FailSafe: Advanced Security for Digital Assets
  • Introduction to FailSafe
  • Whitepaper
    • Introduction
      • Defense-in-Depth
      • Forward Security
    • Web3 Threats to Your Crypto
      • The Human Factor: Design with Operator Error in Mind
    • Defense-in-Depth & the Lifecycle of a Transaction
      • Defense 1: de-risk Web3 Asset Positions
      • Defense 2: FailSafe Blockchain Reconnaissance
      • Defense 3: FailSafe Interceptor Service
      • Discussion
    • FailSafe Architecture
      • Forward Security in FailSafe
        • Quantum Threats to EVM-based Blockchains
          • On ECDSA Key Re-use
          • On New Quantum-resilient Alternatives
          • Account Abstraction as a Path to Sunseting ECDSA on Ethereum?
        • Introducing the Quantum Migration Tool (qMig)
          • Assumptions and Goals
          • How Does qMig work?
          • Discussion
          • FailSafe+qMig
    • Conclusion
    • Further Reading
  • How FailSafe helps your Organisation
    • Reduce Attack Surface Area
    • Radar for Security Risks
    • React to Malicious Threats
    • Forward Security against Looming Quantum Computing Threats
  • FailSafe as a tool for Enterprise Risk Management
Powered by GitBook
On this page
  1. Whitepaper
  2. Web3 Threats to Your Crypto

The Human Factor: Design with Operator Error in Mind

Last updated 2 years ago

From in Web3 attacks, it’s clear that the human factor plays a central role. Users might be lured into violating one or more best security practices without knowing – in the case of the bug hack, vanity Web3 addresses were generated that made it possible for attackers to derive the private key. Once the system is configured into a secure state, over time it is likely that the security posture will decay, if it requires regular end-user effort to upkeep.

In a , users were lured into installing an unofficial update of a popular Web3 wallet. It is suspected that the fake wallet update involved users re-entering the seed phrase (giving the attacker full access to the victim’s crypto assets). The FailSafe threat model is designed with these seemingly game over scenarios in mind. In the later part of this section, we introduce how the defense-in-depth principle is applied throughout the lifecycle of a transaction, and how the application of FailSafe multi-layered defenses minimises losses from the type of incidents noted above.

recent trends
Profanity
recent 8 mil USD exploit