TronWeekly

Crypto World News

You are here: Home / Archives for Crypto Wallets

Crypto Wallets

Solana Hot Wallets Under Siege From An Ongoing Massive Exploit

by

Solana-based wallets have come under a widespread exploit after several users complained that their funds were being drained without their consent. While the exact number of affected wallets is unknown at the time of this post, independent investigators put the amount to be over 7000.

As per reports, the attack mainly targeted internet-connected “hot” wallets including Phantom, Slope, and Trust Wallet. Initial sources put the stolen funds to at least $5 million worth of SOL and other tokens.

According to crypto analyst and author @0xfoobar, the attacker is stealing both native tokens [SOL] and SPL tokens [USDC] and those particular wallets that have been inactive for more than 6 months.

Computer scientist and CEO of Ava Labs Emin Gün Sirer tweeted that the hacker has likely gained illegal access to private keys as the transactions were signed properly.

One expert flagged the attack as a possible nonce reuse bug in some signature library Solana projects. ” …this would allow any attacker looking at Solana to derive the private key regardless of where it was generated”, he added.

Nonce which stands for “number used once” implies that one is not supposed to reuse this number for different messages. Since the nonce used is always the same, a malicious actor can impersonate a trusted party by intercepting and recovering the authentication key.

Solana Price Drop By 10% In Response To The Attack

“We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information,” a representative of Phantom said. “The team doesn’t believe this is a Phantom-specific issue at this time.”

The incident has caused SOL’s price to fall back by 10% within a few hours of the reports according to CoinMarketCap.

That said, DeFi protocol code auditor Foobar advised that the solution is to transfer assets into a hardware wallet that has never exposed a private key to potentially vulnerable browser extensions.

“Several have pointed out that transferring assets to a reliable CEX is another holdover strategy if you don’t have a hardware wallet. This is most approachable for less experienced users.”

Hardware wallet Trezor confirmed fake ‘data breach’ notifications

by

Crypto hardware wallet Trezor has officially confirmed that its mailing list has been compromised by an insider targeting some of its users in what looks like a phishing attack. In the early hours of 3rd April, Trezor send out a tweet informing that it was investigating “a potential data breach of an opt-in newsletter hosted on MailChimp” and issued a warning against opening emails from “noreply@trezor.us”.

In successive tweets, the wallet firm said that it has managed to take down the phishing website and is trying to determine how many email addresses have been affected. The firm went on to add that will not be communicating by newsletter until the situation is resolved.

How did the attack start?

The phishing attack began with the Trezor hardware wallet owners receiving fake security incident emails pretending to be a data breach notification. These fake data breach emails say that the company does not know the extent of the breach and asked owners to download the latest app to set up a new PIN on their hardware wallet.

The email very convincingly included a ‘Download Latest Version’ button that directs users to a phishing site appearing in the browser as suite.trezor.com. It should be noted that the legitimate website is trezor.io.

Once its owners connect their device to the fake Trezor Suite app, it will trick them to enter their 12 to 24-word recovery phrase, which is sent back to the threat actors. As attackers get hold of the recovery phase, they can use them to steal victims’ cryptocurrency assets.

Trezor then retweeted an early post where one of its experts wrote a detailed blog on improving security.

Trezor’s guidelines against phishing attacks

As per the post, Phishing messages are intended to target the recipient to perform a certain action to make it seem as if they wanted to help resolve a terrible problem that occurred. Once the instructions are followed, it usually involves revealing one’s credentials directly to the attacker, who then easily drains funds from the targeted financial accounts.

The post then asked users to avoid such messages. “If in doubt about whether it’s real or not, contact the sender directly on contact using information you already have or that is available online. Never use contact information contained within the email,” it added.

Israel: Authorities capture 30 crypto wallets linked to terror funding

by

Israeli enforcement agencies have confiscated nearly 30 cryptocurrency wallets from 12 accounts, allegedly used to fund Hamas which has since been declared a terror group. As per local sources, Defense Minister Benny Gantz had approved the seizure owned by a crypto exchange based in the Gaza Strip.

According to the ministry, the trading platform which goes by the name Mutahadun is run by the Shamlah family who the former accused of assisting the Hamas terror group, and especially its military wing, by transferring funds amounting to tens of millions of dollars a year.

On previous occasions, funds linked to the Shamlah family have been targeted several times by Israeli authorities. The seized cryptocurrencies are believed to be worth several thousand shekels and were successfully captured in a joint effort led by the Defense Ministry, police, and military.

Further, Gantz in a statement reiterated,

“We continue to expand our tools to deal with terrorism, and with companies that supply it with an economic oxygen pipeline. I would like to congratulate all the organizations on their intelligence, operational and legal cooperation. We will continue to work together, in order to fight terror by any means and in any way.”

Earlier in 2019, Hamas had appealed for crypto donations from supporters to help tide over its financial crisis. Following this, it launched an experimental program using a complex cryptocurrency system to raise money. The group’s financial trouble has escalated in recent times as banks have distanced themselves from any dealings with the organization.

Israeli agencies remain extra vigilant amidst global crackdown

Recently, Israel’s National Bureau recovered an undisclosed amount in a counter-terror financing case linked to terrorism financing. Other similar cases around the world include a $56 million seizure by the US Department of Justice [DOJ] in a cryptocurrency scam investigation and the capture of another $2.3 million from the ransomware group behind the Colonial Pipeline attack.

The DOJ announced on Thursday, Feb. 17, that the Federal Bureau of Investigation [FBI] is building a new specialized team dedicated to tackling increased crimes related to crypto. One of the major takeaways has been announcing an international virtual currency initiative that will be established to facilitate joint global law enforcement collaboration.

Samsung adds crypto wallet and storage features on the new Galaxy S22

by

Tech giant Samsung introduced today at their Unpacked 2022 event the Samsung Wallet. It can contain personal IDs, including student IDs, driver’s licenses, and state IDs, plus digital house or vehicle keys, credit and debit cards, boarding permits, and immunization data. The wallet may also be used to “access and explore complicated digital items” such as cryptocurrencies.

The wallet facilitates safe payments, presumably using Samsung Pay. The Samsung Wallet will be supported across all Galaxy S22 series phones. However, it’s not foolproof if earlier Galaxy phones are supported.

User information on the Galaxy S22 series is safeguarded by Samsung’s Knox Vault technology, which leverages its own secure CPU and memory. It separates passwords, Blockchain keys, and other sensitive information from the phone’s primary operating system to keep it more secure.

Samsung putting up some competition with Apple

The Samsung Wallet is a new rival to the Apple wallet, allowing Apple customers to save identical payment details and personal data. Unlike Apple, Samsung has been keen on crypto for a long time. On May 13, 2021, Samsung announced that it would allow users to use blockchain on their devices with support for hardware wallets. Apple had recently revealed plans to provide Tap to Pay on the iPhone, hinting at the possible chance to include support for cryptocurrencies.

Samsung deep dives into the metaverse

The Galaxy Unpacked 2022 event was held in the Decentraland Metaverse. Samsung revealed their latest Galaxy smartphones at a virtual Samsung 837X venue. More than 100,000 people registered for the virtual event, which included the opportunity to pre-order the new premium cellphones.

In early January, the firm made its Metaverse debut by launching its flagship 837 shop in collaboration with Decentraland. “This is one of the largest brand land takeovers in Decentraland’s history,” the company claimed at the time.

Samsung is likewise seeking to get its hands on NFTs. They stated that starting with its 2022 TV range would provide broad support for NFTs.

“In 2022, Samsung will launch the world’s first TV-based NFT explorer and marketplace aggregator, a ground-breaking platform that allows you to browse, purchase, and show your favorite art in one location.”

Samsungs upcoming NFT TV platform

More data on the NFT platform should be accessible once the 2022 TVs start selling in the following months.

Google Overturns Ban On Crypto Wallet And Exchange Ads

by

The cryptocurrency industry has gained tremendous credibility and legitimacy in recent times. Google is all set to allow advertisements related to cryptocurrency wallets and exchanges. The search engine giant has reversed its ban on cryptocurrency-related business and services that it had imposed in 2018.

The official press release by Google stated that from the 3rd of August 2021, advertisers of the industry targeting the United States may advertise those products and services if they meet certain requirements and are certified by the platform.

Google closes door to certain institutions while giving green signal to a few.

It outlined that the advertisers need to be duly registered at Financial Crimes Enforcement Network [FinCEN] as a Money Services Business and with at least one state as a money transmitter, or a federal or state-chartered bank entity.

In addition, the advertisers should also comply with relevant legal requirements, which encompasses any local legal conditions, whether at a state or federal level. These entities will also have their ads and landing pages follow all Google Ads policies.

Google also notified that all previous crypto exchange certifications will be revoked on the 3rd of August this year. This would mean that the advertisers must apply for new ‘Cryptocurrency Exchanges and Wallets’ certification with the company. The application form for the same will be published on the 8th of July 8, 2021.

However, the company prohibited ads for initial coin offerings [ICO], decentralized finance [DeFi] trading protocols, or any kind of promotion related to buying, selling, or trading of cryptocurrencies or related products.

Some of the examples include ICO pre-sales or public offerings, crypto-asset loans, initial DEX offerings, token liquidity pools, celebrity crypto promotions, and endorsements, unhosted wallets, “unregulated” decentralized applications [DApps].

Ad destinations that aggregate or compare issuers of cryptocurrencies or related products are also banned from posting on Google. These include trading signals of cryptocurrency, investment advice, aggregators, or affiliate websites comprising of associated content or broker reviews.

Child Pornography Ring Leader Sees Crypto Assets Frozen by Seoul Court

by

A justice court in Seoul has agreed to the petition by prosecutors requesting to freeze cryptocurrency wallets belonging to the leader of the Nth Room case. In addition, the court also froze all the security deposits, and stock accounts of the alleged child pornography ring leader. 

The accused, Cho Ju-bin is the suspected head of the Nth Room, which is a Telegram channel under investigation for child pornography. According to a report by media outlet  KBS Korea, the Seoul Central District Court Criminal Settlement Division 30, under the guidance of Judge Lee Hyun-woo, agreed to the demands by prosecutors to confiscate 15 crypto wallets allegedly owned by Cho.

The crypto assets held within the seized wallets are suspected to shed light on the magnitude of profits that the child pornography ring leader earned with the illicit scheme. In addition, the court noted that the  130 million won ($106,734) found in Cho’s apartment back in April as a crucial piece of evidence in determining the gains made by Cho.

Cho is being charged with organizing and overseeing a network of sexually-related crimes such as broadcasting of child rape footage. According to the investigators, the child pornography scheme gained a lot of members who subscribed using cryptocurrencies to gain access to the chat rooms. 

Crypto industry aiding with investigations against child pornography ring

Furthermore, both the domestic cryptocurrency industry and the authorities have participated by aiding in investigations. The crypto industry aims to minimize the usage of digital currencies in committing criminal activities. 

For instance, Bithumb cryptocurrency exchange officially delisted Monero (XMR) from the platform on June 1, as part of its contribution to the Nth Rooms investigations. Monero was allegedly the primary cryptocurrency used by the child pornography ring. 

The authorities have allegedly managed to track the digital fingerprints of about 40 individuals who allegedly paid using digital currencies to view child porn videos and sexual violence content. It is suspected that South Korean crypto exchanges helped the authorities to track down the suspects; although it is not yet officially confirmed.

Warning: Hackers Can Steal Your Crypto With Coronavirus Maps – Safety Tips!

by

Recently, a security researcher pointed out how hackers were using coronavirus dashboards for malware injection to dig a user’s data and steal its personal information.

The pandemic has been all over the news, people from around the world are constantly hooked to find information about it on their screens. Be it to learn more about the disease, its prevention, symptoms or statistics – content related to coronavirus, sells. 

Shai Alfasi, a security researcher at Reason Labs figured out that Coronavirus dashboards were used not only to provide information related to the pandemic but was also sucking out data. 

Hackers are now in a position to steal personal empirical data such as passwords, account details, card details, and much more sensitive information most people have stored on their browsers. Shai even stated how the notorious parties are currently targeting Windows devices only but in no time can learn attacking other devices as well.

Screenshot from 2020 03 24 19 11 23 1

It has been recorded that malicious programmers are using AzoRult to steal users’ data. The malware was first discovered in 2016 as an information theft tool that is used to steal browsing history, cookies, IDs, passwords, etc.  It was sold on Russian underground forums to collect various types of sensitive information from an infected computer. But not just this, the malware is now advanced to even pull out cryptocurrency-related information such as wallets IDs, passwords, private keys [if saved] and a lot more!

All of us go through articles and online content on trustworthy as well s untrustworthy sites. SOme store our information and some make us feel like they don’t. Nevertheless, at such vulnerable precedented times, it’s vital to keep our selves safe not just physically but even digitally. 

In such situations, precautions and digital data security is important. Here’s a list of things you can do to maintain your personal digital security:-

  1. Backup your IDs, passwords and wallet details offline. 
  2. Erase your cache, personal data storage, passwords, etc from your browsers. 
  3. If you notice a device you own is responding slower than usual or you’re experiencing persistent pop-up messages, spam, or malfunctions, your device may be infected with malware. In such a situation reset your device, check if your wallet has been compromised and install anti-virus/ malware software.
  4. Keep 90% of your crypto offline in cold wallets. 
  5. Keep only 10% or less of your crypto in hot wallets if you need liquidity in hand. 
  6. Don’t visit unpopular, shady sites for information related to the pandemic. Stick to government forums or popular secured sites.
  7. Run regular scans on your computer to detect any malware. 
  8. ‘Secure’ your network, and ‘think’ before you ‘click’ or ‘submit’ your details or ‘allow’ any sort of permissions.

Additionally, always check the domain you visit to avoid phishing activities. Monitor coronavirus maps closely as malicious sites function differently than originals. 

 

 

Disclaimer note: This article is not a piece of investment advice. Please do your own research before investing/trading in cryptocurrencies.

Amidst Corona Chaos Leading Italian Bank Launches Full Fledged Crypto Wallet

by

Despite the fact that the world is fighting the coronavirus outbreak and the nationwide lockdown, Italy’s leading bank, Banca Sella has rolled a full-fledged crypto wallet.

The bank has likely leveraged the potential demand for virtual money as people are transforming their way from fiat to bitcoin as part of safe money following the ongoing crises. As per the report, the bank with its unique platform dubbed as “Hype” is aiming to foster the adoption of virtual money.

Per the reports, this new wallet enables people to purchase, sale and store the Bitcoin. In addition to this, people can start purchasing goods and services using cryptocurrency through this new banking wallet. Interestingly, the wallet serves nearly 1.2 million users of the bank’s HYPE Plus digital platform. However, the bank foresees the accessibility of this service to all Banca Sella Customers.

Noticeably, the platform is designed and integrated by a crypto company, Conio. This integration is said to be as equivalent as jamming Coinbase app into a bank account. Christian Miccoli, the co-founder of Conio said that;

“Banks feel threatened by cryptocurrencies and, like all big organizations, have a natural tendency to resist change. But this time innovation is impossible to stop: it is akin to trying to stop the wind with your hands”

Beside Banca Sella bank, other banks are also following in this stream, for instance, Ziglu which is yet to release and Revolut with almost $5.5 billion valuations is exciting their customers by combining crypto services. However, concerning the Revolut’s crypto banking services, Conio’s co-founder Vincenzo Di Nicola said that;

While Revolut may give the impression to manage Bitcoin,” customers can “neither receive Bitcoin nor can transfer them: it’s a walled-garden approach that actually defeats the purpose of a cryptocurrency.”

Although people have self-quarantined, yet, Hype’s approach is that the people are now more cautious of coins and paper money. The fear that COVID spreading across the world, people are turning to digital currency by dumping the paper version of money as a cleaner solution for the future.

Upon Death, What Happens to My Bitcoins?

by

No one really has an idea of how long digital currencies will last, but it is a fair bet they will probably outlast you. It is not easy to pass one’s digital assets to their loved ones after one’s death. At least it is not as straightforward as passing cash or other properties.

In particular, given that wills are not tailored for confidential information, including one’s private key in the document would be a horrendous idea. According to Gordon Fischer, an estate planning attorney:

“I would strongly advise against anyone putting any information they consider private into their will. Wills, after your death, become court documents and are generally public documents, accessible by anyone.”

A Private Key refers to an almost unchangeable passcode. It is generated when someone creates a new cryptocurrency wallet and should be kept as safe and secure as possible. Unfortunately, there is no given way of regaining this private key for a probable heir, since there is no central authority that monitors those keys. It is quite safe to suggest Bitcoin affords one a unique challenge upon death.

If you depart this life without leaving anyone the private key, your bitcoins practically become beyond reach to anyone. In a similar fashion, if you endow your private key without mention of what it is and how to use it, your bitcoins are likely to be bygone. The brilliance of bitcoin is that the algorithm that creates them intrinsically limits the supply. This means when bitcoins are lost, the remaining ones in circulation become a little more valuable due to scarcity. However, this will not help your loved ones, will it?

How do you make sure your bitcoins are well passed on?

The easiest method is to ensure that your loved ones are aware of your bitcoin account. In addition, you should either entrust them with the private key now; or store the private key in a fitting secure site such as a safety deposit box. You can even reserve the private key on a thumb drive or an old-fashioned piece of paper.

If you become more concerned about security to trust the above methods; plus you have a fortune in cryptocurrency, you have a few alternative methods available to make sure that your potential heirs have access to their inheritance.

This one is interesting. It is possible to set up a “time locked” transition that will happen after a defined number of years in the future.  With the assumption that your heirs still have access corresponding receiver address to accept the crypto; they will receive the funds on a defined future date.  However, that is a risky move. The transaction will take place whether or not you are alive or dead, on the scheduled transaction date.

In addition, third parties such as Coinbase offers a more traditional alternative method: a vault. This is typically a safety deposit box for your private key. Coinbase offers joint accounts, which ensures your loved ones have an easy transition and access to their digital inheritance.

A clear set of estate plans

 Whichever method you choose to adopt, ensure that you have a clear set of estate plans in place. Making your wishes known helps you to circumvent probate; which is a strenuous enough procedure. 

The laws on the inheritance of crypto assets can be hazy and depends on the country you live in. It is important to consider consulting an attorney to help come up with your estate plans. Different sites may have different terms and conditions to apply; yet another reason to pursue professional guidance.

Moreover, the Revised Uniform Fiduciary Access to Digital Asset Act (RUFADAA) initiates the rules and regulations regarding digital account freehold. It’s significant to acquaint yourself with the RUFADAA; more importantly, update your wills, trusts, and POAs in conformity so that your fiduciaries gain access to your crypto assets.

Conclusion

Various digital assets, such as your Facebook page, may not have much monetary value. However, digital currencies have a basis and valuation that requires monitoring. Such assets can influence your estate taxes and the amount you pass to potential heirs.

The growing admiration for digital assets will not vanish anytime soon. For fiduciaries, it is significant to take the right insurance; and understand the nuances of such assets in the planning of digital estates.

 

Peter Schiff Blames Crypto Industry for BTC Shutout; Erik Voorhees, Jameson Lopp claim he’s crying wolf

by

There have been several reported cases of people losing their digital assets like Bitcoin mainly because of negligence or actions taken by bad actors. In a recent twist of events, it has been discovered that a gold proponent had lost all of his BTC holdings.

Peter Schiff, the CEO of Euro Pacific Capital and major Gold ‘shiller’ tweeted recently that he had lost all his BTC because of a supposed problem with his Bitcoin wallet. This news resulted in several crypto evangelists coming forth to defend the characteristics of the world’s largest cryptocurrency. 

The host of the Peter Schiff show has a reputation for being against Bitcoin and other cryptocurrencies. Schiff has also maintained strongly that no matter what the developments, gold will always reign supreme over Bitcoin. This sentiment was one of the reasons why crypto supporters thought Schiff’s latest story was fabricated. His tweet read:

The error message on Schiff’s wallet pointed out that there was an issue with decrypting the individual wallet file. Now it is not really confirmed if Schiff actually lost all of his assets but some BTC proponents were having none of it.

Erik Voorhees, the CEO of Shapeshift candidly stated that the mistake was all on Schiff because there was no integral mistake with the Bitcoin wallet. Voorhees claimed that he had helped Schiff set up the wallet and had even asked him to secure it properly.

According to the Shapeshift official, Peter Schiff had actually forgotten his password and was trying to blame the cryptocurrency for no substantial reason. Even Jameson Lopp joined hands with Voorhees in stating that crypto provides financial sovereignty, albeit to users who are careful.

Schiff followed up his original tweet with one saying that the BTC he lost were ‘gifted’ to him. He reiterated that he did not believe in Bitcoin but was rather planning to HODL his assets till ‘Bitcoin sank’. It was understandable as to why the crypto community questioned the authenticity of Schiff’s comments.

The gold bug had made multiple headlines earlier when he claimed that marijuana was more useful than Bitcoin. His logic was that users cannot do anything with BTC but if the same person smokes marijuana, they get high.

Despite the cloud surrounding this event, the issue of cryptocurrency wallet losses has been persistent within the industry. Last year, customers lost almost $145 million in terms of holdings due to the death of Quadriga CX CEO, Gerald Cotten. This was a major reminder to people that they need to be more careful about their private keys and passwords so that they can retrieve their BTC safely.