Category Archives: security

Auto Added by WPeMatico

FacexWorm Part of a Growing Statistic of Crypto Crime

Cybersecurity experts were able to expose a dubious Chrome extension dubbed FacexWorm after hackers were able to steal a total of one Bitcoin through its use.

The exact amount of currency generated from the hijacking of computer hardware to perform mining is unknown. After similar activity monitored last year it was quickly established that hackers were yet again attempting familiar modus operandi.

The FacexWorm extension is capable of stealing user credentials and hijack cryptocurrency transactions by adjusting the destination wallet ID on several large exchanges including Binance, HitBTC, Bitfinex, Poloniex, and Ethfinex. Victims’ browsers were redirected to scam sites misleading them to send currency to the hackers wallet as well as remotely using their hardware for cryptocurrency mining.

FacexWorm part of a growing statistic of crypto crime

In this new market with little regulation on security standards, cybercrime is a growing issue among the crypto community.

Phishing scams have led to losses of around USD 225 million in 2017 alone. Most commonly, investors were being misled into transferring funds to what they perceived to be fundraising sites for ICOs, especially those using Ethereum blockchain technology.

Browsealoud, a suite of translation tools, was edited by hackers to mine cryptocurrencies. With the assumption that the infected plugin compromised most of the sites that were actively using it, around 4,275 websites were affected, including some hosting important services.

Ethereum-related cybercrime is one of the worst with around 30,000 people affected, averaging a loss of about USD 7,500 each.
The combination of losses due to phishing, hacks, Ponzi schemes, and exploits in systems is fast approaching similar levels to robberies in the US during 2015. The Federal Bureau of Investigation estimated theft at a total of USD 390 million, with Chainalysis evaluating Ethereum crime alone at USD 225 million.
“The cryptocurrency phishers are doing pretty good against all the other types of criminals that are out there,” said Jonathan Levin, Chainalysis co-founder.
With a shortage of expertise in a new and upcoming industry, cyber threats will need to be taken more seriously. As the technology moves to become more mainstream and regulation sets standards for security there will be a shift towards a safer market.
Image source: https://www.flickr.com/photos/140988606@N08/27891578868/in/photostream/ – Christoph Scholz – IT Security Schloss vor Crypto-Hintergrund – blau – Kontrast

The post FacexWorm Part of a Growing Statistic of Crypto Crime appeared first on BitcoinNews.com.

Bitcoin security? Its’ not bitcoin which is unsafe…

Bitcoin security? Its’ not bitcoin which is unsafe…

It happened again. Last week, hackers stole 4,700 Bitcoins (over $80 million at today’s price) from mining marketplace NiceHash.

(The company pairs up people with spare computing power with others who are willing to pay to use that capacity to mine Bitcoin– and then announced they would reimburse users who lost money from the hack.)

On top of that, last month hackers stole $31 million of another cryptocurrency called Tether.

But those are only two recent attacks.

Remember Mt. Gox?

The Bitcoin exchange was founded 2010. By 2013, it was handling around 80% of all Bitcoin transactions.

Then the company halted all trading after “technical issues” caused 850,000 Bitcoins to go missing.

Those missing coins are worth over $15 billion at today’s price.

All of the crypto theft making people question the security of Bitcoin and other digital currencies.

But it’s important to remember, in these cases, “Bitcoin” didn’t get hacked… it was the exchanges or marketplaces that got hacked.

This happens almost every day; people unwittingly get their phones and emails hacked and end up losing their cryptocurrency in the process.

It reminds me of the early days of the Internet, back when WiFi was still a new thing and banks were just starting to provide online account access.

Back then, hacks were commonplace. Users didn’t know enough about wireless network security, and banks didn’t have SSL enabled… so hackers could easily ‘sniff’ data packets and steal bank login details.

Fast forward 10-15 years and all of that’s changed.

Most people at this point (hopefully) know how to secure their WiFi networks with WPA2 security or better, and banks employ much better security and encryption standards.

But with cryptocurrencies it’s still very Wild West out there, vastly increasing the chances of hacks, cracks, and theft.

You’d be amazed, for example, how many people use a ridiculously unsecure password like “123456” for a website login that stores their Bitcoin secret key.

And even if hackers don’t steal your crypto, there’s still a chance you’ll lose it.

A friend of mine bought some Bitcoin in 2010 and stored it on a laptop. Then he threw the laptop away… along with all the Bitcoin. And there’s no way to get it back.

Like just about anything, all it takes is a little bit of education to prevent a major disaster from occurring.

One approach I encourage you to learn about for storing crypto is called “cold storage.”

Before I define cold storage, a bit of background if you’re unfamiliar with how the public key/private key system works.

A public key is a code available to anyone who trades cryptocurrency with you. A private key is a secret, alphanumeric number never to share with anyone.

Imagine a cryptocurrency public key is your home address. That address is in just about every public database imaginable, from the county clerk’s property registry to the local phone book.

And if you want someone to send you mail, you give them your address. Easy.

But the simple fact that someone has your home address doesn’t give them access to the inside of your house, and the contents within it.

No, for that, they’ll need your house key. And that’s essentially what your crypto private key is: something that allows only you to access the property.

So: public key = home mailing address, private key = house key.

Clearly it makes sense to safeguard your house key. You wouldn’t make copies and distribute them in public to everyone who walks by.

Similarly it makes sense to safeguard your private key (sometimes called secret key).

When you store your cryptocurrency with an exchange, or even in a web or mobile wallet, it means that some other service or application has control of your private key.

If they get hacked, you’ll lose everything. If they go rogue, you’ll lose everything.

I’m always amazed that so many people store crypto in this way.

Part of the benefit of holding crypto is that you can essentially be your own banker, i.e. there is no middle man between you and your savings.

Bottom line, you don’t need some website storing your key online for you. With a bit of education, it’s possible to create your own wallet and store the private key -offline-.

This is what’s known as cold storage.

Bear in mind that a private key is nothing more than a string of digits, something like

5Kb8kLf9zgWQnogidRq76MzPL6TsZZY36hWXMssSzNydYXYB9KF

If you really wanted you could simply write this down on a piece of paper, or even memorize it if you’re so inclined (though those methods are prone to errors).

But one safer option is to go to a site like bitaddress.org, which is a client-side application to create a public/private key pair.

This is important, because once you load the page you can actually disconnect your computer from the Internet entirely, ensuring that no one is spying or sniffing on your activity.

(There are other steps you can take to be even more secure, like setting up a stand-alone virtual machine solely for creating a wallet– but we’ll save those for another time.)

The page will go through a process to generate a key, and when prompted, you can choose the “paper wallet” option.

At that point you can simply print your paper wallet, put it in your home safe (or wherever you store your other valuables), and never give it to anyone.

Once you’ve secured your paper wallet in your safe, the bulk of your crypto wealth is offline and safe from computer glitches or hacks.

And the next time some poor soul loses his hard drive… or another major Bitcoin exchange gets hacked… you can rest assured that your crypto wealth is safe.

Jon Southurst – PSA: Protect Your Wallets

Jon Southurst – PSA: Protect Your Wallets:

Jon Southurst (@SouthTopia) provides in a post on CoinDesk some examples of how with Bitcoin is not just 9/10ths of the law, it is the law.  Bitcoin is a bearer instrument — meaning if a payment gets sent to the wrong party, or a thief gains control of a wallet, the funds can be spent.  Excerpts:

“A simple concentration lapse can see exponentially more bitcoin leave your wallet than you’d intended, never to be seen again.”

“The difference between bitcoin and cash, though, is that much larger amounts may be at stake. Cash transactions tend to be smaller, while (reputedly safer) credit cards and bank transfers handle larger ones. Bitcoin allows you not only to transfer a million dollars in a heartbeat, it gives you a chance to send it to the wrong place. Or nowhere at all.”

“Mike Hearn, developer at the Bitcoin Foundation, says most loss-causing errors are the result of users not backing up locally-stored wallet files at the right time, and by misusing paper wallets.”

“The bitcoin development team also hopes to add human-memorable address aliases and a messaging function to transactions. Messaging would allow users to include a refund address with transactions.”

 – http://www.coindesk.com/dumb-mistakes-costly-bitcoin-losses

All News – Daily E-mail Subscription – Twitter: @BitcoinNews

Fixes For Android Mobile Bitcoin Wallets Released

Fixes For Android Mobile Bitcoin Wallets Released:

Correspondent for IDG Jeremy Kirk (@Jeremy_Kirk) published a report providing an update on the security vulnerability affecting nearly all mobile Bitcoin wallet apps for Android.  Excerpts:

“Four Android Bitcoin clients — Bitcoin Wallet, Blockchain, Mycelium Bitcoin Wallet and BitcoinSpinner — have been fixed, according to an updated notice on Bitcoin.org.”

“In some cases, the supposedly random numbers were the same for different transactions, which could allow an attacker to determine someone’s private key and steal their bitcoins.”

“Tens of thousands of other [non Bitcoin-related] Android applications may be vulnerable, Symantec wrote. The company found more than 360,000 applications that use the SecureRandom class in the same way as the affected Bitcoin applications.”

“Symantec noted that applications running on Android version 4.2 and up may not be affected […]”.

 – http://bit.ly/1eJldmp
 – http://bitcoin.org/en/alert/2013-08-11-android
 – http://bitcointalk.org/index.php?topic=271831.0 (Further discussion of the fix)

All News – Daily E-mail Subscription – Twitter: @BitcoinNews

DealBook – Winklevoss Bitcoin Trust

DealBook – Winklevoss Bitcoin Trust:

NY Times financial reporters Nathaniel Popper (@NathanielPopper) and Peter Lattman (@PeterLattman) broke the news that the Cameron and Tyler Winkelvoss have filed with the SEC a proposal to create a Bitcoin exchange-traded fund.  Excerpts:

“The plan involves an exchange-traded fund, which usually tracks a basket of stocks or a commodity, but in this case would hold only bitcoins.”

“The Winklevoss Bitcoin Trust could send digital money from the realm of computer programmers, Internet entrepreneurs and a small circle of professional investors like themselves into the hands of retail investors — virtually anyone with a brokerage account.”

“‘The trust brings bitcoin to Main Street and mainstream investors to bitcoin,’ said Tyler Winklevoss, co-founder of Math-Based Asset Services, which would operate the proposed fund.”

“Their proposal has the advantage of coming from the desk of Kathleen Moriarty [who had] a leading role in the creation of the first exchange-traded fund and popular gold- and silver-backed E.T.F.’s.”

“The Winklevosses [previously] went public with their own bitcoin hoard, amounting to about 1 percent of all outstanding coins, or about $10 million.”

“An exchange-traded fund would make it significantly easier to gain exposure to bitcoins, just as commodities-based funds have made investing in gold, silver and other precious metals more accessible.”

“The Winklevoss fund would buy one bitcoin for every five shares, making the value of a single share worth about a fifth of a single bitcoin.”

“‘Digital currencies are not going away,’ said Carol Van Cleef, the head of law firm Patton Boggs’s emerging-payments practice.”

 – http://nyti.ms/1cK00Ys
 – http://1.usa.gov/13i07w0 (Proposal / S-1 Registration Statement)
 – http://bitcointalk.org/index.php?topic=248013.0 (Further discussion)

All News – Daily E-mail Subscription – Twitter: @BitcoinNews