Share this page!

CIA Officer Profile picture
Twitter logo
Feb 1 5 tweets 4 min read
Spotted an awesome data terminal made by @SirH4shalot 👀

👉github.com/sirhashalot/SC…

This list highlights the accomplishments and disclosed vulnerabilities of the top white-hat security experts in #DeFi 🤯
This list only includes actual vulnerabilities. There are CWE-like lists that exist to capture common weaknesses in code, including these lists:

👉swcregistry.io
👉securing.github.io/SCSVS
👉github.com/sigp/solidity-…
👉github.com/blockthreat
👉secureum.xyz
This list does not include black hat hacks which involved user loss of funds, even if the funds are returned. There are other lists for that, including these lists:

👉rekt.news
👉hacked.slowmist.io
👉cryptosec.info/defi-hacks
👉github.com/jwparktom/Gutt…
More resources:

👉github.com/TheSquanch-147…
👉medium.com/immunefi
👉defisafety.com
To my knowledge there were several researches on topic as well - arxiv.org/pdf/2106.10740… & arxiv.org/pdf/2109.06836…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CIA Officer

CIA Officer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @officer_cia

CIA Officer Profile picture
Jan 21
Awesome tip for using canarytokens.org/generate honeypot traps as a defence mechanism & #SIEM 🤯
1/3
There are three fun techniques for those who are constantly under attack.

One of them is to set up similar honeypots, IP loggers like “grabify dot link” and put a script for notifications.

👇👇👇
2/3
The second is to set up fake wallets, potential targets and name them tempting for the hacker. If you try to steal money from them (the hacker will probably notice them first), you can get a notification from @TenderlyApp or own script via SMS.

👇👇👇
Read 7 tweets
CIA Officer Profile picture
Dec 25, 2021
Warning ❗️ An attack on thematic @telegram crypto chats ongoing now. The attackers use an account named "Smokes Night" to spread Echelon malware by dropping a file into the chat room.

TLDR: Disable auto-downloading in Telegram settings right now.

👇 See the thread below 👇
@telegram 1/X

Here is a good article themed how to configure your TG, which don't have "out-of-the-box" privacy settings, correctly.

medium.com/immunefi/how-n…
2/X
Original report: cisomag.eccouncil.org/echelon-malwar…

Full report: safeguardcyber.com/hubfs/Threat%2… Image
Read 14 tweets
CIA Officer Profile picture
Nov 6, 2021
GN! Another very serious thread/manifest in which I would like to bring up an important problem. It is called cybersquatting. I will explain everything in details 👇
1/X So, let's begin. What exactly is cybersquatting? Cybersquatting is the bad-faith registration and use of a domain name that would be considered confusingly similar to an existing trademark, for example CADDNA.org or AppleProducts.com.
2/X Cybersquatters often conduct a variety of illegal and illicit practices: they can deliver malware, sell counterfeit goods, host phishing schemes, steal identities, and make money from deceptive advertising ruses.
Read 9 tweets
CIA Officer Profile picture
Nov 4, 2021
According to @_CPResearch_, users of the Metamask and Phantom crypto wallets, as well as the Pancake platform, were victims of a crypto-fishing scam that stole more than $500,000.

In this thread I ll try to explain how did attackers do that in my own words 👇 Image
1/X

When searching in google on crypto keywords such as “metamask” the spoofed links would appear at the top of search results. When clicked, the link would redirect to a “white” page and serve phishing content in the native language of the geographic region of the victim.
2/X
This attack method is called "cloaking". Cloaking refers to the practice of presenting different content or URLs to human users and search engines.

support.google.com/adspolicy/answ…
Read 11 tweets
CIA Officer Profile picture
Aug 16, 2021
In this thread I would like to tell you how to pass my #DeFi roadmap in an faster way 👇

Map: github.com/OffcierCia/DeF…
🔖 Learn the basics of Distributed Ledger Technology:

🔖 Elliptic Curve Cryptography: medium.com/coinmonks/lear…

🔖 Watch the video:

🔖 Read: medium.com/@preethikasire…

🔖 Read: blog.zeppelin.solutions/the-hitchhiker…

🔖 Watch: youtube.com/channel/UCJWh7…
📌Сheck out: solidity-by-example.org

📌 Read this study: arxiv.org/pdf/2106.10740…

📌 Don’t be afraid of using Google: powersearchingwithgoogle.com

📌 Сheck this tutorial: github.com/willitscale/le…

📌 Watch this intro: youtube.com/playlist?list=… and
Read 9 tweets
CIA Officer Profile picture
Jul 30, 2021
Today I would like to collect all good governance and DAO-related researches 🤔

Check the thread below
👇
arxiv.org/abs/2107.06790

Governing Decentralized Complex Queries Through a DAO
Collective intelligence and the blockchain: Technology, communities and social experiments

arxiv.org/abs/2107.05527
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Like this author's thread?

Get emails when @officer_cia has new unrolls!

Check out other threads from @officer_cia!

Read all threads by @officer_cia

:(