Unchained Podcast Episode 987 Summary

Title: How Crypto Users Get Rekt and How You Can Stay Safe
Host: Laura Shin
Guests: Pablo Sabatella (Founder of OpSec, Member of SEAL) & Isaac Patka (Certifications Initiative Lead at SEAL, Founder of Shield 3)
Date Released: December 24, 2025

Overview of the Episode

This episode focuses on the evolving landscape of crypto security threats, recent high-profile hacks, and practical advice for both individuals and crypto companies on how to better protect themselves. Laura Shin hosts a timely discussion with security experts Pablo Sabatella and Isaac Patka, who share their insights on social engineering, operational security, the role of organizations like SEAL, how North Korean actors infiltrate companies, best practices for self-custody, and what to do if your crypto is stolen.

State of Crypto Security

[04:05] – [09:18]

• Shift in Attack Vectors:

  • Earlier years: Predominantly smart contract hacks.
  • Now: Attackers exploit operational security weaknesses with "Web2" tactics—private key leaks, phishing, malware, account takeovers, social engineering.
  • 99% of stolen funds stem from opsec issues, the vast majority starting with social engineering.
  • Pablo: “A threat actor just needs to find one [weakness].” [00:19]

• Social Engineering Threats:

  • Fake job interviews, reporters, and podcast invitations are top attack routes.
  • Even seasoned users and OGs are targeted.
  • Attackers often “flatter your ego” to lower defenses.
  • Isaac: "I've seen so many people become victims... a moment of panic, and they’re told, ‘just download this driver onto your computer’...” [05:48]

SEAL (Security Alliance): Role & Initiatives

[09:19] – [13:48]

• About SEAL:
  • Originated to improve response to protocol hacks—chaotic “war rooms” highlighted readiness gaps.
  • SEAL911 is a 911-style Telegram bot connecting victims with volunteer responders.
  • Other arms: SEAL Intel (information sharing), SEAL Frameworks (free best practices), Certifications, and Safe Harbor for white-hat hackers.
  • Safe Harbor: On-chain legal agreement protecting white hats who rescue stolen funds.
  • Isaac: "911 is this group of super talented volunteer emergency responders..." [11:19]
  • Laura: Relates this to the 2016 DAO hack crisis. [12:39]

North Korean IT Worker Infiltration

[15:13] – [28:54]

• How North Koreans Get Hired:

  • Two goals: Steal funds from within, and earn multiple overseas salaries.
  • Apply en masse (40–50% of Web3 hiring applications may be North Korean, by some estimates).
  • Highly qualified applicants, never complain—a red flag for fake or overqualified talent.
  • Use sophisticated methods: Laptop farms (U.S. IPs), fake identities, paid U.S. proxies to appear on camera.
  • Recruiting real Americans as fronts during interviews (send scripts, appear on video).
  • Pablo: “They generate very good code, they work a lot, and they never complain...” [17:01]
  • Laura: “How is North Korea finding that person in the U.S.?” [20:50]

• Detection Challenges:

  • Once embedded, often in key roles with high privileges—removal is risky, can trigger sabotage.
  • Typical attack: Private key leaks or deliberate code vulnerabilities.
  • Information sharing, in-person vetting, and background checks help but are never foolproof.

• Prevention Strategies: [26:34]

  • Only hire with personal recommendations or connections.
  • Always mandate video calls, surprise checks to beat video filters (e.g., cover your face).
  • Check for language/cultural consistency.
  • OSINT (Open Source Intelligence) on candidates: Check for internet history, leaks.
  • Monitor employee wallet payout addresses for suspicious patterns.
  • Pablo: “If you are a founder from a company, you should know everyone, in my opinion, in person.” [17:42]

Internal Company Security Practices

[33:59] – [49:20]

• Best Practices:

  • Minimize operational “blast radius”—don’t concentrate all funds and privileges in one place.
  • Implement multi-sig wallets, slow down high-impact actions so issues can be caught.
  • Avoid admin “laziness”—give only essential permissions, including for founders (“least privilege”).
  • Isaac: “There are a few principles ... all about minimizing the blast radius…” [33:59]
  • Pablo: “...even founders...should not have direct access to funds.” [47:09]

• Test Transactions:

  • Controversial. Relying on sending $1 as a “test” can be risky due to address poisoning.
  • Use address books with verified addresses instead.
  • Isaac: “...test transactions are a place to introduce the risk of an address poisoning attack...” [36:52]
  • Laura: “I would never copy from the transaction, I would use the original copy.” [38:10]

• Incident Response:

  • Training and tabletop exercises are essential: Practice what to do if hacked.

How Everyday Users Get "Rekt" & Protection Tips

[50:31] – [68:00]

• Common Attack Vectors:

  • Isaac: “Back when airdrops were happening...people would click on a malicious airdrop link…”
  • Impersonation: Hackers take over real accounts to trick friends/colleagues.
  • “Level up” attacks: Hack lawyers, accountants, then use them to phish high-value targets by sending expected documents.

• Key Protection Recommendations:
  Pablo:

  • Antivirus/EDR: Even on Macs—most hacks could be avoided if users had basic protection ($30/year).
  • Hardware Wallets: Store >$2,000 in a hardware wallet, never a hot wallet like MetaMask.
  • Seed Phrase: Only ever on paper, never in a password manager or digital form.
  • Operational Security: Multiple emails for different purposes, especially private ones for sensitive accounts.
  • Diversify Custody: No all-in on one method—split funds between multi-sigs, Ledger, and custodians if needed.
  • For hosted wallets: Use strong, unique passwords, no public phone numbers, enable hardware keys (Yubikey, Titan).

  Isaac:

  • Minimize blast radius: Don’t store your life savings in wallets you use for daily transactions. Accept the risk for “degen” wallets; secure savings separately.
  • Wallet Hygiene: Shake out old wallets periodically; use portfolio tools with caution as leaks can expose holdings.
  • Email Hygiene: Use unique, private emails for Apple IDs, crypto portfolios, and password managers; never reuse emails or phone numbers widely.

• Memorable Quotes:

  • Pablo: "9 out of 10 cases in crypto that we see nowadays could be avoided just because of having an antivirus, right?" [54:17]
  • Isaac: "...imagine if when you went to pay for a coffee with your debit card, you could accidentally pay with the deed to your house. That's what happens if you have all of your money in one wallet in crypto..." [58:27]

Hosting Providers & Insurance Considerations

[62:31] – [67:13]

• Selecting a Custodian:

  • Prefer reputable, long-standing brands with insurance coverage.
  • Split assets across multiple hosts/types of storage.

• Best Setup:

  • Private/non-public email for account creation.
  • No phone number, or if required, use a private, non-public one.
  • Strong, unique passwords everywhere.
  • Hardware-based 2FA keys (FIDO2, not SMS or Authy/Google Authenticator—these can be phished).
  • Consider a security advisor for substantial assets.

Privacy in Crypto: Blessing or Curse?

[70:11] – [73:36]

• Implications for Users & Law Enforcement:
  • Privacy tech can help protect user assets (privacy pools, proof of innocence).
  • Tools exist to balance privacy and compliance—new systems (privacy pools) allow users to prove their funds aren’t tainted.
  • Pablo: “We need to solve issues with technology. That's why we are here.” [73:26]

What to Do If You’re Hacked

[73:38] – [76:39]

• Immediate Actions:
  1. Contact SEAL911 via Telegram bot for emergency incident response.
  2. Disconnect your device from the internet.
  3. Recover your seed phrase to a new (safe) device and move assets immediately.
  4. Change all credentials.
  5. Report to your company/employer—breach may affect organizational security.

Further Resources

[76:39] – End

• frameworks.securityalliance.org for free opsec and security guides.
• Guide: “Opsec While Traveling” by DLN/Red Guild.
• Save Seal911 contact for crisis help.
• Consider donating to SEAL if they help you recover assets (non-profit, all volunteers).

Closing Thoughts & Notable Quotes

• Even experts fall for attacks—don’t feel guilty if it happens to you.
  • Isaac: “Everyone's being targeted all the time. It happens to everybody, so don't feel like you messed up. If it happens to you, it happens to everybody eventually.” [77:47]

Key Timestamps

• [04:05] – Crypto security’s evolution: From smart contracts to operational threats
• [09:20] – SEAL’s mission and major initiatives
• [15:45] – North Korean IT workers’ tactics
• [26:34] – Company hiring best practices
• [33:59] – Company security configuration advice
• [39:38] – Dissecting the Bybit hack
• [47:09] – Least privilege and founder opsec
• [50:31] – Most frequent ways users get rekt
• [54:17] – Vital software and hardware advice for individuals
• [62:31] – Custody, choosing safer providers, best practices for hosted wallets
• [70:11] – Pros/cons of privacy in crypto: law enforcement and user risk
• [73:38] – Immediate actions when hacked, reporting, escalation
• [76:39] – Further learning resources and final notes

For listeners:

This episode delivers a comprehensive set of security heuristics, practical warnings, and a healthy dose of realism—crypto security is relentless, but layered precautions and community knowledge can keep you much safer.