Operational Security in Web3: a review of major OpSec incidents
This year has started quite badly. I’m thinking of Ledger and Safe. Combined, that’s $1.4B stolen, and one finger lost. More than 98% of stolen funds in the Web3 ecosystem are taken not by breaking code, but by breaking people.
DeFi Security Summit Webinar
If you haven’t watched it yet, now’s the time. For more than an hour, we discussed a wide range of topics focused on Operational Security.
Unfortunate events like the Safe hack highlight once again that hackers bypass firewalls by targeting people.
Peter gave us a clear explanation of the key pillars of security in the Web3 industry, OpSec, SecOps, and AppSec.
He also reminded us that Safe was hacked, and that the attackers waited for a "big fish," eventually leading to the theft of over $1.4B from Bybit, an attack attributed to the Lazarus Group.
Studying every new threat is essential to better understand attack vectors and techniques, and to protect our entire ecosystem, including ourselves. Blockthreat is THE resource that condenses all of these hacks and offers valuable insights.
We, Pablo and I (Louis) from Opsek also presented some of the latest real-world social engineering attacks. Everything is becoming more and more sophisticated,
While we’re pushing for proper 2FA implementation and backup strategies, even a Yubikey won’t protect you if you install the wrong software or trust the wrong person.
Security is a state of mind (a.k.a. paranoia), and it can be achieved by training your team and having an extra set of eyes reviewing your operations.
The countdown has begun, and we’re excited to meet again in Buenos Aires for the Defi Security Summit 2025. The second (or maybe first?) reason to come to Argentina is, of course, Devconnect.