Sisi (sisixoxo)

Sisi

Web3 security researcher, dev and content creator

7 Followers

Recent casts

So coinbase users lost 45M to phishing due to coinbase insider access leak What happened? Hackers bribed insiders at a third-party Coinbase support vendor, gaining access to internal tools. They stole user data like names, emails, partial IDs, transaction history and used it to launch personalized phishing attacks. By May 17, losses topped $45 million. Here is a takeaway Sometimes you don’t need to get hacked. You just need to be convinced. This was a data driven attack and it worked. Use these tips to stay SAFU: 1. Use anti-phishing tools 2. Don’t click links from random emails or DMs 3. Bookmark official sites (watch for fake domains like c0inbase) 4. Use hardware wallets & always preview transactions 5. Create burner emails for crypto accounts 6. Pause when you feel rushed, urgency = red flag 7. Even the best smart contract can’t protect you from human mistakes.

  • 0 replies
  • 0 recasts
  • 1 reaction

Top casts

Web3 security tip: Be cautious of projects with no clear token economics.. follow @sisixoxo for more security tips and insights.

  • 1 reply
  • 1 recast
  • 4 reactions

I have no idea where to start from here with security but I'll just launch the mini app first

  • 1 reply
  • 1 recast
  • 3 reactions

Let's get familiar with some key security terms that show up everywhere but often without explanation. 🔹Phishing Scam links or fake sites pretending to be real ones that'll drain you wallet 🔹Logic Bug When the contract’s code doesn’t do what the dev thought it would do. Not a syntax error, but a bad assumption or flawed logic. 🔹 Reentrancy Attack A classic smart contract flaw where a contract makes an external call before updating its state letting an attacker call back in and repeat actions like multiple withdrawals. (2016 DAO hack is a good example ) 🔹Oracle Manipulation Some DeFi contracts rely on price oracles (external feeds). If an attacker controls or distorts the oracle, they can manipulate prices and exploit the contract. It's pretty much pump the price, borrow more than you should and walk away. 🔹Frontrunning Bots paying higher gas to sneak ahead of your transaction and profit off it.

  • 0 replies
  • 1 recast
  • 2 reactions

Onchain profile

Ethereum addresses