Web3 Security

Something hard for me to grasp is how so few influencers/projects take SIM swap risk seriously. 

You can make posts that get millions of impressions yelling at people to use a security key instead of linking a phone number for 2FA and they still will not listen.

Something hard for me to grasp is how so few influencers/projects take SIM swap risk seriously. 

You can make posts that get millions of impressions yelling at people to use a security key instead of linking a phone number for 2FA and they still will not listen.

https://x.com/zachxbt/status/1694326221511794706

Then after a SIM swap happens the project/influencer avoids taking responsibility for the slip up after their followers lose funds 

It is not a new attack vector and this still happens on a weekly basis.

True just annoys me bc many times the individual or project reaches out to me for advice after an incident.

Nobody cares about security until it impacts them personally. Unless you’re a paranoid infosec person, you’re yelling into the void.

Farcaster OG | FID: 10174| /bnfarcaster podcast🎙 in Spanish | https://www.youtube.com/@Crypto_WenMoon/videos

It is a good option if you live in the US

Zach what do you think of Efani?

https://www.efani.com/

I still think yours was some variation of this (same with Hayden Adams & FranklinIsBored)

For an insider there would have been more incidents + targets with less knowledgeable followers

I still think yours was some variation of this (same with Hayden Adams & FranklinIsBored)

For an insider there would have been more incidents + targets with less knowledgeable followers

https://x.com/samczsun/status/1734761883339801030

With my Twitter hack, I didn’t have a phone number on file and I had TOTP 2fa. They never gave me confirmation, but most likely an inside job with a contract support agent.

Given a choice, most people will always choose convenience over security and companies enable this decision to optimize for growth. Should we blame the victims or the services they use that enable SMS 2FA?

We don't allow cars to be sold without seatbelts, why do we allow SMS 2FA?