Offered to Web3 community by zôÖma, from samourai.world crew With the support of the community. Feel free to contribute.
This is an exciting time for those of us in the Web3 world who are exploring this new continent of decentralized protocols.
In just over a decade, this new wave of technology, initiated by Bitcoin, has proven its robust security. The growth of its market has led to ever-higher valuations, enabling profiles around the world—young and old, technical and non-technical—to access funds that are sometimes life-changing.
But remember: Bitcoin, just like its little sister cryptocurrencies, brings the world a totally new freedom of emancipation from banks. With this freedom comes a huge responsibility: to be your own bank.
Where Bitcoin liberates, it brings its own set of constraints. You may think this advice is useless because your wallet is too small to interest malicious actors. Or you may think you are safe because you live in a "safe" country.
You are wrong. Your portfolio today could be worth millions in a few years. The security mistakes you make today will impact your safety tomorrow.
This book is for you—traders, builders, and holders—to ensure the safety of:
- Young, newly rich cryptocurrency traders.
- Celebrities and public figures entering Web3.
- New users of this new continent.
- Your mother, who just asked you how to buy Bitcoin.
Note: This document is a living standard. It will be updated by the community and remain free.
Let's build your configuration from scratch. Make yourself comfortable and let's go.
- Cash is King: Prepare cash to buy your devices physically. Avoid credit cards to prevent purchase metadata from linking your identity to a hardware wallet order.
- Sanitize Environment: Set up in a private room. Close the curtains. Cover webcams.
- Secure Network: Do not use public Wi-Fi. Use a private, password-protected connection (ideally a fresh 4G/5G hotspot).
-
Dedicated Device: Buy a separate, cheap laptop for crypto-related activities only.
- Recommendation: A refurbished ThinkPad running Linux (Mint or Ubuntu) or a clean MacBook Air.
- Rule: This laptop never visits YouTube, never opens Discord, and never checks Facebook.
-
The "Lambda" Email: Create a dedicated email for non-sensitive, non-crypto commercial stuff.
- Recommendation: ProtonMail (free tier).
-
VPN (Virtual Private Network):
- Recommendation: Mullvad (paid with cash/crypto) or IVPN. Avoid "free" VPNs; they sell your data.
- Link: Mullvad VPN
-
DNS Security:
- Recommendation: NextDNS to block trackers at the network level.
- Link: NextDNS
-
Password Manager:
- Recommendation: Bitwarden (Open Source) or 1Password.
- Tip: Learn to create Strong Passwords.
-
The "Crypto" Email:
- Create a dedicated email only for exchanges (Binance, Kraken, etc.).
- Recommendation: ProtonMail.
- Security: 20+ char password + 2FA (YubiKey or Authy/Raivo, never SMS).
- Warning: Never share this address. If you receive spam here, your exchange leaked your data. Burn it and start over.
- Procurement: Buy a hardware wallet.
- Warning: Never order to your home address! Use a P.O. Box, an Amazon Locker (if available for direct vendors), or a friend's office.
- Tip: Create a dedicated pseudonym for the order.
- Flagship 2025/2026 Models:
- Ledger Nano Gen5 ($179) — Clear Signing, Bluetooth/NFC, Ledger Wallet app. Product | Announcement
- Trezor Safe 7 ($249) — Dual secure elements (TROPIC01), color touchscreen, post-quantum firmware verification. Product
- BitBox02 Nova (~$149) — EAL6+ Infineon Optiga Trust M V3, open-source firmware, iOS via Whisper BLE. Product | Announcement
- Coldcard Mk4 / Q — v5.5.0+ (Mar 2026) adds BIP-322 Proof of Reserve signing. Product | Firmware notes
- Desktop: Sparrow Wallet
- The gold standard for desktop Bitcoin wallets. Supports hardware wallets, Tor, "Coin Control", and "Stonewall" transactions (local coinjoin simulations). Source
- Link: Sparrow Wallet
- Desktop: Wasabi Wallet
- Note: zkSNACKs shut down its native CoinJoin coordinator on June 1, 2024 amid U.S. regulatory pressure; the wallet still works with third-party coordinators. Source
-
Samourai Wallet(Seized by DOJ April 2024; founders sentenced Nov 2025). Source - Mobile: Envoy or Nunchuk
- Envoy: Simple, privacy-focused, Tor built-in. Frequent v2.2.x releases in early 2026 keep it robust. Good for daily spending.
- Nunchuk: Security-focused, excellent for Multi-Sig and "Vault" setups.
- Run a Node: Don't trust, verify. Run a RoninDojo or Umbrel node.
- Link: RoninDojo
- Rabby Wallet:
- Far superior to MetaMask. It simulates transactions before you sign them to warn you if you are about to be drained.
- Link: Rabby.io
Your seed phrase is your soul. If you lose it, you die (financially).
- Steel Backup: Paper burns. Ink fades. Use steel.
- Link: Cryptosteel or Seedplate.
- Geographic Split: Don't keep the seed and the passphrase (salt) in the same house.
- Case Study: Put the Steel Seed in a bank deposit box or buried in a PVC pipe. Put the Passphrase in a password manager or a different physical location.
The "One Device for All" era is over. If you use the same laptop to download torrents and sign multi-million dollar transactions, you are a walking target.
- The Qubes OS Approach: For the paranoid (and you should be), use Qubes OS. It isolates every app in a separate virtual machine (VM).
- The "Air-Gap" Strategy: Maintain a dedicated machine that never touches the internet. It only communicates via QR codes (using wallets like Keystone or Specter).
Every photo you take carries invisible baggage called metadata (EXIF).
- The Threat: A photo of your cat posted on Twitter can reveal your exact GPS coordinates.
- The Solution:
- Use ExifCleaner or
exiftoolto scrub data before sharing. - Screenshot your photos instead of uploading the original file (quickest trick).
- Use ExifCleaner or
The "Grey Man" theory applies here.
- Delay your posts: Never post "Live". If you are at a conference in Lisbon, post about it after you have left the country.
- No "ens" names as handles: Using
vitalik.ethas a Twitter handle is cool, but it publicly links your identity to your wallet balance.
- Whitelisting: Enable "Withdrawal Address Whitelisting" on CEXs. If hacked, funds can only go to your hard wallet.
- Withdraw Protection (2026 Defense): Enable exchange time-lock features (e.g., Binance's "Withdraw Protection," launched May 4, 2026) to freeze on-chain withdrawals for 1–7 days under physical coercion ($5 Wrench Attacks). This is an internal policy lock—not a cryptographic guarantee—and does not block lawful court orders. Source
- Anti-Phishing Code: Set this up in exchange settings. Every legitimate email will contain your secret word. No word? It's a scam.
If you have a large portfolio, the best protection is anonymity. If criminals know your face, name, and movements:
- The Robbery ($5 Wrench Attack): They wait for you, beat you, and force you to unlock your Ledger.
- Social Engineering: They befriend you, offer a "deal," and hack you via a contaminated USB drive or Wi-Fi during a meeting.
- Pseudonyms for Travel: Use nicknames or corporate booking accounts for hotels.
- The "Delivery" Gap: Never use your home address for crypto deliveries or Amazon. Use Relay Points or P.O. Boxes.
- Data Trolling: Deliberately pollute your data footprint. Post a photo of a snowy mountain when you are actually at the beach. Confuse the algorithms and the stalkers.
- The Decoy Wallet: Keep a wallet with $500 on your phone. If mugged, give them this. It satisfies the attacker without ruining you.
If you are running a Web3 startup or Treasury, personal security rules don't scale. You need Governance.
Never hold company funds on a single private key.
- Solution: Safe (formerly Gnosis Safe).
- Config: Use a 3-of-5 or 5-of-8 setup.
- Rule: Signers must use different hardware wallets (Ledger + Trezor + Coldcard) and be geographically distributed.
For high-frequency trading or large institutional treasuries.
- Technology: MPC breaks the private key into "shards" that never meet.
- Providers: Fireblocks, Coinbase Prime, or Copper.
- Why? It allows for policy engines (e.g., "Transactions over $1M require video approval from the CEO").
- The "Bus Factor": If the CTO dies, is the company fund lost?
- Dead Man's Switch: Setup a legal or smart-contract protocol (like Sarcophagus) that releases access to recovery keys after 30-60 days of radio silence.
- Disconnect: Cut the internet immediately. Turn off Wi-Fi.
- Revoke: Use a clean device to go to Revoke.cash and remove permissions for the compromised contract.
- The Lifeboat: Move remaining funds to a fresh, pristine wallet. Do not reuse the old seed.
- SEAL 911 (Emergency Response):
- What is it? A free, 24/7 emergency hotline for crypto hacks, run by the Security Alliance (SEAL). It connects you with top-tier whitehats and security researchers.
- How to use: Contact their Telegram Bot immediately.
- Link: SEAL 911 | Telegram Bot Info
- Note: Also join the SEAL-ISAC (Information Sharing and Analysis Center) if you are a protocol/entity to get real-time threat intel.
- Source: Business Wire
- Blacklist: Contact major stablecoin issuers (Tether, Circle) and exchanges (Binance) immediately. They can freeze USDT/USDC/CEX funds if you act fast.
- Trace: Tag the hacker on Etherscan and file a report with Chainabuse.
A Wall of Shame to remind you that even the giants fall. We separate this into CEX (Centralized Exchange) failures and DeFi (Decentralized Finance) exploits.
2026 snapshot (through Jun 30): Q2 2026 is the most-hacked quarter on record by incident count—83 exploits and ~$755M stolen per DefiLlama/Cointelegraph analysis, with bridges still the costliest vector. April's Kelp DAO + Drift hits alone drove most of the dollar volume; May–June shifted toward private-key / ops failures (Resolv AWS KMS, Taiko GitHub leak, Humanity phishing) and deprecated-contract drains (Raydium AMM V3, Aztec Connect). Source
| Year | Entity | Amount Lost | Vector | Lesson |
|---|---|---|---|---|
| Jun 2026 | Polymarket | $2.9M | Supply Chain / Frontend | Malicious script injected via compromised third-party vendor dependency; users drained via wallet approvals (contracts untouched). Source |
| Apr 2026 | Grinex | $13M | Hot Wallet / Exit? | Russia-linked CEX (Garantex successor) halted ops after ~$13.7M USDT drained; funds swapped to TRX. Source |
| Feb 2025 | Bybit | $1.5B | Supply Chain / JS Injection | Largest crypto theft in history. Safe{Wallet} dev machine compromised; malicious JS redirected a cold-wallet transfer (FBI attributed to Lazarus). Source |
| 2024 | DMM Bitcoin | $305M | Social Eng. / Wallet | Fake job offers to employees allowed deep system access. Source |
| 2022 | FTX / Alameda | ~$477M | Insider / Sim Swap | The "Bank Run" hack. Occurred immediately after bankruptcy filing. Source |
| 2018 | Coincheck | $530M | Phishing / Hot Wallet | Employee opened a malware email. Funds (NEM) were in hot wallets. Source |
| 2016 | Bitfinex | $72M | Multi-sig Bypass | 120k BTC stolen. Money laundered years later by "Razzlekhan". Source |
| 2014 | Mt. Gox | $460M | Malleability Bug | The original sin. 850k BTC lost. Source |
| # | Year | Protocol | Amount Lost | Vector |
|---|---|---|---|---|
| 1 | 2022 | Ronin Network | $625M | Social Engineering / Validator Compromise Source |
| 2 | 2021 | Poly Network | $611M | Cross-Chain Contract Vulnerability Source |
| 3 | 2022 | Binance Bridge | $570M | IAVL Proof Verification Exploit Source |
| 4 | 2022 | Wormhole | $325M | Signature Verification Bypass Source |
| — | 2026 | Kelp DAO | $292M | Off-chain RPC / 1-of-1 DVN forgery (Lazarus) Source |
| — | 2026 | Drift Protocol | $285M | 6-month social eng. / multisig (Lazarus) Source |
| — | 2026 | Humanity Protocol | $36M | Phishing / Admin keys on laptop (DPRK tooling suspected) Source |
| — | 2026 | Resolv | $25M | AWS KMS key compromise / unbacked USR mint Source |
| — | 2026 | Verus Bridge | $11.6M | Forged cross-chain import / missing amount validation Source |
| — | 2026 | THORChain | $10.7M | GG20 TSS key-material leakage (malicious node) Source |
| — | 2026 | Syscoin Bridge | ~$10M | SPV proof parsing mismatch (funds later returned & burned) Source |
| — | 2026 | Aztec Connect | $2.2M | Deprecated ZK rollup: L1/L2 settlement boundary gap Source |
| — | 2026 | Taiko | $1.7M | RSA signing key exposed on public GitHub (SGX prover) Source |
| — | 2026 | Raydium | $1.3M | Deprecated AMM V3 LP-mint validation flaw Source |
| — | 2026 | Gnosis Pay | $0.27M | Zodiac Delay/Roles ERC-1271 signature bypass Source |
| 5 | 2024 | Orbit Chain | $81M | Bridge Multi-sig Compromise Source |
| 6 | 2023 | Euler Finance | $197M | Flash Loan / Logic Error Source |
| 7 | 2022 | Nomad Bridge | $190M | Logic Error (Copy-paste vulnerability) Source |
| 8 | 2022 | Beanstalk Farms | $182M | Governance Flash Loan Attack Source |
| 9 | 2022 | Wintermute | $160M | Profanity Tool (Vanity Address) Exploit Source |
| 10 | 2023 | Multichain | $126M | MPC Key Leak / Insider Job Source |
| 11 | 2021 | Cream Finance | $130M | Flash Loan (Price Manipulation) Source |
| 12 | 2022 | Harmony Horizon | $100M | Private Key Theft (Lazarus) Source |
| 13 | 2021 | BadgerDAO | $120M | Frontend Injection (Cloudflare) Source |
| 14 | 2024 | Munchables | $62M | Rogue Developer (Insider) Source |
| 15 | 2023 | Curve Finance | $61M | Vyper Compiler Bug (Reentrancy) Source |
| 16 | 2021 | Compound | $80M | Comptroller Logic Error Source |
| 17 | 2024 | Radiant Capital | $50M | Lending Logic / Flash Loan Source |
| 18 | 2023 | KyberSwap | $48M | Infinite Approval Loop Bug Source |
| 19 | 2022 | Cashio | $48M | Infinite Mint Glitch Source |
| 20 | 2023 | Socket / Bungee | $3.3M | Approval Exploit Source |
| 21 | 2021 | Grim Finance | $30M | Reentrancy Source |
| 22 | 2021 | Vee Finance | $35M | Oracle Manipulation Source |
| 23 | 2023 | Yearn Finance | $11M | Misconfigured Token (yUSDT) Source |
| 24 | 2022 | Rari Capital | $80M | Reentrancy (Fuse Pools) Source |
| 25 | 2023 | Alphapo | $60M | Hot Wallet Keys Source |
| 26 | 2023 | Stake.com | $41M | Private Key Leak Source |
| 27 | 2022 | Mango Markets | $114M | Oracle Price Manipulation (Avi Eisenberg) Source |
| 28 | 2024 | Hedgey Finance | $44M | Arbitrary Call Vulnerability Source |
| 29 | 2024 | Sonne Finance | $20M | Precision Loss / Empty Market Attack Source |
| 30 | 2024 | UwU Lend | $19M | Price Manipulation Source |
| 31 | 2023 | Exactly Protocol | $7M | Bridge Vulnerability Source |
| 32 | 2023 | Rho Markets | $7.6M | Oracle Misconfiguration Source |
| 33 | 2023 | Galxe | $0.4M | DNS Hijacking Source |
| 34 | 2021 | bZx (Ooki) | $55M | Private Key Phishing Source |
| 35 | 2021 | EasyFi | $80M | Admin Key Compromise Source |
| 36 | 2022 | Qubit Finance | $80M | Bridge Deposit Bug Source |
| 37 | 2022 | Fei Protocol | $80M | Reentrancy Source |
| 38 | 2024 | Gamma Strategies | $6M | Reentrancy Source |
| 39 | 2024 | Abracadabra (MIM) | $6.5M | Rounding Error Source |
| 40 | 2021 | PancakeBunny | $200M | Flash Loan Source |
A dedicated section for the world's most dangerous crypto-threat actor. The DPRK uses stolen crypto to fund weapons programs. Through April 2026, North Korea-linked groups accounted for 76% of global crypto hack losses—$577M from just two April incidents (Drift + KelpDAO)—per TRM Labs (Source). June 2026: Quantstamp linked Humanity Protocol's $36M admin-key theft to DPRK tradecraft (fake Bithumb phishing email). Attack pattern in 2026: fewer incidents, higher precision—long social-engineering campaigns and off-chain infrastructure compromise over brute-force contract bugs. $6B+ in attributed cumulative theft since 2017.
| Year | Victim | Amount (Est.) | Vector | Source/Details |
|---|---|---|---|---|
| Feb 2025 | Bybit | $1.5 Billion | Supply Chain / JS Injection | Largest single heist. Safe{Wallet} dev machine compromised; FBI attributed to Lazarus. Source |
| April 2026 | Kelp DAO | $292 Million | Off-chain RPC / DVN Forgery | Forged cross-chain message via poisoned RPC nodes (1-of-1 DVN config). Source |
| April 2026 | Drift Protocol | $285 Million | Social Engineering | Six-month infiltration; durable-nonce multisig attack (UNC4736). Source |
| June 2026 | Humanity Protocol | $36 Million | Phishing / Key Theft | Fake Bithumb email → malware on director's laptop; 7 admin keys stolen. DPRK tooling suspected. Source |
| 2024 | DMM Bitcoin | $305 Million | Social Engineering | Attackers likely infiltrated the Japanese exchange via fake job offers to staff. Source |
| 2024 | WazirX | $235 Million | Multisig Compromise | Breached the Indian exchange's multisig. Source |
| 2023 | Atomic Wallet | $100 Million | Supply Chain / Update | Malicious update pushed to users of the non-custodial wallet. Source |
| 2023 | Stake.com | $41 Million | Private Key Leak | Targeted the world's largest crypto casino. Source |
| 2023 | CoinEx | $55 Million | Hot Wallet Keys | Compromised hot wallet keys. Source |
| 2022 | Ronin Bridge | $625 Million | Social Engineering | Fake job interview (PDF malware) gave access to Sky Mavis validator nodes. Source |
| 2022 | Harmony Horizon | $100 Million | Private Key Theft | Bridge keys stolen. Funds laundered via Tornado Cash. Source |
Digital security means nothing when a gun is pointed at your head.
France has become a primary target zone for physical crypto extortion. France's National Anti-Organized Crime Prosecutor's Office (PNACO) recorded 47 crypto-linked kidnappings or sequestrations through April 2026 (18 in 2024, 67 in 2025), with 88 people charged across 12 consolidated investigations by late April. By mid-June, police leadership cited ~70+ incidents since January 2026 as the pace accelerated into Provence and Île-de-France. Attackers correlate leaked exchange databases (Ledger, tax tools like Waltio) with public social media to select targets. Source | Source
- Jan 2025 (Vierzon) - Ledger Co-Founder: David Balland, co-founder of Ledger, was kidnapped at his home. Attackers severed his finger to force him to unlock devices.
- Jan 2025 (Troyes) - The Trap: A 30-year-old entrepreneur lured to a fake client meeting, kidnapped by 4 men.
- Source: JDD
- May 2025 (Paris) - Paymium Family: The daughter and grandson of Paymium CEO Pierre Noizat were targeted in a kidnapping attempt in Paris.
- Source: Hyperion Services
- June 2025 (Maisons-Alfort) - The "Errand Boy": A 23-year-old investor was kidnapped while running errands; forced to ransom his own Ledger + €5k cash.
- Source: FinanceFeeds | Le Parisien
- Dec 2025 (Charente-Maritime) - The Couple: A couple in Dompierre-sur-Mer was sequestered and robbed of ~€9 million in cryptocurrency.
- Source: Capital.fr | CNews
- Dec 2025 (Val-d'Oise) - The Father: The father of a crypto entrepreneur was kidnapped in broad daylight to extort his son.
- Source: Cryptoast
- Jan 2026 (Cholet) - The "Software Architect": A 43-year-old crypto investor was kidnapped at his home, tied up, and released 50km away.
- Source: Ouest France
- Jan 2026 (Sarthe) - Family Sequestered: A couple and their three children were held at gunpoint overnight in La Chapelle-Saint-Aubin (near Le Mans) to extort cryptocurrency access codes.
- Source: Ouest-France
- Jan 2026 (Manosque) - Home Invasion: A woman was assaulted and sequestered at her home by attackers demanding her partner's crypto keys; a USB drive was stolen.
- Source: Le Parisien | Ouest-France
- Feb 2026 (Isère) - The Magistrate: A magistrate and her mother were kidnapped and held captive for 30 hours to extort her partner, a crypto startup associate. Six individuals were arrested.
- Source: The Guardian | Le Monde
- March 2026 (Yvelines) - Fake Police: A couple was sequestered in Le Chesnay by individuals posing as police officers, forcing a transfer of €900,000 in Bitcoin.
- Source: Le Parisien | Franceinfo
- April 2026 (Yonne) - Armed Commando: A mother and son were kidnapped at their home by an armed commando demanding a crypto ransom. They were successfully rescued by the GIGN.
- Source: Le Monde | Ouest-France
- April 2026 (Finistère) - Family Sequestered: Five members of a family were sequestered in Ploudalmézeau by hooded individuals aiming to steal the father's cryptocurrency wallet (~€700k).
- Source: France 3 | 20 Minutes
- May 2026 (Seine-et-Marne) - Fake Delivery: A crypto-company CEO's wife was targeted at home in Villenoy by attackers posing as delivery workers; neighbors intervened; two suspects (ages 15 & 18) arrested with fake gun and zip ties.
- Source: Le Parisien | Ouest-France
- June 2026 (Bouches-du-Rhône) - Night Commandos: In one night, a commando hit three homes (Marseille 13e, Gardanne, Gignac-la-Nerthe); two women seized in Gignac during a forced crypto transfer; four attackers caught in flagrante by BRB Marseille.
- Source: La Provence | Journal du Coin
- Nov 2025 (Oxford/London): Five people traveling in a car were stopped by masked robbers and forced to transfer £1.1M in crypto.
- Source: The Guardian
- Nov 2024 (Toronto): Dean Skurka (CEO of WonderFi) forced into a vehicle, held for $1M ransom.
- Source: CBC
- Dec 2022 (Ontario): Aiden Pleterski ("Crypto King" Ponzi) kidnapped, beaten, and tortured.
- Source: BBC
- May 2025 (New York): "House of Horrors". An Italian entrepreneur lured to a Manhattan townhouse, held for 17 days.
- Source: CBC News
- May 2024 (Connecticut): A couple rammed in their Lamborghini and abducted.
- Source: CNBC
- Oct 2025 (Dubai): Roman Novak and his wife were kidnapped and later found murdered in the desert.
- Source: DL News
- Dec 2025 (Sheung Wan) - The "Japanese Company" Heist: Employees were robbed of $6.4M in cash/crypto by a gang.
- Source: SCMP
- Sep 2022 (Thailand): Russian couple ambushed and forced to transfer $100k.
- Source: Bangkok Post
- Jan 2020 (Thailand): Mark Cheng (Singaporean) kidnapped.
- Source: The Straits Times
The battlefield is evolving. We are moving from static phishing to dynamic, AI-driven warfare.
- Deepfakes: Scammers use real-time video/voice cloning of CEOs or family members to authorize transactions. (Already seen in traditional finance; increasingly relevant for multisig and treasury governance.)
- The 82:1 Machine Identity Gap: Enterprise environments now average ~82 machine identities (API keys, bots, autonomous AI agents) per human employee—creating a massive, often unmonitored attack surface that adversaries target instead of humans directly. Source
- Hyper-Personalization: AI scrapes your entire digital footprint to create spear-phishing that is nearly indistinguishable from legitimate communication.
- "Harvest Now, Decrypt Later": Nation-states are recording encrypted traffic today (including your transaction signatures). When Quantum Computers mature (predicted ~2029-2030), they will break current ECDSA encryption and derive private keys from old signatures.
- Defense: You must migrate to Post-Quantum Cryptography (PQC) algorithms when they become available on chains like Ethereum.
- Malicious Libraries: Attackers poison open-source code repositories (npm, pip) used by wallet developers, injecting dormant backdoors that activate only when large balances are detected.
- OpsSec Failures (2026 trend): Private keys committed to GitHub (Taiko), AWS KMS policy gaps (Resolv), and vendor frontend injections (Polymarket) now rival smart-contract bugs as loss drivers.
- Model Poisoning: Manipulating the data used to train AI security bots, rendering them blind to specific attack vectors.
Follow these accounts for real-time security alerts.
- @ZachXBT (On-chain sleuth)
- @P3b7_ (Ledger Donjon)
- @samczsun (Paradigm)
- @SlowMist_Team (Asian market/Lazarus intel)
- @tayvano (Phishing specialist)
- Extreme Privacy (5th Edition) by Michael Bazzell.
- Mastering Bitcoin by Andreas Antonopoulos.
- The Blocksize War by Jonathan Bier.
- Sandworm by Andy Greenberg (Understanding state-sponsored cyberwar).
- Tracers in the Dark by Andy Greenberg.
- "SoK: Decentralized Finance (DeFi) Attacks" (Zhou et al.) - A systematic classification of DeFi exploits.
- "Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability" (Daian et al.) - The seminal paper on MEV.
- "On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation" (arXiv 2025).
- SEAL 911: github.com/security-alliance/seal-911
- Rekt Database: Rekt.news (Detailed post-mortems of hacks).
- TRM Labs Intelligence: trmlabs.com/resources/blog (State-actor attribution, hack trends).
- Chainalysis Threat Intel: chainalysis.com/blog (Incident analysis and laundering patterns).
- Jameson Lopp — Physical Attack Tracker: github.com/jlopp/physical-bitcoin-attacks (Open dataset of wrench attacks worldwide).
- Privacy Guides: PrivacyGuides.org
- Revoke Cash: Revoke.cash
Stay Safe. Stay Private. Don't Trust, Verify.
