Category Archives: security

Auto Added by WPeMatico

Crypto Investor Sues AT&T for $224M After Phone Hack Losses

A cryptocurrency investor in the US has filed a lawsuit against his cell phone service provider AT&T on the grounds of gross security negligence that lead to his personal loss of USD 24 million in crypto.

The plaintiff, California resident Michael Terpin, filed a 69-page complaint with the US District Court in Los Angeles on Wednesday alleging that AT&T not only violated its statutory duties and Privacy Policy commitments but went so far as to willingly cooperate with the phone hacker. Terpin claimed that he was victim to digital identity theft two times in seven months when his digital assets were taken via his cell phone number.

Suspicious circumstances were cited by Terpin regarding the actions of at least one AT&T employee. He alleged that ”insider cooperation with the hacker” took place after a store employee offered out his phone number without verifying the person’s identity or requesting any of his private information. Terpin’s complaint details that his number was then used to break into his cryptocurrency accounts and compares the incident to a hotel providing a thief with a fake ID the key to a room and the safe to steal from the rightful owner.

The legal complaint seeks from AT&T USD 200 million in punitive damage and USD 24 million in compensatory damages.

AT&T responded to the accusations, providing CNBC with a statement reading: “We dispute these allegations and look forward to presenting our case in court.”

Terpin may well have been considered a profitable target by potential thieves due to his work in the cryptocurrency industry. In 2013, he co-founded Bitcoin angel investor group BitAngels, as well as the BitAngels/Dapps Fund.

The cryptocurrency community has recently placed a significant focus on increased security as imperative for increasing adoption levels and seeing market prices recover from a relatively poor performance this year, although in this instance it appears to be only AT&T at fault.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Crypto Investor Sues AT&T for $224M After Phone Hack Losses appeared first on BitcoinNews.com.

Spencer Bogart: Bitcoin Waiting for Trigger to Hit New Highs

Cryptocurrency hedge fund manager Spencer Bogart has weighed in on Bitcoin price speculation, saying he is waiting for any positive trigger to push the price of Bitcoin up.Featuring on CNBC’s Fast Money, Bogart shared that he has been encouraged by Bitcoin’s recent upward trend, believing that this will continue. He added that he thinks the pullback momentum has passed and he is now waiting for any catalyst to send it to new price highs. Bogart cited several possibilities for this including the current global currency and trade wars.

Foreseeing the US Securities and Exchange Commission’s (SEC) rejection of the Bitcoin exchange-traded fund (ETF), he noted that 2019 may be a more realistic time frame for this to happen. Despite this, Bogart sees several other vehicles already available for retail and institutional investors to enter the market, pointing out Coinbase’s exposure of retail companies, and firms such as Bitwise Asset Management’s outreach to institutional investors.

While naysayers may query specific price forecasts, predicting market swings is essential for investors looking to maximize profits.

Bitcoin has not surpassed USD 8,000 since May this year before it fell back to approximately USD 6,000. While many pundits have shared their expectations and predictions during this most recent upswing, Bitcoin’s valuation is still far from its top price of nearly USD 20,000 in December last year.

Calls for increased security

With many spectators such as Bogart sharing their price rise expectations, another rally is suspected to attract such bad actors as it did in 2017 when the number of hacks on cryptocurrency exchanges and sited increased sharply. While this is not surprising as the potential profits increase substantially for attackers, there has been a call for all investors to prioritize their security.

There is nothing to stop hackers from trying, but so long as investors and cryptocurrency service providers practice due diligence the majority of such attacks can be prevented, and it is indeed important to do so for the reputation of the industry.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Spencer Bogart: Bitcoin Waiting for Trigger to Hit New Highs appeared first on BitcoinNews.com.

Samsung Claims Smartphones Provide Best Security for Crypto

Multinational tech conglomerate Samsung has argued that smartphones can provide the best security for cryptocurrency holdings because of the combined efficiency of apps and the presence of the trusted execution environment (TEE).

Cryptocurrency wallet apps like Blockchain and Jaxx are a convenient and popular way to transfer, send and store assets on a smartphone. What Joel Snyder, a senior IT consultant and a contributor to Samsung Insights pointed out, is that the TEE under which the majority of smartphones operate offers a nearly impenetrable barrier for hackers.

Because the TEE is completely independent of an individual’s device with its own separate memory and storage, potential hackers and even operating systems such as Android cannot penetrate and alter or access the data. This prevents passwords and private keys of wallets from being accessed.

Laptops and such devices that utilize conventional data storage units such as an SSD are more vulnerable to risk due to their persistent nature that gives an opportunity for hackers to enter and steal data, cryptocurrency account information included.

Snyder for Samsung noted that while ”a naive wallet developer” might fail to employ the advantages of the TEE and store keys on the phone’s internal storage, the combination of the TEE and an effective wallet offer the most secure place for your cryptocurrency holdings.

What else the TEE can offer

A research effort conducted by Cornell University in December 2016 first offered the concept of Bitcoin scaling via the TEE. The team developed a technology called Teechan which they built on top several TEEs including the Software Guard Extensions of Intel.

The results were promising. Transactions were able to be processed off-chain, then fixed into larger transactions to be established on the blockchain. Significant progress has been seen, with over 2,480 transactions per second recorded as successfully processed.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Samsung Claims Smartphones Provide Best Security for Crypto appeared first on BitcoinNews.com.

How to Properly Secure Bitcoin by Controlling the Private Key

Bitcoin’s popularity and use has grown astronomically since it was first released in 2009; now there is over USD 100 billion invested into Bitcoin with several billion USD of trading volume. However, most people do not take the proper steps to ensure that they fully control their Bitcoin by controlling the private key.

One of the key beneficial attributes of Bitcoin is that it gives control of money to its owner, as opposed to banks which can seize or freeze money at any time at their discretion. However, one does not fully control their Bitcoins unless they control their private key. This is an aspect of Bitcoin many users are unaware of, often resulting in mistakes and loss of funds.

Many new users buy Bitcoin on exchanges and just leave it there. This does not give them access to the private key, so they don’t control the Bitcoins at all. Bitcoin should be immediately withdrawn to a personal wallet after purchasing on an exchange. It is not good practice to leave Bitcoins on exchanges for extended periods of time even when trading, as exchanges can disappear or be hacked, losing user funds.

To ensure full control and safety of funds, it is crucial to use a Bitcoin wallet that gives the user sole access to the private key. This means that the private key is not available to anyone else or stored online in a server.

Most Bitcoin wallet services fail in these criteria. Even the most popular online or web-based wallets fail to give Bitcoin owners full exclusive control of their private keys if they store private keys on an online server. No matter how secure one makes these wallets, even with a strong password and 2-FA, the private key is vulnerable to hacking.

Bitcoin Core is the original Bitcoin wallet and is fully self-sufficient, it is not dependent on any online server to operate since it downloads the entire blockchain into a user’s computer and connects with the actual Bitcoin network. It gives Bitcoin users full control of private keys and doesn’t store those private keys anywhere else. As extra security, a Bitcoin Core user should encrypt the wallet with a strong password that they won’t forget.

A downside of Bitcoin Core is it can take a long time to download since the blockchain is over 170 GB of data, and growing. However, it is definitely worth the wait to ensure Bitcoin safety. A big upside is that Bitcoin Core is a full node, so any user that is running it is running 1 of about 10,000 Bitcoin nodes in the entire world, helping secure the network.

If a computer running Bitcoin Core is destroyed then the Bitcoins would be lost, so as extra safety it is prudent to make a copy of the private key. Do not store this private key on a computer or device connected to the internet. If storing the private key digitally, it is best to put it into a USB memory stick and put a password on the file containing the private key, and then to keep that USB memory stick in a safe place.

Physically recording the private key is a good option too, which can simply be done with a pen and paper, but one must be extremely careful to get it completely right since missing a letter would make it useless. A polaroid camera that instantly prints out photos but does not store the photos is also a great option to record private keys. Any physical record of the private key must be kept absolutely safe, since if someone finds it they would have full access to the Bitcoins.

Electrum is another Bitcoin wallet that gives full control of the private key to the user, and is a lot faster to download than Bitcoin Core since it doesn’t download the whole blockchain. However, if Electrum’s servers aren’t working for whatever reason then a user would have to import their private key to another wallet service to gain access to their funds.

In any case, as long as the wallet only gives the user sole control of private keys, it is the first step to securing your Bitcoin and being in full control of your funds.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

The post How to Properly Secure Bitcoin by Controlling the Private Key appeared first on BitcoinNews.com.

Amex Looks to Blockchain for Customer, Merchant Security

Multinational financial services corporation American Express is exploring the potential of a blockchain solution to increase customer and merchant security.

Vice president of technology at American Express, Tereasa Kastel, spoke at the Oktane 18 conference in Las Vegas earlier this week, discussing the multiple uses for blockchain being explored by the corporation.

Protecting identities and information

As reported by TechRadar, identification security and protecting user information formed the basis of Kastel’s speech. She discussed the prospect of an immutable blockchain solution to American Express’s objective of providing the highest levels of user security and data protection.

“If you’re in this industry, you have to have a voracious appetite for all things identity… to be able to work in a world where there is constant change, you… have to always ensure you can stay ahead of the curve,” she noted.

“Being in the financial industry, we have to be somewhat conservative on what legal and regulatory requirements there are,”‘ she added, commenting on the disparity between government policy, or lack of, regarding blockchain.

Despite this, Kastel said: ”On the other hand, what empowers an individual user to do in terms of controlling their identity, and have that identity be immutable, is something you can’t pass by.”

A blockchain identity wallet

Kastel outlined that initial blockchain probes would be limited to financial transactions. Now, however, she reported American Express is looking into creating a blockchain identity wallet.

”We were starting to explore what would an identity wallet look like, and could blockchain be used to help serve as, both internal, but also external card members and merchants,” Kastel said, detailing a visit to the corporation’s research and development lab.

She added that “American Express is a very innovative company”, in an acknowledgement of blockchain as the next seminal development in the technology industry.

Hyperledger blockchain technology

While Kastel’s talk was predominantly focused on the significant role of blockchain in American Express’s future service development, it coincided with the announcement of the corporation’s utilization of hyperledger blockchain technology.

This is being offered to merchants as an opportunity to create tailormade rewards programmes for individual American Express cardholders.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

The post Amex Looks to Blockchain for Customer, Merchant Security appeared first on BitcoinNews.com.

FacexWorm Part of a Growing Statistic of Crypto Crime

Cybersecurity experts were able to expose a dubious Chrome extension dubbed FacexWorm after hackers were able to steal a total of one Bitcoin through its use.

The exact amount of currency generated from the hijacking of computer hardware to perform mining is unknown. After similar activity monitored last year it was quickly established that hackers were yet again attempting familiar modus operandi.

The FacexWorm extension is capable of stealing user credentials and hijack cryptocurrency transactions by adjusting the destination wallet ID on several large exchanges including Binance, HitBTC, Bitfinex, Poloniex, and Ethfinex. Victims’ browsers were redirected to scam sites misleading them to send currency to the hackers wallet as well as remotely using their hardware for cryptocurrency mining.

FacexWorm part of a growing statistic of crypto crime

In this new market with little regulation on security standards, cybercrime is a growing issue among the crypto community.

Phishing scams have led to losses of around USD 225 million in 2017 alone. Most commonly, investors were being misled into transferring funds to what they perceived to be fundraising sites for ICOs, especially those using Ethereum blockchain technology.

Browsealoud, a suite of translation tools, was edited by hackers to mine cryptocurrencies. With the assumption that the infected plugin compromised most of the sites that were actively using it, around 4,275 websites were affected, including some hosting important services.

Ethereum-related cybercrime is one of the worst with around 30,000 people affected, averaging a loss of about USD 7,500 each.
The combination of losses due to phishing, hacks, Ponzi schemes, and exploits in systems is fast approaching similar levels to robberies in the US during 2015. The Federal Bureau of Investigation estimated theft at a total of USD 390 million, with Chainalysis evaluating Ethereum crime alone at USD 225 million.
“The cryptocurrency phishers are doing pretty good against all the other types of criminals that are out there,” said Jonathan Levin, Chainalysis co-founder.
With a shortage of expertise in a new and upcoming industry, cyber threats will need to be taken more seriously. As the technology moves to become more mainstream and regulation sets standards for security there will be a shift towards a safer market.
Image source: https://www.flickr.com/photos/140988606@N08/27891578868/in/photostream/ – Christoph Scholz – IT Security Schloss vor Crypto-Hintergrund – blau – Kontrast

The post FacexWorm Part of a Growing Statistic of Crypto Crime appeared first on BitcoinNews.com.

Bitcoin security? Its’ not bitcoin which is unsafe…

Bitcoin security? Its’ not bitcoin which is unsafe…

It happened again. Last week, hackers stole 4,700 Bitcoins (over $80 million at today’s price) from mining marketplace NiceHash.

(The company pairs up people with spare computing power with others who are willing to pay to use that capacity to mine Bitcoin– and then announced they would reimburse users who lost money from the hack.)

On top of that, last month hackers stole $31 million of another cryptocurrency called Tether.

But those are only two recent attacks.

Remember Mt. Gox?

The Bitcoin exchange was founded 2010. By 2013, it was handling around 80% of all Bitcoin transactions.

Then the company halted all trading after “technical issues” caused 850,000 Bitcoins to go missing.

Those missing coins are worth over $15 billion at today’s price.

All of the crypto theft making people question the security of Bitcoin and other digital currencies.

But it’s important to remember, in these cases, “Bitcoin” didn’t get hacked… it was the exchanges or marketplaces that got hacked.

This happens almost every day; people unwittingly get their phones and emails hacked and end up losing their cryptocurrency in the process.

It reminds me of the early days of the Internet, back when WiFi was still a new thing and banks were just starting to provide online account access.

Back then, hacks were commonplace. Users didn’t know enough about wireless network security, and banks didn’t have SSL enabled… so hackers could easily ‘sniff’ data packets and steal bank login details.

Fast forward 10-15 years and all of that’s changed.

Most people at this point (hopefully) know how to secure their WiFi networks with WPA2 security or better, and banks employ much better security and encryption standards.

But with cryptocurrencies it’s still very Wild West out there, vastly increasing the chances of hacks, cracks, and theft.

You’d be amazed, for example, how many people use a ridiculously unsecure password like “123456” for a website login that stores their Bitcoin secret key.

And even if hackers don’t steal your crypto, there’s still a chance you’ll lose it.

A friend of mine bought some Bitcoin in 2010 and stored it on a laptop. Then he threw the laptop away… along with all the Bitcoin. And there’s no way to get it back.

Like just about anything, all it takes is a little bit of education to prevent a major disaster from occurring.

One approach I encourage you to learn about for storing crypto is called “cold storage.”

Before I define cold storage, a bit of background if you’re unfamiliar with how the public key/private key system works.

A public key is a code available to anyone who trades cryptocurrency with you. A private key is a secret, alphanumeric number never to share with anyone.

Imagine a cryptocurrency public key is your home address. That address is in just about every public database imaginable, from the county clerk’s property registry to the local phone book.

And if you want someone to send you mail, you give them your address. Easy.

But the simple fact that someone has your home address doesn’t give them access to the inside of your house, and the contents within it.

No, for that, they’ll need your house key. And that’s essentially what your crypto private key is: something that allows only you to access the property.

So: public key = home mailing address, private key = house key.

Clearly it makes sense to safeguard your house key. You wouldn’t make copies and distribute them in public to everyone who walks by.

Similarly it makes sense to safeguard your private key (sometimes called secret key).

When you store your cryptocurrency with an exchange, or even in a web or mobile wallet, it means that some other service or application has control of your private key.

If they get hacked, you’ll lose everything. If they go rogue, you’ll lose everything.

I’m always amazed that so many people store crypto in this way.

Part of the benefit of holding crypto is that you can essentially be your own banker, i.e. there is no middle man between you and your savings.

Bottom line, you don’t need some website storing your key online for you. With a bit of education, it’s possible to create your own wallet and store the private key -offline-.

This is what’s known as cold storage.

Bear in mind that a private key is nothing more than a string of digits, something like

5Kb8kLf9zgWQnogidRq76MzPL6TsZZY36hWXMssSzNydYXYB9KF

If you really wanted you could simply write this down on a piece of paper, or even memorize it if you’re so inclined (though those methods are prone to errors).

But one safer option is to go to a site like bitaddress.org, which is a client-side application to create a public/private key pair.

This is important, because once you load the page you can actually disconnect your computer from the Internet entirely, ensuring that no one is spying or sniffing on your activity.

(There are other steps you can take to be even more secure, like setting up a stand-alone virtual machine solely for creating a wallet– but we’ll save those for another time.)

The page will go through a process to generate a key, and when prompted, you can choose the “paper wallet” option.

At that point you can simply print your paper wallet, put it in your home safe (or wherever you store your other valuables), and never give it to anyone.

Once you’ve secured your paper wallet in your safe, the bulk of your crypto wealth is offline and safe from computer glitches or hacks.

And the next time some poor soul loses his hard drive… or another major Bitcoin exchange gets hacked… you can rest assured that your crypto wealth is safe.

Jon Southurst – PSA: Protect Your Wallets

Jon Southurst – PSA: Protect Your Wallets:

Jon Southurst (@SouthTopia) provides in a post on CoinDesk some examples of how with Bitcoin is not just 9/10ths of the law, it is the law.  Bitcoin is a bearer instrument — meaning if a payment gets sent to the wrong party, or a thief gains control of a wallet, the funds can be spent.  Excerpts:

“A simple concentration lapse can see exponentially more bitcoin leave your wallet than you’d intended, never to be seen again.”

“The difference between bitcoin and cash, though, is that much larger amounts may be at stake. Cash transactions tend to be smaller, while (reputedly safer) credit cards and bank transfers handle larger ones. Bitcoin allows you not only to transfer a million dollars in a heartbeat, it gives you a chance to send it to the wrong place. Or nowhere at all.”

“Mike Hearn, developer at the Bitcoin Foundation, says most loss-causing errors are the result of users not backing up locally-stored wallet files at the right time, and by misusing paper wallets.”

“The bitcoin development team also hopes to add human-memorable address aliases and a messaging function to transactions. Messaging would allow users to include a refund address with transactions.”

 – http://www.coindesk.com/dumb-mistakes-costly-bitcoin-losses

All News – Daily E-mail Subscription – Twitter: @BitcoinNews

Fixes For Android Mobile Bitcoin Wallets Released

Fixes For Android Mobile Bitcoin Wallets Released:

Correspondent for IDG Jeremy Kirk (@Jeremy_Kirk) published a report providing an update on the security vulnerability affecting nearly all mobile Bitcoin wallet apps for Android.  Excerpts:

“Four Android Bitcoin clients — Bitcoin Wallet, Blockchain, Mycelium Bitcoin Wallet and BitcoinSpinner — have been fixed, according to an updated notice on Bitcoin.org.”

“In some cases, the supposedly random numbers were the same for different transactions, which could allow an attacker to determine someone’s private key and steal their bitcoins.”

“Tens of thousands of other [non Bitcoin-related] Android applications may be vulnerable, Symantec wrote. The company found more than 360,000 applications that use the SecureRandom class in the same way as the affected Bitcoin applications.”

“Symantec noted that applications running on Android version 4.2 and up may not be affected […]”.

 – http://bit.ly/1eJldmp
 – http://bitcoin.org/en/alert/2013-08-11-android
 – http://bitcointalk.org/index.php?topic=271831.0 (Further discussion of the fix)

All News – Daily E-mail Subscription – Twitter: @BitcoinNews

DealBook – Winklevoss Bitcoin Trust

DealBook – Winklevoss Bitcoin Trust:

NY Times financial reporters Nathaniel Popper (@NathanielPopper) and Peter Lattman (@PeterLattman) broke the news that the Cameron and Tyler Winkelvoss have filed with the SEC a proposal to create a Bitcoin exchange-traded fund.  Excerpts:

“The plan involves an exchange-traded fund, which usually tracks a basket of stocks or a commodity, but in this case would hold only bitcoins.”

“The Winklevoss Bitcoin Trust could send digital money from the realm of computer programmers, Internet entrepreneurs and a small circle of professional investors like themselves into the hands of retail investors — virtually anyone with a brokerage account.”

“‘The trust brings bitcoin to Main Street and mainstream investors to bitcoin,’ said Tyler Winklevoss, co-founder of Math-Based Asset Services, which would operate the proposed fund.”

“Their proposal has the advantage of coming from the desk of Kathleen Moriarty [who had] a leading role in the creation of the first exchange-traded fund and popular gold- and silver-backed E.T.F.’s.”

“The Winklevosses [previously] went public with their own bitcoin hoard, amounting to about 1 percent of all outstanding coins, or about $10 million.”

“An exchange-traded fund would make it significantly easier to gain exposure to bitcoins, just as commodities-based funds have made investing in gold, silver and other precious metals more accessible.”

“The Winklevoss fund would buy one bitcoin for every five shares, making the value of a single share worth about a fifth of a single bitcoin.”

“‘Digital currencies are not going away,’ said Carol Van Cleef, the head of law firm Patton Boggs’s emerging-payments practice.”

 – http://nyti.ms/1cK00Ys
 – http://1.usa.gov/13i07w0 (Proposal / S-1 Registration Statement)
 – http://bitcointalk.org/index.php?topic=248013.0 (Further discussion)

All News – Daily E-mail Subscription – Twitter: @BitcoinNews