Published projects

• KyberCommunityPool — front-end work (ReactDOM) to interact with Kyber smart contracts to particiapte in staking KNC (Katalyst) with KCP having the delegated voting power.
• EtherAddressLookup — a multi-purpose Chrome browser extension for the Ethereum ecosystem.
• WHG_1 — Sweeping compromised Ethereum assets to a safe address to return to users.
• EtherSecurityLookup — a Chrome browser extension to detect impersonation scams on Twitter.
• Defiscan — a simple interface lets you easily search a 0x address or ENS name and displays a portfolio view of various protocols that the address has interacted with.
• ENSPortal — an interface to register ethereum-name-system subdomains to your blockchain address.
• @CryptoPhishing — a bot that tweets malicious domains and infra data used to phish cryptocurrency from people.
• TheEverythingTweetBot — a twitter bot using Heroku Scheduler to make tweets of random phrases from two wordlists.
• LGBT-Rainbow-Images — a tool to add a rainbow effect to your images with the LGBT flag.

Blog

• Faking Twitter Unfurling to phish you.
• Twitter Bot: @Beeple69M
• Web3 RPC API now in Postman
• How to ensure safety using EtherDelta
• EAL1.12 and Quiknode - pulling chain-data with web3js
• Ethereum logo, SVG.
• Setting up an Ethereum node
• Copying remote files to local machine

PoCs

• Clipboard and Anchor Hijacking

In the media

MyCrypto

• 2021 (the second half) In Review: Crypto Hacks, Scams & Shutdowns
• Do You Trust Links? Well, You Probably Shouldn't.
• Team Spotlight - Harry Denley
• So You Wanna Build Your Own PFP NFT Project?
• Investigating Twitter Reply Scam Rings
• 2021 (the first half) In Review: Crypto Hacks, Scams & Shutdowns
• How to Beat an Ethereum Sweeper Script and Recover Your Assets
• Bad Actors Abusing ERC20 Approval to Steal Your Tokens!
• 2020 In Review: Major Blockchain/Crypto Security Incidents
• Malicious Crypto Apps are Ramping Up on Google Play
• How to Ensure You're Running the Legitimate Version of MetaMask
• HackTheBox: Money Flowz OSINT Challenge
• Working With Binance to Return $10,000 of Stolen Crypto to a Victim
• The #TwitterHack Postmortem
• Intercepting and Saving $5,000 Worth of Phished Crypto
• Phishing Campaigns Take Aim at Web3 DeFi Applications
• Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
• 2019 In Review: Major Blockchain/Crypto Security Incidents
• Nigeria, Indonesia, the US, and Vietnam are among the highest victim rates for crypto scams
• Research into Trust-Trading Scams on Twitter
• Disclosure: Key generation vulnerability found on WalletGenerator.net—potentially malicious.
• Discovering Fake Trezor, MetaMask, and MyCrypto Android APKs
• Be careful with your KYC documents
• Hunting Huobi, MyEtherWallet, and Blockchain.info Scams
• The dangers of malicious browser extensions
• Unique phishing method to look out for: the fullscreen API
• The Trust-Trading Scam Kit
• Using phishing tools against the phishers— and uncovering a massive Binance phishing campaign.
• Dissecting some of the latest cryptocurrency exchange phishkits
• You need to stop trusting links
• Dissecting a HitBTC phishing site
• Following an Ethereum phishing scam down the rabbit hole

Others

2021

• Going for Broke in Cryptoland
• Malware Alert: Beware Of SushiSwap Impostors
• 📕How to Hack a Human: Social Media, Social Engineering, and Business Email Compromise
• 2020 In Review: Major Blockchain/Crypto Security Incidents

2020

• Google ad scammers are plaguing crypto firms — and some say Google should be doing more to help
• Binance and Helping Harry Return Stolen Crypto Worth $10K to Victim
• More Good Samaritans Have Helped People Recover Crypto Funds
• Opyn ETH Put Exploit Post Mortem
• Network of fake QR code generators will steal your Bitcoin
• White hat hacker rescues $7,500 of stolen Ethereum
• Expert Recovers $4K From Shoddy Crypto Phishing Scam
• Google Chrome Store was told about fake Bitcoin apps before $113,000 theft
• Brave Browser’s Affiliate Link Controversy, Explained
• Google takes down 22 more extensions that were impersonating popular crypto wallets
• Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys
• 49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets
• Google Removes 49 Phishing Extensions That Steal Cryptocurrency Data
• Network of Fake Bitcoin QR Code Generators Stole $45,000 in March

2019

• Key Management: UX and Security
• New report: Most crypto scam victims are in Indonesia, Nigeria, the US, and Vietnam
• Chrome Browser Extension Ethereum Wallet Injects Malicious JavaScript To Steal Data
• The Bitcoin bull is causing a spike in Twitter scams
• Researcher Discovers Serious Vulnerability in Paper Crypto Wallet Site
• Computer Researcher Finds Wallet Vulnerability That Gave Same Key to Multiple Users
• Popular paper wallet app falls prey to mysterious vulnerability
• Potentially malicious vulnerability found on WalletGenerator.net
• Website for storing digital currencies hosted code with a sneaky backdoor
• Wallet Generator site may have run potential backdoor
• Google distributed malicious Chrome app designed to steal your cryptocurrency
• Crypto malware targeting MyEtherWallet claims 230 victims
• Google Deletes Crypto Malware Targeting Blockchain.com, MyEtherWallet Users
• KYC Data Could Be Exposed To Malicious Attackers With Poorly-Secured Web Designs
• Using phishing tools against the phishers— and uncovering a massive Binance phishing campaign - by Harry Denley
• Security Researcher Tears Up a Binance Scam Site to Find the Hackers

2018

• A Classic Scam Finds New Life Stealing Bitcoin on Twitter
• Cryptocurrency scams on Twitter are so common, this guy built a tool to help detect fraudsters

2017

• 20-something founders who love cash and cars — and got DJ Khaled to promote their startup — resign weeks after raising $32 million
• How Floyd Mayweather Helped Two Young Guys From Miami Get Rich