public
/
website
5
0
Fork 0
Code Issues 4 Pull Requests 4 Packages Projects Releases Wiki Activity

Compare commits

merge into: public:feat/mysten-blog
Branches Tags
public:main
public:feat/fixes
public:feat/mysten-blog
public:feat/website-upgrades
public:lrvick/oci
...
pull from: public:main
Branches Tags
public:feat/fixes
public:main
public:feat/mysten-blog
public:feat/website-upgrades
public:lrvick/oci

3 Commits
feat/myste ... main

Author SHA1 Message Date
Ryan Heywood 1e42624fea
post 2025-04-02: fixup date, add <hr> before about section 2025-04-02 23:45:26 -04:00
Ryan Heywood 2a44846c9a
post 2025-03-20: fixup an em dash 2025-04-02 23:34:35 -04:00
Anton Livaja f9e5ef378f
remove section 2025-04-02 20:20:07 -07:00
1 changed files with 4 additions and 2 deletions
Show Stats Expand all files Collapse all files

6
_posts/2025-03-20-bitby-report.md → _posts/2025-04-02-bybit-safe-report.md
View File

@ -87,7 +87,7 @@ We've seen this playbook used in previous incidents, a major example being Axie
#### Strategy 1 - Run everything locally
This strategy can be implemented without major adjustments to the existing system. The goal is to move the component currently introducing risk—effectively making the wallet "hot"--—into an offline component, upgrading the system to a fully cold solution.
This strategy can be implemented without major adjustments to the existing system. The goal is to move the component currently introducing risk—effectively making the wallet "hot"—into an offline component, upgrading the system to a fully cold solution.
The idea centers on extracting the **signing** component from the application (which currently operates in the UI) and converting it into an offline application.
@ -121,7 +121,7 @@ This reference design was developed for the Safe{Wallet} team, but it can be app
4. **All sensitive operations are fully verified offline before any cryptographic action is taken**
This design drastically reduces exposure to remote attacks and central points of trust, aligning closely with Distrust's first-principles security model. Some tools have been built in the Web3 ecosystem, such as [safe-utils](https://github.com/openzeppelin/safe-utils)—but, unfortunately, they completely miss the point of cold wallets, and encourge people to use these tools online. Safe-utils is also not bit-for-bit reproducible as of this writing, which disqualifies it as an adequate solution for a stack managing large sums.
This design drastically reduces exposure to remote attacks and central points of trust, aligning closely with Distrust's first-principles security model.
#### Strategy 2 - Use remotely verified service
@ -162,6 +162,8 @@ Implementing these strategies can be technically demanding. They represent two e
This high-level overview is meant to illustrate the kinds of problems we focus on at Distrust. Depending on the chosen strategy and organizational context, implementation can take anywhere from a few weeks to several years, especially as tooling continues to mature.
---
## About Distrust
The Distrust team has helped build and secure some of the highest-risk systems in the world. This includes vaulting infrastructure at BitGo, Unit410, and Turnkey, as well as security work with electrical grid operators, industrial control systems, and other mission-critical systems.