

Security Alliance
632 posts

@_SEAL_Org
Securing the future of crypto | Cover art by @yueko__ | Emergencies: https://t.co/DAAyAETsY4



I am working on a quarterly threat intel report for SEAL and goddamn blockchain projects are basically constantly getting rekt by the same things over and over again. And when I say 'the same things' it is literally the same things that somehow everybody claims to be 'well aware off' or 'not that stupid to fall for it'. And 90% of those things is actually easy to stop but that doesn't happen because nobody bothers with the actual recommendations made by security / threat / appsec / opsec people even if those are made for free or near-free if you include tooling. Like, it is honestly ridiculous when you finally get to creating the 'big picture' view. It even fooled me. I somehow thought - Omg, we deal with so many different things, tens of different things, 20 tickets and tips and signals a day, how am I supposed to cover it all! The answer - it is maybe like FIVE different things just over and over and over again. DPRK campaigns literally exists because of that massive discrepancy between signaling ("We are audited") and the reality ("... but we don't know what that means"). Yes, there is some adaptation/evolution on Norks part but only against nerds that chase them and not against geeks that get rekt by them. TTPs are EXACTLY the same, EDRs are DETECTING their malware, goddamn, I think in one or two instances we've seen their attack chain failing because of the firewall setting and they just gave up and moved to someone who just doesn't give a F at all? The bar is in hell and we only do not get another record hack front page news because the whole industry is in massive bear market.








Introducing OPSeC: a new industry-wide initiative we're convening in partnership with @_SEAL_Org & @asymmetric_re to improve cybersecurity resilience across blockchain ecosystems & onchain software. Join us to ensure security is at the heart of onchain technology development.





If your protocol is ready to get certified, these firms are accredited and taking clients now. Already working with one of them? Ask about SEAL Certifications starting today. @audit_wizard @BlockSecTeam @chain_security @Composable_Sec @ConsensysAudits @cyfrin @DefiSafety @hackenclub @HackenProof @SecurityOak @OpenZeppelin @opsek_io @Quantstamp @0xshield3 @sigp_io @statemindio @trailofbits @Wonderland @zellic_io @zeroshadow_io Announcement: radar.securityalliance.org/seal-certifica…








Introducing DARC: the Digital Asset Risk & Compliance Standard. Built by @Wonderland in collab with @_SEAL_Org, DARC is an opsec standard with 250 controls continuously monitored across your GitHub, cloud infra, multisig wallets, and more. Running every day, automatically.




Welcome, @MonolithMarket! Monolith is now a SEAL Safe Harbor member — meaning authorized whitehats have the green light to help rescue funds if an active exploit hits. There are now 30 protocols under Safe Harbor protection!