Ongoing non-custodial wallet hacks
A 🧵aims to explain the risk of hacks on non-custodial wallets atm
You'll learn what type of hacks and the need of safe custody in these times
TO SAVE IS TO WIN!
Let's dive in 👇
#Secur3 #Decentralised2FA #WalletHacks
A 🧵aims to explain the risk of hacks on non-custodial wallets atm
You'll learn what type of hacks and the need of safe custody in these times
TO SAVE IS TO WIN!
Let's dive in 👇
#Secur3 #Decentralised2FA #WalletHacks
1/ This thread 🧵covers:
a) The data of phishing attacks/hacks on DEFI
b) 4 most common types of hacks
c) Demand for safe custody in the market atm
In the end, I'll mention @SECUR3_ as I found it is a good solution
a) The data of phishing attacks/hacks on DEFI
b) 4 most common types of hacks
c) Demand for safe custody in the market atm
In the end, I'll mention @SECUR3_ as I found it is a good solution
2/ The data of phishing attacks/hacks on DEFI
-Acording to @DefiLlama, DEFI is one of the fatest growth layers in the last year w/ eplosion in total TVL of the crypto market
-To access DEFI (or Dapps) people have to use Non-custodial wallets
-Acording to @DefiLlama, DEFI is one of the fatest growth layers in the last year w/ eplosion in total TVL of the crypto market
-To access DEFI (or Dapps) people have to use Non-custodial wallets
-The level of hacked projects in the first half of 2022 raises numerous concerns about the trade-off between rapid growth and security
-The majority of DEFI hacking incidents raise questions about the security of non-custodial wallets
-The majority of DEFI hacking incidents raise questions about the security of non-custodial wallets
-According to The Block, the first half of 2022 is the period when hack/exploit events with the highest asset value were recorded
-In the first half of 2022, the attackers stole approximately $1.6 billion
-Assets worth >$200M have been lost up to 4 times every 6 months. In particular, there was an increase in damage in Feb & March as a result of 2 major hacks in the Bridge array (Wormhole and Ronin Bridge)
-Assets worth >$200M have been lost up to 4 times every 6 months. In particular, there was an increase in damage in Feb & March as a result of 2 major hacks in the Bridge array (Wormhole and Ronin Bridge)
-Attack statistics by ecosystem show that Non-EVM and EVM Compatible blockchains took the most damage.
-In particular, Ethereum-related cases account for only 17.7% of the total value, while Non-EVM and EVM Compatible blockchains account for 29.9% and 52.4%, respectively
-In particular, Ethereum-related cases account for only 17.7% of the total value, while Non-EVM and EVM Compatible blockchains account for 29.9% and 52.4%, respectively
--> This directly affects users' security and exacerbate the Bear Market situation
So I'll continue to teach you about different types of hacks 👇
So I'll continue to teach you about different types of hacks 👇
3/ The 4 most common types of hacks
a) Phishing Sites
b) Clone websites/apps
c) Malicious contracts
d) Supply Chain Hack
a) Phishing Sites
b) Clone websites/apps
c) Malicious contracts
d) Supply Chain Hack
a) Phishing Sites:
-A common technique is to lure users to a legitimate-looking site with the promise of free NFTs, then display a phony but convincing MetaMask error asking for your seed phrase
* NEVER TYPE YOUR SEED PHRASE
-A common technique is to lure users to a legitimate-looking site with the promise of free NFTs, then display a phony but convincing MetaMask error asking for your seed phrase
* NEVER TYPE YOUR SEED PHRASE
b) Clone websites/Apps
-Some software/clone sites will install backdoors onto your computer giving access to your file system, computer memory, and screen. Only install/access trusted software/sites
* NEVER OPEN SUSPICIOUS FILES
-Some software/clone sites will install backdoors onto your computer giving access to your file system, computer memory, and screen. Only install/access trusted software/sites
* NEVER OPEN SUSPICIOUS FILES
c) Malicious contracts
-The attackers will lure you to interact with a deceptive smart contract (via phishing sites/clone Dapps). When you sign/approve with non-custodial wallets, the smart contract will automatically drain your funds
-The attackers will lure you to interact with a deceptive smart contract (via phishing sites/clone Dapps). When you sign/approve with non-custodial wallets, the smart contract will automatically drain your funds
d) Supply Chain hacks
-Supply chain hacks on hardware wallets are common; for example, a website may sell you a hardware wallet with a pre-loaded key or fake hardware with known seed phrases. Then, at a later time, drain all assets
-Supply chain hacks on hardware wallets are common; for example, a website may sell you a hardware wallet with a pre-loaded key or fake hardware with known seed phrases. Then, at a later time, drain all assets
4/ Demand for safe custody
-There're still many risks ahead, requiring defensive moves
-To ensure maximum protection while lowering the risk of theft, hacks, and other forms of misappropriation, safe custody involves the storage, processing, and security measures put in place.
-There're still many risks ahead, requiring defensive moves
-To ensure maximum protection while lowering the risk of theft, hacks, and other forms of misappropriation, safe custody involves the storage, processing, and security measures put in place.
-Various entities, including Coinbase, Paypal, Genesis, and Gemini, have acquired crypto custody infrastructure companies in order to improve crypto asset security and offer new services
*Remember we're in Bear Market, safe=secured funds=survival. Thus, never put your guard down
*Remember we're in Bear Market, safe=secured funds=survival. Thus, never put your guard down
5/ As mentioned above, @SECUR3_ is the solution!
-SECUR3 is intended to assist you in protecting your funds from these hacks
-This is how it works 👇
-SECUR3 is intended to assist you in protecting your funds from these hacks
-This is how it works 👇
+"Decentralised 2FA via Secur3"
-Each wallet address will be assigned a distinct SECUR3 Vault address.
-While configuring it, you also create a password for your Vault, which is encrypted and stored in the SECUR3 smart contract.
-Each wallet address will be assigned a distinct SECUR3 Vault address.
-While configuring it, you also create a password for your Vault, which is encrypted and stored in the SECUR3 smart contract.
-Decentralised 2FA solution keep assets secured with extra layer of security (one time password) on your private keys
-Even if hackers obtain your private keys, they will not be able to access your funds inside your SECUR3 Vault as long as they do not know your SECUR3 Vault password
-To withdraw you’ll need:
+Your wallet connected to the website; and
+Enter the correct SECUR3 Vault password
-To withdraw you’ll need:
+Your wallet connected to the website; and
+Enter the correct SECUR3 Vault password
-When your primary wallet is compromised/unsafe/hacked, or you've forgotten your SECUR3 Vault password, you can direct withdrawals to your backup wallet
-All you have to do is connect the primary wallet to SECUR3
-All you have to do is connect the primary wallet to SECUR3
-SECUR3 is a fully decentralized protocol, which means:
+SECUR3 does not save your passwords; it is your responsibility to remember and safeguard your SECUR3 Vault password
+You can access your funds at any time and from any place
👉Check audit reports: audit.shellboxes.com/report.php?id=…
+SECUR3 does not save your passwords; it is your responsibility to remember and safeguard your SECUR3 Vault password
+You can access your funds at any time and from any place
👉Check audit reports: audit.shellboxes.com/report.php?id=…
6/ Alright folks, that's it for today!
Hope you'll learn something useful. If this is good for you, plz follow me, like or retweet this tweet
Again, be safe & stay safe 😎
Hope you'll learn something useful. If this is good for you, plz follow me, like or retweet this tweet
Again, be safe & stay safe 😎
https://twitter.com/kyxoan17/status/1549406998948708355?s=20&t=ztTmR8HJ3m9jsEHnZqsOHg
• • •
Missing some Tweet in this thread? You can try to
force a refresh
