Blockchain Security Series 11: Peter Kacherginsky (Lead @ Unit 0x Threat Research Team at Coinbase)

Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, SEAL member)

Topics discussed:

- 01:45 - How Peter get into crypto

- 03:39 - Interest in cybersecurity as teenager

- 08:44 - From web2 security to web3

- 10:29 - Why did you start BlockThreat?

- 11:25 - Generating content to keep learning

- 14:28 - Similarities and differences in security industry from the last 20 years

- 16:45 - Intelligence driven security

- 18:47 - Web2 criminals coming into web3

- 26:45 - Top 10 ways a protocol get hacked insights

- 35:55 - Threat actors profiles

- 39:36 - Insider threats

- 44:59 - Other personality profiles in the community

- 49:01 - Nation states criminals and other hacks

- 52:50 - The role of UX to leverage users security

- 01:01:15 - User’s education about security

- 01:07:15 - Most important things you learn about incident response

- 01:14:03 - Independent security researchers

Summary:

In the 11th episode of Blockchain Security Series we sit down with Peter Kacherginsky. We discuss his journey into the cryptocurrency world and his role in blockchain security. Also he talks about the early days of hacking and the parallels between web 2 security and blockchain security.

Peter shares his experience in creating BlockThreat, a popular newsletter in blockchain security and makes us think about the importance of threat intelligence and the need for mature security programs in the DeFi space. He also explores the top attack vectors in DeFi protocols and the profiles of threat actors. Later in this conversation, Peter Kacherginsky discusses various topics related to blockchain security, including threat actors, incident response practices, and user security. Emphasizing the importance of automation in incident response and the need for a security mindset among all team members he also highlights the significance of building trust in the crypto industry and the need for user-friendly and secure UX design and the potential for decentralized incident response and the role of independent security researchers in protecting protocols.

Takeaways:

- Threat intelligence is crucial in understanding who the adversaries are and how they target DeFi protocols.

- The top attack vectors in DeFi protocols include stolen private keys, function parameter validation, and JavaScript injection.

- Crypto natives, individuals with technical proficiency and questionable ethical beliefs, are responsible for a majority of exploits in the blockchain space.

- Insider threats and stolen private keys are significant risks that DeFi protocols need to address.

- The industry should focus on building mature security programs and adopting industry standards and procedures.

- The complexity of DeFi protocols and the financial incentives make them attractive targets for attackers. Automation is crucial in incident response to detect and respond to exploits quickly.

- All team members should have a security mindset and be involved in security practices.

- Building trust is essential for mass adoption of blockchain technology.

- User-friendly and secure UX design is important for protecting users from scams and phishing attacks.

- Decentralized incident response and the involvement of independent security researchers can enhance the security of protocols.

Sound Bites:

"It's been more than six years now and still enjoying it like it's never a dull moment."

"Not so many people that are today in blockchain security come from web 2 security, right? But some people as you or me do, well, we have all these things in common."

"We can't live in a society where we don't trust anyone."

"We need to build everything within incident response and monitoring to strive towards automation."

"Everyone is a security team. Everyone is an incident responder to the degree that they can"