Select Language

Bahasa Indonesia

แบบไทย

Foundations: Security

What Is 2FA (Two-Factor Authentication)?Two-factor authentication matters because passwords fail in a predictable way: they can be guessed, reused, stolen, or phished

What Is 2FA (Two-Factor Authentication)?Two-factor authentication matters because passwords fail in a predictable way: they can be guessed, reused, stolen, or phished. 2FA changes the attack from “know one secret” to “break two different mechanisms,” which is why it helps so much — and why some forms of 2FA are much stronger than others.Mar 21, 202623 min read

What is Smart Contract Risk?Smart contract risk is what happens when software directly controls assets, permissions, and financial logic on a blockchain

What is Smart Contract Risk?Smart contract risk is what happens when software directly controls assets, permissions, and financial logic on a blockchain. The unusual part is not just that bugs exist, but that the bug can become the public, irreversible behavior of the system once the contract is deployed.Mar 21, 202626 min read

What Is Social Engineering?Social engineering is not mainly about malware or broken cryptography

What Is Social Engineering?Social engineering is not mainly about malware or broken cryptography. It is about getting a human to do the attacker’s work: reveal information, grant trust, or approve an action that a system would otherwise block.Mar 21, 202625 min read

What is Transaction Simulation?Transaction simulation matters because blockchain transactions are hard to undo, but what you sign is often more opaque than it looks

What is Transaction Simulation?Transaction simulation matters because blockchain transactions are hard to undo, but what you sign is often more opaque than it looks. By executing a transaction off-chain first, wallets and developers can preview asset movements, internal calls, and failures before committing real funds.Mar 21, 202626 min read

What is a Re-Entrancy Attack?A re-entrancy attack happens when a contract gives control to an external contract before finishing its own bookkeeping

What is a Re-Entrancy Attack?A re-entrancy attack happens when a contract gives control to an external contract before finishing its own bookkeeping. That small ordering mistake can let an attacker come back in through the same door repeatedly and withdraw, mint, or manipulate state as if the first action never happened.Mar 21, 202625 min read

What is a Replay Attack?A replay attack works not by breaking a signature, but by reusing a valid one in a context where it still counts

What is a Replay Attack?A replay attack works not by breaking a signature, but by reusing a valid one in a context where it still counts. That simple idea explains why modern systems add nonces, timestamps, session binding, genesis hashes, and chain IDs: they are ways of making “valid once” stop meaning “valid forever, everywhere.”Mar 21, 202626 min read

$What Is a Rug Pull?A rug pull is not just \"a crypto scam$

What Is a Rug Pull?A rug pull is not just \"a crypto scam.\" It is a failure of control: someone retains the power to change rules, drain liquidity, mint supply, or exploit approvals after users have trusted the system. Understanding rug pulls means understanding where that power lives, how it is hidden, and what controls actually limit it.Mar 21, 202623 min read

What is a Honeypot Token?A honeypot token solves a scammer’s hardest problem in a decentralized market: how to let people buy while quietly making exit impossible

What is a Honeypot Token?A honeypot token solves a scammer’s hardest problem in a decentralized market: how to let people buy while quietly making exit impossible. The trap often looks like an ordinary token trade, but the key behavior is asymmetric permission — entry is open, selling is blocked, taxed into uselessness, or selectively allowed only for insiders.Mar 21, 202623 min read

What Is Phishing?Phishing is not mainly a malware problem or an email problem

What Is Phishing?Phishing is not mainly a malware problem or an email problem. It is a decision-manipulation problem: an attacker gets a real person to authenticate the wrong thing, trust the wrong interface, or approve the wrong action. That is why phishing keeps working even as technical defenses improve.Mar 21, 202625 min read

What is Bug Bounty?Bug bounty programs try to solve a hard security problem: the people best able to find your flaws often live outside your organization

What is Bug Bounty?Bug bounty programs try to solve a hard security problem: the people best able to find your flaws often live outside your organization. By turning unsolicited hacking into a structured, authorized, and rewarded reporting process, bug bounties can uncover real vulnerabilities earlier—but only if scope, triage, remediation, and safe harbor are designed well.Mar 21, 202624 min read

What is a Flash Loan Attack?A flash loan attack looks like a lending exploit, but the loan is often just the fuel

What is a Flash Loan Attack?A flash loan attack looks like a lending exploit, but the loan is often just the fuel. The real failure is usually elsewhere: a protocol trusts a price, balance, or accounting rule that can be distorted for one transaction, and flash liquidity makes that distortion cheap enough to exploit.Mar 21, 202623 min read

What is Allowlist/Blocklist?Allowlists and blocklists look similar on the surface: both are just lists of things to permit or deny

What is Allowlist/Blocklist?Allowlists and blocklists look similar on the surface: both are just lists of things to permit or deny. But they embody very different security assumptions. The difference between “allow known good” and “block known bad” explains why these controls are useful, where they fail, and why they show up everywhere from login systems to crypto exchange withdrawals.Mar 21, 202624 min read