Operational security researcher. Opsek founder. SEAL member.
A recap and takeaways of some stuff we talked about some days ago during the "Don't Get Rekt" episode 4 "THE OPSEC WAKEUP CALL" by RektHQ with @officer_secret: DPRK, Operational security, physical security and kidnappings, Bybit, hardware wallets, and more. Current status of web3 security: 99% of stolen funds are not due to smart contract hacks anymore, but Operational security issues, this means
This article is not meant to be an exhaustive checklist, but some of the most common mistakes we find when auditing password managers in web3 organizations, and how they can be fixed. For this example we will be fusing in 1Password, but this applies to all password managers. * Not configuring 2FA as mandatory for users to login into their 1Password accounts. The password manager is one of the most important
Operational Security in Web3: a review of major OpSec incidents State of Web3 Security This year has started quite badly. I’m thinking of Ledger and Safe. Combined, that’s $1.4B stolen, and one finger lost. More than 98% of stolen funds in the Web3 ecosystem are taken not by breaking code, but by breaking people. DeFi Security Summit Webinar If you haven’t watched it yet, now’s
Subscribe to get the latest updates, straight to your inbox.