How Crypto Users Get Rekt and How You Can Stay Safe - Ep. 987
Episode
78 min
Read time
2 min
Topics
Crypto & Web3
AI-Generated Summary
Key Takeaways
- ✓North Korean IT Worker Infiltration: Between 40-50% of web3 job applications come from North Korea. They use laptop farms in the US to mask IP addresses, hire Americans to attend video interviews with scripts, and work for five companies simultaneously to earn salaries while stealing private keys and company credentials.
- ✓Social Engineering Defense: Verify every contact by having them perform a specific gesture on video calls, which breaks deepfake filters. Even verified accounts can be compromised, so treat all communications as suspicious until proven legitimate through secondary verification channels, regardless of how trusted the source appears.
- ✓Hardware Wallet Seed Phrase Storage: Store seed phrases only on paper, never in password managers or digital formats. The LastPass breach alone resulted in over $300 million stolen from crypto users who stored seeds digitally. If uncertain about past storage methods, create new addresses and transfer all funds immediately.
- ✓Multi-Wallet Risk Management: Divide crypto holdings across multiple custody solutions: 25% in multisig wallets like Safe, 25% in hardware wallets like Ledger, 50% with insured custodians. Never hold life savings in one hot wallet where a single mistake could transfer everything, similar to accidentally paying with a house deed.
- ✓Company Access Control Policy: Implement least privilege policies where even founders cannot directly move funds. Use separate private email addresses for password managers and Apple IDs. Configure multisig requirements for policy changes themselves, not just transactions, and practice incident response drills regularly to build muscle memory.
What It Covers
Pablo Sabatella and Isaac Patka from SEAL explain how 99% of crypto hacks stem from operational security failures rather than smart contract exploits, with North Korean IT workers infiltrating companies and social engineering attacks targeting everyone from founders to everyday users.
Key Questions Answered
- •North Korean IT Worker Infiltration: Between 40-50% of web3 job applications come from North Korea. They use laptop farms in the US to mask IP addresses, hire Americans to attend video interviews with scripts, and work for five companies simultaneously to earn salaries while stealing private keys and company credentials.
- •Social Engineering Defense: Verify every contact by having them perform a specific gesture on video calls, which breaks deepfake filters. Even verified accounts can be compromised, so treat all communications as suspicious until proven legitimate through secondary verification channels, regardless of how trusted the source appears.
- •Hardware Wallet Seed Phrase Storage: Store seed phrases only on paper, never in password managers or digital formats. The LastPass breach alone resulted in over $300 million stolen from crypto users who stored seeds digitally. If uncertain about past storage methods, create new addresses and transfer all funds immediately.
- •Multi-Wallet Risk Management: Divide crypto holdings across multiple custody solutions: 25% in multisig wallets like Safe, 25% in hardware wallets like Ledger, 50% with insured custodians. Never hold life savings in one hot wallet where a single mistake could transfer everything, similar to accidentally paying with a house deed.
- •Company Access Control Policy: Implement least privilege policies where even founders cannot directly move funds. Use separate private email addresses for password managers and Apple IDs. Configure multisig requirements for policy changes themselves, not just transactions, and practice incident response drills regularly to build muscle memory.
Notable Moment
The Bybit hack succeeded because attackers created a malicious smart contract function named "transfer" that appeared legitimate in wallet interfaces but actually upgraded the contract to a malicious version through a delegate call, allowing theft of $1.5 billion despite multiple security layers.
You just read a 3-minute summary of a 75-minute episode.
Get Unchained summarized like this every Monday — plus up to 2 more podcasts, free.
Pick Your Podcasts — FreeKeep Reading
More from Unchained
Want to Hire an AI Agent? Check Their Reputation Via ERC-8004
Feb 8 · 63 min
The TWIML AI Podcast
How to Engineer AI Inference Systems with Philip Kiely - #766
Apr 30
More from Unchained
Uneasy Money: How the Increasingly Better AI Agents Are Being Used Onchain
Feb 7 · 82 min
Eye on AI
#341 Celia Merzbacher: Beyond the Buzzword: The Real State of Quantum Computing, Sensing, and AI in 2025
Apr 30
More from Unchained
We summarize every new episode. Want them in your inbox?
Want to Hire an AI Agent? Check Their Reputation Via ERC-8004
Uneasy Money: How the Increasingly Better AI Agents Are Being Used Onchain
When AI Agents Take Over, What Does a Post-Human Economy Look Like?
DEX in the City: Why AI Agents Are Good for Crypto and Stablecoins
Why Bitcoin Is Down, Plus the Rare Bright Spot in Crypto: Hyperliquid
Similar Episodes
Related episodes from other podcasts
The TWIML AI Podcast
Apr 30
How to Engineer AI Inference Systems with Philip Kiely - #766
Eye on AI
Apr 30
#341 Celia Merzbacher: Beyond the Buzzword: The Real State of Quantum Computing, Sensing, and AI in 2025
Moonshots with Peter Diamandis
Apr 30
Google Invests $40B Into Anthropic, GPT 5.5 Drops, and Google Cloud Dominates | EP #252
Citeline Podcasts
Apr 30
Carna Health On Closing the Gap in CKD Prevention
Alt Goes Mainstream
Apr 30
Lincoln International's Brian Garfield - how is AI impacting private markets valuations?
Explore Related Topics
This podcast is featured in Best Crypto Podcasts (2026) — ranked and reviewed with AI summaries.
You're clearly into Unchained.
Every Monday, we deliver AI summaries of the latest episodes from Unchained and 192+ other podcasts. Free for up to 3 shows.
Start My Monday DigestNo credit card · Unsubscribe anytime