{"id":42240365,"url":"https://github.com/samouraiworld/sec-guidebook","last_synced_at":"2026-01-27T04:08:53.966Z","repository":{"id":44746640,"uuid":"452612758","full_name":"samouraiworld/sec-guidebook","owner":"samouraiworld","description":"The Ultimate Security Guide Book for new-cryptorich friends","archived":false,"fork":false,"pushed_at":"2025-11-27T10:24:10.000Z","size":55,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-30T03:29:00.846Z","etag":null,"topics":["exploits","good-practices","privacy","protection","security","wallet"],"latest_commit_sha":null,"homepage":"https://www.samourai.world","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/samouraiworld.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-01-27T09:09:57.000Z","updated_at":"2025-11-27T10:24:13.000Z","dependencies_parsed_at":"2022-09-09T22:51:46.072Z","dependency_job_id":null,"html_url":"https://github.com/samouraiworld/sec-guidebook","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/samouraiworld/sec-guidebook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouraiworld%2Fsec-guidebook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouraiworld%2Fsec-guidebook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouraiworld%2Fsec-guidebook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouraiworld%2Fsec-guidebook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/samouraiworld","download_url":"https://codeload.github.com/samouraiworld/sec-guidebook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouraiworld%2Fsec-guidebook/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28801225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T03:44:14.111Z","status":"ssl_error","status_checked_at":"2026-01-27T03:43:33.507Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploits","good-practices","privacy","protection","security","wallet"],"created_at":"2026-01-27T04:08:53.261Z","updated_at":"2026-01-27T04:08:53.948Z","avatar_url":"https://github.com/samouraiworld.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n-----\n\n# The Ultimate Security Guide Book for new-cryptorich friends :notebook:\n\n\u003e **Offered to Web3 community by zôÖma, from [samourai.world](https://samourai.world) crew**\n\u003e *With the support of the community.*\n\u003e *Feel free to contribute.*\n\n-----\n![](https://i.imgur.com/YENeD5H.jpg)\n\n### Introduction :wave:\n\nThis is an exciting time for those of us in the Web3 world who are exploring this new continent of decentralized protocols.\n\nIn just over a decade, this new wave of technology, initiated by Bitcoin, has proven its robust security. The growth of its market has led to ever-higher valuations, enabling profiles around the world—young and old, technical and non-technical—to access funds that are sometimes life-changing.\n\n**But remember:** Bitcoin, just like its little sister cryptocurrencies, brings the world a totally new freedom of emancipation from banks. With this freedom comes a huge responsibility: **to be your own bank.**\n\nWhere Bitcoin liberates, it brings its own set of constraints. You may think this advice is useless because your wallet is too small to interest malicious actors. Or you may think you are safe because you live in a \"safe\" country.\n\n**You are wrong.**\nYour portfolio today could be worth millions in a few years. The security mistakes you make today will impact your safety tomorrow.\n\nThis book is for you—traders, builders, and holders—to ensure the safety of:\n\n  - Young, newly rich cryptocurrency traders.\n  - Celebrities and public figures entering Web3.\n  - New users of this new continent.\n  - Your mother, who just asked you how to buy Bitcoin.\n\n-----\n\n\u003e **Note:** This document is a living standard. It will be updated by the community and remain free.\n\n-----\n\n## :checkered_flag: Checklist version for Top level security (TLDR)\n\n### The Ninja Setup :martial\\_arts\\_uniform:\n\nLet's build your configuration from scratch. Make yourself comfortable and let's go.\n\n### \\#1 : Before the setup :coffee:\n\n  - [ ] **Cash is King:** Prepare cash to buy your devices physically. Avoid credit cards to prevent purchase metadata from linking your identity to a hardware wallet order.\n  - [ ] **Sanitize Environment:** Set up in a private room. Close the curtains. Cover webcams.\n  - [ ] **Secure Network:** Do not use public Wi-Fi. Use a private, password-protected connection (ideally a fresh 4G/5G hotspot).\n\n-----\n\n### \\#2 : Computer configuration :computer:\n\n  - [ ] **Dedicated Device:** Buy a separate, cheap laptop for **crypto-related activities only**.\n\n      - *Recommendation:* A refurbished ThinkPad running Linux (Mint or Ubuntu) or a clean MacBook Air.\n      - *Rule:* This laptop never visits YouTube, never opens Discord, and never checks Facebook.\n\n  - [ ] **The \"Lambda\" Email:** Create a dedicated email for non-sensitive, non-crypto commercial stuff.\n\n      - *Recommendation:* ProtonMail (free tier).\n\n  - [ ] **VPN (Virtual Private Network):**\n\n      - *Recommendation:* **Mullvad** (paid with cash/crypto) or **IVPN**. Avoid \"free\" VPNs; they sell your data.\n      - *Link:* [Mullvad VPN](https://mullvad.net/)\n\n  - [ ] **DNS Security:**\n\n      - *Recommendation:* **NextDNS** to block trackers at the network level.\n      - *Link:* [NextDNS](https://nextdns.io)\n\n  - [ ] **Password Manager:**\n\n      - *Recommendation:* **Bitwarden** (Open Source) or **1Password**.\n      - *Tip:* Learn to create [Strong Passwords](https://berty.tech/blog/create-strong-password/).\n\n  - [ ] **The \"Crypto\" Email:**\n\n      - Create a dedicated email **only** for exchanges (Binance, Kraken, etc.).\n      - *Recommendation:* ProtonMail.\n      - *Security:* 20+ char password + 2FA (YubiKey or Authy/Raivo, **never SMS**).\n      - *Warning:* Never share this address. If you receive spam here, your exchange leaked your data. Burn it and start over.\n\n-----\n\n### \\#3 : Hardware Wallet :key:\n\n  - [ ] **Procurement:** Buy a hardware wallet.\n      - **Warning:** Never order to your home address\\! Use a P.O. Box, an Amazon Locker (if available for direct vendors), or a friend's office.\n      - *Tip:* Create a dedicated pseudonym for the order.\n      - *Link:* [Ledger](https://shop.ledger.com/) (French, Secure Element) or [Coinkite](https://coinkite.com/) (Coldcard, Bitcoin Only).\n\n-----\n\n### \\#4 : Software Wallets \u0026 Nodes\n\n#### Bitcoin:\n\n  - [ ] **Desktop: Sparrow Wallet**\n      - The gold standard for desktop Bitcoin wallets. Supports hardware wallets, Tor, and advanced \"Coin Control\" (choosing exactly which coins to spend to avoid linking your history).\n      - *Link:* [Sparrow Wallet](https://sparrowwallet.com)\n  - [ ] \\~\\~Samourai Wallet\\~\\~ *(Deprecated/Seized by DOJ 2024)*.\n  - [ ] **Mobile: Envoy or Nunchuk**\n      - **Envoy:** Simple, privacy-focused, Tor built-in. Good for daily spending.\n      - **Nunchuk:** Security-focused, excellent for Multi-Sig and \"Vault\" setups.\n  - [ ] **Run a Node:** Don't trust, verify. Run a RoninDojo or Umbrel node.\n      - *Link:* [RoninDojo](https://ronindojo.io/)\n\n#### Ethereum / EVM:\n\n  - [ ] **Rabby Wallet:**\n      - Far superior to MetaMask. It simulates transactions before you sign them to warn you if you are about to be drained.\n      - *Link:* [Rabby.io](https://rabby.io)\n\n### \\#5: The \"Seed\" Protocol (IRL Storage)\n\nYour seed phrase is your soul. If you lose it, you die (financially).\n\n  - [ ] **Steel Backup:** Paper burns. Ink fades. Use steel.\n      - *Link:* [Cryptosteel](https://cryptosteel.com/) or [Seedplate](https://coinkite.com/).\n  - [ ] **Geographic Split:** Don't keep the seed and the passphrase (salt) in the same house.\n      - *Case Study:* Put the Steel Seed in a bank deposit box or buried in a PVC pipe. Put the Passphrase in a password manager or a different physical location.\n\n-----\n\n## Healthy Online Lifestyle :spider\\_web:\n\n### Dockerise \u0026 Split your online life :package:\n\nThe \"One Device for All\" era is over. If you use the same laptop to download torrents and sign multi-million dollar transactions, you are a walking target.\n\n  * **The Qubes OS Approach:** For the paranoid (and you should be), use [Qubes OS](https://www.qubes-os.org/). It isolates every app in a separate virtual machine (VM).\n  * **The \"Air-Gap\" Strategy:** Maintain a dedicated machine that **never touches the internet**. It only communicates via QR codes (using wallets like Keystone or Specter).\n\n### Do care about Metadata :detective:\n\nEvery photo you take carries invisible baggage called metadata (EXIF).\n\n  * **The Threat:** A photo of your cat posted on Twitter can reveal your exact GPS coordinates.\n  * **The Solution:**\n      * Use **ExifCleaner** or `exiftool` to scrub data before sharing.\n      * Screenshot your photos instead of uploading the original file (quickest trick).\n\n### Social Network Posts :shushing\\_face:\n\nThe \"Grey Man\" theory applies here.\n\n  * **Delay your posts:** Never post \"Live\". If you are at a conference in Lisbon, post about it *after* you have left the country.\n  * **No \"ens\" names as handles:** Using `vitalik.eth` as a Twitter handle is cool, but it publicly links your identity to your wallet balance.\n\n### Exchange Relations :bank:\n\n  * **Whitelisting:** Enable \"Withdrawal Address Whitelisting\" on CEXs. If hacked, funds can only go to *your* hard wallet.\n  * **Anti-Phishing Code:** Set this up in exchange settings. Every legitimate email will contain your secret word. No word? It's a scam.\n\n-----\n\n## IRL Life : *\"Free \u0026 Anonymous is the new Rich \u0026 Famous\"* :ghost:\n\n### Be a phantom, a ninja, and care about details.\n\nIf you have a large portfolio, the best protection is anonymity.\nIf criminals know your face, name, and movements:\n\n1.  **The Robbery ($5 Wrench Attack):** They wait for you, beat you, and force you to unlock your Ledger.\n2.  **Social Engineering:** They befriend you, offer a \"deal,\" and hack you via a contaminated USB drive or Wi-Fi during a meeting.\n\n### Tips List: :notebook_with_decorative_cover:\n\n  - [ ] **Pseudonyms for Travel:** Use nicknames or corporate booking accounts for hotels.\n  - [ ] **The \"Delivery\" Gap:** Never use your home address for crypto deliveries or Amazon. Use Relay Points or P.O. Boxes.\n  - [ ] **Data Trolling:** Deliberately pollute your data footprint. Post a photo of a snowy mountain when you are actually at the beach. Confuse the algorithms and the stalkers.\n  - [ ] **The Decoy Wallet:** Keep a wallet with $500 on your phone. If mugged, give them this. It satisfies the attacker without ruining you.\n\n-----\n\n## How to secure your company's crypto? :office:\n\nIf you are running a Web3 startup or Treasury, personal security rules don't scale. You need **Governance**.\n\n### 1\\. Multi-Signature Wallets (The DAO Standard)\n\nNever hold company funds on a single private key.\n\n  * **Solution:** **Safe (formerly Gnosis Safe)**.\n  * **Config:** Use a **3-of-5** or **5-of-8** setup.\n  * **Rule:** Signers must use different hardware wallets (Ledger + Trezor + Coldcard) and be geographically distributed.\n\n### 2\\. MPC (Multi-Party Computation) for Institutions\n\nFor high-frequency trading or large institutional treasuries.\n\n  * **Technology:** MPC breaks the private key into \"shards\" that never meet.\n  * **Providers:** Fireblocks, Coinbase Prime, or Copper.\n  * **Why?** It allows for policy engines (e.g., \"Transactions over $1M require video approval from the CEO\").\n\n### 3\\. Operational Governance\n\n  * **The \"Bus Factor\":** If the CTO dies, is the company fund lost?\n  * **Dead Man's Switch:** Setup a legal or smart-contract protocol (like [Sarcophagus](https://sarcophagus.io/)) that releases access to recovery keys after 30-60 days of radio silence.\n\n-----\n\n## Post-Hack Protocol :anger:\n\n### How to react quickly if you've been hacked?\n\n1.  **Disconnect:** Cut the internet immediately. Turn off Wi-Fi.\n2.  **Revoke:** Use a clean device to go to [Revoke.cash](https://revoke.cash) and remove permissions for the compromised contract.\n3.  **The Lifeboat:** Move remaining funds to a fresh, pristine wallet. **Do not reuse the old seed.**\n4.  **SEAL 911 (Emergency Response):**\n      * **What is it?** A free, 24/7 emergency hotline for crypto hacks, run by the Security Alliance (SEAL). It connects you with top-tier whitehats and security researchers.\n      * **How to use:** Contact their Telegram Bot immediately.\n      * **Link:** [SEAL 911](https://github.com/security-alliance/seal-911) | [Telegram Bot Info](https://t.me/seal_911_bot)\n      * **Note:** Also join the **SEAL-ISAC** (Information Sharing and Analysis Center) if you are a protocol/entity to get real-time threat intel.\n      * *Source:* [Business Wire](https://www.businesswire.com/news/home/20240417493276/en/Security-Alliance-SEAL-Launches-Free-Crypto-Native-ISAC)\n5.  **Blacklist:** Contact major stablecoin issuers (Tether, Circle) and exchanges (Binance) immediately. They can freeze USDT/USDC/CEX funds if you act fast.\n6.  **Trace:** Tag the hacker on Etherscan and file a report with [Chainabuse](https://www.chainabuse.com/).\n\n-----\n\n# Hacked Stories :fishing\\_pole\\_and\\_fish:\n\n*A Wall of Shame to remind you that even the giants fall. We separate this into CEX (Centralized Exchange) failures and DeFi (Decentralized Finance) exploits.*\n\n### 🏛️ Centralized Exchange (CEX) \u0026 Infrastructure Hacks\n\n| Year | Entity | Amount Lost | Vector | Lesson |\n| :--- | :--- | :--- | :--- | :--- |\n| **Feb 2025** | **Bybit** | **$1.5B** | Hot Wallet / Key Leak | **Largest crypto theft in history.** Attributed to Lazarus Group. |\n| **2024** | **DMM Bitcoin** | $305M | Social Eng. / Wallet | Fake job offers to employees allowed deep system access. |\n| **2022** | **FTX / Alameda** | ~$477M | Insider / Sim Swap | The \"Bank Run\" hack. Occurred immediately after bankruptcy filing. |\n| **2018** | **Coincheck** | $530M | Phishing / Hot Wallet | Employee opened a malware email. Funds (NEM) were in hot wallets. |\n| **2016** | **Bitfinex** | $72M | Multi-sig Bypass | 120k BTC stolen. Money laundered years later by \"Razzlekhan\". |\n| **2014** | **Mt. Gox** | $460M | Malleability Bug | The original sin. 850k BTC lost. |\n\n### 🦄 DeFi Protocol Hacks (Last 5 Years - Top 40)\n\n| \\# | Year | Protocol | Amount Lost | Vector |\n| :--- | :--- | :--- | :--- | :--- |\n| 1 | 2022 | **Ronin Network** | $625M | Social Engineering / Validator Compromise |\n| 2 | 2021 | **Poly Network** | $611M | Cross-Chain Contract Vulnerability |\n| 3 | 2022 | **Binance Bridge** | $570M | IAVL Proof Verification Exploit |\n| 4 | 2022 | **Wormhole** | $325M | Signature Verification Bypass |\n| 5 | 2024 | **Orbit Chain** | $81M | Bridge Multi-sig Compromise |\n| 6 | 2023 | **Euler Finance** | $197M | Flash Loan / Logic Error |\n| 7 | 2022 | **Nomad Bridge** | $190M | Logic Error (Copy-paste vulnerability) |\n| 8 | 2022 | **Beanstalk Farms** | $182M | Governance Flash Loan Attack |\n| 9 | 2022 | **Wintermute** | $160M | Profanity Tool (Vanity Address) Exploit |\n| 10 | 2023 | **Multichain** | $126M | MPC Key Leak / Insider Job |\n| 11 | 2021 | **Cream Finance** | $130M | Flash Loan (Price Manipulation) |\n| 12 | 2022 | **Harmony Horizon** | $100M | Private Key Theft (Lazarus) |\n| 13 | 2021 | **BadgerDAO** | $120M | Frontend Injection (Cloudflare) |\n| 14 | 2024 | **Munchables** | $62M | Rogue Developer (Insider) |\n| 15 | 2023 | **Curve Finance** | $61M | Vyper Compiler Bug (Reentrancy) |\n| 16 | 2021 | **Compound** | $80M | Comptroller Logic Error |\n| 17 | 2024 | **Radiant Capital** | $50M | Lending Logic / Flash Loan |\n| 18 | 2023 | **KyberSwap** | $48M | Infinite Approval Loop Bug |\n| 19 | 2022 | **Cashio** | $48M | Infinite Mint Glitch |\n| 20 | 2023 | **Socket / Bungee** | $3.3M | Approval Exploit |\n| 21 | 2021 | **Grim Finance** | $30M | Reentrancy |\n| 22 | 2021 | **Vee Finance** | $35M | Oracle Manipulation |\n| 23 | 2023 | **Yearn Finance** | $11M | Misconfigured Token (yUSDT) |\n| 24 | 2022 | **Rari Capital** | $80M | Reentrancy (Fuse Pools) |\n| 25 | 2023 | **Alphapo** | $60M | Hot Wallet Keys |\n| 26 | 2023 | **Stake.com** | $41M | Private Key Leak |\n| 27 | 2022 | **Mango Markets** | $114M | Oracle Price Manipulation (Avi Eisenberg) |\n| 28 | 2024 | **Hedgey Finance** | $44M | Arbitrary Call Vulnerability |\n| 29 | 2024 | **Sonne Finance** | $20M | Precision Loss / Empty Market Attack |\n| 30 | 2024 | **UwU Lend** | $19M | Price Manipulation |\n| 31 | 2023 | **Exactly Protocol** | $7M | Bridge Vulnerability |\n| 32 | 2023 | **Rho Markets** | $7.6M | Oracle Misconfiguration |\n| 33 | 2023 | **Galxe** | $0.4M | DNS Hijacking |\n| 34 | 2021 | **bZx (Ooki)** | $55M | Private Key Phishing |\n| 35 | 2021 | **EasyFi** | $80M | Admin Key Compromise |\n| 36 | 2022 | **Qubit Finance** | $80M | Bridge Deposit Bug |\n| 37 | 2022 | **Fei Protocol** | $80M | Reentrancy |\n| 38 | 2024 | **Gamma Strategies** | $6M | Reentrancy |\n| 39 | 2024 | **Abracadabra (MIM)** | $6.5M | Rounding Error |\n| 40 | 2021 | **PancakeBunny** | $200M | Flash Loan |\n\n-----\n\n# The Lazarus Group: North Korean State Hackers :flag\\_kp:\n\n*A dedicated section for the world's most dangerous crypto-threat actor. The DPRK uses stolen crypto to fund weapons programs. They account for an estimated **$3 Billion+** in thefts.*\n\n\n| Year | Victim | Amount (Est.) | Vector | Source/Details |\n| :--- | :--- | :--- | :--- | :--- |\n| **Feb 2025** | **Bybit** | **$1.5 Billion** | Supply Chain / Key Leak | Largest single heist. Attributed to Lazarus Group. [Source](https://www.chainalysis.com/blog/2025-crypto-crime-report-preview-lazarus-group-hack/) |\n| **2024** | **DMM Bitcoin** | $305 Million | Social Engineering | Attackers likely infiltrated the Japanese exchange via fake job offers to staff. [Source](https://www.elliptic.co/blog/analysis/dmm-bitcoin-suffers-305-million-hack) |\n| **2024** | **WazirX** | $235 Million | Multisig Compromise | Breached the Indian exchange's multisig. [Source](https://techcrunch.com/2024/07/18/indias-wazirx-crypto-exchange-halt-withdrawals-after-cyberattack/) |\n| **2023** | **Atomic Wallet** | $100 Million | Supply Chain / Update | Malicious update pushed to users of the non-custodial wallet. [Source](https://www.elliptic.co/blog/analysis/analysis-of-the-atomic-wallet-hack) |\n| **2023** | **Stake.com** | $41 Million | Private Key Leak | Targeted the world's largest crypto casino. [Source](https://www.coindesk.com/business/2023/09/04/crypto-casino-stake-targeted-in-suspected-41m-exploit/) |\n| **2023** | **CoinEx** | $55 Million | Hot Wallet Keys | Compromised hot wallet keys. [Source](https://www.chainalysis.com/blog/coinex-hack-lazarus-group-north-korea/) |\n| **2022** | **Ronin Bridge** | $625 Million | Social Engineering | Fake job interview (PDF malware) gave access to Sky Mavis validator nodes. [Source](https://www.fbi.gov/news/press-releases/fbi-statement-on-attribution-of-malicious-cyber-activity-to-the-lazarus-group-and-apt38) |\n| **2022** | **Harmony Horizon** | $100 Million | Private Key Theft | Bridge keys stolen. Funds laundered via Tornado Cash. [Source](https://www.elliptic.co/blog/analysis/over-1-billion-stolen-from-bridges-so-far-in-2022-as-harmony-s-horizon-bridge-becomes-latest-victim-in-100-million-hack/) |\n\n-----\n\n# Kidnappings \u0026 Physical Attacks :gun:\n\n*Digital security means nothing when a gun is pointed at your head.*\n\n### France (The 2024-2026 Surge)\n\n*France has recently become a primary target zone for physical crypto extortion.*\n\n1.  **Jan 2025 (Vierzon) - Ledger Co-Founder:** David Balland, co-founder of Ledger, was kidnapped at his home. Attackers severed his finger to force him to unlock devices.\n    * *Source:* [DL News](https://www.dlnews.com/articles/people-culture/ledger-co-founder-david-balland-victim-of-violent-kidnapping/) | [Le Monde](https://www.lemonde.fr/pixels/article/2025/01/23/les-kidnappeurs-d-un-cofondateur-de-ledger-et-de-sa-compagne-interpelles-apres-une-gigantesque-chasse-a-l-homme_6512799_4408996.html)\n2.  **Jan 2025 (Troyes) - The Trap:** A 30-year-old entrepreneur lured to a fake client meeting, kidnapped by 4 men.\n    * *Source:* [JDD](https://www.lejdd.fr/Societe/info-jdd-troyes-un-autre-entrepreneur-en-cryptomonnaies-enleve-quatre-suspects-interpelles-154239)\n3.  **May 2025 (Paris) - Paymium Family:** The daughter and grandson of Paymium CEO Pierre Noizat were targeted in a kidnapping attempt in Paris.\n    * *Source:* [Hyperion Services](https://hyperionservices.co/bitcoin-crypto-kidnappings/)\n4.  **June 2025 (Maisons-Alfort) - The \"Errand Boy\":** A 23-year-old investor was kidnapped while running errands; forced to ransom his own Ledger + €5k cash.\n    * *Source:* [FinanceFeeds](https://financefeeds.com/tenth-crypto-kidnapping-in-france-alarms-community/) | [Le Parisien](https://www.leparisien.fr/val-de-marne-94/maisons-alfort-enleve-et-sequestre-pour-ses-cryptomonnaies-19-06-2025-8LZ4.php)\n5.  **Dec 2025 (Charente-Maritime) - The Couple:** A couple in Dompierre-sur-Mer was sequestered and robbed of ~€9 million in cryptocurrency.\n    * *Source:* [Capital.fr](https://www.capital.fr/votre-argent/braquage-a-dompierre-sur-mer-un-couple-deleste-de-9-millions-deuros-en-crypto-1502541) | [CNews](https://www.cnews.fr/france/2025-12-19/charente-maritime-un-couple-sequestre-et-depouille-de-plusieurs-millions-deuros)\n6.  **Dec 2025 (Val-d'Oise) - The Father:** The father of a crypto entrepreneur was kidnapped in broad daylight to extort his son.\n    * *Source:* [Cryptoast](https://cryptoast.fr/enlevement-pere-famille-val-doise-rancon-crypto/)\n7.  **Jan 2026 (Cholet) - The \"Software Architect\":** A 43-year-old crypto investor was kidnapped at his home, tied up, and released 50km away.\n    * *Source:* [Ouest France](https://www.ouest-france.fr/societe/faits-divers/jai-entendu-des-cris-dans-la-rue-enleve-au-petit-matin-pour-ses-cryptomonnaies-pres-de-cholet-f97a7740-ed71-11f0-ae78-1a0629cc1f87)\n8.  **Jan 2026 (Manosque) - Home Invasion:** A woman was assaulted and sequestered at her home by attackers demanding her crypto keys.\n    * *Source:* [Cointribune](https://www.cointribune.com/en/crypto-security-alert-new-violent-home-jacking-in-manosque/)\n\n### United Kingdom\n\n1.  **Nov 2025 (Oxford/London):** Five people traveling in a car were stopped by masked robbers and forced to transfer £1.1M in crypto.\n    * *Source:* [The Guardian](https://www.theguardian.com/uk-news/2025/nov/19/four-arrested-after-luxury-watch-cryptocurrency-stolen-oxford)\n\n### Canada\n\n1.  **Nov 2024 (Toronto):** Dean Skurka (CEO of WonderFi) forced into a vehicle, held for $1M ransom.\n    * *Source:* [CBC](https://www.cbc.ca/news/canada/toronto/crypto-bitcoin-price-ceo-toronto-kidnapping-1.7378241)\n2.  **Dec 2022 (Ontario):** Aiden Pleterski (\"Crypto King\" Ponzi) kidnapped, beaten, and tortured.\n    * *Source:* [BBC](https://www.bbc.com/news/world-us-canada-69023845)\n\n### United States\n\n1.  **May 2025 (New York):** \"House of Horrors\". An Italian entrepreneur lured to a Manhattan townhouse, held for 17 days.\n    * *Source:* [CBC News](https://www.cbc.ca/news/world/world-us-cryptocurrency-related-crimes-1.7546701)\n2.  **May 2024 (Connecticut):** A couple rammed in their Lamborghini and abducted.\n    * *Source:* [CNBC](https://www.cnbc.com/2024/10/17/cryptocurrency-theft-google-kidnapping-lamborghi-bar-.html)\n\n### United Arab Emirates\n\n1.  **Oct 2025 (Dubai):** Roman Novak and his wife were kidnapped and later found murdered in the desert.\n    * *Source:* [DL News](https://www.dlnews.com/articles/people-culture/russian-crypto-millionaire-found-dead-in-dubai/)\n\n### Hong Kong\n\n1.  **Dec 2025 (Sheung Wan) - The \"Japanese Company\" Heist:** Employees were robbed of $6.4M in cash/crypto by a gang.\n    * *Source:* [SCMP](https://www.scmp.com/news/hong-kong/law-and-crime/article/3337905/hong-kong-police-arrest-15-over-hk50-million-robbery-japanese-firm-staff)\n\n### Thailand / Singapore\n\n1.  **Sep 2022 (Thailand):** Russian couple ambushed and forced to transfer $100k.\n    * *Source:* [Bangkok Post](https://www.bangkokpost.com/thailand/general/2401755/russian-realtors-lose-b1-8m-in-extortion)\n2.  **Jan 2020 (Thailand):** Mark Cheng (Singaporean) kidnapped.\n    * *Source:* [The Straits Times](https://www.straitstimes.com/asia/se-asia/singaporean-man-kidnapped-in-thailand-by-fellow-singaporean-ransom-paid-in-bitcoins)\n\n-----\n\n# Future of CyberAttacks :robot:\n\n*The battlefield is evolving. We are moving from static phishing to dynamic, AI-driven warfare.*\n\n### 1\\. AI-Driven Social Engineering\n\n  * **Deepfakes:** Scammers will use real-time video/voice cloning of CEOs or family members to authorize transactions. (Already seen in traditional finance, coming to crypto governance).\n  * **The 82:1 Ratio:** Autonomous AI attack agents will outnumber human defenders 82 to 1 by 2026.\n  * **Hyper-Personalization:** AI will scrape your entire digital footprint to create \"perfect\" spear-phishing emails that are impossible to distinguish from reality.\n\n### 2\\. Quantum Threats (Q-Day)\n\n  * **\"Harvest Now, Decrypt Later\":** Nation-states are recording encrypted traffic today (including your transaction signatures). When Quantum Computers mature (predicted \\~2029-2030), they will break current ECDSA encryption and derive private keys from old signatures.\n  * **Defense:** You must migrate to Post-Quantum Cryptography (PQC) algorithms when they become available on chains like Ethereum.\n\n### 3\\. Data Poisoning \u0026 Supply Chain\n\n  * **Malicious Libraries:** Attackers will poison open-source code repositories (npm, pip) used by wallet developers, injecting dormant backdoors that activate only when large balances are detected.\n  * **Model Poisoning:** Manipulating the data used to train AI security bots, rendering them blind to specific attack vectors.\n\n-----\n\n### :link: Resources \u0026 Guides\n\n#### :detective: The \"White Hat\" Researchers List\n\n*Follow these accounts for real-time security alerts.*\n\n  * **@ZachXBT** (On-chain sleuth)\n  * **@P3b7\\_** (Ledger Donjon)\n  * **@samczsun** (Paradigm)\n  * **@SlowMist\\_Team** (Asian market/Lazarus intel)\n  * **@tayvano** (Phishing specialist)\n\n#### :books: Books \u0026 Recommended Reading\n\n  * **Extreme Privacy (5th Edition)** by *Michael Bazzell*.\n  * **Mastering Bitcoin** by *Andreas Antonopoulos*.\n  * **The Blocksize War** by *Jonathan Bier*.\n  * **Sandworm** by *Andy Greenberg* (Understanding state-sponsored cyberwar).\n  * **Tracers in the Dark** by *Andy Greenberg*.\n\n#### :scroll: Academic \u0026 Technical Papers\n\n  * **\"SoK: Decentralized Finance (DeFi) Attacks\"** (Zhou et al.) - A systematic classification of DeFi exploits.\n  * **\"Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability\"** (Daian et al.) - The seminal paper on MEV.\n  * **\"On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation\"** (arXiv 2025).\n\n#### :earth_americas: Online Resources\n\n  * **SEAL 911:** [github.com/security-alliance/seal-911](https://github.com/security-alliance/seal-911)\n  * **Rekt Database:** [Rekt.news](https://rekt.news) (Detailed post-mortems of hacks).\n  * **Privacy Guides:** [PrivacyGuides.org](https://www.privacyguides.org)\n  * **Revoke Cash:** [Revoke.cash](https://revoke.cash)\n\n-----\n\n\u003e *Stay Safe. Stay Private. Don't Trust, Verify.*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamouraiworld%2Fsec-guidebook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsamouraiworld%2Fsec-guidebook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamouraiworld%2Fsec-guidebook/lists"}