The Red Guild is running an IRL security awareness campaign at Ethereum Argentina.
Don't share before Ethereum Argentina finishes.
The campaign includes lots of (harmless) experiments to showcase security threats people must be aware of.
If you're reading this, you may have fallen for one of our tricks.
We may reveal all of them by the end of the event.
Did you pwn me?
No! Relax. The Red Guild didn't pwn you. We haven't done anything that could compromise your security.
We simply took some liberties to show you the threats you may be exposed to. In this case, without any harmful consequences.
Crypto conferences can be a hostile environment where attackers will try to scam or hack you. How? For example, using social engineering techniques on you, or compromising your devices by first gaining physical access.
That's why The Red Guild has organized this security awareness campaign. We want attendees to learn about different ways in which they could be attacked, and how they can take proactive measures to prevent some of the threats at IRL events.
So, what should you do in the future?
- Never leave unattended nor unlocked devices. There have been at least 3 reports in these days where at least 4 notebooks have been stolen.
- Find private places to use your laptops, have calls, etc. Wherever you can avoid shouldersurfing and eavesdropping.
- Don't bring your main crypto wallets. If you do, which you shouldn't, just don't show nor use them.
- Don't mindlessly sign transactions to participate in airdrops, POAPs, etc. Always verify the data you're signing. And do so with low-value wallets.
- Use privacy-enhancing screen protectors.
- Don't connect strange external devices (such as USB flash drives) to your laptop.
- Consider using an alternative laptop that doesn't store sensitive information (personal or work-related). For instance, you could carry around a cheap Chromebook.
- Avoid scanning suspicious QR codes that can redirect you to malicious sites. Always double-check the URL, particularly if you're going to introduce sensitive information or sign transactions.
- Don't connect to open WiFis that are not setup by the organizer.
- Don't run untrusted code in a non-isolated environment.
- Don't disclose sensitive details to people who claim to be interested in your projects. First, seek referrals, double-check information, do some OSINT on their online presence, and gradually build trust over time.
Hopefully you've learned something during our campaign.
Let's wait until the conference ends to spread the word. In the meantime, stay safe!