I heard last night that Morelogin had a security incident. Regardless of the cause, everyone should withdraw their funds first—safety comes first. Slow Mist has already gotten involved to assist with the investigation, but as of now, I haven't seen any updated information confirming the specific cause of this incident. Based on the information received so far, users who have recently updated their client software, plugins, or kernel are at higher risk of fund theft.

Normally, fingerprint browser security incidents shouldn't directly affect my fund security. Since last year, I've basically used hardware wallets for all project interactions (I even posted a similar tutorial back in April). Apart from a few small wallets that only hold gas fees for simple interactions like check-ins—where I skipped hardware wallets for convenience—all my main wallets use hardware wallet interactions.

I've even imported a primary wallet that I generated without a hardware wallet into a separate hardware wallet, and then connected that to my fingerprint browser. I know this sounds like overkill, but my fingerprint browser computer has no import records of this wallet's seed phrase—only hardware wallet connection records. This is another way to mitigate some risk.

Also, regarding the recently trending lobster, everyone should remember not to install it on your main computer. That's why everyone gets a Mac mini to farm lobster—partly because the performance-to-price ratio is suitable, and partly to isolate it from your main computer's permissions.

Security is no small matter. Never trust tools blindly.