A case for secure web3 operations

1

Gnosis Safe

Fortunately, it has now become commonplace the use of multi-signature wallets, with Gnosis Safe being the most popular option. However, multisig contract implementations are only one part of the picture: good tooling for creating and reviewing transactions is needed to guarantee secure operations run through these contracts.

#Cryptocurrencies #Cryptocurrency Wallets #Crypto 50 social mentions

Monitoring and alerting is commonplace on any web2 application, but its adoption in the web3 space started only recently with platforms like Defender, Forta, or Tenderly. For an embarrassingly long time, the most widely adopted approach to security alerts was samczsun’s trademarked “u up?”. Such was the state of monitoring that the largest crypto hack ever ($624M) went unnoticed for almost a week.

3

Cloud Key Management Service

This makes private keys more sensitive than your average application secret, so storing them in plaintext in a dot-env file in a server where half the dev team has ssh access is not a good idea. It is key (pun intended) to leverage key management solutions that can keep the key safely stored. There are managed cloud-based options, such as GCP KMS or AWS KMS, self-managed like Hashi Vault, and even hardware security modules for hosting your keys.

#Network & Admin #Security & Privacy #Password Management 6 social mentions

4

Amazon Key Management Service

This makes private keys more sensitive than your average application secret, so storing them in plaintext in a dot-env file in a server where half the dev team has ssh access is not a good idea. It is key (pun intended) to leverage key management solutions that can keep the key safely stored. There are managed cloud-based options, such as GCP KMS or AWS KMS, self-managed like Hashi Vault, and even hardware security modules for hosting your keys.

#Network & Admin #Security & Privacy #Password Management 34 social mentions