Defending Defi
Defending Defi
Subscribe to Defendefi
Subscribe to Defendefi
Share Dialog
Share Dialog
What should you do if you get phished? Read a basic incident response guide below https://paragraph.xyz/@defendefi/phishing-incident-response
<100 subscribers
<100 subscribers
This article kicks off a wider series on DeFi-focused incident response plans and playbooks. Surprisingly, only 2% of surveyed DeFi protocols possess an incident response plan. These IRPs are designed to guide smaller protocols lacking such plans, especially in the event of an incident. Each plan in this series is intentionally generic, accommodating the distinctly unique characteristics of various incidents. The original playbooks can be found on Github.
This playbook is specifically designed to address response to a phishing link being clicked and assets subsequently drained.
Compile a detailed inventory of
all blockchain assets and domains controlled by the organization.
Crucial for avoiding errors with internal digital resources.
personnel authorized to manage blockchain transactions and smart contracts.
Formulate communication templates
to quickly alert employees of ongoing phishing attacks targeting the company.
for collaboration with hosting and blockchain service providers against malicious entities.
to inform external stakeholders about potential security threats.
Create a new hot-wallet
write down seed phrase
quickly send any remaining funds from compromized wallet/s
Identify the transaction hash that resulted from the phishing incident:
Filter though unusual smart contract interactions.
Requests from unknown wallet addresses.
Unexpected transaction signing requests.
Identify the front end and domain that incited the phishing incident:
Using recent browser history.
Inspect recent emails that may have transported the link.
Triage domains though Virus Total and other providers.
Immediate steps upon a phishing attack detection:
Secure and isolate affected assets and wallets.
Alert internal security teams and start emergency protocols.
Issue organization-wide notifications to cease all blockchain-related operations temporarily.
Pause any active contracts (if possible).
Begin sending any remaining assets to new hot-wallet
Liaise with blockchain networks or service providers for:
Assistance in tracking and halting malicious activities.
Support in recovering compromised assets, if possible.
Advice on fortifying security measures post-incident.
Report the phishing link, contract and or wallet address:
Upload URL to virus total and other providers.
Create a pull request to MM phishing detect and add the URL.
Analyze the incident to determine:
The point of entry and methods used in the phishing attack.
The full extent of damages, including asset loss and data compromise (if any).
Necessary improvements in security protocols and staff training for prevention.
Develop a recovery strategy encompassing:
Steps for safe resumption of all operations.
Stock-take of new and old wallets following incident.
Preventative measures against future incidents.
Communication plans to restore trust with affected parties.
This article kicks off a wider series on DeFi-focused incident response plans and playbooks. Surprisingly, only 2% of surveyed DeFi protocols possess an incident response plan. These IRPs are designed to guide smaller protocols lacking such plans, especially in the event of an incident. Each plan in this series is intentionally generic, accommodating the distinctly unique characteristics of various incidents. The original playbooks can be found on Github.
This playbook is specifically designed to address response to a phishing link being clicked and assets subsequently drained.
Compile a detailed inventory of
all blockchain assets and domains controlled by the organization.
Crucial for avoiding errors with internal digital resources.
personnel authorized to manage blockchain transactions and smart contracts.
Formulate communication templates
to quickly alert employees of ongoing phishing attacks targeting the company.
for collaboration with hosting and blockchain service providers against malicious entities.
to inform external stakeholders about potential security threats.
Create a new hot-wallet
write down seed phrase
quickly send any remaining funds from compromized wallet/s
Identify the transaction hash that resulted from the phishing incident:
Filter though unusual smart contract interactions.
Requests from unknown wallet addresses.
Unexpected transaction signing requests.
Identify the front end and domain that incited the phishing incident:
Using recent browser history.
Inspect recent emails that may have transported the link.
Triage domains though Virus Total and other providers.
Immediate steps upon a phishing attack detection:
Secure and isolate affected assets and wallets.
Alert internal security teams and start emergency protocols.
Issue organization-wide notifications to cease all blockchain-related operations temporarily.
Pause any active contracts (if possible).
Begin sending any remaining assets to new hot-wallet
Liaise with blockchain networks or service providers for:
Assistance in tracking and halting malicious activities.
Support in recovering compromised assets, if possible.
Advice on fortifying security measures post-incident.
Report the phishing link, contract and or wallet address:
Upload URL to virus total and other providers.
Create a pull request to MM phishing detect and add the URL.
Analyze the incident to determine:
The point of entry and methods used in the phishing attack.
The full extent of damages, including asset loss and data compromise (if any).
Necessary improvements in security protocols and staff training for prevention.
Develop a recovery strategy encompassing:
Steps for safe resumption of all operations.
Stock-take of new and old wallets following incident.
Preventative measures against future incidents.
Communication plans to restore trust with affected parties.
Koda
Koda
1 comment
What should you do if you get phished? Read a basic incident response guide below https://paragraph.xyz/@defendefi/phishing-incident-response