Village

Welcome to the Cryptocurrency Village, an exciting place to discover and develop your finance technology hacking skills. Learn unique ways that cryptocurrency systems are attacked, defended, and secured while building new applications using testnet tokens. Meet hackers, be entertained, and get inspired to explore cryptocurrency.

GENERAL CONDITIONS

To participate in a Cryptocurrency Village workshop, register your (pseudo)name to receive confirmation and instructions. On site registration may be available at the event, but once workshop seats fill the Cryptocurrency Village will close the workshop to new participants. The practice of awarding an official certificate of completion is not well defined and is not guaranteed. Student workbooks and kits may be distributed, and a fee may apply. More information is available in the Discord (see page bottom) channel.

Schedule for DEF CON Singapore 1 • April 28–30, 2026

EDUCATION

Speeches

Tuesday, 28 Apr 2026 • 11:00–12:00

Michael Schloh, Joyce Ng

Hacking Your DCSG1 Badge

Because we're hackers, entering the DEF CON event requires wearing the electronic hacker badge given to all ticket holders. To celebrate the first DEF CON event held in Singapore, we've designed and produced a unique device to open eyes and introduce to hardware hacking. Unboxing your badge leads to curious stares and expressions 'what does it do?' We the designers and producers answer your curiosity with anecdotes, advice, fun tricks, and interesting stories of DEF CON badges including the one in your hands. Come to hear about the parts choice, how the circuits function, what application features are available, and how to interact with other badges. Inspecting the badges with a close range circuit camera illustrates a number of interesting hardware aspects that we explain.

Tuesday, 28 Apr 2026 • 12:00–12:30

CVC Staff

Cryptocurrency Opening Keynote

Join your fellow hackers managing the Cryptocurrency areas of Defcon, and get a sneak peak of what each workshop teaches as well as an overview of the showcases and programs happening in our Defcon Village and Contest areas. We will report on cryptocurrency trends and perspectives from distinguished positions in industry, academy, and government. We will announce the teams competing in the Cryptocurrency Challenge, and give an overview of what prizes are available to winning contestants of the hackathon, CTF, and contests. Meet the organizers of years of cryptocurrency content at Defcon and bring your questions to the Creator Stage!

Tuesday, 28 Apr 2026 • 16:30–17:30

Kennashka DeSilva

Solidity Smart Contract Attacks

Smart contracts power the decentralized economy, but their immutable nature makes vulnerabilities costly. In this hands-on workshop, participants will learn how attackers exploit Solidity smart contracts in real-world scenarios and how to emulate these attacks safely in a controlled environment. Through guided exercises, attendees will explore common vulnerabilities—including reentrancy, integer overflows, and access control flaws—while applying red teaming techniques to identify and exploit weaknesses. Participants will also learn how to design effective mitigations and incorporate security testing into the development lifecycle, bridging the gap between offensive insight and defensive best practices in blockchain security. By the end of this workshop, attendees will gain practical skills to identify vulnerabilities, simulate realistic attack scenarios, and harden smart contracts against emerging threats.

Wednesday, 29 Apr 2026 • 14:00–15:00

Alexander Wilczek

Tracing Cybercriminal Financial Operations

An investigation into cybercriminal financial operations, following the money to examine how threat actors generate, transfer, and launder illicit proceeds, including the operational security and threat modelling required to safely perform this research and which OSINT and blockchain tools and techniques to use. This workshop covers the full chain, from how cyber criminals steal or extort money to how they get to spend it. Participants will start with OpSec, learning how to set up operations to conduct this kind of research, the threat modelling involved and what options are available, from air-gapped laptops and Tails to Qubes OS and Vms. Since the majority of cybercrime transactions happen in crypto, we'll do a deep dive, from the basics of KYC, CEX, DEX and bridges and how they are used by criminals, then exploring in detail how chains like Monero are being leveraged and how smart contracts like Tornado Cash are used to successfully launder money. Participants will learn which techniques and tools to use to track transactions on and off chain, with a mix of OSINT, Tor and block explorer tools. We'll look at the masters of the game, the Lazarus Group, which managed to launder hundreds of millions, as well as how InfoStealers and ransomware groups go from demanding a ransom to laundering it.

Thursday, 30 Apr 2026 • 11:00–12:00

CVC Staff

Cryptocurrency Closing Keynote

Closing the Cryptocurrency areas at DEF CON Singapore 1, we present the ten staf fmembers and their achievements during the event. We review our four major activ ities including the hackathon, contests, workshops, and capture the flag competi tion. A summary of teams, winners, and statistic illustrates the degree of parti cipation. We describe what prizes were awarded and which contestants won big. A list of workshop topics follows, with instructors giving their impressions of ho w modern finance technology benefits from interactive learning. Finally, we give a sneak preview of what's to come in the Cryptocurrency areas (Village, Contest, Vendor, Party) at DEF CON 34 in Las Vegas and how we intend to fulfill the Agency theme.

WORKSHOPS

Event Schedule

Tuesday, 28 Apr 2026 • 10:00–12:00

Alexander Wilczek, Kennashka DeSilva

Tracing Cybercriminal Financial Operations

Tuesday, 28 Apr 2026 • 14:00–16:00

Dani Weidman, Arjun Suresh

Top Features of your DCSG1 Badge

The DEF CON Singapore 1 Badge is a device with several easy to use self evident features as well as some less obvious ones. The badge contains secrets, puzzles, easter eggs, and mysterious challenges as well. To learn about the various features, advanced use of base stations, and how to enjoy the badge to the maximum extent, please visit us during this interactive workshop where teams may develop to share resources while learning the basics. We examine the physical aspects of the badge while describing various parts and how they support the rich feature set. Bring a computer and USB cable if you want to explore the Infocomm Z-Machine simulator with I/O on the USB CDC console. The same requirement exists if you want to benefit from a quick start in examining the chip and optionally programming it.

Tuesday, 28 Apr 2026 • 16:00–18:00

Antigone, Absurdity

Smart Contract War Room

EN: This interactive workshop places participants inside a live smart contract incident on a private test network. Working in small groups, attendees will exploit common Web3 security failures such as missing access controls, unsafe external calls, oracle assumptions, and approval misuse. After reproducing the attack, each team shifts into defense by tracing attacker activity, summarizing impact, and proposing patches. The session is designed to connect CTF-style challenge solving with practical smart contract auditing and incident response skills. 中文: 这是一场围绕私有测试网络展开的互动式智能合约攻防工作坊。参与者将以小组形式复现常见的 Web3 安全问题，例如权限控制缺失、不安全外部调用、预言机假设错误以及授权滥用。完成攻击路径后，学员将切换到防守视角，追踪攻击者行为、梳理影响范围，并提出修复方案。课程目标是把 CTF 式解题体验，与真实世界中的智能合约审计和安全响应实践连接起来。

Wednesday, 29 Apr 2026 • 10:00–12:00

Michael Schloh,

Developing Applications for the DCSG1 Badge

The DEF CON Singapore 1 Badge is a device powered by the Espressif ESP32-C6 MCU in a castellated module including eight megaoctets of flash storage. Developing firmware applications is rather easy with the right tools and training, so we ex plore the most common workflow used by the application design team. To begin we install the ESP-IDF toolchain and verify with a few simple examples, programming the chip and observing the outcome. A lot of alternative workflows exist, invol ving Visual Studio, Eclipse, Arduino, Rust, Tiny Go, Micropython, and RIOT. We i nclude information on FreeRTOS and the IPS display library LVGL, as well as a mo re detailed explanation of driving the parts on the printed circuit board. Bring a portable computer with a USB Type-C cable please, and optionally install the ESP-IDF software development environment as described on https://docs.espressif.com/projects/esp-idf/

Wednesday, 29 Apr 2026 • 13:00–15:00

Kennashka DeSilva, Josh

Solidity Smart Contract Attacks

Wednesday, 29 Apr 2026 • 15:00–17:00

Arjun Suresh, Alexander Wilczek

Red vs Blue: Breaking & Defending Real Crypto Hacks (EN)

An investigation into real-world cryptocurrency breaches, focusing on how attacks unfold, how funds move on-chain, and where detection fails. Using a Red vs Blue format, participants take on attacker and defender roles to analyze major incidents and uncover defensive gaps. This workshop covers the full lifecycle of a crypto breach, from initial compromise to fund movement and delayed detection. Participants will begin with a brief introduction to how these attacks typically occur, then move into a Red vs Blue format where they actively investigate incidents and evaluate defensive strategies. Participants will use tools like block explorers and basic scripting approaches to trace transactions, analyze patterns, and identify potential detection points. Through guided investigation, they will learn how to interpret on-chain activity and think like both attackers and defenders. The workshop will examine major real-world incidents such as the Ronin Network hack and Mt. Gox collapse, highlighting how large-scale attacks unfolded and what could have been done differently. It concludes with a cross-team debrief, connecting attacker actions with defensive failures and practical lessons for improving security.

Thursday, 30 Apr 2026 • 10:00–12:00

FLY, baswvad

Wallet Drainer Forensics

EN: Modern wallet drainers rarely rely on a single bug. Instead, they combine phishing pages, deceptive signing flows, stolen approvals, and fast fund movement across multiple services. In this workshop, participants analyze a simulated wallet-drainer campaign from the initial lure to the final on-chain transfers. Teams will inspect malicious front-end artifacts, decode approvals and signatures, identify attacker infrastructure, and trace the movement of funds. The workshop emphasizes practical investigation habits for researchers, responders, and builders defending wallet users. 中文: 现代钱包盗刷攻击通常并不依赖单一漏洞，而是结合钓鱼页面、诱导签名、恶意授权以及跨平台快速转移资金等多种手法。在本工作坊中，参与者将分析一条模拟的钱包 drainer 攻击链，从最初的诱导入口一直追踪到链上的最终资金流转。学员将检查恶意前端痕迹、解> 析授权与签名数据、识别攻击者基础设施，并追踪资金路径。课程重点是帮助研究者、应> 急响应人员和开发者建立实用的调查与防御思维。

Thursday, 30 Apr 2026 • 13:00–15:00

Josh, Arjun Suresh

On-Chain Investigation and Tracing Techniques

A hands-on workshop on blockchain investigation, covering transaction tracking techniques, fund flow analysis, identification of suspicious patterns, and wallet de-anonymization. We will explore tools and methodologies used in real-world cases of fraud, ransomware, and money laundering involving crypto assets—from the basics of on-chain analysis to advanced techniques such as clustering and cross-chain tracking.

Thursday, 30 Apr 2026 • 15:00–16:00

CVC Staff

Cryptocurrency Awards Ceremony

We close the competitive activities including the Cryptocurrency Hackathon, Cryp tocurrency Capture the Flag (CTF), and Cryptocurrency Challenge contests. A review of perfomance and teamwork lead to a rewards ceremony with prizes for the top performing teams. Come to congratulate everyone who participated in the games and competitions, or simply ask the questions regarding answers and solutions to the very challenging problems reflecting the current state of modern finance tec hnology in communities around the world.