Phantom Security
@PhantomOpSec
Followers
70
Following
2K
Media
6
Statuses
565
Web3 is under attack. We teach you how to defend OpSec audits•Threat modeling•Real-world attack breakdowns $70,000,000 in Secured Funds | DM for consulting
Joined October 2024
Elevating Web3 security. At Phantom Opsec, we're not just advisors we are your security partners. From tailored phishing simulations to comprehensive security awareness, we're elevating how protocols and individuals approach operational security in the web3 space.
1
1
1
This always does the trick, you just have to ask.
First time using the Fuck-Kim-Jong-Un variation. Made blunders but still won the game 😤
0
0
1
Fire Ant isn't just compromising ESXi hosts; they're playing chess at the hypervisor level. These aren’t smash-and-grab ops. This is long-term, persistent access for strategic espionage. If you’re still relying on EDR alone, you’re already blind. 👇.
A hacking campaign being tracked as "Fire Ant" is compromising virtualization and networking infrastructure used globally, and shares similarities with a China-linked group that recently launched attacks targeting Singapore
0
0
0
This is a sophisticated social engineering attempt . 1. Real chat history.2. Accurate language quirks.3. Browser Zoom clone.4. SDK bait for malware. If you work in web3, read every word. This could happen to anyone.
today was the closest i've been to getting scammed - this is getting more and more sophisticated. normally it's a lazy cold-approached job interview, bloomberg interview, investor pitch, etc. we all know those. but this time it came from a previous advisor who got his tg.
0
0
4
RT @PhantomOpSec: The threat surface is about to explode. We're not ready for what deepfake-driven social engineering will enable at scale….
0
1
0
RT @PhantomOpSec: Most protocol teams wait for a breach to start writing or rewriting their OpSec. The smartest ones design systems assum….
0
1
0
Most teams don’t realize they’re defenseless until a signer clicks a bad link or a dev wallet gets drained. If you ever want to pressure-test your team without the public pain, we’ll guide you through the drill.
0
0
0
Most protocol teams wait for a breach to start writing or rewriting their OpSec. The smartest ones design systems assuming compromise from day one. Trusting your team is great, Training them for opsec is better.
0
1
0
The threat surface is about to explode. We're not ready for what deepfake-driven social engineering will enable at scale. OPSEC has to evolve. Fast.
Lot's of hype about what AI will do. But this is 100% guaranteed. Fraudsters will be able to impersonate anyone over video call in a way you can't distinguish from reality. Completely automated and scalable. We are now entering the "golden age" of social engineering attacks.
0
1
1
Be careful with google.
💀 Pro tip for DeFi users: Stop using Google search for crypto sites unless you enjoy playing Russian roulette with your wallet! 🎲. Just checked: Aave, PancakeSwap, Pendle searches are ALL flooded with scam ads. One wrong click = game over!
0
0
0
RT @PhantomOpSec: A new hack almost everyday, compromising on high quality auditing, or opsec auditing will hurt your protocol on the long….
0
1
0
RT @PhantomOpSec: @PatrickAlphaC So disappointing, but couldn’t agree more. Too many teams still treat security as a post-launch feature a….
0
1
0
A new hack almost everyday, compromising on high quality auditing, or opsec auditing will hurt your protocol on the long term.
@Fav_Truffle Compromise on security and you'll definitely end up on rekt news, some protocols don't really learn from the past incidents.
0
1
1
$27M gone, not from a leaked key, but a poisoned deployment path. Private keys weren't compromised. Logic was. DevOps, CI/CD, and infra must be treated as attack surfaces, not just your code. So unfortunate to see new hacks almost everyday now.
🚨SlowMist TI Alert🚨. The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw
0
0
1
Phishing is still #1 attack vector to extract user funds, unfortunate really.
🚨 Someone lost $617,922 after signing multiple phishing signatures.
0
0
1
OfficerCIA provided a lot of help and value to the crypto community over the years, anyone who's capable of donating, please do without delay.
I need your support. For a year, I've been on vacation for health reasons, attending doctors, and physically unable to work as previously. I don't like asking you for money like a beggar at all, but I have very few other options…. At the present, all of my revenue comes from.
0
0
4
RT @PhantomOpSec: gmX v1 was exploited for ~$40M, the team acknowledged it and working on it atm. Unfortunate but even big protocols with….
0
1
0
RT @PhantomOpSec: Circle response time is frustrating; the hacker waited 1 hr safely before moving funds.
0
1
0
Circle response time is frustrating; the hacker waited 1 hr safely before moving funds.
@0xZilayo GMX exploiter bridging USDC to ETH while the @circle team eats ice cream with the forehead for 30 minutes. They have now converted to DAI… Thx @Define101 for spotting! .
0
1
2
gmX v1 was exploited for ~$40M, the team acknowledged it and working on it atm. Unfortunate but even big protocols with security budgets get hacked, GMX spent decent amounts on security, hope they'll recover soon.
0
1
1