When you set up a YubiKey, you get two main options: register it as a security key, or save a passkey on it. Both are phishing-resistant, both use the same crypto under the hood. So what's the actual difference, and which one should you use? This article breaks down what each mode is, what it does inside your authentication flow, and which setup is the strongest. If you
We're proud to share that Opsek's founder, Pablo Sabbatella, has been elected to the Arbitrum Security Council. Pablo is one of the six members chosen by the Arbitrum DAO community in the March 2026 election. The Security Council is a 12-member body elected by the Arbitrum DAO, responsible for managing risk across the Arbitrum ecosystem. In practice, that means making time-sensitive decisions to protect the network:
On May 5 in Miami, our founder Pablo Sabbatella will be at Solana Accelerate alongside Isaac Patka (Shield3) for 1:1 security office hours, hosted by SEAL, the Security Alliance.
A recap and takeaways of some stuff we talked about some days ago during the "Don't Get Rekt" episode 4 "THE OPSEC WAKEUP CALL" by RektHQ with @officer_secret: DPRK, Operational security, physical security and kidnappings, Bybit, hardware wallets, and more. Current status of web3 security: 99% of stolen funds are not due to smart contract hacks anymore, but Operational security issues, this means
This article is not meant to be an exhaustive checklist, but some of the most common mistakes we find when auditing password managers in web3 organizations, and how they can be fixed. For this example we will be fusing in 1Password, but this applies to all password managers. * Not configuring 2FA as mandatory for users to login into their 1Password accounts. The password manager is one of the most important
How the software supply chain actually works in modern development? Software development today is layered: your code depends on libraries, those libraries depend on others, your CI system pulls everything automatically, and the final bundle gets shipped to users. In this structure, the “supply chain” in software is not about physical parts, but about the chain of trust in software artifacts, source, builds, and distribution. In crypto ecosystems, where user
A new and dangerously convincing phishing campaign is targeting cryptocurrency users across platforms like Coinbase, Gemini, and Trust Wallet. This time, it’s not asking for your recovery phrase, it’s giving you one. 🚩 "Use This Seed Phrase to Secure Your Account" • Have you been texted or emailed about your Coinbase account? • Did you call the number and transfer funds to secure them? • Did you use a seed
Operational Security in Web3: a review of major OpSec incidents State of Web3 Security This year has started quite badly. I’m thinking of Ledger and Safe. Combined, that’s $1.4B stolen, and one finger lost. More than 98% of stolen funds in the Web3 ecosystem are taken not by breaking code, but by breaking people. DeFi Security Summit Webinar If you haven’t watched it yet, now’s
Subscribe to get the latest updates, straight to your inbox.