ETHSecurity Community

ETHSecurity Community

This is the farcaster instantiation of the great and lindy ETHSecurity community which exists on Telegram and elsewhere.

Officer’s Notes pfp

Officer’s Notes

How to Protect Your Devices from Pegasus Spyware: Essential Countermeasures and Best Practices https://officercia.mirror.xyz/ZuT6zYuAsQYNnuVTGkejiWqhmT5U8qT9u56VGQFDi08

0 reply

1 recast

4 reactions

Officer’s Notes pfp

Officer’s Notes

16 billion passwords from your Apple, Google, Instagram, Facebook, GitHub, and Telegram accounts have hit the web, Forbes writes… The giant data sets contain billions of logins and passwords from social networks, VPN services, developer portals, and accounts of large companies. It is noteworthy that almost all of this data has not previously appeared in known leaks - except for the database with 184 million passwords. Time to change your password! https://www.forbes.com/sites/daveywinder/2025/06/19/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/

0 reply

1 recast

3 reactions

@ pfp

https://x.com/ackeeblockchain/status/1935038467693846861?s=46

0 reply

0 recast

1 reaction

Officer’s Notes pfp

Officer’s Notes

Reentrancy Attacks on Smart Contracts Distilled https://officercia.mirror.xyz/RoWpSjah4hvKvCyrCgqtdyWX657e3-qUeShBZ2VtkUs

0 reply

0 recast

4 reactions

kazani.base.eth 🦂 pfp

kazani.base.eth 🦂

Checklist of audit checklists https://github.com/TradMod/awesome-audits-checklists

0 reply

0 recast

0 reaction

Thumbs Up pfp

I haven’t ever stored private keys in a password manager, and whenever I see the section in 1Password I shudder a little. I store my private keys in a waterproof notebook in a fireproof safe. Really. And I write them using a cypher I’ve memorized—again, really—so that even if someone read what they found it wouldn’t do anything. I do all this, despite having never held more than $50k in my wallets and usually holding only a few thousand. Am I way overkill with my approach? Or just following best practices that I can grow into if I ever hold more? What’s your approach and why do you feel it’s good or bad?

3 replies

0 recast

5 reactions

Officer’s Notes pfp

Officer’s Notes

Dear friends, you can order an OpSec audit from me for you and your team/project. This is about my personalized services. I do not do it on behalf of the company. Thank you!

0 reply

1 recast

4 reactions

Juuso pfp

Nethermind is seemingly developing a formal model of EVM and Yul in Lean4: https://github.com/NethermindEth/EVMYulLean Though it's quite light on theorems and algebraic proofs, at least for now

0 reply

0 recast

1 reaction

Hirugohan pfp

Cyfrin just released Web3 Wallet Security Basics course taught by @patrickalphac Now I could recommend course from Cyfrin to people who are not dev to learn basic OpSec 😄

1 reply

0 recast

2 reactions

Francesco Piccoli pfp

Francesco Piccoli

We found (and got rewarded for) security vulnerabilities in many projects using @almanax. Kept it under the radar until now as part of our testing but we might start posting more about it (when possible). We entered a new era of cybersecurity, where AI models can find zerodays. Security teams are going to be supercharged by AI like software engineers have.

0 reply

1 recast

4 reactions

albert pfp

careful about this -- i just got a similar email from [email protected] looks like a phishing attempt when you click through, first thing they ask you to do is input your twitter password

0 reply

0 recast

3 reactions

Officer’s Notes pfp

Officer’s Notes

2.6M USDT loss from a targeted address poisoning scam involving zero-value transfers. A single victim was repeatedly scammed by the same attacker address. First, the victim lost 843K USDT. About 3 hours later, the same victim sent 1.75M USDT again to the same scammer — totaling ~2.6M USDT lost. Lesson: • Never ever copy an address from transaction history or from Etherscan! • Use address book in your wallet! • Always double-check addresses 1:1 before sending. Victim: 0x86c0300fc369e54d22512564cc0e8cc261102604

2 replies

1 recast

5 reactions

Officer’s Notes pfp

Officer’s Notes

https://farcaster.xyz/officercia/0xfe06cb41

2 replies

2 recasts

5 reactions

Officer’s Notes pfp

Officer’s Notes

Got hacked, scammed or lost your crypto? Reach out to t.me/rata0x We have successfully recovered funds in numerous cases. Please be cautious of scammers who claim they can help you get your money back in the replies. It's important to trust professionals with your case.

1 reply

2 recasts

7 reactions

Royal pfp

Decent breakdown of what happened, interested in @lobstermindset.eth's take https://x.com/dedaub/status/1925651919948673314?t=c6F-6mTvLsVigY1ZW5-S4w&s=19

0 reply

2 recasts

4 reactions