Josh Dmuchowski pfp

Josh Dmuchowski

@jchow

20 Following
6 Followers


Josh Dmuchowski pfp
Josh Dmuchowski
@jchow
$2B lost in Q1 with multi-sig and access controls continuing to dominate the narrative, for now. Multi-sig best practices from Hacken.io: * Human Readable Signatures - adopt EIP-712 typed data signatures * Hardware Wallets - use wallets that can display and verify EIP-712 messages * Minimize Contract Logic - use purpose-built multi-sig contracts with minimal code supporting only essential operations (e.g., native and ERC-20 transfers) and avoid unnecessary features like generic delegate calls. * Off-chain Security Perimeter - web interfaces, SDKs, and other tools used to interact with multi-sigs should be part of the security perimeter. Implement safeguards such as JavaScript pinning and integrity checks. * Establish Policy and Monitoring - on-chain logic with off-chain internal controls, anomaly detection, monitor signer activity, along with reoccurring signer education and review. Q1 Security Report - https://hacken.io/insights/q1-2025-security-report/
0 reply
0 recast
0 reaction

Josh Dmuchowski pfp
Josh Dmuchowski
@jchow
Mix of both. 1) Major custodial platforms should be highly regulated and surveilled to ensure assets are safe, insured, and account holders have legal recourse if operators do bad things (i.e, large % of your portfolio, normie adoption, etc). Native Security Model for public chains, degeners, and frontier innovation and investing.
0 reply
0 recast
1 reaction

Josh Dmuchowski pfp
Josh Dmuchowski
@jchow
https://x.com/bradmillscan/status/1890761055258726548?s=46&t=UR5t5yvHialGDKevCvUfdA
0 reply
0 recast
1 reaction

Josh Dmuchowski pfp
Josh Dmuchowski
@jchow
0 reply
0 recast
2 reactions

Paul Miller pfp
Paul Miller
@paulm
New vulnerability in elliptic.js allows attackers to extract private keys from signatures. This happened because fully deterministic signatures are not your friends. Check out my latest blog post describing the bug and prevention methods: https://paulmillr.com/posts/deterministic-signatures/
2 replies
9 recasts
47 reactions

Josh Dmuchowski pfp
Josh Dmuchowski
@jchow
Your blog is fantastic. This vulnerability is right up our alley at Hacken.io. Let’s chat - https://calendly.com/j-dmuchowski-hacken/30min
1 reply
0 recast
0 reaction

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Thank you to everyone to has given their kind support over the last few weeks
91 replies
118 recasts
872 reactions

Josh Dmuchowski pfp
Josh Dmuchowski
@jchow
$2.9 Billion in Web3 Hacks in 2024 - Hacken Security 2024 was a pivotal year for Web3 security, with losses exceeding $2.9 billion across DeFi, CeFi, gaming, and metaverse platforms. Access control vulnerabilities surged, accounting for 75% of all crypto hacks, while phishing scams led to $600M in damages. Yet, there’s hope—DeFi losses dropped by 40%, and bridge exploits hit an all-time low. Download the full report here - https://hacken.io/insights/2024-security-report/ To learn more about Hacken products, services, and partnership opportunities, grab some time on my calendar or TG at @chow2015 - https://calendly.com/j-dmuchowski-hacken/30min
0 reply
0 recast
1 reaction