The painful memory of Bybit being stolen twice in 23 years is attacking me again. At that time, I was overconfident in my own security capabilities, overly curious about new things on the chain, and overly obsessed with discovering alpha on the chain. Now I have adopted active security (browser GoPlus security plugin)+passive security (replacing my office computer with a Mac, using Onekey cold wallet to store assets)+investment strategy change (from pursuing on chain alpha reverse fate to barbell strategy balanced configuration for cross cycle arbitrage), and safely and prospered through 2024. In short, security is a system engineering that every player on the chain needs to do well. The security capabilities, technical understanding, and cognitive level required for this are exceptionally high, which cannot be grasped by ordinary users. Of course, there are currently MPC wallets available@ AbstractChain's GAW wallet and other self managed wallet solutions, but the recent supply chain attack incidents still make it difficult to be at ease. So for ordinary users, it is best to divide assets into reserve assets and trading/interaction assets, with reserve assets kept in a cold wallet and not interacting with any dapps. The trading/interactive assets are placed in the top CEX and partially in the self managed hot wallet. This can diversify security risks, reduce the attack surface, or change the fate of being stolen sooner or later.