This is the farcaster instantiation of the great and lindy ETHSecurity community which exists on Telegram and elsewhere.

Main

ETHSecurity Community

Can you get in trouble for teaching 🇰🇵 how to use Ghidra for money? Asking for a friend (non-🇺🇲 person) (in Minecraft)

Think you’ve got what it takes to dominate Web3 security? 

The Remedy CTF 2025 by Hexens is here!

💰 $50K+ in prizes
🧠 Solve cutting-edge challenges
🌍 Gain global recognition
🚀 Unlock career opportunities

Registration:

Think you’ve got what it takes to dominate Web3 security? 

The Remedy CTF 2025 by Hexens is here!

💰 $50K+ in prizes
🧠 Solve cutting-edge challenges
🌍 Gain global recognition
🚀 Unlock career opportunities

Registration: https://ctf.r.xyz/?utm_source=Web3secNews&utm_medium=Banner&utm_campaign=CTF2025

There are currently 5,564,420$ available in rewards at @remedy  

Sign up for the bug bounty platform and participate in 17 programs! 

Remedy provides high-quality triage. So try the only platform powered by Zero Knowledge Proof of Duplicates, which offers an extra layer of security for researchers!

Revealing true industry potential through the ultimate WEB3 security platform.
 
Apply for a closed beta and get unique benefits for early adopters: r.xyz

There are currently 5,564,420$ available in rewards at @remedy  

Sign up for the bug bounty platform and participate in 17 programs! 

Remedy provides high-quality triage. So try the only platform powered by Zero Knowledge Proof of Duplicates, which offers an extra layer of security for researchers!

https://r.xyz/bug-bounty/programs

If you like privacy, you will like this

https://www.fluidkey.com/

I have to do another deep-dive on it later.

infosec

Hey look, for 10 dollars you can build a malicious RAM module that allows you to pop open TEEs, and have full access to the encrypted memory space:
https://badram.eu/

This seems relevant:
https://warpcast.com/deanpierce.eth/0x2c37a279

Sharing some Lumma info-stealer malicious captcha instances to avoid. Instances initially reported by @banthisguy9349 on X

credit:

Fake Captcha that we have observed by #Lummastealer 

has now been found luring victims to execute a powershell script with a malicious .mp4

IOC's:
hxxps://sos-de-fra-1.exo.io/sandisk/security-checkpost-v2.html

Malware url:
kliphuqibue[.]shop/data. mp4
https://t.co/u7JaKr4irC https://t.co/L9Zhe4gFep

Sharing some Lumma info-stealer malicious captcha instances to avoid. Instances initially reported by @banthisguy9349 on X

credit: https://x.com/banthisguy9349/status/1866393258789933389

https://github.com/cipher-rc5/untitled-folder/blob/main/lumma_stealer_fake_captcha.md

Does anyone else get tired of ignoring this?

PSA: Don't use a VPN to access Coinbase. 

Attackers always use VPN's, so our risk models take that as a negative sign even if you're legitimately using your own account.

This ain't it https://x.com/scottshapiro/status/1863691538661883925

Announcing the ETH Rangers

- $25K to people improving the security of the Ethereum ecosystem

- Eligible work includes vuln. research, pro-bono security incident handling or audits, building security focused tools, and more.

- Apply by Dec 31!

https://blog.ethereum.org/2024/12/02/ethrangers-public-goods

Announcing the debut of a new service! 

Now you can contact me and my friend rata0x for legal services and advice. We've known my dear friend rata0x for 5 years, and we've helped a lot of individuals in the most desperate situations! 

So, if you need to: 

1. Resolve the issue of unauthorized blocking of funds on the exchange. 

2. You have had a huge sum of money stolen from you and must immediately block it on exchanges and return it as soon as possible.

3. You or your project require legal assistance and advice. 

Contact rata0x ! When I refer him, I use my name because I've worked with him for a long time and know him well.

https://x.com/rata0x?s=21

Ready to elevate your Web3 bug bounty game? In this video, we’re diving into the Top 5 Tools for Web3 Security Researchers that every hacker and developer should know ⬇️

Ready to elevate your Web3 bug bounty game? In this video, we’re diving into the Top 5 Tools for Web3 Security Researchers that every hacker and developer should know ⬇️

https://youtu.be/zS9e8uIq_go?si=ZupuI6Y2pIZz1go-

My Web3 Security & Privacy Stack

https://officercia.mirror.xyz/QAX5XNfBcSnMelGrVLbdJz-N4vjvdylgMPElLyclOuQ

LOL @ Ogle getting called out by John Oliver for helping Trump with his shitty crypto platform. Seriously, I have all the respect in the world for the awesome shit that Ogle has done for the community, but this Trump exchange nonsense is ridiculous.

A company created a lending market on morpho but integrated the oracle wrong, leading to that morpho lending market being hacked for 250k

Should we display that hack under morpho or not? why?

Interesting question https://x.com/0xngmi/status/1851630193749750227

SEAL ISAC has a database of individual threat actors identified as DPRK operatives.

Also apparently asking the candidate to say “Kim Jong Un sucks” is an effective screening mechanism…

SEAL ISAC has a database of individual threat actors identified as DPRK operatives.

Also apparently asking the candidate to say “Kim Jong Un sucks” is an effective screening mechanism…

https://isac.securityalliance.org/news/DPRK_OpenToWork