Defiance Capital Founder: How I Prevented Fraud After 60 NFTs Were Stolen?

Author: Arthur, Defiance Capital
Compiled by: Rhythm BlockBeats

This article is based on the views of Arthur, the founder of Defiance Capital, shared on his personal social media platform.

Initially, the following content was written solely for our portfolio companies and partners. After some reflection, I believe it should be open-sourced.

After research and communication with top cybersecurity experts, we believe that the hacker group BlueNorOff is conducting an organized scheme targeting all well-known organizations in the crypto space. Given their sophisticated social engineering attacks, I believe they have mapped out the entire crypto ecosystem and know what kind of phishing emails are most likely to breach our psychological defenses. To gain further insight into how these attacks are conducted, I strongly recommend reading this article, as its suggestions are also worth adopting.

The key is to be highly aware that the crypto industry is becoming an active target for a state-sponsored cybercrime organization. This organization is very clever and sophisticated, and they may even change tools and attack patterns in the future. Once the current attack methods become less effective, such as the recent emergence of trojanized DeFi apps and wallet attacks, North Korea is likely to invest more resources into this organization to escalate the intensity of attacks.

Setting aside all standard cybersecurity advice, with the assistance of friends who are cybersecurity aware, I present the following incomplete security suggestions related to crypto. I hope this will prevent similar incidents from happening to any of us.

Store on-chain crypto assets in enterprise-grade custody solutions

A hardware wallet is not sufficient to secure an EOA (Externally Owned Account), as they can insert a fake Metamask browser extension to approve unintended transactions. At the very least, it should be a multi-signature wallet secured by several hardware wallets like Gnosis Safe. I strongly recommend using higher-level custody solutions such as Fireblocks, Copper, or Qredo, as they come with native multi-signature 2FA (two-factor authentication) wallets for transaction approvals.

Conduct additional due diligence when hiring remote teams

Extra due diligence is required when hiring remote teams, especially software engineers or developers. "The Lazarus APT group has even been involved in creating fake companies to develop cryptocurrency software." We heard from one of our portfolio companies that applicants for their software engineering positions appeared suspicious during interviews and did not match their resumes.

Configure a computer dedicated solely to crypto trading

There should be a dedicated computer used only for crypto trading, without any interaction with emails, internet links, messaging applications, MS Word documents, PDFs, etc.

Implement 2FA for all logins

Although not specific to crypto, it is important to mention. Cloud storage, email, and messaging applications like Telegram should have 2FA logins enabled. Please use Google Authenticator instead of SMS 2FA.

Whenever possible, use hardware 2FA wallets like YubiKey for both company and personal accounts.

Bookmark frequently used crypto DApp websites

Sometimes search engines may return phishing sites, and if you're not careful during the search process, you might end up on a phishing site. It’s best to access crypto DApp websites through a bookmark list.

Revoke unnecessary token authorizations

Token authorizations allow another party to move your assets and are a necessary condition for interacting with most smart contracts. Avoid unlimited token authorizations and regularly revoke unnecessary ones, which can be done using Revoke.

Establish an address monitoring system

Internal cryptocurrency wallet addresses should be closely monitored so that the team can immediately detect and act quickly in case of unauthorized transactions. Etherscan and Nansen both offer such solutions.

Conduct regular cybersecurity training for team members

All team members should receive cybersecurity training upon onboarding, but this is often overlooked as the organization grows.

Prevent phishing and spam by properly configuring email DNS settings

Use hard-fail mode or strict mode for SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC.

Trust the browser rather than the website

Any content below the browser bar may be unsafe and a potential attack vector. If you are not logged in, some DApps may pop up a window asking you to log into your crypto wallet. Never enter your password.