Pablo Sabatella

AI Summary

→ WHAT IT COVERS Pablo Sabatella and Isaac Patka from SEAL explain how 99% of crypto hacks stem from operational security failures rather than smart contract exploits, with North Korean IT workers infiltrating companies and social engineering attacks targeting everyone from founders to everyday users. → KEY INSIGHTS - **North Korean IT Worker Infiltration:** Between 40-50% of web3 job applications come from North Korea. They use laptop farms in the US to mask IP addresses, hire Americans to attend video interviews with scripts, and work for five companies simultaneously to earn salaries while stealing private keys and company credentials. - **Social Engineering Defense:** Verify every contact by having them perform a specific gesture on video calls, which breaks deepfake filters. Even verified accounts can be compromised, so treat all communications as suspicious until proven legitimate through secondary verification channels, regardless of how trusted the source appears. - **Hardware Wallet Seed Phrase Storage:** Store seed phrases only on paper, never in password managers or digital formats. The LastPass breach alone resulted in over $300 million stolen from crypto users who stored seeds digitally. If uncertain about past storage methods, create new addresses and transfer all funds immediately. - **Multi-Wallet Risk Management:** Divide crypto holdings across multiple custody solutions: 25% in multisig wallets like Safe, 25% in hardware wallets like Ledger, 50% with insured custodians. Never hold life savings in one hot wallet where a single mistake could transfer everything, similar to accidentally paying with a house deed. - **Company Access Control Policy:** Implement least privilege policies where even founders cannot directly move funds. Use separate private email addresses for password managers and Apple IDs. Configure multisig requirements for policy changes themselves, not just transactions, and practice incident response drills regularly to build muscle memory. → NOTABLE MOMENT The Bybit hack succeeded because attackers created a malicious smart contract function named "transfer" that appeared legitimate in wallet interfaces but actually upgraded the contract to a malicious version through a delegate call, allowing theft of $1.5 billion despite multiple security layers. 💼 SPONSORS [{"name": "Mantle", "url": "hub.uniswap.org"}, {"name": "Uniswap Labs", "url": "hub.uniswap.org"}] 🏷️ Crypto Security, North Korean Hackers, Social Engineering, Hardware Wallets, Operational Security