*** Master Thread on Crypto/Web3 Security ***
After seeing that even seasoned crypto users struggled with crypto/blockchain security aspects, I've decided to create a master thread.
This is my attempt to spread & collect the best Twitter threads on web3 security issues.
After seeing that even seasoned crypto users struggled with crypto/blockchain security aspects, I've decided to create a master thread.
This is my attempt to spread & collect the best Twitter threads on web3 security issues.
After user @Jennifer19375 lost her @BoredApeYC & @doodles NFT in a suspicious @opensea transaction. People wondered what happend.
Original tweet:
Dingalingts explains it in an amazing, in-depth thread:
Original tweet:
Dingalingts explains it in an amazing, in-depth thread:
Just to reiterate. Disconnecting your @MetaMask wallet won't help with this problem. Many people didn't know that (myself included):
Instead, you need to revoke access:
Instead, you need to revoke access:
User @osf_nft posted an extensive thread on securing your NFTs and crypto.
[1/2] The $120 million @BadgerDAO hack shows that you need to be careful, even when interacting with an official website.
A good security philosophy is to distrust the infrastructure, never assume that the website you are using has not been compromised.
A good security philosophy is to distrust the infrastructure, never assume that the website you are using has not been compromised.
[2/2] For further information on the attack you can read this thread by security analyst @Mudit__Gupta.
His feed is a great resource if you want to stay up to date on all sorts of web3 security issues.
His feed is a great resource if you want to stay up to date on all sorts of web3 security issues.
Security company @certikorg recently launched an easy to use tool named #SkyTrace.
It visualizes blockchain transactions in a beautiful drag & drop-enabled graphic interface.
It visualizes blockchain transactions in a beautiful drag & drop-enabled graphic interface.
Here's a beginner-friendly guide with great visuals that explains the difference between Hot and Cold wallets:
coinmarketcap.com
coinmarketcap.com
I also found a great post on @reddit.
The OC covers general security measures:
- Safe eMail provider.
- Password managers
- 2FA.
- VPNs & much more.
The Complete Security Guide to keep you, your computer, and your crypto safe:
reddit.com
The OC covers general security measures:
- Safe eMail provider.
- Password managers
- 2FA.
- VPNs & much more.
The Complete Security Guide to keep you, your computer, and your crypto safe:
reddit.com
I'll keep this thread updated with the latest security related threads & news.
If you have found security-related posts, feel free to add them as well. Together we can prevent others from becoming victims of bad actors.
If you like the post, consider sharing it with others.
If you have found security-related posts, feel free to add them as well. Together we can prevent others from becoming victims of bad actors.
If you like the post, consider sharing it with others.
31/12/21.
$year rug pull.
Free airdrop turned into a honeypot and finally a liquidity pull / rug.
30 #eth were drained.
Amazing and in detail write-up:
$year rug pull.
Free airdrop turned into a honeypot and finally a liquidity pull / rug.
30 #eth were drained.
Amazing and in detail write-up:
There's a new, sophisticated Discord hack/scam making rounds.
Mods get targeted and the attacker is able to even bypass 2FA.
@LittlelemonsNFT fell victim to this attack and they wrote a thread about, so it won't happen to others.
Don't screen share!
Mods get targeted and the attacker is able to even bypass 2FA.
@LittlelemonsNFT fell victim to this attack and they wrote a thread about, so it won't happen to others.
Don't screen share!
How do you currently store your seed phrase?
Probably on a piece of paper, right? But what about drying ink, fire and other disasters?
Better go with something more robust.
Like a plate of indestructible Titanium!
h/t: @loomdart
Probably on a piece of paper, right? But what about drying ink, fire and other disasters?
Better go with something more robust.
Like a plate of indestructible Titanium!
h/t: @loomdart
Just moments ago another project (@monftersclub) got their @discord hacked.
Details are not 100% clear, but I'm guessing a mod account got compromised and posted a malicious mint page. The attacker got away with Apes & much more.
h/t: @punk9059 🙏
Details are not 100% clear, but I'm guessing a mod account got compromised and posted a malicious mint page. The attacker got away with Apes & much more.
h/t: @punk9059 🙏
I can only repeat myself:
ALWAYS check the link/URL you're clicking on - no matter who posted/sent it.
Check it - TWICE.
Or you'll lose your precious #NFTs
(Revoke access!!)
ALWAYS check the link/URL you're clicking on - no matter who posted/sent it.
Check it - TWICE.
Or you'll lose your precious #NFTs
(Revoke access!!)
Be careful when you click on Google ads.
The top listed sites are often scams, trying to get you to enter your seedphrase.
Here's a brand new example, targeting @LooksRareNFT user:
The top listed sites are often scams, trying to get you to enter your seedphrase.
Here's a brand new example, targeting @LooksRareNFT user:
Scammers use "old school" technology to get their hands on your precious "latest technology" assets, aka #nfts. Be careful with email attachments.
The latest scam plays with your fear of losing your most valuable assets.
It revolves around using a fake site named similar to revoke.cash
It revolves around using a fake site named similar to revoke.cash
The Collab Land bot is THE most used Discord bot to verify ownership of NTFs.
In the following thread you'll learn about how to make sure you're interacting with the right bot.
In the following thread you'll learn about how to make sure you're interacting with the right bot.
Not even seasoned crypto heads are immune to scams.
Why?
Because the attackers are getting more & more sophisticated.
Here's a valuable collection of sneaky malicious phishing emails and messages to watch out for!
Why?
Because the attackers are getting more & more sophisticated.
Here's a valuable collection of sneaky malicious phishing emails and messages to watch out for!
A well-written and easy-to-understand thread about how to spot and avoid (crypto)malware.
Summary:
1. Take your time, read everything a few times. Look for spelling errors.
2. Stay calm.
3. Don't download sketchy files.
4. Don't execute these files.
Summary:
1. Take your time, read everything a few times. Look for spelling errors.
2. Stay calm.
3. Don't download sketchy files.
4. Don't execute these files.
A simple signature in Metamask can be enough for an attacker to drain your entire wallet.
Read this excellent thread by @korpi87 to learn about this function and how to spot its malicious use:
Read this excellent thread by @korpi87 to learn about this function and how to spot its malicious use:
Loading suggestions...