We're proud to partner with @neemofinance! It's a privilege to work with a professional, trustworthy team fully devoted to security. This is how you build user trust.

@SpherexTech is thrilled to announce that we have achieved the ISO/IEC 27001:2022 (ISO 27001) certification. 🛡️ This milestone reaffirms our unwavering commitment to upholding the highest standards of information security and protecting what matters most to our clients and

5/5 Web3 introduces innovation but also new risks, especially during protocol updates, which often become optimal targets for hackers. Find out more on why #protocol updates and upgrades create vulnerabilities, as well as what you should prioritize in order to mitigate risk.

4/5 The clear winner in prevention Secure development and extensive testing depends on your developers, and even the best dev team is not perfect and makes mistakes. There’s another effective prevention and protection tool for protocol updates. spherex runtime prevention

3/5 Your security checklist Many other protocols faced exploits shortly after updates, resulting in millions lost… So what are some of the most effective ways of prevention? ✔️ Secure development and extensive testing ✔️ Secure development and extensive testing ✔️ Secure

2/5 Leading by example, unfortunately... WildCredit on May 27, 2021 ~$650K, 4 days after update Beanstalk on April 17, 2022 ~$181M, 15 days after update Ulme on October 25, 2022 ~$50K, 6 days after update Sheep Farm on November 15, 2022 ~$72K, 6 days after

1/5 How Upgrades and Updates Lead to Exploits? New code is not as battle tested as existing code and the chances of potential flaws or misconfigurations is higher. Moreover, some code updates and patches are supposed to fix existing bugs but fail to do so, only now it’s much

https://t.co/5eqxqppPyd

🚨 Protect your dApp from compromised keys In the world of Web3, your private keys are the gatekeepers to your digital assets. That is why safeguarding your keys is crucial - not just for your personal security, but for the integrity of your entire project. Unauthorized access

There are a number of critical consequences beyond the substantial financial loss when your protocol is hacked, including eroding user trust and legal liability proceedings, to only name a couple. What are the top consequences you’re worried about if you ever become susceptible

The Web3 Security Meetup at @aleph's headquarters dove head first into the future of Web3. spherex's CEO & Co-Founder, @meroneyal1, explains why smart contracts are the weakest link when it comes to Web3 security, and why solving this challenge is needed in order to drive mass

7/7 Surprisingly, the insider threat is relevant for Web3 as it is for Web2. Hackers infiltrate Web3 projects posing as insiders or professional services contractor. Once inside, the hacker maintains his position until the right moment to exploit their insider access and

6/7 Better safe than sorry: Properly vetting candidates via background checks and off-chain measures (such as MPC) reduce the risk significantly, but not completely. On-chain smart contracts require on-chain protection.

5/7 Behind the Mozaic and Holograph hack: Holograph (June 13, 2024):  A malicious actor, turned out to be a former developer in the project, exploited the Holograph Operator contract resulting in a substantial loss of $14.4 million. Mozaic Hack (March 15, 2024): A developer

4/7 All eyes on rogue developers: While every rogue employee is capable of inflicting damage, the damage rogue developers can inflict is by far worse than other employees. Developers have access to private keys and code, allowing them to abuse their access or plant hidden

3/7 More than 12 documented cases in 2024 alone: The fact that 12 documented cases have occurred in 2024 suggests that there are likely many more undocumented incidents, as not all cases are reported or detected.

2/7 Rogue employees can wreak havoc... The global trend of digital nomads, and the global nature of the Web3 industry push many companies into hiring remote workers. If the hiring process lacks proper background checks, it may attract rogue employees.

1/7 The insider threat: Web3 companies face multiple threats from various angles, in every phase of the project lifecycle. However, recently there has been a disturbing rise in the risk of internal threats, and more specifically - insider job hacks.

And the week has yet to begin... 🇹🇭 Msg us if you want to meet-up! #Devcon2024 #Bangkok #sideevents #smartcontractsecurity

6/6 Inadequate monitoring: Although being publicly available on-chain, none of this preparation activity was caught by monitoring solutions, showing how easy it was for the hacker to evade those solutions.