Saturday night therapy 🍕 by Patrick Collins

🇦🇷😉

I met nisedo 3y ago at EthCC Paris. He then reunited all the best Web3 Security talents from the French community inside Soliditors . « Practice, Practice, Practice… » Nico joined Trail of Bits

Bad news of the day. Another wallet drained because the seed was stored in a password manager. Password managers are for passwords only. How much money is stolen every day? How much do you think of the stolen money isn’t public? From HNWI, to small, medium and big companies.

Be different

Has anyone using Bitwarden lost crypto in the last few days or weeks?

If anyone is interested

‼️ Be careful, it looks real. Coming from a user: ❄️ Deleted Account

Coming from Web2 security, I am happy to see this. Maybe we will see one day, Metasploit, crackmapexec and more for Web3 sec 😎

I’ll definitely spend more time here. While nowadays 80% of the articles are AI written, you must check them out. High quality and technical posts from Trail of Bits

Did you know you could run LinPEAS on your macOS?? Highly recommended to discover secrets & escalations paths. I have used it many times on Linux & Windows machines (WinPEAS).

🚨SlowMist TI Alert🚨 A community member recently reached out after interviewing with a Web3 team claiming to be from Ukraine. In the first round, he was asked to clone a GitHub repo locally — he wisely refused.🧑‍💻 🔍Our analysis revealed the repo contains a backdoor:

I've been in crypto for over 10 years and I’ve Never been hacked. Perfect OpSec record. Yesterday, my wallet was drained by a malicious Cursor extension for the first time. If it can happen to me, it can happen to you. Here’s a full breakdown. 🧵👇

I had to factory reset my macOS a few days ago. Will be pushed on our GitHub to help you reset your device & install the os within 1hr.

Supply chain attacks scare me so bad

🚨

🚨 NEW: VSDeer is live! 🦌 Time to protect your assets by avoiding malicious IDE extensions. VSDeer scans for malicious extensions before you install them. VSDeer runs a nice scam algorithm which detects scammy extensions. Also, you should sandbox all your extensions, so i

Your AppleID must be protected at all cost iPhone tip: Add a Screen Time passcode Settings > Screen Time > Use Screen Time Passcode and lock changes in Privacy & Face ID settings This prevents anyone from: •Removing or editing your Apple ID •Changing Face ID/Passcode

Using a hardware wallet is essential if you want your funds to be secure. If you struggle don't hesitate to reach out to trusted people in this space like opsek or Patrick Collins for wallet security courses.

OWASP Top 10 vulnerabilities in smart contracts. Same as Web2. No matter which framework or dev tools you use, access controls must be mapped manually one by one and the principle of least privilege must be applied. Block everything first, then allow only the minimum necessary.