This is an exploration into the security intricacies of Web3 and its manifestation in DeFi. A journey through the virtual landscape, understanding how users, often unintentionally, can become assets and liabilities. We’ll shed much need light into the shadowy realms of potential attack vectors that constantly threaten this decentralized future, drawing lessons from real-world hacks that shook the DeFi world to its core.

This is the second in a series in which we apply the Tactics of the MITRE ATT&CK framework to Web3 in an effort to use mature cybersecurity concepts to in the emerging space of decentralized applications. We hope that exploring the corollaries and differentiators will help develop a better understanding of where security mitigation and detection can be improved

In this article we look at the first tactic outlined in the Enterprise framework — Reconnaissance — and explore a translation into Web3 project security. We hope to guide Web3 developers and cybersecurity professionals through the top level tactics of reconnaissance by utilizing this mature, existing framework, to help uncover valuable insights and potential vulnerabilities.