Follow
Danny C
@danny_inconfido
Founder
Danny C’s Tweets
For our second infographic, we cover the Euler Finance hack which led to loss of close to $200 million in funds. Negotiations with the attacker are taking place:
2
2
📢 Exciting News! 🚀 We are happy to announce that we have opened up our Discord server to the Web3 security community to join! 🔐 Join us now on inconfido.com/discord
#Web3Security #Web3 #Cybersecurity #SmartContractSecurity
1
1
Show this thread
🚨London Web3 Week Attendees 📣
You can now see which degens are attending the conference and its various side events.
💖 an event to let others know you are attending!
LFG 🤌🤌
0:20
550 views
2
11
30
Show this thread
First company swag dropping, just in time for next week! Can't to see everyone there 🚀
3
5
Can’t wait for next week! We are pumped about being a community partner for an amazing event bringing together the best of Web3 to the UK #web3 #web3london #web3security
Quote Tweet
ZEBU LIVE 2022 IS OFFICIALLY SOLD OUT
We want to thank everyone involved, Our sponsors, media partners, community partners, speakers and all the team members involved 
We are extremely excited to have you there!
Comment "I'm In" if you secured your tickets
#ZebuLive22
We want to thank everyone involved, Our sponsors, media partners, community partners, speakers and all the team members involved
We are extremely excited to have you there!
Comment "I'm In" if you secured your tickets
#ZebuLive22
GIF
1
2
Missed out on the 1st annual DeFi Security Summit ?
Don't worry, we've got you covered 🛡️
Replay live sessions featuring our Co-founder, below ⬇️
1
1
5
Show this thread
Are you based in London? We are back! 🇬🇧💂
Free event! Limited seats
meetu.ps/e/LqdML/yzsr/i
✅ Educative and friendly
✅ 3x talks + panel
✅ Afterparty + NFT gallery
Meet with Leah founder of and many other VIP guests
#web3 #london ✨🚀
4
8
18
📣 join as a Community Partner.
🗓You can register for the event here: zebulive.xyz
🔐 We will be there to assist with all things Security as well as helping build the UK’s Web3 security community.
Thanks to @zebudigital for hosting!
5
8
Building this out is going to make a huge impact to end users. Taking the burden of understanding technical “jargon” and making it readable and easy to understand when they are likely being scammed.
Quote Tweet
Collaboration announcement: Inconfido 
Dapper Labs
We are thrilled to reveal that we are working with @dapperlabs , through their @flow_blockchain developer grant, to build security tooling to help protect end users from scams and phishing.Show this thread
1
“Think about people that want to help you with your code, don’t make their life harder that it is,
Repeat after me:
The more readable your code is
The more auditable your code will be
The more secure it can be”
- at
🤙 word
4
17
89
Can't wait to be there! LMK if you're going to be around and we can catch up!
Quote Tweet
Our founders @danny_inconfido , @jared_inconfido and @youss_inconfido will be attending @Zebu_live London #Web3 & #Crypto Conference on September 22nd-23rd 2022! If you’re around please come and find us to get to know what we are about and how we’re embedding security into Web3
Show this thread
📣The team is super excited to announce a community partnership with to promote #security in Web3 across the UK.
1
5
8
Show this thread
New a16z crypto podcast 👇
Discussion of recent Tornado Cash news, and what web3 builders need to know regarding OFAC, BSA, AML and related regulations, featuring and our in-house experts and .
web3-with-a16z.simplecast.com/episodes/crypt
38
27
136
Internet vs. Web - People interchange these two terms, but they’re fundamentally different.
I’ve got a post coming out soon on behalf of covering Web2 vs. Web3, the evolution of Web3, and combatting terms like ‘crypto’ and ‘blockchain’
4
6
Builders just want to build a good product for their users. Often not caring as much about security framework guarantees. Web2 didn’t, Web3 should.
are here to help and guide builders and end users. Let’s make security transparent, flexible, and human readable!
2
2
This just shows how more and more Web3 threats are using Web2 vectors as initial entry points. Protecting your 'traditional' assets is just as important as secure smart contract development.
Quote Tweet
1/ @deBridgeFinance has been the subject of an attempted cyberattack, apparently by the Lazarus group.
PSA for all teams in Web3, this campaign is likely widespread.
Show this thread
1
1
If we want web3 to be successful, we need to secure it. Otherwise the governments will sanction it away.
1
1
4
A North Korean cybercrime group is actively targeting financial institutions, mostly in crypto/web3. DKIM/DMARC/SPF are your best friends, be very vigilant.
I wouldn't be surprised if the wave of Twitter crypto/web3 account compromises is linked to this campaign.
8
23
67
Great thread covering why cross-chain bridges are targets for bad actors looking to exploit the still very young tech
Quote Tweet
Let's talk Cross-Chain Bridges.
The demand for moving gained/earned assets on one network to another increases every day.
The amount flowing through bridges is enormous.
There is currently over $80.4B in TVL in various DeFi protocols.
So...how secure are blockchain bridges?
Show this thread
1
1
This Tweet is unavailable.
1
A lot of people seem to think Web3 is secure by default, which is so far from the truth. Web2 cyber security concepts are still relevant, as are "old school" threats.
are doing a lot of work behind the scenes around this one!
Quote Tweet
This was not a "Blockchain Hack". It was a "Traditional Hack"
I've been begging protocols to focus on traditional security too alongside blockchain security for months now....
ps the convex compromise earlier today was also not blockchain related.
twitter.com/Mudit__Gupta/s
Show this thread
1
1
Another example of how web2 security impacts web3. If you ever need assistance with understanding security across both web2 and web3 then DM and we can support you
Quote Tweet
Ribbon Finance suffered a DNS hijacking attack. On-chain analysis showed that it was the same attacker as Convex. One victim lost 16.5 WBTC. Transaction details etherscan.io/tx/0xd09057f1f twitter.com/ribbonfinance/
2
2
You predicted this in an earlier tweet “the next big blockchain hack is not going to be a ‘blockchain hack’”.
We need to educate projects to better protect their private keys and understand risks and possible threats.
Quote Tweet
Harmony Protocol's Horizon bridge was hacked and $100 million were drained earlier today.
The bridge was essentially a 2 of 5 multisig. If any 2 addresses told it to transfer funds to someone, it did.
The hacker compromised 2 addresses and made them drain the money. 
Show this thread
Knowing how to find bugs is a totally different skill than helping people make their code secure.
3
7
52
Let us help you. DM or myself and we'll provide you guidance without any fee or commitments. Our aim is to build web3 securely, and that starts with the builders. #web3security #web3
Show this thread
Threat modeling your smart contracts is the very first objective and IMO the most important. It's a principle too often overlooked, even in web2. Let's not make that mistake in web3.
1
Show this thread
If you need help understanding whats in here or would like some more information about how some of these principes can be applied to your contract, feel free to reach out to .
1
1
Show this thread
The Smart Contract Verification Standard should be every developers go-to guide on building smart contracts securely
1
2
Show this thread
A simple piece of advice that will get you a long way as a Solidity developer:
Be paranoid when writing your contracts.
7
38
215
Can’t wait to be at the Defi Security Summit with and to see amazing security minds such as and
Will you be there?
#defisecuritysummit
6
MetaMask has patched this issue already, so just make sure you’re running the latest. For those that want additional protection then migrate funds to a newly generated wallet address or hardware wallet.
2
1
Show this thread
1. Your hard drive was unencrypted
2. You imported an SRP into MetaMask (v10.11.2 or older) on a computer that’s compromised or in possession of someone you do not trust
3. You used the “Show Secret Recovery Phrase” checkbox to view your SRP onscreen during the import process
2
Show this thread
While this is not ideal it’s also not as bad as some are making it out. For a user to be vulnerable they need the 3 conditions to be met:
1
Show this thread
Whether it's security architecture support, threat modeling, or secure developer training, we can help you out with that. , and my aim is to suport building a secure Web3, and it starts with the builders. DM us for more info. #security
2
3
Show this thread
The importance of threat modeling can't be ignored. There's a decent amount of resources out there for Web2 but no repository of known threat models, attack steps, and associated controls yet for Web3. It's something we're also building (opensource OFC)
1
1
2
Show this thread
Amazing write up of from , , , on how security considerations differ across the development life cycle. We at can support any project with threat modeling and helping you design your smart contracts securely.
Quote Tweet
In web3: security is not only of utmost importance, but also cannot be over-simplified to a checkbox for audit.
To help, @ajbeal, @nassyweazy, @cseifert, and I put together the following guide for thinking about smart contract security at every step
a16zcrypto.com/smart-contract
a16zcrypto.com/smart-contractShow this thread
1
1
1
Show this thread
Just finished reading Fundamentals of Smart Contract Security by Richard Ma . Fantastic book and resource and highly recommended
Does anyone have any other good recommendations for books? Anything around fundamentals of smart contracts, security, etc.
#smartcontracts
1
A great refresher for smart contract security development good practices from
a16zcrypto.com/smart-contract
We want to continue building on great material such as this to support a secure future for web3
1