This document discusses cybersecurity risks related to blockchain technology and cryptocurrencies. It outlines many past hacks and attacks that have led to over $2 billion being stolen. It warns that code vulnerabilities in smart contracts and exchanges present ongoing risks. The document recommends implementing strong security practices like multifactor authentication, vulnerability management, and security awareness training to help counter these threats. It also advocates for proper risk assessment and mitigation strategies to reduce risks in the blockchain and crypto space.

1. Blockchain & Security
Jorge Sebastiao
CTO Advisor

2. I am your Seatbelt

3. You Seatbelt
Cyber attacks
Countermeasures
You will need more than a seat belt

4. Trust

5. $2 Billion Hacked 2018

6. Over $2 Billion in Litigation

7. 3000 Bitcoin Miners Exposed
1. SSH
2. Telenet
3. Default Passwords

8. Crypto-Jacking everywhere
1. Browser
2. Plants
3. Super Computers
4. Cars
5. Mobiles
6. Malware

9. $150M Raised DAO Attack $60M

10. Bug in Parity Multi-Sig Wallet
Frozen
$400M
Ethereum

12. Hackers are looking for your Coins
Intense Scan
• Coins
• Wallets
• Miners

13. $190 Million Lost

14. Bitcoins Lost Forever

15. Zaif Japan Bitcoin at $0USD

16. Mobile as your Identity
•SS7 Vunerabilities
•Intercept / Impersonate Calls
•Intercept / Impersonate SMS
•Reset Accounts Gmail…
•Erase Cloud Storage
•Erase Devices

17. Sim Swap
•Phishing, Smishing, Vishing
• SIM blocked
• New SIM
• Use SIM OTP to reset accounts

18. Code as VULNERABILITIES
Blockchain are CODE
34,000 Smart Contracts Vulnerable

19. Exchanges are not SAFES

20. Tokenisation as
Good as the AUDIT

21. Cold Wallet MitM Attack

22. Social Engineering Attacks

23. Exchanges Phishing

24. Clueless Insiders & Hackers

25. St-Petersburg Blogger Robbed $425K

26. 0 Day Exploits - Guaranteed

27. NSA is tracking Bitcoin

28. Complexity is your enemy

29. What is our Risk Appetit

30. CONSEQUENCE
LIKLIEHOOD
FV
T
Risk Group 1
Risk Group 2
Risk Group 3
HighLow
Low
High
RESPONSE
PROTECTION
Target Risk
Risk Reduction Strategy

31. Update outdated Assumptions?

32. Crypto Countermeasures
1. Securing your email account
2. Securing your social media
3. Enabling 2-factor
authentication, biometrics
4. Vulnerability Management
5. Threat Management
6. Security Awareness Training
7. Incident Response Drill
8. CERT

33. Proper Security Metrics &
Countermeasures

34. Custody
&
Insurance
Reduces
RISK

35. A6 - Approach
Business
Risk
Maturity

36. Blockchain transforming
Cyber Security

37. You need more then a seat belt

38. Jorge Sebastiao, CISSP
Twitter.com/4jorge
Linkedin.com/in/Sebastiao