Blockchain Security Series 15 - Nikita Varabei (Founder @ ChainPatrol)

Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, Opsek founder, SEAL member)

Topics discussed:

- 00:00 - Intro

- 01:40 - How Nikita got into programming and blockchain security

- 08:05 - How ChainPatrol started

- 10:10 - Scam investigators

- 12:20 - Burn Mywallet

- 15:05 - ChainPatrol early days

- 20:20 - What ChainPatrol does now

- 24:25 - Social engineering

- 28:30 - Post mortems

- 33:04 - Scammers investments and ROI (Return on investment)

- 38:10 - Service providers role: registrars, cloudflare, google ads, twitter, linkedin

- 46:00 - Scammers stack: registrars, hosting providers

- 51:18 - Mixing on-chain and off-chain data to detect threats

- 55:21 - Collaboration between security companies, Threat Intel, SEAL ISAC

- 58:56 - Issues with competitors and ChainPatrol openness

- 01:02:10 - Web3 vs Web2 security

- 01:06:18 - Scammers reporting each other

- 01:10:04 - Methods used by scammers to avoid detection. Cloaking techniques, Cloudflare, Captcha.

- 01:15:07 - Users and community reporting, incentives, threat hunters.

- 01:19:37 - Making scammers lose time

- 01:21:06 - Scammers using hacked domains and legitimate companies' domains getting hacked

- 01:22:43 - Wordpress hacks and secure domain registrars

- 01:25:35 - How to manage legitimate projects domains and accounts being compromised

- 01:31:38 - Transaction simulation bypass. Proxy contracts, exploit of contract variables. Bit flip attack.

- 01:37:20 - Challenge to build for more privacy and improving threat detection at the same time.

- 01:42:24 - Private information retrieval (PIR)

- 01:44:11 - Companies taking more care of their users trend

- 01:48:47 - IPFS being used by scammers

- 01:49:55 - Best tips for crypto companies

- 01:53:39 - Security tips for users

- 01:56:41 - Final thoughts

Summary:

Pablito.eth sits down with Nikita Varabei, co-founder of ChainPatrol, to dive deep into the world of blockchain security, uncovering the tactics scammers use and the innovative ways companies like ChainPatrol are fighting back.

From his background in programming and computer science, his love for crypto, and his experience working at Coinbase. He explains the need for dedicated security measures in the crypto space and how ChainPatrol helps protect users from phishing attacks and impersonation.

Follow this road into the discussion of various topics related to blockchain security, including the prevalence of scams with social engineering , the challenges of detecting and preventing these attacks and how to frame security from a economical and incentives perspective where attackers make an investment expecting a return. Also they will address the importance of securing accounts and using trusted brand protection providers and why traditional companies are not succeeding in diminishing these scams.

Takeaways

- ChainPatrol helps protect users from phishing attacks and impersonation by scanning domains, social media accounts, and replies to detect and block scammers.

- Scammers in the crypto space operate like an industry, with developers creating scam kits and others deploying them to steal funds.

- Post-mortems are crucial for improving security measures and preventing recurring issues in the crypto space.

- Tracking down scammers and taking down their fraudulent accounts requires collaboration with domain registrars, hosting providers, and social media platforms. Scammers often go under the radar of detection systems on social platforms due to the volume of accounts to monitor.

- Scammers employ various techniques, such as using Cloudflare and cloaking, to avoid detection.

- Incentive mechanisms are needed to encourage users to report scams. Secure all your accounts and use strong authentication methods to prevent unauthorized access.

- For individual users, use security extensions and wallets that offer protection against scams.

Links:

https://chainpatrol.io/