Security Alliance

‼️ UPDATED LINKS FOR THE ETHEREUM SECURITY QF ROUND ‼️ SEAL has 5 projects participating in the QF round, please use these links (they've been updated & our previous post removed to avoid confusion): 1) qf.giveth.io/project/seal-9… 2) qf.giveth.io/project/seal-i… 3) qf.giveth.io/project/seal-f… 4) qf.giveth.io/project/seal-c… 5) qf.giveth.io/project/seal-s…

@_SEAL_Org frameworks is an excellent jumping off point to dive in. frameworks.securityalliance.org/intro/introduc… Frameworks is also accepting donations in @thedaofund @Giveth round qf.giveth.io/project/seal-f…

Hosted by @isaacpatka (Shield3) and @pablosabbatella (Opsek). Limited slots, filled from applications. Anyone we can't fit in person will get a same-week follow-up, on-site or remote. Apply: securityalliance.typeform.com/Accelerate

What we can talk through: - Multisig governance and signer security - Treasury architecture and custody - Phishing and social engineering defense - Account, domain, and DNS takeover prevention - Incident response readiness - SEAL Certification scoping For protocol teams, founders, investors, and individual builders. You'll walk away with practical guidance.

We're doing 1:1 security office hours at Solana Accelerate in Miami on May 5. Bring real questions about your protocol, your company, or your personal opsec. Apply: securityalliance.typeform.com/Accelerate

if you have 5 minutes and 5 dollars, you can directly help fund @_SEAL_Org through @thedaofund's qf round and help avoid a tragedy of the commons qf.giveth.io/project/seal-s… qf.giveth.io/project/seal-i… qf.giveth.io/project/seal-f… qf.giveth.io/project/seal-c… qf.giveth.io/project/seal-9…

@shilldianajones @_SEAL_Org @RevokeCash @boringsecdao @zachxbt @cyfrin @wiimee @ChainPatrol @CyfrinUpdraft @RektHQ How to donate and considerations to keep in mind!

Don't forget! The @Giveth QF round closes May 15 and every donation is amplified by a 500 ETH matching pool from @thedaofund. No amount is too small! Support our projects protecting crypto: 🚨 SEAL 911 — qf.giveth.io/project/seal-9… 🔍 SEAL Intel — qf.giveth.io/project/seal-i… 📐 SEAL Frameworks — qf.giveth.io/project/seal-f… ✅ SEAL Certifications — qf.giveth.io/project/seal-c… 🛡️ SEAL Safe Harbor — qf.giveth.io/project/seal-s…

The person or people who appear on the call may or may not be deepfakes! Attackers have access to multiple recorded personas that will be played back to you. You will then be 'walked through' the process of self-executing the malware. This is a highly convincing attack pattern.

The URL displayed in the Telegram interface is NOT the real URL. That's only hypertext hiding the malicious Microsoft Teams page that will ask you to perform some form of software update to repair a non-existent audio/video issue.

🚨 PSA: Active attack campaign! Be careful when accepting unexpected call invites, even from people you do know. Attackers are compromising accounts and impersonating your co-workers, business partners, and friends as part of a convincing social engineering attack.

@nft_dreww @shilldianajones @RevokeCash @boringsecdao @zachxbt @cyfrin @wiimee @ChainPatrol @CyfrinUpdraft @RektHQ Thank you ser!

Video by @shilldianajones I made donations to the below folks myself and suggest considering to them as-well: Link: qf.giveth.io/qf/ethereum-se… @_SEAL_Org @RevokeCash @boringsecdao @zachxbt @cyfrin @wiimee @ChainPatrol @CyfrinUpdraft @RektHQ x.com/Giveth/status/…

I’m excited to announce that Drew Security was accepted into the @thedaofund x @Giveth round for security on Ethereum. Link: qf.giveth.io/project/drew-s… If you have found my posts, work, and assistance valuable, please consider supporting. This donation round has a 500 ETH matching pool, so any amount helps. This round is quadratic funding, so more donations with smaller amounts are actually worth more due to the matching pool: Example: $5 donation = ~$1K matched Even $5 can make a difference in a quadratic funding round ($5 minimum for quadratic funding matching), since more contributors means more impact. The round ends May 14th. It’s such an honor to be accepted and recognized for the work my team and I do for Ethereum security through Drew Security, I’m ecstatic!!! Any funds donated will help Drew Security continue providing free or subsidized security education, security guidelines, security bots, and security frameworks for Ethereum and EVM. Thank you for your consideration and support. Even if you cannot donate, sharing this post means a ton!! Stay Safe & Stay Vigilant

@_SEAL_Org SEAL deserves serious support. Safe Harbor, SEAL 911, SEAL Intel, and SEAL Frameworks are all part of the kind of security layer Ethereum needs: faster coordination, better incident handling, clearer norms, and more people ready before things go wrong

We often observe victims and researchers misattributing these campaigns to DPRK threat actors. We assess that at least one Russia-based MaaS operator is actively trying to impersonate DPRK operations to mislead attribution and enhance their campaigns with proven effective methods used by DPRK.

The campaigns heavily rely on sophisticated social engineering. "Company" landing pages are well-designed, social media channels are active, and malicious front ends are extremely convincing. Attackers often employ "living off the land" tactics, such as hosting content on Google Drive and using internal Google Apps Scripting for interactive "Update" pop-up boxes.

⚠️Beware of cold reachouts - Infostealer malware campaigns targeting crypto. We track multiple active campaigns using highly convincing social engineering paired with macOS-focused malware. Detailed breakdown in the article + thread below. radar.securityalliance.org/beware-of-cold…