SlowMist Founder Cos Shares at HKU: Blockchain Security — Offense, Defense, and Practices

6 min readSep 20, 2025

On September 13, 2025, Cos, founder of SlowMist, was invited by HKU Business School Executive Education to deliver a three-hour security-focused lecture for participants of its Web3 Global Elite Programme. Centered on the theme of blockchain security, the session covered preventive measures, incident response, and post-incident handling of crypto asset risks. Through real-world cases and technical demonstrations, Cos not only taught participants how to better safeguard their personal crypto assets but also shared practical security approaches for implementing enterprise-level crypto asset management solutions.

The Threat Landscape of the Web3 Dark Forest

In the first part, Cos used the metaphor of a “Dark Forest” to delve into the security challenges, attack trends, notable cases, and defense strategies in the Web3 ecosystem. According to the SlowMist Hacked, as of September 10, 2025, there have been 1,936 blockchain hacking incidents worldwide, causing an estimated $36.633 billion in losses. Exchanges and the Ethereum ecosystem remain prime targets. Smart contract vulnerabilities accounted for the most incidents (328), while phishing ranked ninth but was no less damaging. These figures vividly illustrate the immense security challenges facing the blockchain world.

Cos highlighted several classic cases, including:

Ethereum Valentine’s Day Exploit: Hackers stole large amounts of tokens by exploiting authentication flaws in Ethereum Geth/Parity RPC APIs.
Fake Deposit Attacks: Arising from discrepancies in transfer mechanisms across different blockchains, leading to errors in deposit verification. SlowMist has disclosed multiple cases of fake deposit attacks involving various tokens.
Ransomware: Examples include WannaCry and GandCrab, with the rise of Ransomware-as-a-Service (RaaS).
Crypto Phishing: Theft of seed phrases via phishing websites, or abuse of multi-signature mechanisms to gain unauthorized access and steal assets.

For prevention, Cos provided comprehensive guidance covering the entire process — from securing the basic environment (OS, mobile devices, networks, browsers, password managers, 2FA, email, SIM cards, etc.) to wallet creation, backup, and usage. He also shared emergency response strategies: how to stop losses quickly, preserve evidence, analyze causes, and conduct on-chain tracing when a device is compromised or assets are stolen.

Web3 Phishing Tactics: Offense and Defense

In the second part, Cos examined the state of phishing attacks in Web3 and the deceptive tactics attackers commonly employ. He noted that attackers often impersonate popular project domains, social media accounts, and apps, luring users with “airdrops, high yields, or whitelist access.”Cos systematically broke down the phishing chain — from domain spoofing and social media scams to malicious app distribution. He demonstrated real cases showing how hackers exploit mechanisms such as Approve, blind signatures (eth_sign, personal_sign), signTypedData_v4, and permit to steal tokens or NFTs directly.

To combat these threats, Cos proposed the following methods:

Multi-channel verification: Check official domains, project accounts, cross-verify via trusted sources, review community discussions, use blockchain explorers, and apply defense tools.
Spot suspicious signs: Promises of unrealistic returns, urgent actions, requests for private keys/seed phrases, unknown airdrops, fake team information, login/authorization demands, or app installation requests.
Defensive tools: Tools such as Scam Sniffer, AVG, and hardware wallets.
Security mindset: Maintain security habits of “Zero Trust (always questioning)” and “Continuous Verification (making verification a habit).”
Knowledge building: Keep up with evolving phishing tactics and study resources such as the Web3 Dark Forest Survival Handbook.

Enterprise-Grade Security for Large Crypto Asset Holdings

Addressing concerns of institutions and high-net-worth investors, Cos introduced an enterprise-level security management solution for large crypto asset holdings.

The solution leverages the Shamir Secret Sharing algorithm (SLIP39 standard) by splitting the master seed phrase across multiple bank vaults. Combined with multi-signature, hardware wallets, and rigorous approval processes, it establishes a bank-grade security framework.

Its four core mechanisms are:

Multiple Backups: Shamir Secret Sharing, SLIP39 compliance, 3-of-3 threshold scheme.
Distributed Management: Storage across three bank vaults, multi-person checks and balances, inheritance mechanism.
Strict Approval: Multi-level approval system, dual-person on-site verification, complete operation logs.
Real-time Monitoring: 24/7 on-chain monitoring, instant alerts for abnormal transactions, and robust emergency response protocols.

Cos emphasized that this system minimizes operational and personnel risks, ensures compliance and audit readiness, and helps enterprises build an institutionalized risk control framework in the rapidly evolving Web3 environment.

Conclusion

In closing, Cos stressed: “There is no absolute security in the blockchain world. True defense comes from three dimensions: maintaining skepticism, building verification into habit, and combining technology, processes, and awareness into a closed-loop system.”

This session not only helped participants of the Web3 Global Elite Programme at HKU Business School gain a comprehensive understanding of the offensive and defensive landscape of blockchain security, but also highlighted SlowMist’s expertise and insights as a leading security firm in the industry. The course concluded successfully with clear and engaging explanations and interactive discussions. Participants generally reported significant takeaways and developed a clearer and more systematic understanding of Web3 security.

About the “Web3 Global Elite Programme”

To address the profound transformations of the digital era and help global leaders seize the opportunities driven by Web3 technologies, the Executive Education of HKU Business School has launched the flagship Web3 Global Elite Programme. The programme focuses on development concepts, technical architectures, and regulatory frameworks in the Web3 space. Through systematic teaching and forward-looking insights, it empowers elite participants to precisely grasp the core technological trends of the digital era and build a global strategic vision.

More information:
https://execed.hkubs.hku.hk/web3-global-elite-programme-sc/

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.

SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.