First company swag dropping, just in time for next week! Can't to see everyone there 🚀
Follow
Jared
@jared_inconfido
Jared’s Tweets
📣 join as a Community Partner.
🗓You can register for the event here: zebulive.xyz
🔐 We will be there to assist with all things Security as well as helping build the UK’s Web3 security community.
Thanks to @zebudigital for hosting!
5
8
Ecstatic to announce this! Please take a look at the thread to learn what we at are doing
Quote Tweet
Collaboration announcement: Inconfido 
Dapper Labs
We are thrilled to reveal that we are working with @dapperlabs , through their @flow_blockchain developer grant, to build security tooling to help protect end users from scams and phishing.Show this thread
📢 Collaboration announcement: Inconfido 🤝 Dapper Labs
We are thrilled to reveal that we are working with , through their developer grant, to build security tooling to help protect end users from scams and phishing.
2
9
102
Show this thread
Quote Tweet
Our founders @danny_inconfido , @jared_inconfido and @youss_inconfido will be attending @Zebu_live London #Web3 & #Crypto Conference on September 22nd-23rd 2022! If you’re around please come and find us to get to know what we are about and how we’re embedding security into Web3
Show this thread
1
📣The team is super excited to announce a community partnership with to promote #security in Web3 across the UK.
1
5
8
Show this thread
Internet vs. Web - People interchange these two terms, but they’re fundamentally different.
I’ve got a post coming out soon on behalf of covering Web2 vs. Web3, the evolution of Web3, and combatting terms like ‘crypto’ and ‘blockchain’
4
6
Builders just want to build a good product for their users. Often not caring as much about security framework guarantees. Web2 didn’t, Web3 should.
are here to help and guide builders and end users. Let’s make security transparent, flexible, and human readable!
2
2
This just shows how more and more Web3 threats are using Web2 vectors as initial entry points. Protecting your 'traditional' assets is just as important as secure smart contract development.
Quote Tweet
1/ @deBridgeFinance has been the subject of an attempted cyberattack, apparently by the Lazarus group.
PSA for all teams in Web3, this campaign is likely widespread.
Show this thread
1
1
Another example of how web2 security impacts web3. If you ever need assistance with understanding security across both web2 and web3 then DM and we can support you
Quote Tweet
Ribbon Finance suffered a DNS hijacking attack. On-chain analysis showed that it was the same attacker as Convex. One victim lost 16.5 WBTC. Transaction details etherscan.io/tx/0xd09057f1f twitter.com/ribbonfinance/
2
2
This Tweet is unavailable.
1
A lot of people seem to think Web3 is secure by default, which is so far from the truth. Web2 cyber security concepts are still relevant, as are "old school" threats.
are doing a lot of work behind the scenes around this one!
Quote Tweet
This was not a "Blockchain Hack". It was a "Traditional Hack"
I've been begging protocols to focus on traditional security too alongside blockchain security for months now....
ps the convex compromise earlier today was also not blockchain related.
twitter.com/Mudit__Gupta/s
Show this thread
1
1
The Smart Contract Verification Standard should be every developers go-to guide on building smart contracts securely
1
2
Show this thread
If anyone has been involved in #web3 threat modelling or vulnerability management, reach out to me! I may have something of interest to you
#blockchain #security
Whether it's security architecture support, threat modeling, or secure developer training, we can help you out with that. , and my aim is to suport building a secure Web3, and it starts with the builders. DM us for more info. #security
2
3
Show this thread
Quote Tweet
BANKLESS JOB BOARD
1. Hiring? Effective and efficient. We get thousands of eyes a week on the board and positions fill FAST and double digit applies on avg.
2. The hottest non-technical roles are popping up every day, tap in ASAP!
GET IN HERE: bankless.cc/jobs2
2
This is the time when the Web3 builders build strong. Some lights at the end of the tunnel include the projects, products, and companies to come out of it all. , a Web3 security company, is here to help secure the end users and builders.
Invisible Security in Web3
1
Fantastic thread on Reentrancy from whose one of the security experts at . It’s really eye opening to see reentrancy attacks still so prevalent in the Web3 ecosystem, they open up serious vulnerabilities. Reentrance is not new to Web3, but very common.
Quote Tweet
As we’ve seen from the latest attack on Fei Protocol’s Rari Fuse pools, reentrancy vulnerabilities in EVM-based smart contracts are still being widely exploited. Here’s a thread all about reentrancy vulnerabilities & what developers should be doing to protect against them: (1/21)
Show this thread
1
released a short thread and visualisation here
Quote Tweet
1/ Fortress Protocol suffered a price oracle manipulation attack. The `submit` function of the Chain oracle can be called by anyone and doesn’t have a power verification.
@fortressloans @defiprime
versatile.blocksecteam.com/tx/bsc/0x13d19
Show this thread
Show this thread
It’s really unfortunate to hear, I hope are able to secure their assets and get back to normality. Security is very important, it’s always left as a “last minute” and done in haste. If you need advice, please reach out to me or
1
1
Show this thread
Interesting thread on some common attack vectors / threats within DeFi. There is still plenty more, both basic and advance. However, one of the biggest threats is People. The security culture in Web3 is very immature still; we as a community need to do more
Quote Tweet
0/ Many successful heists in DeFi and Web3 have nothing to do with bugs in the code.
If you want to be safe, you need to understand all the ways in which a protocol can be attacked.
Here are 9 attack patterns in DeFi that everyone should know
Here are 9 attack patterns in DeFi that everyone should knowShow this thread
1
2
We should all practise good data hygiene in Web3. Disconnecting wallets from sites that do not require a live connection is a start, regardless of whether it's a legit site or not. Great shout twitter.com/SolMiningpunkV
This Tweet is unavailable.
1
We are only in Q2 of 2022 and just ~$500m away from 2021 total lost funds. This is scary… we must do more!
Quote Tweet
User funds lost as a result of hacks:
2020: ~$300m
2021: ~ $2.1bn
2022 (so far) : ~$1.6bn
Is anyone else seeing a disturbing trend here?
Security is one of the three blockers of mainstream adoption. We must do better for them and for the ecosystem as a whole.
@inconfido
User funds lost as a result of hacks:
2020: ~$300m
2021: ~ $2.1bn
2022 (so far) : ~$1.6bn
Is anyone else seeing a disturbing trend here?
Security is one of the three blockers of mainstream adoption. We must do better for them and for the ecosystem as a whole.
3
2
saved over 1.3k ETH from being stolen by preventing the third pool from being emptied. Web3 security is wonderful, it's a shame it's such an immature area of the ecosystem. alongside these great minds such as BlockSecTeam are here to help!
Quote Tweet
1/ Update:
- The attack has been mitigated and all affected metapools have been paused. User funds are safe. Special thx to @BlockSecTeam
- We’re tentatively planning to reward ~380k to blocksec for securing the 3.8m in vulnerable funds, pending gov voteShow this thread
1
Great short thread on how Forta monitored the suspicious events. Threat and Vulnerability Management is key for security regardless of Web2 or Web3. Great work . Hope to see future collaboration between you and in the near future!
Quote Tweet
Forta real-time alerts could have prevented the $10 million @saddlefinance hack.
Several early high confidence signals alerted on the attack 
Show this thread
2
2
Awesome. BUT, what do the statistics look like for $BTC stolen vs fiat under VISA? We’ve got to do so much more for securing the ecosystem and end users. has accepted such tasks, so much to come!
Quote Tweet
$13.1 trillion was paid in #Bitcoin last year. That's 20% more than the value of payments settled by VISA 
Show this thread
1
Inconfido? Learn what we’re all about in the below thread 👇
Quote Tweet
Our inaugural
1/9
Over the next few months our primary aim at @Inconfido is combining as much security knowledge in the Twittersphere as possible, making it accessible to end users. So many great minds out there with amazing knowledge. We want your input too! #Web3 #Security
1/9
Over the next few months our primary aim at @Inconfido is combining as much security knowledge in the Twittersphere as possible, making it accessible to end users. So many great minds out there with amazing knowledge. We want your input too! #Web3 #SecurityShow this thread
2
Show this thread