This article is not meant to be an exhaustive checklist, but some of the most common mistakes we find when auditing password managers in web3 organizations, and how they can be fixed. For this example we will be fusing in 1Password, but this applies to all password managers. * Not configuring 2FA as mandatory for users to login into their 1Password accounts. The password manager is one of the most important
How the software supply chain actually works in modern development? Software development today is layered: your code depends on libraries, those libraries depend on others, your CI system pulls everything automatically, and the final bundle gets shipped to users. In this structure, the “supply chain” in software is not about physical parts, but about the chain of trust in software artifacts, source, builds, and distribution. In crypto ecosystems, where user
A new and dangerously convincing phishing campaign is targeting cryptocurrency users across platforms like Coinbase, Gemini, and Trust Wallet. This time, it’s not asking for your recovery phrase, it’s giving you one. 🚩 "Use This Seed Phrase to Secure Your Account" • Have you been texted or emailed about your Coinbase account? • Did you call the number and transfer funds to secure them? • Did you use a seed
Operational Security in Web3: a review of major OpSec incidents State of Web3 Security This year has started quite badly. I’m thinking of Ledger and Safe. Combined, that’s $1.4B stolen, and one finger lost. More than 98% of stolen funds in the Web3 ecosystem are taken not by breaking code, but by breaking people. DeFi Security Summit Webinar If you haven’t watched it yet, now’s
Subscribe to get the latest updates, straight to your inbox.