spherex technologies

We're proud to partner with @neemofinance! It's a privilege to work with a professional, trustworthy team fully devoted to security. This is how you build user trust.

@SpherexTech is thrilled to announce that we have achieved the ISO/IEC 27001:2022 (ISO 27001) certification. 🛡️ This milestone reaffirms our unwavering commitment to upholding the highest standards of information security and protecting what matters most to our clients and partners. #isocertificate #security #trust

5/5 Web3 introduces innovation but also new risks, especially during protocol updates, which often become optimal targets for hackers. Find out more on why #protocol updates and upgrades create vulnerabilities, as well as what you should prioritize in order to mitigate risk. Read more in our blog 🗣 spherextech.com/post/from-upda… #web3security #smartcontractupdates

4/5 The clear winner in prevention Secure development and extensive testing depends on your developers, and even the best dev team is not perfect and makes mistakes. There’s another effective prevention and protection tool for protocol updates. spherex runtime prevention tool reverts malicious transactions without pausing the protocol - and was built to support updates.

1/5 How Upgrades and Updates Lead to Exploits? New code is not as battle tested as existing code and the chances of potential flaws or misconfigurations is higher. Moreover, some code updates and patches are supposed to fix existing bugs but fail to do so, only now it’s much easier to find the original bug. Also, the sensitive nature of upgrades increases the chances of mistakes and misconfigurations.

🚨 Protect your dApp from compromised keys In the world of Web3, your private keys are the gatekeepers to your digital assets. That is why safeguarding your keys is crucial - not just for your personal security, but for the integrity of your entire project. Unauthorized access could lead to drained wallets or even smart contract manipulation, impacting not only your funds but also your users' trust. Minimize your risk and implement security best practices. 🛡 Check out more in our blog spherextech.com/post/the-silen… #digitalassetsecurity #Web3security #compromisedkeys

There are a number of critical consequences beyond the substantial financial loss when your protocol is hacked, including eroding user trust and legal liability proceedings, to only name a couple. What are the top consequences you’re worried about if you ever become susceptible to an attack? Find out the added risks you should be aware of via our blog: spherextech.com/post/7-additio… #smartcontractsecurity #web3security #onchain #usertrust

The Web3 Security Meetup at @aleph's headquarters dove head first into the future of Web3. spherex's CEO & Co-Founder, @meroneyal1, explains why smart contracts are the weakest link when it comes to Web3 security, and why solving this challenge is needed in order to drive mass adoption within the space. Catch the full interview here —> youtube.com/watch?v=0bTLdb… #Web3security #smartcontractsecurity #realtimeprevention @TomerDiari

7/7 Surprisingly, the insider threat is relevant for Web3 as it is for Web2. Hackers infiltrate Web3 projects posing as insiders or professional services contractor. Once inside, the hacker maintains his position until the right moment to exploit their insider access and permissions and drain the project. Read more in our blog: spherextech.com/post/web3-wolv… #web3security #smartcontractsecurity

6/7 Better safe than sorry: Properly vetting candidates via background checks and off-chain measures (such as MPC) reduce the risk significantly, but not completely. On-chain smart contracts require on-chain protection.

3/7 More than 12 documented cases in 2024 alone: The fact that 12 documented cases have occurred in 2024 suggests that there are likely many more undocumented incidents, as not all cases are reported or detected.

2/7 Rogue employees can wreak havoc... The global trend of digital nomads, and the global nature of the Web3 industry push many companies into hiring remote workers. If the hiring process lacks proper background checks, it may attract rogue employees.

1/7 The insider threat: Web3 companies face multiple threats from various angles, in every phase of the project lifecycle. However, recently there has been a disturbing rise in the risk of internal threats, and more specifically - insider job hacks.

And the week has yet to begin... 🇹🇭 Msg us if you want to meet-up! #Devcon2024 #Bangkok #sideevents #smartcontractsecurity

6/6 Inadequate monitoring: Although being publicly available on-chain, none of this preparation activity was caught by monitoring solutions, showing how easy it was for the hacker to evade those solutions.

5/6 A patient hacker: The attacker appears to have spent 5 weeks testing the hack – waiting for the opportunity to attack the real targeted protocol.

Following the 2nd hack on Radiant, here is a sobering reminder that hackers are not bolts of lightning. They can, and do, in fact strike twice. Though events leading up to each attack are far from similar, the hacker was well prepared for both, making sure to evade current security solutions; not just once, but twice in a year. Read our senior analyst's, Maor Ovadia, review of the Radiant attack spherextech.com/post/new-insig… #radiantattack #smartcontractattack #Web3security