Ongoing non-custodial wallet hacks

A 🧵aims to explain the risk of hacks on non-custodial wallets atm

You'll learn what type of hacks and the need of safe custody in these times

TO SAVE IS TO WIN!

Let's dive in 👇

#Secur3 #Decentralised2FA #WalletHacks

2/ The data of phishing attacks/hacks on DEFI

-Acording to @DefiLlama, DEFI is one of the fatest growth layers in the last year w/ eplosion in total TVL of the crypto market

-To access DEFI (or Dapps) people have to use Non-custodial wallets

-According to The Block, the first half of 2022 is the period when hack/exploit events with the highest asset value were recorded

-In the first half of 2022, the attackers stole approximately $1.6 billion

-Assets worth >$200M have been lost up to 4 times every 6 months. In particular, there was an increase in damage in Feb & March as a result of 2 major hacks in the Bridge array (Wormhole and Ronin Bridge)

-Attack statistics by ecosystem show that Non-EVM and EVM Compatible blockchains took the most damage.

-In particular, Ethereum-related cases account for only 17.7% of the total value, while Non-EVM and EVM Compatible blockchains account for 29.9% and 52.4%, respectively

3/ The 4 most common types of hacks

a) Phishing Sites
b) Clone websites/apps
c) Malicious contracts
d) Supply Chain Hack

a) Phishing Sites:

-A common technique is to lure users to a legitimate-looking site with the promise of free NFTs, then display a phony but convincing MetaMask error asking for your seed phrase

* NEVER TYPE YOUR SEED PHRASE

b) Clone websites/Apps

-Some software/clone sites will install backdoors onto your computer giving access to your file system, computer memory, and screen. Only install/access trusted software/sites

* NEVER OPEN SUSPICIOUS FILES

c) Malicious contracts

-The attackers will lure you to interact with a deceptive smart contract (via phishing sites/clone Dapps). When you sign/approve with non-custodial wallets, the smart contract will automatically drain your funds

d) Supply Chain hacks

-Supply chain hacks on hardware wallets are common; for example, a website may sell you a hardware wallet with a pre-loaded key or fake hardware with known seed phrases. Then, at a later time, drain all assets

4/ Demand for safe custody

-There're still many risks ahead, requiring defensive moves

-To ensure maximum protection while lowering the risk of theft, hacks, and other forms of misappropriation, safe custody involves the storage, processing, and security measures put in place.

+"Decentralised 2FA via Secur3"

-Each wallet address will be assigned a distinct SECUR3 Vault address.

-While configuring it, you also create a password for your Vault, which is encrypted and stored in the SECUR3 smart contract.

-Decentralised 2FA solution keep assets secured with extra layer of security (one time password) on your private keys

-Even if hackers obtain your private keys, they will not be able to access your funds inside your SECUR3 Vault as long as they do not know your SECUR3 Vault password

-To withdraw you’ll need:

+Your wallet connected to the website; and
+Enter the correct SECUR3 Vault password

-SECUR3 is a fully decentralized protocol, which means:

+SECUR3 does not save your passwords; it is your responsibility to remember and safeguard your SECUR3 Vault password

+You can access your funds at any time and from any place

👉Check audit reports: audit.shellboxes.com/report.php?id=…