11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
Bitcoin: The Ultimate OpSec Collection
• https://officercia.mirror.xyz/axuVGnWQ0qglIDyk8KWL2mGYvSut94Vr1BWQIEPW_yw
#opsec #security #privacy
I have collected in the thread actual ways to protect your SIM card and phone number, as well as different options available on the market: x.com/officer_cia/status/1855292702570516595?1
#opsec #security #privacy
Thank you for mentioning my public letter 🫡
• /channel/Shualpha/626
#security #opsec #privacy
Defence tactics, a thread ⬇️
• https://x.com/officer_cia/status/1855071920859009134
#security #opsec
Sad day for privacy advocates and crypto, and a big win for the warrantless surveillance state and wholly unaccountable chain analytics firms (with their psuedo-scientific "forensics")
https://cointelegraph.com/news/bad-blockchain-forensics-convict-roman-sterlingov
a Study on Data Privacy in DeFi Protocols. https://arxiv.org/abs/2211.16082 @web3privacy1
Читать полностью…
We’re thrilled that Glider helped a whitehat demonstrate the impact of an issue, raising it to critical and unlocking a $1 million prize pool.
Another great use case for Glider! Try out glide.r.xyz - 17 lines of code may result in 1 million $ payout! 👀
• x.com/minato7namikazi/status/1853455576405082148
• x.com/xyz_remedy/status/1853463831579660562
And of course submit your findings to @xyz_remedy!
#security #web3
medium.com/@officercia/my-web3-security-privacy-stack-safeguarding-the-future-of-decentralization-89285ae6e7a6
Читать полностью…
Link: https://github.com/tpiliposian/not-awesome-web3-security-roadmap
#web3 #security
Dear subscribers, I know there are a few themed conferences and meetups coming up... I don't plan on attending them (as I always do), but you can meet my friends from @xyz_remedy!
I keep naively waiting for VRchat to become so popular that we can hold crypto conferences there lol 😂
#offtopic
If you’d like to support me and my work, please donate:0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A
or 0x937028F9A08b39331FAE53741Ada63179C42a7e7 — Ethereum, Base, Optimism, Polygon, BSC;17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU or bc1q75zgp5jurtm96nltt9c9kzjnrt33uylr8uvdds — Bitcoin;TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN — TRX;4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — XMR;
You can also support me by minting one of my Mirror articles NFTs or just DM me for a clean address! Thank you very much!
The crypto exchange M2 was hacked for ~$13M from hot wallets on multiple chains yesterday.
Theft addresses
ETH: 0x968b6984cba14444f23ee51be90652408155e142
BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj
SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL
Here’s the ultimate list: 35 top Telegram channels for news, insights, and alpha you don’t want to miss: x.com/tailoredweb3/status/1852014730929738093
#offtopic
An Open Letter to the Manufacturers and Designers of Crypto Wallets
• https://officercia.mirror.xyz/hd13Evk_caRmfKu4d0P9S4W63Tic-sMSLX9y71-CqjM
#security #privacy
Every OG or newly successful individual is a target. Keep this in mind, stay cautious:
• https://x.com/nft_garage_/status/1851093968521482378?1
#security #privacy
For those who don't already know... Telegram can show commercials on my channel to users who don't have a Premium subscription nonetheless I won't (and cannot) receive any money from these ads.
FYI
#offtopic
Yet another awesome repo: https://github.com/tpiliposian/awesome-web3sec-blogs-and-podcasts
#audit #web3
This will come as a shock to many, but I once worked in a factory as a regular turner. Those were good times...
I once thought I wanted to build rockets and satellites, but life and fate decided that I would be a CT blogger in Web3! 😅
#offtopic
North Korean hacker group BlueNoroff is targeting crypto firms with a new malware that attacks MacOS. Once a user downloads and opens a decoy PDF, the malware is downloaded as a separate file on the MacOS desktop in the background to remotely access the victim's computer to steal private keys. — link
Читать полностью…
V2023: x.com/web3privacy/status/1742236340077338634
#privacy #opsec
Beware of Scams Targeting Development Teams
Recently, a development company received a request to create a high-value product, but the process required completing a test task as a preliminary qualification. To begin, the team was instructed to download a project from Bitbucket. Upon inspection, they discovered suspicious activity in one of the files: a malicious code snippet known as a “stealer.”
What is a Stealer?
A “stealer” is malware designed to extract sensitive information from the victim’s system, including cryptocurrency wallets, browser-stored passwords, and other private data. Some stealers also install backdoors, allowing further unauthorized access to the compromised computer. This code often includes hexadecimal values and obfuscated strings, which only reveal their full intent during runtime.
For more information on stealers, refer to this Malwarebytes article.(https://lnkd.in/dfAv_cyJ)
In this case, the application immediately transmitted collected data to a remote server before installing a backdoor on the computer. The hacker had embedded their IP address, 138.201.199.46, as the destination for the stolen information—a significant oversight that aided in identifying the threat.
How to Protect Yourself
Unfortunately, this is not a first incident. To avoid falling victim to similar scams, always follow these best practices:
• Analyze Code Thoroughly: Avoid cloning or executing unverified code, especially on non-isolated environments. Always inspect unfamiliar code in a virtual machine to mitigate potential risks.
• Enhance Personal Security: Regularly audit your communication channels. Disable auto-downloads in messaging apps, enable multi-factor authentication (MFA), and be aware of SIM-swapping threats.
• Educate Yourself: Explore security resources like the following to strengthen your online defenses:
• Telegram Security Best Practices
https://lnkd.in/dDS6bDxZ
• Crypto-OpSec-SelfGuard-RoadMap
https://lnkd.in/dQAUrk2g
Stay vigilant, and remember that investing time in security today can protect you and your friends from significant losses in the future.
https://www.linkedin.com/posts/vvlnko_beware-of-scams-targeting-development-teams-activity-7260643728539734017-wGO0?utm_source=share&utm_medium=member_ios
Via Mirror: https://officercia.mirror.xyz/QAX5XNfBcSnMelGrVLbdJz-N4vjvdylgMPElLyclOuQ
#opsec #security
🫡🫡🫡
• x.com/web3privacy/status/1854801391665266969
#opsec #security
Want to learn Web3 security but not sure where to start?
We get this question all the time.
Here’s our answer: x.com/xyz_remedy/status/1853844986543952263
#web3 #security
600 users have collected my article, thank you fam 🫡
• Please RT: x.com/officer_cia/status/1853260026443358233
• Article link: officercia.mirror.xyz/z7UhL4a_R5L0iPiAufCx7OXC24-onnNg92RzcwPP1VQ
#opsec #security
Dear friends, you can order an OpSec audit from me for you and your team/project.
I can conduct a series of trainings with you and your team, develop project-specific OpSec guidelines and answer all your questions.
This is about my personalized services. I do not do it on behalf of the company. Thank you! 🙏
Price is negotiated separately, depends on occupancy and number of days. You can count on 3-5 thousand dollars for everything (provided that there will not be any particularly costly cases).
• Can you share more information on the services included specifically?
• Mainly from potential dangers that may be encountered in Web3. Mainly OpSec, in particular, wallet security, social networks, multisig. In other words, everything that fits under OpSec including also workplace setup and basic security guideline including physical security. These includes lectures for team, personal consultations, creation of project-specific guidelines. Typical duration - 1-2 weeks, depends on complexity.
DM: @farm42
#opsec #security
Happy Halloween! 🎃
• x.com/officer_cia/status/1719501383597249020
1inch Front-End seems to be compromised…
• https://x.com/officer_cia/status/1851748045953622304
DO NOT CONNECT WALLET!
P.S. Do not revoke approvals, since only front-end has been hacked so far. Contracts seem to be safe.
Reference: @infinityhedge, Coinspect Security
#security #alert
https://www.coinspect.com/wallets/
Читать полностью…
Whether you are interested in how you can explore the strategies and methodologies for investigating crypto hacks or even what to do if you get scammed or hacked:
• https://x.com/chrisdior777/status/1851225027791692172
#security #web3