Dear MAX Users,
Recently, various phishing incidents have occurred frequently, with scam syndicates and hackers using phishing emails or websites to obtain users' account passwords. At the same time, the MAX cybersecurity team continues to observe a large number of login credentials related to digital asset services appearing in underground communities and illegal intelligence channels (such as private groups and Telegram).
We understand that our users are most concerned about: "Is the platform safe? Will my assets be affected?" This article summarizes recent common risk pathways and intelligence data to help you identify risks faster, reduce the probability of account takeovers, and work with us to create a safer trading environment.
1. Recent Threat Intelligence and Data Summary
Based on our cybersecurity team's compilation of recently leaked samples and threat intelligence monitoring, we have observed the following phenomena:
- High duplicate leak ratio: Comparing leak records with deduplicated accounts, over 60% are "repeated leak records of the same account." This indicates that leaked data does not appear just once; the same batch of accounts may be repeatedly collected by hackers across different batches, sources, or infection records.
- Over half of the accounts appeared repeatedly: Among the affected accounts (after deduplication), over 50% have appeared in multiple leak records or files, indicating that some accounts face a high risk of "continuous exposure" rather than a single isolated leak.
- Basic protection may still fail: In samples with antivirus information, we observed that some devices were still infected even with built-in Windows protection enabled. This means that these Infostealer malware programs possess a certain degree of evasion capability.
These data clearly show that risks do not solely stem from "whether the password is complex enough," but more importantly, whether the login credentials have been stolen at the user's endpoint (browser or personal device). Users cannot rely solely on a single protection tool and must maintain good Operational Security (OPSEC) discipline.
2. Common Attack Methods and Intrusion Pathways
In most samples, the source of attackers obtaining credentials is often traced back to the user's device being infected by Infostealer malware, causing data to leak. Besides infostealers, hackers frequently combine the following methods to take over accounts:
- Device and Email Hijacking: After maliciously taking control of a user's computer, attackers directly hack into the registered email address and use it to reset the platform password.
- Stealing Two-Factor Authentication (2FA): Attackers may spoof third-party verification screens or exploit the "cloud sync" feature of authenticator apps to steal authenticator data, thereby gaining full control of the account.
- Hiding Alert Emails: After infiltrating an email inbox, some hackers set up filter rules to move system alert emails to the "Trash" or mark them as "Spam," causing the user to miss notifications about abnormal logins or withdrawals.
3. Platform Protection and Monitoring Mechanisms
Regardless of the cause of the risk, whenever the system detects an anomaly, the platform will always prioritize the protection of your account.
- Withdrawal Security Buffer: To prevent assets from being maliciously transferred, the platform has implemented a security mechanism where withdrawals are restricted for 24 hours after a password reset, giving users a buffer time to respond.
- Strict Risk Control and Blocking: The cybersecurity team will continue to strengthen detection mechanisms, triggering corresponding risk control and blocking protection measures in response to abnormal logins or high-risk signals.
4. Protection Measures You Can Take
Protecting account security requires our joint effort. We recommend that you immediately review and implement the following habits:
- Set a strong password: Avoid using passwords related to personal information (such as birthdays or names), do not reuse passwords across other websites, and change them regularly.
- Enable and protect Two-Factor Authentication (2FA): We strongly recommend using a dedicated authenticator app and avoiding enabling its cloud synchronization or backup features.
- Keep devices and browsers secure:* Regularly scan your computer and mobile phone using a trusted antivirus software.
- When logging into the platform via a browser, avoid using any untrusted extensions. We suggest using "Incognito/Private mode," which disables all extensions by default.
- Beware of phishing traps and email anomalies:* Never click on suspicious emails or links, and do not provide any personal information on unknown websites.
- Make it a habit to regularly check your spam/junk folder and email filter rules to avoid missing critical alerts.
- Verify official communication channels: Official MAX accounts (including social media platforms like Facebook, Instagram, Telegram, X, etc.) will neverproactively:
- Privately message users to ask for passwords, verification codes, or seed phrases.
- Guide you to download other unknown APPs via messages or emails.
- Ask you to temporarily disable your account's security settings.
5. Emergency Response Actions
To ensure the safety of your assets, please pay close attention to whether you receive SMS verification codes for actions you did not perform, or if suspicious "MAX Password Reset" or "2FA Removal" emails appear in your inbox.
If you notice any abnormal account activity, or if your phone is lost, your device is suspected of being infected, or your email is compromised, please contact us immediately through the official website's customer service channels or manually freeze your account to secure your assets.
Thank you for your support.
Sincerely,
MAX Digital Asset Exchange