New Articles

Crypto Security in the Current Climate: What Today’s Investors Should Know


Crypto Security in the Current Climate: What Today’s Investors Should Know

Crypto users are faced with a near constant barrage of threats including widespread phishing schemes, targeted attacks from scammers impersonating friends & application support staff, malware crawling for improperly secured private keys, and speculative meme coins with a sole purpose to build market liquidity for early entrants to dump on retail investors. Thankfully, as attacks are becoming more and more sophisticated, those who aim to defend against bad actors are developing advanced tools to educate and protect consumers. Here are a few examples of the most common scenarios to protect yourself against, as well as how the crypto space is evolving to stay ahead of the curve.

It is important to understand the distinction between holding cryptocurrency on centralized exchanges and holding it in your own wallet through self-custody. The easiest way to get into crypto is to make an account on a centralized exchange and buy some tokens. However there is significant risk in leaving investments on a centralized exchange. Centralized exchanges often lack transparency in accounting and lead to traditional ‘web2’ style fraud as we saw with FTX collapse, which was echoed by the collapses of traditional banking institutions throughout the world. However, once a crypto user withdraws their tokens to their own self-custody wallet they are faced with the responsibility of avoiding phishing campaigns, protocol hacks, private key leaks, and more.

Phishing campaigns range from widespread campaigns to targeted attacks. Recently I have encountered malicious Google Ads which redirect users from legitimate websites to perfect clones which prompt the user to confirm transactions in their wallet which send all of their assets to an attacker. There are also scammers posing as benevolent actors warning users that an application they recently used has been compromised and they need to withdraw all of their funds immediately. The site the scammers send the user to looks identical to the application with which they are familiar, which then prompts them to confirm the same style of malicious transactions.

Even when users connect to legitimate applications, they are not safe from protocol vulnerabilities and accidental introduction of bad code through protocol updates. In the last year there have been network bridges and decentralized exchanges which introduced unaudited updates to their codebase which were soon exploited by bad actors, draining all the deposits of users.

An ongoing problem with crypto wallets is that transactions are impossible to decipher for the vast majority of users. People have become accustomed to clicking ‘confirm’ on opaque blobs of hex data, trusting that the application is telling them the truth. Wallets are starting to get smarter, and there are now tools people can install on their computers, or networks people can connect their wallets to which help filter out mistakes and hacks. The Shield3 RPC is a free tool that people can use to filter out common hacks and interactions with known bad actors (

Also, like many fields, AI is helping. Decentralized finance applications provide unprecedented transparency and data availability to train and adapt models for common mistakes by developers, attack patterns by bad actors, and penetration testing by benevolent hackers. For example, one can now visit a blockchain explorer, copy the code of a smart contract from a popular DeFi app, and paste it into ChatGPT, asking it to find potential ways the code can be exploited. One can also ingest all of the data about all smart contracts and transactions in existence, and identify patterns and transactions that lead to a major hack. Specifically, when someone is about to attack a protocol there are often a series of transactions where they create a new anonymous wallet using a private transaction service, like Tornado Cash, then prepare their wallet to exploit a protocol. Protocols can defend themselves by detecting these patterns and pausing the protocol before the exploit can take place, then implement fixes before unpausing.

However while this data is widely available, it is near impossible to understand for the vast majority of users. AI tools allow us to take the insights from threat analysis and detection tools and present them in language which is personalized and comprehensible to everyone, regardless of their level of technical sophistication. We can take highly technical audit reports and data streams and have large language models summarize the threat in any language, for any audience.

These tools allow us to both detect threats faster and more efficiently than ever before, and democratize access to the insights to make security and risk mitigation widely available.

About the author

Isaac Patka is a former electrical engineer in the semiconductor industry, turned crypto dev in early 2017; specializing in web3 security, DAOs, and experimental applications of blockchain technology. Isaac is an active contributor to open standards in the governance and security fields of web3. He entered the Ethereum space in 2017 by hunting bug bounties for experimental new smart contracts. Ever since then he has used his passion for accessible, transparent security to demonstrate both what can go wrong, and how to fix it. Last year he published a ‘white hat’ exploit of a popular smart contract framework that manages billions of dollars in the crypto space. Citation:

He also volunteers his efforts to help people recover from losing their private keys and access funds in leaked wallets. In addition, he collaborates with artists in their exploration and creation of crypto-native forms of art, often exploring collective creation, intellectual property, and ownership.


Is It Time To Play Defense with Your Investment Portfolio?

The bull market has been charging ahead for more than a decade now, but financial professionals are starting to wonder whether the good times are about to come crashing down on the American public’s prosperous portfolios.

That means it could be time to become a bit more defensive with your investments, says Dr. Joseph Belmonte, an investment strategist and author of Buffett and Beyond: Uncovering the Secret Ratio for Superior Stock Selection(

“People will talk about having good luck or bad luck in the market, and you never want to depend on blind luck,” says Dr. Belmonte says. “But another definition of luck is when opportunity meets preparation. And if a recession is coming, as so many people fear, then you want to make preparations.”

One suggestion for doing that, he says: Stay away from cyclical stocks, which are stocks that perform well when the economy is humming along, but struggle when things turn sour. These are companies that provide something that’s not essential to daily living or that consumers can at least postpone purchasing when times are tough.

Examples are car manufacturers, higher-end retail stores, and mortgage companies. Specific examples are Ford, General Motors, Caterpillar and Macy’s.

With the potential for a recession looming, Dr. Belmonte says, it’s vital that you review your portfolio, examine whether you have cyclical or non-cyclical stocks, and decide whether you need to make adjustments.

He says a few things worth remembering as you shift your portfolio to the defensive mode include:

-Look for efficiency. The companies you seek for your portfolio should be efficient. “They must have a relatively high return on equity and a consistent return on equity,” Dr. Belmonte says. “If the ROE is high and consistent, we know the firm has the capacity to create value because it is already doing so.”

-Examine a company’s history. Dr. Belmonte says that Warren Buffett likes to look at a company’s average return on equity over a 10-year period, most likely because over any 10-year period the economy goes through recessions and also economic expansions. “As the economy goes through these cycles, expectations about a company’s future will rise and fall with the mood of all of us,” Dr. Belmonte says. “Buffett probably feels that over a 10-year period, we see the average of at least one complete economic cycle, and of course, the ensuing mood swings that accompany both the good and bad times.”

-Consider value. Price follows value, Dr. Belmonte says, so invest in stocks that increase their value “every minute of every day.” He says McDonald’s is one example. The stock’s price may drop in tough times, but eventually the price catches back up to the company’s overall value. To find such companies, he says, look at how a stock performed during the last recession from June 30, 2008, to March 30, 2009. Value-added stocks didn’t fall as far as the overall market, and recovered much more quickly.

-Focus on businesses you understand. A company might sound good in theory, but if you don’t really have a good grasp of what it does and how the market for it might develop over the long haul, then it could be a risk for you. Dr. Belmonte suggests looking at businesses you have a good understanding of, so you can make an educated guess of where they likely are headed. “If you take a business you understand, and that company has a high and relatively consistent ROE, you are probably looking at a pretty good contender for your stock portfolio,” he says.”

“I always tell people to remember the good, the bad and the ugly,” Dr. Belmonte says. “The good stocks should be in our portfolios; the bad stocks should be in someone else’s portfolios; and the ugly stocks should be in nobody’s portfolio.”



Dr. Joseph Belmonte, author of Buffett and Beyond: Uncovering the Secret Ratio for Superior Stock Selection (, is an investment strategist and stock market consultant. He is fond of saying, “If you want to live on the beach like Jimmy Buffett, you’ve got to learn how to invest like Warren Buffett.” Dr. Belmonte has developed hedged growth income strategies for family offices, and has lectured to numerous professional and investment groups throughout the country. His weekly video newsletter is sent to thousands of investors, money managers, and academics both nationally and internationally.