Web3Violent Attack Vectors in Web3: A Detailed Review
Operational security professionals work to figure out where their information can be breached. Looking at operations from a malicious third-party’s perspective allows us to spot vulnerabilities we may have otherwise missed so that we can implement proper countermeasures.
If funds stolen/blocked on CEX, contact my lawyer rata0x
Best service for on-chain investigations: legalblock.com
Operational security professionals work to figure out where their information can be breached. The most important thing to understand here is the path of the cyber attack — its vector. Let’s take a closer look.
Example №1 — Social Engineering
Let’s take a hypothetical situation in which your computer gets infected with a Remote Access Trojan (RAT) virus. One of two things may happen. If the attack was carried out by a rookie hacker (i.e a lamer) then he likely orchestrated a wide massive attack without a target in mind. He can steal some information on you like your browser cookies and then sell it.
The second option is that this was a direct attack. The hackers made a phishing page on your router, through which you could enter your password (poisoning the DNS server). To prevent this type of attack, you ideally need to separate your machines and networks. You should also check certificates.researchgate.net/publication/339224082_A_Taxonomy_of_Social_Engineering_Defense_Mechanisms
Here is an example of a very dangerous cyber attack on your crypto wallet:
Your computer gets infected by malware with a crypto clipper.
Let us say you want to send money from your crypto account to your friend.
When you attempt to copy and paste your friend’s crypto, ETH, or BTC address, the clipper will substitute your friend’s address with a generated one that looks a lot like your friend’s (starts and ends with the same characters).
Thus, instead of sending crypto to your friend’s account you actually direct the money directly into the hacker’s account.
www.chainalysis.com/blog/address-poisoning-scam
Consider checking the entire address of your addressee’s wallet before you click Send!
In short, crypto clipper, address poisoning and «zero-transfer/approve transaction» attacks are just vanity-generated address attack variations! For example, that’s how scammers are using vanity-gen to generate an address similar to the victim’s ones (first 4 and last 5 digits are similar) in a address poisoning attack. This is common at ETH, BSC, even BTC!
Examples of address poisoning on Bitcoin:
github.com/AngelTs/vanitygen-plusplus-ported-for-VS2019
bitcointalk.org/index.php?topic=5076779.0
Bitcoin clipper examples:
news.ycombinator.com/item?id=32614037
arxiv.org/pdf/2108.14004.pdf
Questions began to be raised over the discovery of mysterious outgoing zero transactions with supposed approve signatures…
Check out this example, seen both at Tron and Ethereum Main-net:
Another example (Tron):
etherscan.io/tx/0x76aca85852108175a6411331de8bcd7007a849857180c533e16b733911980a64
The transferFrom function was called, not transfer, which means that the Fromaddress was supposed to give that address who signed the transaction, but since the sum is zero and all new contract memory cells are initialized with zeros, everything runs smoothly (since there is a 0 for any address) (deepl.com) 🤔
TLDR: You must just ignore these transactions!
Example №2 — The Troll and the Knight
Let us take Jane who is a diligent employee at her company. Information about Jane is publicly available on her social networks. Some sensitive information about her might have even been revealed in some leaks, such as the 2014 Yahoo Mail user account information breach. Generally, she is no different from you or us. So far, so good.
github.com/frostbits-security/MITM-cheatsheet
But then, a troll shows up and starts stalking her around social networks, writing hurtful comments, for example. He expands his cyberbullying to others in Jane’s company, bringing distress to his victims.
Even at this stage, the attack has done enough damage to cripple the culture of openness inside the company. Employees may stop sharing personal information or speaking candidly about problems for fear of ridicule or retaliation.
Jane continues to suffer the troll’s attacks in silence. If Jane blocks the troll’s account, he will make another. If he knows her address, multiple pizza deliveries may suddenly arrive at her door. It is no life.
At this point in our story, in comes John. He is a stranger but, he too has a public account and has suffered from the actions of this same troll as evident from attacks on his page. He makes Jane a proposition for cooperation on how to stop the attacks. He says he knows a way to silence the troll.
Sure he knows the way. The Knight to the Rescue and the Evil Troll are one and the same person. The troll’s trick was to establish an emotionally supportive bond with someone who was experiencing pain.
John created a condition where Jane is now more likely to follow John’s seemingly innocent suggestion. She may click on a URL link or open a file sent to her. She might even come out and meet John.
This story may end badly for Jane. A potential scam by John should have been stopped at the beginning — at the stage when the target got recruited.https://www.sciencedirect.com/science/article/pii/S0167404816300268
Are there any good guidelines to follow so that we do not end up in Jane’s position?
The piece of advice “don’t let strong emotions influence your actions” applies well for investing in stocks or when choosing a life partner. It can be your first rule in the digital world playground.
If you get scammed, do not lose heart. One thing victims often tell us after being defrauded is “I can’t believe I was so stupid.” Scams happen to the best among us. Evolutionary psychology tells us that we have been wired by evolution to trust other humans for the purpose of our survival. This is why any exploitation of this strong evolutionary adaptation is particularly painful to us.
If you are in a managerial role, make sure your employees aren’t sick, tired, or go hungry at work. When employees are physically or emotionally weakened, they become vulnerable to psychological influence.
If you work a lot with files, particularly PDFs, you can use these protective measures.
While you may be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.
We recommend that you follow these 25 rules to safeguard yourself from nefarious Internet scammers.
The exploitation of love or anger happens less often because the scammer would need to maintain a psychological connection with the victim, requiring skill, time, and familiarity with the target. In our situation, the scammer exploited the victims’ fear. What is more, in order for this attack to succeed the victim had to be rushed.
A skillful social engineer will not give the victim much time to think, and will always press for urgency. This is the first thing to pay attention to — If you are rushed to give out sensitive information (or any information at all, for that matter), it is a good time to pause.
The second point to note is that when you find yourself in a similar situation, do not try to solve the problem by yourself. Ask a friend, a frequent contributor to your favorite Discord server, or a moderator of any well-known DAO. Good people want to help. Get a second opinion.
Sometimes scammers just want to get dirt on the victim or de-anonymize the target. Often, however, sophisticated cyber exploits can come coupled with either a malware injection or a phishing attack, or some other surprise.
Example №3 — IOS +MacOS Attack Vectors
In my favorite chat room recently I was asked, in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don’t have a definite answer here — both yes and no.
First of all, There is a lot of malware for macOS/IOS, the thing is that exploits 0days/1 day for MacOS/IOS costs slightly more than Windows/Android.
There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits — they always cost more), I suggest you go to Zerodium and see the prices.
In general, the toolkit is more or less the same so don’t assume that macOS is more secure. Again, it is based on FreeBSD. In other words, know who is working against you and what they are capable of.
In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5–10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.
Hackers also care about economics, profit, and cost. If they are confident they can take the risk. Keep that in mind.
Use Qubes OS, Whonix, Tails, or Graphene OS (which is way better than closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! But. Any secure OS can’t help you if you don’t care about simple security rules — keep that in mind.
I am not asking you to comply with all of this, but you must remember the main rule in this particular case:
Your level of OpSec usually depends on your threat model and which adversary you’re up against. So it’s hard to define how good your OpSec is.
If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money.
Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses. Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!
Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc;
17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC;
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero.
Stay safe!
Violent Attack Vectors in Web3: A Detailed Review was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this storyWeb3Violent Attack Vectors in Web3: A Detailed Review
Operational security professionals work to figure out where their information can be breached. Looking at operations from a malicious third-party’s perspective allows us to spot vulnerabilities we may have otherwise missed so that we can implement proper countermeasures.
If funds stolen/blocked on CEX, contact my lawyer rata0x
Best service for on-chain investigations: legalblock.com
Operational security professionals work to figure out where their information can be breached. The most important thing to understand here is the path of the cyber attack — its vector. Let’s take a closer look.
Example №1 — Social Engineering
Let’s take a hypothetical situation in which your computer gets infected with a Remote Access Trojan (RAT) virus. One of two things may happen. If the attack was carried out by a rookie hacker (i.e a lamer) then he likely orchestrated a wide massive attack without a target in mind. He can steal some information on you like your browser cookies and then sell it.
The second option is that this was a direct attack. The hackers made a phishing page on your router, through which you could enter your password (poisoning the DNS server). To prevent this type of attack, you ideally need to separate your machines and networks. You should also check certificates.researchgate.net/publication/339224082_A_Taxonomy_of_Social_Engineering_Defense_Mechanisms
Here is an example of a very dangerous cyber attack on your crypto wallet:
Your computer gets infected by malware with a crypto clipper.
Let us say you want to send money from your crypto account to your friend.
When you attempt to copy and paste your friend’s crypto, ETH, or BTC address, the clipper will substitute your friend’s address with a generated one that looks a lot like your friend’s (starts and ends with the same characters).
Thus, instead of sending crypto to your friend’s account you actually direct the money directly into the hacker’s account.
www.chainalysis.com/blog/address-poisoning-scam
Consider checking the entire address of your addressee’s wallet before you click Send!
In short, crypto clipper, address poisoning and «zero-transfer/approve transaction» attacks are just vanity-generated address attack variations! For example, that’s how scammers are using vanity-gen to generate an address similar to the victim’s ones (first 4 and last 5 digits are similar) in a address poisoning attack. This is common at ETH, BSC, even BTC!
Examples of address poisoning on Bitcoin:
github.com/AngelTs/vanitygen-plusplus-ported-for-VS2019
bitcointalk.org/index.php?topic=5076779.0
Bitcoin clipper examples:
news.ycombinator.com/item?id=32614037
arxiv.org/pdf/2108.14004.pdf
Questions began to be raised over the discovery of mysterious outgoing zero transactions with supposed approve signatures…
Check out this example, seen both at Tron and Ethereum Main-net:
Another example (Tron):
etherscan.io/tx/0x76aca85852108175a6411331de8bcd7007a849857180c533e16b733911980a64
The transferFrom function was called, not transfer, which means that the Fromaddress was supposed to give that address who signed the transaction, but since the sum is zero and all new contract memory cells are initialized with zeros, everything runs smoothly (since there is a 0 for any address) (deepl.com) 🤔
TLDR: You must just ignore these transactions!
Example №2 — The Troll and the Knight
Let us take Jane who is a diligent employee at her company. Information about Jane is publicly available on her social networks. Some sensitive information about her might have even been revealed in some leaks, such as the 2014 Yahoo Mail user account information breach. Generally, she is no different from you or us. So far, so good.
github.com/frostbits-security/MITM-cheatsheet
But then, a troll shows up and starts stalking her around social networks, writing hurtful comments, for example. He expands his cyberbullying to others in Jane’s company, bringing distress to his victims.
Even at this stage, the attack has done enough damage to cripple the culture of openness inside the company. Employees may stop sharing personal information or speaking candidly about problems for fear of ridicule or retaliation.
Jane continues to suffer the troll’s attacks in silence. If Jane blocks the troll’s account, he will make another. If he knows her address, multiple pizza deliveries may suddenly arrive at her door. It is no life.
At this point in our story, in comes John. He is a stranger but, he too has a public account and has suffered from the actions of this same troll as evident from attacks on his page. He makes Jane a proposition for cooperation on how to stop the attacks. He says he knows a way to silence the troll.
Sure he knows the way. The Knight to the Rescue and the Evil Troll are one and the same person. The troll’s trick was to establish an emotionally supportive bond with someone who was experiencing pain.
John created a condition where Jane is now more likely to follow John’s seemingly innocent suggestion. She may click on a URL link or open a file sent to her. She might even come out and meet John.
This story may end badly for Jane. A potential scam by John should have been stopped at the beginning — at the stage when the target got recruited.https://www.sciencedirect.com/science/article/pii/S0167404816300268
Are there any good guidelines to follow so that we do not end up in Jane’s position?
The piece of advice “don’t let strong emotions influence your actions” applies well for investing in stocks or when choosing a life partner. It can be your first rule in the digital world playground.
If you get scammed, do not lose heart. One thing victims often tell us after being defrauded is “I can’t believe I was so stupid.” Scams happen to the best among us. Evolutionary psychology tells us that we have been wired by evolution to trust other humans for the purpose of our survival. This is why any exploitation of this strong evolutionary adaptation is particularly painful to us.
If you are in a managerial role, make sure your employees aren’t sick, tired, or go hungry at work. When employees are physically or emotionally weakened, they become vulnerable to psychological influence.
If you work a lot with files, particularly PDFs, you can use these protective measures.
While you may be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.
We recommend that you follow these 25 rules to safeguard yourself from nefarious Internet scammers.
The exploitation of love or anger happens less often because the scammer would need to maintain a psychological connection with the victim, requiring skill, time, and familiarity with the target. In our situation, the scammer exploited the victims’ fear. What is more, in order for this attack to succeed the victim had to be rushed.
A skillful social engineer will not give the victim much time to think, and will always press for urgency. This is the first thing to pay attention to — If you are rushed to give out sensitive information (or any information at all, for that matter), it is a good time to pause.
The second point to note is that when you find yourself in a similar situation, do not try to solve the problem by yourself. Ask a friend, a frequent contributor to your favorite Discord server, or a moderator of any well-known DAO. Good people want to help. Get a second opinion.
Sometimes scammers just want to get dirt on the victim or de-anonymize the target. Often, however, sophisticated cyber exploits can come coupled with either a malware injection or a phishing attack, or some other surprise.
Example №3 — IOS +MacOS Attack Vectors
In my favorite chat room recently I was asked, in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don’t have a definite answer here — both yes and no.
First of all, There is a lot of malware for macOS/IOS, the thing is that exploits 0days/1 day for MacOS/IOS costs slightly more than Windows/Android.
There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits — they always cost more), I suggest you go to Zerodium and see the prices.
In general, the toolkit is more or less the same so don’t assume that macOS is more secure. Again, it is based on FreeBSD. In other words, know who is working against you and what they are capable of.
In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5–10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.
Hackers also care about economics, profit, and cost. If they are confident they can take the risk. Keep that in mind.
Use Qubes OS, Whonix, Tails, or Graphene OS (which is way better than closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! But. Any secure OS can’t help you if you don’t care about simple security rules — keep that in mind.
I am not asking you to comply with all of this, but you must remember the main rule in this particular case:
Your level of OpSec usually depends on your threat model and which adversary you’re up against. So it’s hard to define how good your OpSec is.
If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money.
Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses. Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!
Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc;
17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC;
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero.
Stay safe!
Violent Attack Vectors in Web3: A Detailed Review was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story
Violent Attack Vectors in Web3: A Detailed Review
9 min read
Web3Violent Attack Vectors in Web3: A Detailed Review
Operational security professionals work to figure out where their information can be breached. Looking at operations from a malicious third-party’s perspective allows us to spot vulnerabilities we may have otherwise missed so that we can implement proper countermeasures.
- If funds stolen/blocked on CEX, contact my lawyer rata0x
- Best service for on-chain investigations: legalblock.com
Operational security professionals work to figure out where their information can be breached. The most important thing to understand here is the path of the cyber attack — its vector. Let’s take a closer look.
Example №1 — Social Engineering
Let’s take a hypothetical situation in which your computer gets infected with a Remote Access Trojan (RAT) virus. One of two things may happen. If the attack was carried out by a rookie hacker (i.e a lamer) then he likely orchestrated a wide massive attack without a target in mind. He can steal some information on you like your browser cookies and then sell it.
The second option is that this was a direct attack. The hackers made a phishing page on your router, through which you could enter your password (poisoning the DNS server). To prevent this type of attack, you ideally need to separate your machines and networks. You should also check certificates.
researchgate.net/publication/339224082_A_Taxonomy_of_Social_Engineering_Defense_MechanismsHere is an example of a very dangerous cyber attack on your crypto wallet:
- Your computer gets infected by malware with a crypto clipper.
- Let us say you want to send money from your crypto account to your friend.
- When you attempt to copy and paste your friend’s crypto, ETH, or BTC address, the clipper will substitute your friend’s address with a generated one that looks a lot like your friend’s (starts and ends with the same characters).
- Thus, instead of sending crypto to your friend’s account you actually direct the money directly into the hacker’s account.
Consider checking the entire address of your addressee’s wallet before you click Send!
In short, crypto clipper, address poisoning and «zero-transfer/approve transaction» attacks are just vanity-generated address attack variations! For example, that’s how scammers are using vanity-gen to generate an address similar to the victim’s ones (first 4 and last 5 digits are similar) in a address poisoning attack. This is common at ETH, BSC, even BTC!
Examples of address poisoning on Bitcoin:
- github.com/AngelTs/vanitygen-plusplus-ported-for-VS2019
- bitcointalk.org/index.php?topic=5076779.0
Bitcoin clipper examples:
- news.ycombinator.com/item?id=32614037
- arxiv.org/pdf/2108.14004.pdf
Questions began to be raised over the discovery of mysterious outgoing zero transactions with supposed approve signatures…
Check out this example, seen both at Tron and Ethereum Main-net:
Another example (Tron):
- etherscan.io/tx/0x76aca85852108175a6411331de8bcd7007a849857180c533e16b733911980a64
The transferFrom function was called, not transfer, which means that the Fromaddress was supposed to give that address who signed the transaction, but since the sum is zero and all new contract memory cells are initialized with zeros, everything runs smoothly (since there is a 0 for any address) (deepl.com) 🤔
TLDR: You must just ignore these transactions!
Example №2 — The Troll and the Knight
Let us take Jane who is a diligent employee at her company. Information about Jane is publicly available on her social networks. Some sensitive information about her might have even been revealed in some leaks, such as the 2014 Yahoo Mail user account information breach. Generally, she is no different from you or us. So far, so good.
- github.com/frostbits-security/MITM-cheatsheet
But then, a troll shows up and starts stalking her around social networks, writing hurtful comments, for example. He expands his cyberbullying to others in Jane’s company, bringing distress to his victims.
Even at this stage, the attack has done enough damage to cripple the culture of openness inside the company. Employees may stop sharing personal information or speaking candidly about problems for fear of ridicule or retaliation.
Jane continues to suffer the troll’s attacks in silence. If Jane blocks the troll’s account, he will make another. If he knows her address, multiple pizza deliveries may suddenly arrive at her door. It is no life.
At this point in our story, in comes John. He is a stranger but, he too has a public account and has suffered from the actions of this same troll as evident from attacks on his page. He makes Jane a proposition for cooperation on how to stop the attacks. He says he knows a way to silence the troll.
Sure he knows the way. The Knight to the Rescue and the Evil Troll are one and the same person. The troll’s trick was to establish an emotionally supportive bond with someone who was experiencing pain.
John created a condition where Jane is now more likely to follow John’s seemingly innocent suggestion. She may click on a URL link or open a file sent to her. She might even come out and meet John.
This story may end badly for Jane. A potential scam by John should have been stopped at the beginning — at the stage when the target got recruited.
https://www.sciencedirect.com/science/article/pii/S0167404816300268Are there any good guidelines to follow so that we do not end up in Jane’s position?
- The piece of advice “don’t let strong emotions influence your actions” applies well for investing in stocks or when choosing a life partner. It can be your first rule in the digital world playground.
- If you get scammed, do not lose heart. One thing victims often tell us after being defrauded is “I can’t believe I was so stupid.” Scams happen to the best among us. Evolutionary psychology tells us that we have been wired by evolution to trust other humans for the purpose of our survival. This is why any exploitation of this strong evolutionary adaptation is particularly painful to us.
- If you are in a managerial role, make sure your employees aren’t sick, tired, or go hungry at work. When employees are physically or emotionally weakened, they become vulnerable to psychological influence.
- If you work a lot with files, particularly PDFs, you can use these protective measures.
- While you may be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.
- We recommend that you follow these 25 rules to safeguard yourself from nefarious Internet scammers.
The exploitation of love or anger happens less often because the scammer would need to maintain a psychological connection with the victim, requiring skill, time, and familiarity with the target. In our situation, the scammer exploited the victims’ fear. What is more, in order for this attack to succeed the victim had to be rushed.
A skillful social engineer will not give the victim much time to think, and will always press for urgency. This is the first thing to pay attention to — If you are rushed to give out sensitive information (or any information at all, for that matter), it is a good time to pause.
The second point to note is that when you find yourself in a similar situation, do not try to solve the problem by yourself. Ask a friend, a frequent contributor to your favorite Discord server, or a moderator of any well-known DAO. Good people want to help. Get a second opinion.
Sometimes scammers just want to get dirt on the victim or de-anonymize the target. Often, however, sophisticated cyber exploits can come coupled with either a malware injection or a phishing attack, or some other surprise.
Example №3 — IOS +MacOS Attack Vectors
In my favorite chat room recently I was asked, in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don’t have a definite answer here — both yes and no.
First of all, There is a lot of malware for macOS/IOS, the thing is that exploits 0days/1 day for MacOS/IOS costs slightly more than Windows/Android.
There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits — they always cost more), I suggest you go to Zerodium and see the prices.
In general, the toolkit is more or less the same so don’t assume that macOS is more secure. Again, it is based on FreeBSD. In other words, know who is working against you and what they are capable of.
In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5–10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.
Hackers also care about economics, profit, and cost. If they are confident they can take the risk. Keep that in mind.
Use Qubes OS, Whonix, Tails, or Graphene OS (which is way better than closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! But. Any secure OS can’t help you if you don’t care about simple security rules — keep that in mind.
I am not asking you to comply with all of this, but you must remember the main rule in this particular case:
- Your level of OpSec usually depends on your threat model and which adversary you’re up against. So it’s hard to define how good your OpSec is.
If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money.
Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses. Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!
Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! If you want to support my work, you can send me a donation to the address:
- 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc;
- 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC;
- 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero.
Stay safe!
Violent Attack Vectors in Web3: A Detailed Review was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
SEC greenlights new generic standards to expedite crypto ETP listings
The post SEC greenlights new generic standards to expedite crypto ETP listings appeared on BitcoinEthereumNews.com. The U.S. Securities and Exchange Commission (SEC) has approved a new set of generic listing standards for commodity-based trust shares on Nasdaq, Cboe, and the New York Stock Exchange. The move is expected to streamline the approval process for exchange-traded products (ETPs) tied to digital assets, according to Fox Business reporter Eleanor Terret. However, she added that the Generic Listing Standards don’t open up every type of crypto ETP because threshold requirements remain in place, meaning not all products will immediately qualify. To add context, she quoted Tushar Jain of Multicoin Capital, who noted that the standards don’t apply to every type of crypto ETP and that threshold requirements remain. He expects the SEC will iterate further on these standards. The order, issued on Sept. 17, grants accelerated approval of proposed rule changes filed by the exchanges. By adopting the standards, the SEC aims to shorten the time it takes to bring new commodity-based ETPs to market, potentially clearing a path for broader crypto investment products. The regulator has been delaying the decision on several altcoin ETFs, most of which are set to reach their final deadlines in October. The move was rumored to be the SEC’s way of expediting approvals for crypto ETFs. The approval follows years of back-and-forth between the SEC and exchanges over how to handle crypto-based products, with past applications facing lengthy reviews. The new process is expected to reduce delays and provide more clarity for issuers, though the SEC signaled it may revisit and refine the standards as the market evolves. While the decision marks progress, experts emphasized that the so-called “floodgates” for crypto ETPs are not yet fully open. Future SEC actions will determine how broadly these standards can be applied across different digital asset products. Source: https://cryptoslate.com/sec-greenlights-new-generic-standards-to-expedite-crypto-etp-listings/
Share
BitcoinEthereumNews2025/09/18 08:43
Optimizely Named a Leader in the 2026 Gartner® Magic Quadrant™ for Personalization Engines
Company recognized as a Leader for the second consecutive year NEW YORK, Feb. 5, 2026 /PRNewswire/ — Optimizely, the leading digital experience platform (DXP) provider
Share
AI Journal2026/02/06 00:47
Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025
BitcoinWorld Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 Are you ready to witness a phenomenon? The world of technology is abuzz with the incredible rise of Lovable AI, a startup that’s not just breaking records but rewriting the rulebook for rapid growth. Imagine creating powerful apps and websites just by speaking to an AI – that’s the magic Lovable brings to the masses. This groundbreaking approach has propelled the company into the spotlight, making it one of the fastest-growing software firms in history. And now, the visionary behind this sensation, co-founder and CEO Anton Osika, is set to share his invaluable insights on the Disrupt Stage at the highly anticipated Bitcoin World Disrupt 2025. If you’re a founder, investor, or tech enthusiast eager to understand the future of innovation, this is an event you cannot afford to miss. Lovable AI’s Meteoric Ascent: Redefining Software Creation In an era where digital transformation is paramount, Lovable AI has emerged as a true game-changer. Its core premise is deceptively simple yet profoundly impactful: democratize software creation. By enabling anyone to build applications and websites through intuitive AI conversations, Lovable is empowering the vast majority of individuals who lack coding skills to transform their ideas into tangible digital products. This mission has resonated globally, leading to unprecedented momentum. The numbers speak for themselves: Achieved an astonishing $100 million Annual Recurring Revenue (ARR) in less than a year. Successfully raised a $200 million Series A funding round, valuing the company at $1.8 billion, led by industry giant Accel. Is currently fielding unsolicited investor offers, pushing its valuation towards an incredible $4 billion. As industry reports suggest, investors are unequivocally “loving Lovable,” and it’s clear why. This isn’t just about impressive financial metrics; it’s about a company that has tapped into a fundamental need, offering a solution that is both innovative and accessible. The rapid scaling of Lovable AI provides a compelling case study for any entrepreneur aiming for similar exponential growth. The Visionary Behind the Hype: Anton Osika’s Journey to Innovation Every groundbreaking company has a driving force, and for Lovable, that force is co-founder and CEO Anton Osika. His journey is as fascinating as his company’s success. A physicist by training, Osika previously contributed to the cutting-edge research at CERN, the European Organization for Nuclear Research. This deep technical background, combined with his entrepreneurial spirit, has been instrumental in Lovable’s rapid ascent. Before Lovable, he honed his skills as a co-founder of Depict.ai and a Founding Engineer at Sana. Based in Stockholm, Osika has masterfully steered Lovable from a nascent idea to a global phenomenon in record time. His leadership embodies a unique blend of profound technical understanding and a keen, consumer-first vision. At Bitcoin World Disrupt 2025, attendees will have the rare opportunity to hear directly from Osika about what it truly takes to build a brand that not only scales at an incredible pace in a fiercely competitive market but also adeptly manages the intense cultural conversations that inevitably accompany such swift and significant success. His insights will be crucial for anyone looking to understand the dynamics of high-growth tech leadership. Unpacking Consumer Tech Innovation at Bitcoin World Disrupt 2025 The 20th anniversary of Bitcoin World is set to be marked by a truly special event: Bitcoin World Disrupt 2025. From October 27–29, Moscone West in San Francisco will transform into the epicenter of innovation, gathering over 10,000 founders, investors, and tech leaders. It’s the ideal platform to explore the future of consumer tech innovation, and Anton Osika’s presence on the Disrupt Stage is a highlight. His session will delve into how Lovable is not just participating in but actively shaping the next wave of consumer-facing technologies. Why is this session particularly relevant for those interested in the future of consumer experiences? Osika’s discussion will go beyond the superficial, offering a deep dive into the strategies that have allowed Lovable to carve out a unique category in a market long thought to be saturated. Attendees will gain a front-row seat to understanding how to identify unmet consumer needs, leverage advanced AI to meet those needs, and build a product that captivates users globally. The event itself promises a rich tapestry of ideas and networking opportunities: For Founders: Sharpen your pitch and connect with potential investors. For Investors: Discover the next breakout startup poised for massive growth. For Innovators: Claim your spot at the forefront of technological advancements. The insights shared regarding consumer tech innovation at this event will be invaluable for anyone looking to navigate the complexities and capitalize on the opportunities within this dynamic sector. Mastering Startup Growth Strategies: A Blueprint for the Future Lovable’s journey isn’t just another startup success story; it’s a meticulously crafted blueprint for effective startup growth strategies in the modern era. Anton Osika’s experience offers a rare glimpse into the practicalities of scaling a business at breakneck speed while maintaining product integrity and managing external pressures. For entrepreneurs and aspiring tech leaders, his talk will serve as a masterclass in several critical areas: Strategy Focus Key Takeaways from Lovable’s Journey Rapid Scaling How to build infrastructure and teams that support exponential user and revenue growth without compromising quality. Product-Market Fit Identifying a significant, underserved market (the 99% who can’t code) and developing a truly innovative solution (AI-powered app creation). Investor Relations Balancing intense investor interest and pressure with a steadfast focus on product development and long-term vision. Category Creation Carving out an entirely new niche by democratizing complex technologies, rather than competing in existing crowded markets. Understanding these startup growth strategies is essential for anyone aiming to build a resilient and impactful consumer experience. Osika’s session will provide actionable insights into how to replicate elements of Lovable’s success, offering guidance on navigating challenges from product development to market penetration and investor management. Conclusion: Seize the Future of Tech The story of Lovable, under the astute leadership of Anton Osika, is a testament to the power of innovative ideas meeting flawless execution. Their remarkable journey from concept to a multi-billion-dollar valuation in record time is a compelling narrative for anyone interested in the future of technology. By democratizing software creation through Lovable AI, they are not just building a company; they are fostering a new generation of creators. His appearance at Bitcoin World Disrupt 2025 is an unmissable opportunity to gain direct insights from a leader who is truly shaping the landscape of consumer tech innovation. Don’t miss this chance to learn about cutting-edge startup growth strategies and secure your front-row seat to the future. Register now and save up to $668 before Regular Bird rates end on September 26. To learn more about the latest AI market trends, explore our article on key developments shaping AI features. This post Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 first appeared on BitcoinWorld.
Share
Coinstats2025/09/17 23:40