvals.
• Removed Fake Official Websites: Successfully removed over 5,000 counterfeit official websites, preventing users from falling victim to scams.
• Reported Fake Apps: Collaborated with app store platforms to take down over 600 fake applications masquerading.
• Recovered User Funds: Assisted users in recovering over $3 million in stolen funds.

TokenPocket has also been actively involved in security education and industry awareness in 2024. Over 60 articles were published on a variety of security topics, including fake wallet prevention, authorization risk warnings, new fraud case analyses, best practices, and blockchain technology security trends. These efforts continue to strengthen users’ awareness of blockchain security, taking concrete actions to build a safer blockchain ecosystem for users.

Common Wallet Security Issues and Solutions

Over the past year, we conducted an in-depth analysis of the security problems faced by users during wallet usage and summarized four major categories of common scams.

1. Fake Wallet Download Scams

High-fidelity official websites and search engine ads have become common tactics for scammers. If users mistakenly download a fake wallet and create or import an address, their private keys can be stolen and monitored by tools that are later used to steal assets.

• Solution: Use TokenPocket’s Version Verification Tool to check the MD5 and SHA256 values of the wallet to ensure it is the official version.

TokenPocket Official Website: www.tokenpocket.pro or www.tpwallet.io. Users can also search for TokenPocket on Google Play or App Store and verify the developer as [TP Global Ltd] before downloading.

2. Mnemonic Leakage Risk

Storing mnemonics online (e.g., screenshots on phones, and cloud storage platforms) is a major threat to asset leakage.

• Solution 1: Back up mnemonics offline and securely store them. Do not copy or transfer them over the network.
• Solution 2: Use the KeyPal hardware wallet to store mnemonics and private keys in an offline environment, isolating the user’s assets from trojans and network attacks.
• Solution 3: Use TokenPocket’s Passphrase feature to bind mnemonics. The wallet can only be imported correctly with both the mnemonic and Passphrase.

3. Phishing Websites and Malicious Approvals

Phishing websites and disguised customer service links trick users into performing key phishing, malicious approval, or even upgrading wallet permissions, leading to the theft of assets.

• Solution 1: Be cautious when visiting unknown third-party links, especially those involving virtual product purchases, as these are highly risky.
• Solution 2: Use TokenPocket’s approval detection tool to identify and alert users about any potentially malicious approvals.

5. Wallet Users: Our Important Security Partners

We would like to thank every wallet user who promptly reports fake websites, malicious links, and fake wallets. The community’s reports help us update and strengthen our network security defenses.

TokenPocket provides several reporting channels:

• Community Reports: Users can directly report suspicious fake websites or scam activities in our official community, providing links and detailed information for swift action. Telegram Community
• Email Reports: Users can report potential risk behaviors via email to service@tokenpocket.pro
• DApp One-Click Report: In our DApp Store, users can use the one-click report feature to quickly submit information about fake websites or scam projects for immediate response. >> DApp → Menu → Report <<

2024 Blockchain Wallet Security Incident Data Analysis (Source: SlowMist)

In 2024, blockchain security incidents occurred frequently. According to statistics, a total of 410 security incidents were reported, with a total loss of $2.013 billion. Among them, the DeFi sector was the most frequent target, accounting for 339 incidents or 82.68%, with a total loss of $1.029 billion, a year-on-year increase of 33.12%.

1. Phishing Attacks and the Proliferation of Fake Wallets

The Wallet Drainer technique was widely used in phishing sites to lure users into signing malicious transactions, resulting in a loss of up to $494 million in 2024, a year-on-year increase of 67%. Although the number of victim addresses increased by only 3.7% (reaching 332,000), the loss per attack significantly increased, with the largest single loss reaching $55.48 million.

• Among the phishing signatures, Permit signatures accounted for 56.7%, becoming the primary risk source. TokenPocket was one of the first decentralized wallets to respond quickly, launching the Disable Permit Button to effectively reduce the risks of such phishing incidents.

2. High-Value Theft Cases

There were 30 theft cases involving over one million dollars each, with a total loss of $171 million, and the average loss per case was $5.7 million. These incidents primarily involved vulnerabilities in DeFi contract approvals and modifications to proxy contracts, with attackers using increasingly sophisticated methods.

3. Protective Technologies

To combat increasingly complex phishing techniques, TokenPocket has comprehensively monitored and blocked the following phishing channels:

• High-Fidelity Fake Websites and Fake Customer Service: Blocked malicious links spread via fake ads and social media direct messages.
• Airdrop and Mining Scams: Cleared fake airdrop pages and alerted users to be cautious.

If your crypto assets are unfortunately stolen, SlowMist offers free case evaluations and community assistance services. Users can submit forms for professional help based on different situations.

• Form: Click here to submit

Moreover, we have implemented comprehensive monitoring and protective measures for common scams, including mining scams, arbitrage scams, airdrop scams, and phishing scams. Through timely blocking of malicious links, real-time high-risk approvals.

TokenPocket has continuously upgraded its security strategies, successfully curbing malicious activities that threaten user assets. By leveraging multidimensional data analysis, we have enhanced users’ asset protection levels. The wallet is not only the gateway for users to enter Web3 but also a guardian of asset security.

5. User Security Recommendations

Based on our experience and data analysis, TokenPocket provides the following security recommendations for users:

1. Choose the Official Wallet

TokenPocket Official Website: www.tokenpocket.pro or www.tpwallet.io.

You can also search for TokenPocket on Google Play or, for overseas users, search for TokenPocket on the Apple App Store using your overseas Apple ID, ensuring that the developer is TP Global Ltd before downloading.

On Android, you can use the version verification tool to check the wallet’s authenticity and avoid downloading counterfeit wallets.

2. Use a Hardware Wallet to Protect Large Assets

Hardware wallets, such as KeyPal, can effectively isolate against online threats, making them suitable for users with large assets.

3. Raise Security Awareness

• Follow TokenPocket’s security article to stay updated on the latest scam techniques and preventive tips.
• Avoid clicking on unknown links or approval to unfamiliar addresses.
• Regularly update your wallet version and use the latest security features.
• Read the Dark Forest Self-Guard Handbook by the SlowMist security team: Link

4. Set Up Multi-Sign Wallet

Enable multi-signature functionality to add additional layers of security to your assets.

6. Summary and Outlook

In 2024, TokenPocket has made significant achievements in wallet security, but we understand that security work is never-ending. In the future, we will continue to enhance technological research and development, collaborating with outstanding industry partners to combat scams and provide users with a safer and more convenient blockchain experience.

We believe that through the combination of technology and education, every user can become the best guardian of their assets. Let’s work together to build a healthier and safer blockchain ecosystem.