I am a security researcher and developer in the cryptocurrency field. Working with the folks at MyCrypto and MetaMask 🦊.
Published projects
- KyberCommunityPool — front-end work (ReactDOM) to interact with Kyber smart contracts to particiapte in staking KNC (Katalyst) with KCP having the delegated voting power.
- EtherAddressLookup — a multi-purpose Chrome browser extension for the Ethereum ecosystem.
- WHG_1 — Sweeping compromised Ethereum assets to a safe address to return to users.
- EtherSecurityLookup — a Chrome browser extension to detect impersonation scams on Twitter.
- Defiscan — a simple interface lets you easily search a 0x address or ENS name and displays a portfolio view of various protocols that the address has interacted with.
- ENSPortal — an interface to register ethereum-name-system subdomains to your blockchain address.
- @CryptoPhishing — a bot that tweets malicious domains and infra data used to phish cryptocurrency from people.
- TheEverythingTweetBot — a twitter bot using Heroku Scheduler to make tweets of random phrases from two wordlists.
- LGBT-Rainbow-Images — a tool to add a rainbow effect to your images with the LGBT flag.
Blog
- Faking Twitter Unfurling to phish you.
- Twitter Bot: @Beeple69M
- Web3 RPC API now in Postman
- How to ensure safety using EtherDelta
- EAL1.12 and Quiknode - pulling chain-data with web3js
- Ethereum logo, SVG.
- Setting up an Ethereum node
- Copying remote files to local machine
PoCs
In the media
MyCrypto
- 2021 (the second half) In Review: Crypto Hacks, Scams & Shutdowns
- Do You Trust Links? Well, You Probably Shouldn't.
- Team Spotlight - Harry Denley
- So You Wanna Build Your Own PFP NFT Project?
- Investigating Twitter Reply Scam Rings
- 2021 (the first half) In Review: Crypto Hacks, Scams & Shutdowns
- How to Beat an Ethereum Sweeper Script and Recover Your Assets
- Bad Actors Abusing ERC20 Approval to Steal Your Tokens!
- 2020 In Review: Major Blockchain/Crypto Security Incidents
- Malicious Crypto Apps are Ramping Up on Google Play
- How to Ensure You're Running the Legitimate Version of MetaMask
- HackTheBox: Money Flowz OSINT Challenge
- Working With Binance to Return $10,000 of Stolen Crypto to a Victim
- The #TwitterHack Postmortem
- Intercepting and Saving $5,000 Worth of Phished Crypto
- Phishing Campaigns Take Aim at Web3 DeFi Applications
- Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
- 2019 In Review: Major Blockchain/Crypto Security Incidents
- Nigeria, Indonesia, the US, and Vietnam are among the highest victim rates for crypto scams
- Research into Trust-Trading Scams on Twitter
- Disclosure: Key generation vulnerability found on WalletGenerator.net—potentially malicious.
- Discovering Fake Trezor, MetaMask, and MyCrypto Android APKs
- Be careful with your KYC documents
- Hunting Huobi, MyEtherWallet, and Blockchain.info Scams
- The dangers of malicious browser extensions
- Unique phishing method to look out for: the fullscreen API
- The Trust-Trading Scam Kit
- Using phishing tools against the phishers— and uncovering a massive Binance phishing campaign.
- Dissecting some of the latest cryptocurrency exchange phishkits
- You need to stop trusting links
- Dissecting a HitBTC phishing site
- Following an Ethereum phishing scam down the rabbit hole
Others
2021
- Going for Broke in Cryptoland
- Malware Alert: Beware Of SushiSwap Impostors
- 📕How to Hack a Human: Social Media, Social Engineering, and Business Email Compromise
- 2020 In Review: Major Blockchain/Crypto Security Incidents
2020
- Google ad scammers are plaguing crypto firms — and some say Google should be doing more to help
- Binance and Helping Harry Return Stolen Crypto Worth $10K to Victim
- More Good Samaritans Have Helped People Recover Crypto Funds
- Opyn ETH Put Exploit Post Mortem
- Network of fake QR code generators will steal your Bitcoin
- White hat hacker rescues $7,500 of stolen Ethereum
- Expert Recovers $4K From Shoddy Crypto Phishing Scam
- Google Chrome Store was told about fake Bitcoin apps before $113,000 theft
- Brave Browser’s Affiliate Link Controversy, Explained
- Google takes down 22 more extensions that were impersonating popular crypto wallets
- Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys
- 49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
- Google Removes 49 Phishing Extensions That Steal Cryptocurrency Data
- Network of Fake Bitcoin QR Code Generators Stole $45,000 in March
2019
- Key Management: UX and Security
- New report: Most crypto scam victims are in Indonesia, Nigeria, the US, and Vietnam
- Chrome Browser Extension Ethereum Wallet Injects Malicious JavaScript To Steal Data
- The Bitcoin bull is causing a spike in Twitter scams
- Researcher Discovers Serious Vulnerability in Paper Crypto Wallet Site
- Computer Researcher Finds Wallet Vulnerability That Gave Same Key to Multiple Users
- Popular paper wallet app falls prey to mysterious vulnerability
- Potentially malicious vulnerability found on WalletGenerator.net
- Website for storing digital currencies hosted code with a sneaky backdoor
- Wallet Generator site may have run potential backdoor
- Google distributed malicious Chrome app designed to steal your cryptocurrency
- Crypto malware targeting MyEtherWallet claims 230 victims
- Google Deletes Crypto Malware Targeting Blockchain.com, MyEtherWallet Users
- KYC Data Could Be Exposed To Malicious Attackers With Poorly-Secured Web Designs
- Using phishing tools against the phishers— and uncovering a massive Binance phishing campaign - by Harry Denley
- Security Researcher Tears Up a Binance Scam Site to Find the Hackers
2018
- A Classic Scam Finds New Life Stealing Bitcoin on Twitter
- Cryptocurrency scams on Twitter are so common, this guy built a tool to help detect fraudsters