Web3 Security 🔒 (Part 1 — Attack Vectors, Code Security & Audit)
This is part 1 of multi-part deep dive on everything web3 security 💪. Below is a quick look at the topics covered in part 1, and the topics we’ll cover in future posts (weekly releases and updates).
🚨💲We are actively investing in web3 security 🚨💲 — reach out if you’re working on something special!
I’ve invested in a number of web3 security companies to date, and am actively searching for more phenomenal teams building and thinking through ideas. Reach out if you’re working on something new (Twitter — @nickymontanaa)
2 quick things:
- Non-paying subscribers: Ghost isn’t as pretty as Notion, so we’re keeping this deep dive native in notion. Here’s the link for non-paying subscribers to view part 1 (sections 1–2).
- Paying subscribers: Use the link at the bottom of this post → [zero-knowledge] to view the entire notion doc covering sections 1–6 asap 🙏. I’ll keep updating this link as I add to it in the coming weeks.
Security Verticals Covered In Part 1:
- Common Attack Types ✅
- Code Security & Audit ✅
- Financial Simulation & Scenario Testing
- Real-Time Alerts & Monitoring
- Prevention
- Wallets & Custody
- Fraud & AML
- Trade Security
- Permission Management
- NFT Protection
- Personal Identification
- Phishing
- Sources ✅
Intro — The difference between security in web2 vs. web3
There is a fundamental difference between how security must be done in web2 vs web3. Web2 security is about response vs. web3 security is more about prevention. This is because, in web3, transactions cannot be changed once executed. In order to protect yourself, most security measures must be built in to verify if transactions should happen in the first place.
Below are some companies, large and small, attempting to solve the complexity of web3 security.
→ Link to the Notion document ←
LASTLY: Let me know if you have any feedback, if something is confusing, or if there is something additional I should add to make this more interesting to read. DM me @nickymontanaa 🙏
