Web3 security tips and education project

brucexu.eth · October 27, 2022, 10:04am

Security is a critical topic in Web3, and many security issues are happening daily. Victims might lose all of their assets because of the attack.

We could buidl some projects for this, introduce essential security tips to new Web3 users, demonstrate typical attacks in Web3 and help users to protect their assets.

Luckily, we have a security agency partner like SlowMist. We can collaborate to work on this. We can buidl the product, and they provide professional security content.

In this topic, we can collect some good security posts, website, and products, brainstorm and design for this product. Then convert it into proposal and start buidling this project.

su007-eth · October 27, 2022, 10:10am

MyFirstHacked.eth

brucexu.eth · October 27, 2022, 11:59am

I think we can buidl a website to show the common phishing attacks and make it looks like a tutorial. After finishing all courses, will get a POAP or SBT as the certificate.

It will show the attack details and what the attack looks like (MetaMask signature), and how to prevent this from happening.

We can add more tutorials and notify the users if we get some new attack cases, this can be done by SlowMist.

brucexu.eth · November 4, 2022, 6:29am

From Cos:

It can be a phishing demo website.

In the first step, the user visits the website and free mint a few NFTs for security tests.

The second step, “hack” users’ NFT by using eth_sign, personal_sign signTypedData, etc. And let user feels how their NFT stole.

After NFTs have been stolen, the third step asks a few questions for the users and free mint an NFT for commemoration.

brucexu.eth · November 5, 2022, 5:57am

Phishing Tips

https://twitter.com/gabrieIleydon
https://twitter.com/gabrielleydon

brucexu.eth · November 20, 2022, 12:09pm

brucexu.eth · November 20, 2022, 12:12pm

We might call this MyFirstHack? Try to show someone how the phishing attack happened.

For example, teach people to create a phishing link and “hack” their own NFT. Let them experience how the attack happened.

brucexu.eth · November 22, 2022, 8:00am

same address + similar ens

brucexu.eth · November 23, 2022, 11:37pm

https://twitter.com/evilcos/status/1588722701669404672

wodeche · November 25, 2022, 2:52am

I lost more than 1 eth in security issues. It’s very helpful

Spongky · December 4, 2022, 7:58am

MobyMask in one of em and is on the way !

brucexu.eth · June 8, 2023, 2:30am

Including the common security tools and signature type

kernel1983 · June 8, 2023, 2:35am

在群里讨论的
区分metamask在做合约交互，还是仅仅在做personal sign签名

brucexu.eth · June 8, 2023, 2:37am

From @neal-zhu

就是很简单的，别用小狐狸钱包，用 rabby 就可以了。如果一定要用小狐狸，加个 stelo 插件，都能好很多。别靠自己，靠专业工具

neal1 · June 8, 2023, 2:41am

操作钱包的时候要足够清醒，熬夜，酒后，刚睡醒都要尽量避免操作重要钱包