Afghanistan
Albania
Algeria
Andorra
Anguilla
Antigua & Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire
Bosnia & Herzegovina
Botswana
Brazil
British Indian Ocean Ter
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Canary Islands
Cape Verde
Cayman Islands
Central African Republic
Chad
Channel Islands
Chile
China
Christmas Island
Cocos Island
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Cote D Ivoire
Croatia
Cuba
Curacao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Ter
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guinea
Guyana
Haiti
Hawaii
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Korea North
Korea South
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mexico
Midway Islands
Moldova
Monaco
Mongolia
Montserrat
Morocco
Mozambique
Myanmar
Nambia
Nauru
Nepal
Netherland Antilles
Netherlands (Holland, Europe)
Nevis
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Norway
Oman
Pakistan
Palau Island
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn Island
Poland
Portugal
Puerto Rico
Qatar
Republic of Montenegro
Reunion
Romania
Russia
Rwanda
Saipan
Samoa
Samoa American
San Marino
Sao Tome & Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
Spain
Sri Lanka
St Barthelemy
St Eustatius
St Helena
St Kitts-Nevis
St Lucia
St Maarten
St Pierre & Miquelon
St Vincent & Grenadines
Sudan
Suriname
Swaziland
Sweden
Switzerland
Syria
Tahiti
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad & Tobago
Tunisia
Turkey
Turkmenistan
Turks & Caicos Is
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States of America
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (Brit)
Virgin Islands (USA)
Wake Island
Wallis & Futana Is
Yemen
Zaire
Zambia
Zimbabwe
Hardware Wallets
Who?
When
Where?
How?
What?
Why?
Who's it for?
Anybody with $119 USD.
Anybody with a thumb or two.
Anybody with a computer or a cell phone.
Anybody who wants out of the financial system.
Anybody with $169 USD.
Who built it?
The Ledger Company
Vierzon
Paris
San Francisco
Ledger
Czech Republic
Satoshi Labs
Trezor
Why?
Alternatives
Your Machine is Tapped.
Browser Wallets
Are You Kidding Me?
Cell Phone Wallets
Not Your Keys: Not Your Coins.
Exchange Wallets
What
It's a keychain.
Zero Internet Interface
USB Interface
BlueTooth (Ledger Only)
It unlocks transactions.
It generates private/public key pairs
It stores numonic phrases.
How
Evolve Your Bank
Go Deep.
Getting Trezor with Started.
Daily Abuse.
RTFN
Getting Ledger with Started.
Load the Locks.
Where
Trust No One.
Trezor.
Don't Trust New Brands.
Always Buy Direct.
Ledger (Refferal Link)
When?
Now.
Free Shipping within Days.
Risk Tolerances
Could you stand
All of your assets in your pocket.
Living in a world of suckers.
Friends thinking your an idiot.
Doing your own technical research.
Taking days to access your money.
Nobody but you to call.
Threat Categories
You.
Legal Harassment
Public Sector
Malware
Physical breaking and entering.
Private-sector
Agressive Taxation
Defensive Plan
Tailor to Your Risk Profile
...honest
Choose to be brutally...
...wrecked.
Make Digital Security Physical.
Limited by Your Ability to Execute.
Limited by Your Inheritance Plans.
Interplanetary Finance
Different Planets.
Your employer
Your Bank.
Your Creditors
Touching ACH incurs time lag and expense.
Crypto
Interface fees can be high
The New Galaxy
BitCoin
ICO's/IEO's, Corperate Coins
ShitCoins
DeFi Projects
The AltCoin Forest
Top 10 Coins
Ethereum
Digital Fiat Currencies (DFC's)
War of the Worlds
"Für Ihre Sicherheit"
Not taught in schools.
Social Media is actively censoring crypto.
Government is catching on...and not on your team.
Brokers think crypto is Martian.
Bank won't mention crypto.
Not seen on TV
Russia banning BitCoin.
DeFi Evolving Faster than Fed can print.
Security Motivation
Hacking challenge
DeFi Now Security Guide
Corperate Hacking
Derez'd in an hour.
Data Restoration
Don't be low-hanging fruit.
DefConCon
TheHatedOne
Security common sense
Don't click on unexpected
emails
links in messages
Back up your hard drives
Keep all software up to date.
Watch out for phishing attempts
Use a password manager
Solid antivirus and anti-malware software
BitDefender
Malwarebytes
Avoid Phishing
Phake sites looking official.
vs. simswap attack.
Adjust privacy settings so you can't be added to groups on Telegram and Discord.
Use a password for all messaging services
Avoid links or attachemnents from unexpected messages
Be critical of spelling and grammar mistakes
Bookmark URLs you use regularly
Be extremely skeptical of anyone DM'ing you.
Platform security can't help you.
Avoiding Phishing
Email Security
Primary E-mail address is your security core.
Darkweb
Compartmentalize e-mails.
Banking
Use ProtonMail
Don't put your name or identifyable info in e-mail address.
Have a auth-only e-mail used for nothing else.
Shopping
Social Media
Crypto
Password Security
Get an awesome password manager
VERY strong master password
LastPass
1Password
BitWarden
Dashlane
Max out password lengths
Hardware Wallets
>$1000 in crypto?
"Cold" wallet: no internet connection.
"Hot" wallet: connected device.
Ledger Nano X
Trezor
Secure everything for what it's worth.
Airgap keyphrase generation
ColdCard (BTC Only)
Proven years-long track record.
Data Breech -> phishing storm
Only buy direct from manufacturer.
Best Practices
Ledger Academy Security
2 Factor Authentication
Something is better than nothing.
Hardware authenticators are best: "cold"
Software authenticators good. But are "hot"
Helps but there are no guarantees they'll do it right.
"Likely target for fraud. Need to lock your account."
Call carrier service. Ask to speak to the fraud team.
SMS verification is "slightly" better than nothing.
Duo Security
Microsoft Authenticator
LastPass
Authy
Google Authenticator
Save QR code to Password Manager
Google Titan
Ubico's Ubikey
Has USBC and NFC
Buy two. Have a backup.
Turn on "Advanced Protection" for the Google account.
Use Hardware Security for the Password Manager.
VPN's
Not a panacea.
Hides your DNS requests.
ProtonVPN
Doesn't protect you from viruses and malware.
Most traffic is encrypted anyway.
Especially at airports.
Never connect to Public WiFi
MullVad.net
privateInternetAccess
Open Source
Can be used anonymously
Can pay with crypto.
Beware free VPNS: they sell your data!
Used by FireFox devs
Run a PiHole.
Procedural risk.
YOU...are the risk.
Practice on test nets.
You're gonna flub stuff.
Virtual Machines, Sandboxes
Windows Hyper-V Manager
VMWare
Run Linux
Windows Sandboxing
Run on 3Fold.
Beneficiaries
Financial Risk
More efficient, open protocols
Periodic payments
Continuous micropayments
Best rates in lending stablecoins
2% Fed target inflation.
Yields are much higher
Fiat savings yields: 0.01%
Higher risks
Young protocols vs. legacy
Frontrunning
Treasury Yield Curve
Returns
Technical Risks
Risk Flavors
Flash Loan (Arbitrage)
Oracle
Governance
Smart Contract
Code Dependency
Insecure Solidity code
Audits aren't foolproof
Billions stolen through hacks and fraud
Holders can conspire to rugpull funds
Oracles can be frozen in high volume markets
Oracles can be gamed
Upgradable Solidity opens new attack surfaces.
Re-entrancy Attacks
"Sovreign Risk" in legacy systems
Oracle Dependencies
Oracles are imperfect
Usually protected by cost to manipulate
Can be fed bad info.
Oracles aren't real time.
Maker DAO March 2020 crash
Incentivized to Match, not to report truth
Shelling-Point Game
Composability Risks
Legoing creates infinite attack surfaces
Sometimes crashes prevent other crashes
MakerDao March Crash
System is anti-fragile.
Attack surfaces are being mitigated.
And so much more!
Flash Loans
Compose new bugs!
Examples!
Create leverage from nothing!
Mess with lending pool pairs!
Borrow infinite money w/ no collateral or credit!
Just pay it back in the same Tx
Or nothing happened.
Black Swan Events
They'll eventually get you.
Anti-fragilility will survive increasingly worse disasters
Natural selection will accelerate.
Dinsaurs.
Metamask
Key is on your computer
Connect a hardware wallet
Keys don't leave your machine.
Metamask is a HOT wallet
Revoke Unlimited Spends
Remove Conected Sites
Password vulnerable to clipboard sniffers etc.