Blockchain Security Series 16 - Matt Aereal (Co-founder @ The Red Guild)

Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, Opsek founder, SEAL member)

Topics discussed:

- 00:00 - Intro

- 01:40 - How you got into cybersecurity

- 09:26 - Artist side: Producing events and photography

- 12:52 - Parallelism between hacking, art and magic

- 16:31 - Ekoparty: Working for The biggest Latam Security Event

- 21:16 - Beginnings in blockchain and web3 security

- 27:07 - The Red Guild

- 40:48 - SEAL: What is the Security Alliance and how are you related

- 55:50 - The challenge of building web3 public goods

- 01:04:01 - Educating consumers vs building more secure systems

- 01:08:30 - OSINT and tools

- 01:12:50 - Cybersecurity state in Argentina

- 01:18:15 - Web2 exploits in web3

- 01:27:23 - Best security tips

- 01:33:53 - Kraken’s lawsuit against Certik

- 01:41:13 - Tooling in web3 research

- 01:44:34 - Read teams work and training

- 01:48:25 - Damn vulnerable DeFi

- 01:51:26 - Final thoughts

Summary:

This is the 16th episode of the Blockchain Security Series Podcast but the first one recorded live!

Pablito engages in an insightful conversation in Buenos Aires with Matt Aereal, co-founder of The Red Guild. Matt, a security generalist with a rich background in hacking and art, shares his journey into cybersecurity, starting from his early interests to his current endeavors in the blockchain and web3 space. Beginning with Matt recounting how he got into cybersecurity, highlighting the influences that shaped his career, the conversation delves into his artistic pursuits, including event production and photography, drawing parallels between hacking, art, and magic.

They touch upon the significance of Ekoparty, a renowned security conference in Latin America, and how it has fostered a community of like-minded professionals. Matt explains the origins and mission of The Red Guild, emphasizing its role in enhancing security within the web3 ecosystem. They will also explore his involvement with SEAL (Security Alliance), discussing how collaboration and shared knowledge are vital for advancing security measures and the importance of educating consumers versus the necessity of creating inherently secure systems.

In this episode you will be provided with a comprehensive exploration of the multifaceted world of cybersecurity, blending technical insights with philosophical reflections. It’s an enlightening listening for anyone interested in the nuances of blockchain security, the role of community in technological advancement, and the creative parallels that enrich the field.

Highlights:

- 29:19 - "We work as a non profit because we think that there’s space to complement the profit schemes that there are currently in the ecosystem and the way that we do so it’s being a group of security researchers with a lot of freedom to do it. So we take things really differently."

- 59:43 - "If you think security is expensive, try with an incident”.

- 01:05:26 - "There is a bigger problem that is that there is a huge gap between people who actually know about technology and people who don’t know about technology and the speed of the development of technology that has surpassed the capacity of some people to cope with it. And if the gap in technology itself is really really wide, then imagine in security."

- 01:07:10 - "Do you know how people have an accountant or a lawyer for themselves? I'am thinking security specialists for individuals"

- 01:44:34 - "At the beginning for people was always easier trying to break, because you know what to break, in comparison to defend, where you don’t have a scope of what to defend."

Takeaways:

- Having met Tincho Abbate they begin the journey of creating The Red Guild: an educational non-profit web3 organization.

• https://x.com/mattaereal
• https://x.com/theredguild
• https://blog.theredguild.org/
• https://www.damnvulnerabledefi.xyz/

Blockchain Security Series 15 - Nikita Varabei (Founder @ ChainPatrol)

Hosted by Pablo Sabbatella - pablito.eth (Blockchain Security Researcher, Opsek founder, SEAL member)

Topics discussed:

- 00:00 - Intro

- 01:40 - How Nikita got into programming and blockchain security

- 08:05 - How ChainPatrol started

- 10:10 - Scam investigators

- 12:20 - Burn Mywallet

- 15:05 - ChainPatrol early days

- 20:20 - What ChainPatrol does now

- 24:25 - Social engineering

- 28:30 - Post mortems

- 33:04 - Scammers investments and ROI (Return on investment)

- 38:10 - Service providers role: registrars, cloudflare, google ads, twitter, linkedin

- 46:00 - Scammers stack: registrars, hosting providers

- 51:18 - Mixing on-chain and off-chain data to detect threats

- 55:21 - Collaboration between security companies, Threat Intel, SEAL ISAC

- 58:56 - Issues with competitors and ChainPatrol openness

- 01:02:10 - Web3 vs Web2 security

- 01:06:18 - Scammers reporting each other

- 01:10:04 - Methods used by scammers to avoid detection. Cloaking techniques, Cloudflare, Captcha.

- 01:15:07 - Users and community reporting, incentives, threat hunters.

- 01:19:37 - Making scammers lose time

- 01:21:06 - Scammers using hacked domains and legitimate companies' domains getting hacked

- 01:22:43 - Wordpress hacks and secure domain registrars

- 01:25:35 - How to manage legitimate projects domains and accounts being compromised

- 01:31:38 - Transaction simulation bypass. Proxy contracts, exploit of contract variables. Bit flip attack.

- 01:37:20 - Challenge to build for more privacy and improving threat detection at the same time.

- 01:42:24 - Private information retrieval (PIR)

- 01:44:11 - Companies taking more care of their users trend

- 01:48:47 - IPFS being used by scammers

- 01:49:55 - Best tips for crypto companies

- 01:53:39 - Security tips for users

- 01:56:41 - Final thoughts

Summary:

Pablito.eth sits down with Nikita Varabei, co-founder of ChainPatrol, to dive deep into the world of blockchain security, uncovering the tactics scammers use and the innovative ways companies like ChainPatrol are fighting back.

From his background in programming and computer science, his love for crypto, and his experience working at Coinbase. He explains the need for dedicated security measures in the crypto space and how ChainPatrol helps protect users from phishing attacks and impersonation.

Follow this road into the discussion of various topics related to blockchain security, including the prevalence of scams with social engineering , the challenges of detecting and preventing these attacks and how to frame security from a economical and incentives perspective where attackers make an investment expecting a return. Also they will address the importance of securing accounts and using trusted brand protection providers and why traditional companies are not succeeding in diminishing these scams.

Takeaways

- ChainPatrol helps protect users from phishing attacks and impersonation by scanning domains, social media accounts, and replies to detect and block scammers.

- Scammers in the crypto space operate like an industry, with developers creating scam kits and others deploying them to steal funds.

- Post-mortems are crucial for improving security measures and preventing recurring issues in the crypto space.

- Tracking down scammers and taking down their fraudulent accounts requires collaboration with domain registrars, hosting providers, and social media platforms. Scammers often go under the radar of detection systems on social platforms due to the volume of accounts to monitor.

- Scammers employ various techniques, such as using Cloudflare and cloaking, to avoid detection.

- Incentive mechanisms are needed to encourage users to report scams. Secure all your accounts and use strong authentication methods to prevent unauthorized access.

- For individual users, use security extensions and wallets that offer protection against scams.

Links:

https://chainpatrol.io/