♟️

Debt DAO Team Op Sec

TODO: Debt DAO internal opsec vs Helping users improve their opsec?

Operational Security

  • wallets
    • Gird+ Lattice >>>>>
    • diversity of hardware wallets on multisigs
    • Only hardware wallets and multisigs allowed on multisigs
  • Multisigs - We separate our Treasury holding assets from our Arbiter multisig that executes trades and liquidates users. These are the only Debt DAO accounts.
    • Multisigs & Signers
  • bot hot wallets
  • 2FA mandated wherever possible w/ Authenticator apps. SMS and phone verification disbaled wherever possible.

Phishing

Prevention

  • always retype domains and username to prevent homoglyph ASCII phishing
  • minimizes personal/work life details in public social media. Vacations, your exact role/responsibility, if you have a faimly, etc. can all be used to phish you or other people in the org
  • Verify people across channels. discord, telegram, IRL, email, twitter, 3rd parties, etc. when starting or moving to a new platform to verify their identity on the new platform.

Helping Users with Opsec

  • wallet setup security
  • Do fake phishing attacks to identify weak members of network
  • non-SIM 2FA
XGitHub

Dev Docs

Product Docs

Borrower FAQ

Lender FAQ