Category Archives: security

Auto Added by WPeMatico

Coinbase Lauds Japanese Crypto License Hurdles

The chief policy officer of cryptocurrency exchange Coinbase has praised Japan’s tightened regulatory stance on the cryptocurrency industry, saying that the exchange’s longer-than-expected waiting period to receive its operating license is a good thing.

Mike Lempres spoke with local financial news outlet Nikkei Asian Review where he supported Japan’s increased security measures on the industry, saying that “[It] is good for us”.

The increased regulations that he references include Japan’s Financial Services Authority (FSA) intensification of security requirements from cryptocurrency exchanges since January’s largest reported hack that hit Japanese platform Coincheck. USD 532 million in the NEM cryptocurrency was stolen in the incident.

New cryptocurrency exchanges are now required to go through a more enhanced clearing process before they can legally operate, with 160 apparently waiting to receive their licenses.

According to Lempres, talks with Japan’s leading financial watchdog are ”going well” and Coinbase is committed to its target of launching in Japan by 2019. The exchange has been actively looking to enter the Japanese market since June, giving the timeframe of one year for this to materialize.

Terms of the agreement are being decided

One key area of the licensing agreement still being negotiated is whether Coinbase will be required to operate internally in Japan. According to Lempres, if the FSA requires it, it will certainly be problematic for the exchange’s security measures as they currently operate from the US.

”It would be hard for us to duplicate what we do in the US today in Japan and other countries,” he explained, noting that Coinbase has dozens of security-focused employees working from its California headquarters.

While 99% of funds are stored offline, he says, 1% is held in a so-called ”hot wallet” online which is fully insured.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Flickr, https://toolstotal.com/

The post Coinbase Lauds Japanese Crypto License Hurdles appeared first on BitcoinNews.com.

P2P Exchange Bisq: “It Doesn’t Get More Decentralized Than This”

With a recent surge in so-called decentralized cryptocurrency exchange platforms, peer-to-peer (P2P) exchange platform Bisq appears to be one of the very few to attempt serious decentralization.

Once the favored method of exchange, P2P volume has fallen over the years but with increasing privacy and security challenges on centralized exchanges, some like Bisq see a revival in the concept of direct exchange via P2P.

Felix Moreno is one of just a few individuals who work on the decentralized P2P exchange platform Bisq openly. Most people working on it volunteer their services anonymously and for free. Why? Because, as Moreno told Bitcoin News, it is the ”holy grail” of decentralized cryptocurrency exchanges.

Bitcoin News caught up with Moreno to discuss the logistics of running a nearly entirely decentralized exchange, why they will have to fight tooth and nail to keep it that way, and why know-your-customer (KYC) regulations are really just a way for the government to get into your pockets.

Moreno’s experience

He has been in the Bitcoin world for a long time, suffered through the Mt Gox fiasco and various hacks and scams before, and now wants to do his part in minimizing these experiences for others.

”What do we need that can make exchanging as decentralized as the Bitcoin network itself? This is the closest we have gotten to that ideal,” he said. This is one of the most interesting projects Moreno says he has worked on, both making him understand what makes Bitcoin special and what potential decentralization can unlock, Moreno explains his belief that Bisq’s founders really try and live up to this standard.

A return to private exchanges between crypto users

Bisq founder Manfred Karrer shared these comments about the platform: ”To enable a privacy protecting exchange between fiat currencies and Bitcoin, it is crucial to keep your Bitcoin untainted. Protection of privacy is here directly related to security. There is a long list of hacks of centralized Bitcoin exchanges. In such events, your personal financial data including your residency address can end up in the hand of hackers and criminals. The only protection is to not store user data.”

The Bisq project is open source, operating entirely with the help of informal collaborators besides the founders. There was no initial coin offering held to raise funds; the few who helped contribute the minimal funds pre-launch did not do so expecting to see their money again. The mission getting these people so excited is an ambition to create a platform like BitTorrent but instead of offering music, offering a cryptocurrency exchange for all coins, between people and users instead of companies and banks.

Right now, you can buy and sell Bitcoin and altcoins using dozens of fiat currencies but with more users, this could potentially become hundreds. The platform uses multi-signature transactions on Bitcoin smart contracts to block in escrow the Bitcoins that people use as a security deposit, so there is a mutually assured destruction for both partners in the trade if they don’t complete it correctly.

The privacy measures do not much change the process of using the platform, Moreno detailed: ”There is a local wallet in your computer under your control so there is no way that runners of the project can access it. You can fund the wallet at the moment you want to make the trade by just scanning the QR code and depositing funds straight away.”

Bisq Founder Manfred Karrer

In terms of decentralization, what makes Bisq so different from other exchanges?

Bisq does not require you to have an account or share your information with a third-party company. Your information is stored locally in the Bisq Client, an application that you need to download onto your computer, and only the minimum of this is shared with the trade counterpart and nobody else. For example, if you are trading with fiat, your bank details will be shared. A Bitcoin-Monero trade, on the other hand, will not even share your name with the trading partner, only your wallet address.

”There is no way we could turn into a KYC financial surveillance company because there is no company, there is no one the SEC can send a subpoena to. There is no one in charge,” Moreno explained.

Privacy is crucial for them. Moreno outlined the main issue with centralized businesses: ”Big companies leak large amounts of user data every week, and the ones who are not leaking are the worst offenders, accumulating social media and search engine data to sell to advertisers in the best case scenario. The worst case scenario is something from (the book) 1984.’

Privacy, he added, is especially important with finances due to the risks of theft, fraud, and rich Bitcoin traders that could become susceptible to phishing scams if their data is shared. He also recognized that there are different degrees of decentralization with Coinbase at one end, Hodl Hodl somewhere in the middle, and then Bisq.

”Ideally, Bisq is so successful that it will be copied by a lot of people and because it is open source code this will be easy. I’m fine with that, that’s the spirit of open source,” he explained.

A dying kind

Moreno pointed out that even companies that have tried to offer decentralized platforms, such as Shapeshift, reach a certain level of success and then have to ”ignore the ‘no account needed’ hashtag”. They may not want to impose KYC, he said in the case of Shapeshift: ”I know Eric (Shapeshift CEO), he’s a great guy, really believes in privacy. But once you run a company with dozens of employees and investors you cannot take the legal risk. Shapeshift is incorporated in Switzerland so technically the SEC doesn’t have anything to say about it in theory, but in practice, the long reach of American regulators extends at least over half the world if not more… I don’t think he has a choice.”

Bisq Co-Founder Chris Beams

It is not perfect

There are risks to this level of decentralization and the platform itself is not perfect. For one, it exposes Bisq to scammers that in some other places can be stopped with an identity check, but it uses a set of incentives and smart contracts to minimize this risk. Moreno says he has used nearly every trading platform there is and has realized it is much more detrimental to scammers to have a security deposit there to lose than to ask for identification. Bisq has a double security deposit, which when trade is completed, both parties recover but if there are any issues they can lose their money.

One aspect that people may also not like is the fact you have to download a program to run on your computer.

”That’s like early 2000s, who does that anymore?” Moreno joked, clearly aware that this is a problem for some people. It is, however, the only way to exchange completely securely and to let people really have control of their own node, he said.

Some people might also not enjoy the fact that because they are completely in control of their own funds as any mistake is on the user: ”It’s like in the early days of Bitcoin when you send funds to the wrong address – you’re screwed. But that’s your responsibility and some people don’t want that.”

And then there is the issue of speed. You can not simply buy with one click when making a market order as you can on some centralized platforms; the multi-signature which is on the Bitcoin blockchain requires at least 10 minutes for confirmation. Then the speed depends on your payment network; some ways such as through a Revolut account will be quick, but international bank transfers can sometimes take five days or more.

Fighting to stay online, and why regulations are really there

While Bisq may avoid most regulations because of its decentralized structure, the path ahead for them is not easy: ”Bisq is going to have a very hard time surviving the way it is doing things… We will have to fight like hell and use every technological advantage to keep it up.”

If there is a company behind it, Moreno says, every exchange will get a call from local regulators who want first: full KYC and the source of funds for counterterrorism measures especially over certain amounts, and secondly: automatic data sharing like banks already have with tax authorities so they can ”go on phishing expeditions to see who isn’t declaring all their Bitcoin income or whatever”.

Moreno continued, ”KYC is not there out of the goodness of their hearts; it’s a slippery slope towards first identifying you, then getting money out of you. If tax authority lobbyists win, they will allow crypto activities to continue but they will be taxed and if financial industry lobbyists win, they will exclude competition so only big financial companies can run exchanges with proper licenses.”

Industry self-regulation

So is industry self-regulation the way forward? Well, Moreno thinks it could work.

He explained that now, more than ever, there is the opportunity to do it well by using smart contracts and setting up things such as automatic penalties for people who break the rules. ”That can get us very very far, much farther than all the preventative KYC regs”, he said, adding that reputation networks too have always worked because people care a lot about return trade.

”If people are completely anonymous, it’s very easy to have a selfish attitude, but if it’s someone you have some sort of relationship with, it’s only the psychopaths that are going to give that up for a short-term gain,” Moreno remarked.

Bisq Co-Founder Christoph Atteneder

Set the date: 20th September

Right now, trading volumes are comparatively very small: ”Bisq is at 183 on Coincap, it’s tiny.”

For euros and dollars, trading is decent but for some other currencies such as the Argentinian peso, there is hardly anyone on the platform offering pairs. ”Argentina really needs it but again, most people will not do the work of finding decentralized exchanges until they suffer a hack or find their account frozen,” Moreno noted.

To try and encourage traders, Moreno has planned a kick start virtual event on 20 September 2018. He is asking everybody who is interested to go on Bisq and place an ad.

”If you don’t want to trade just say ‘I’m here, I’m interested and when the time comes to buy and sell I will be here,’ especially for lesser used currencies. If we can get 4/5 people for these currencies, other people can see there are people trading around them.”

It may not be the fastest platform, the most accessible or provide some of the assurances that KYC compliant exchanges do, but as Moreno believes, ”Right now, Bisq is the best we have got by far.”

To find out more about Bisq, or to contribute to the platform, join the Slack or follow them on Twitter.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Bisq

The post P2P Exchange Bisq: “It Doesn’t Get More Decentralized Than This” appeared first on BitcoinNews.com.

Future Firefox Browsers Will Block Cryptojacking Malware

In a move to help improve security in the crypto-sphere, Firefox has announced that all future versions of its web browser will automatically block crypto-jacking malware.

Cryptomining scripts that mine cryptocurrencies unknown to the owner of the device will be prevented from autorunning. While it may be a relatively small number of people that experience this themselves, a growing number of incidents have been reported this year. Firefox is providing a secure solution against this, which will help rid the cryptocurrency industry of the arguably undeserved stigma it has received due to negative media reports of incidents such as crypto-jacking.

The decision was made as part of Firefox’s anti-tracking initiative that goes live in the following few months. The aim is to target the negative impacts of unchecked online tracking. Future web browsers will protect users by default from this, and offer users more advanced controls over what information of theirs is shared with third parties.

In addition to blocking crypto-jacking malware, the initiative plans to prevent noticeable effects such as what it describes as ”eerily-specific targeted advertising”, as well as those that users are unable to spot such as unchecked data collection that can lead to major security breaches. Firefox cited a study that indicates a total of 55.4% of time spent loading a web page is actually spent sending information to third parties.

Opera also offers this service

The popular web browser Opera added a similar anti-crypto-jacking function to its desktop adblocker update in December last year, adding that in January it plans to include this feature in its mobile application also.

Opera has become an increasingly popular web browser of choice as earlier this month it announced plans to integrate a cryptocurrency wallet into its desktop web browser supporting a wide variety of tokens. Charles Hamel, Product Lead of Opera describes the integration as a key step in “making cryptocurrencies and Web 3.0. mainstream.”

 

Follow BitcoinNews.com on Twitter: @BitcoinNewsCom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Future Firefox Browsers Will Block Cryptojacking Malware appeared first on BitcoinNews.com.

Crypto Investor Sues AT&T for $224M After Phone Hack Losses

A cryptocurrency investor in the US has filed a lawsuit against his cell phone service provider AT&T on the grounds of gross security negligence that lead to his personal loss of USD 24 million in crypto.

The plaintiff, California resident Michael Terpin, filed a 69-page complaint with the US District Court in Los Angeles on Wednesday alleging that AT&T not only violated its statutory duties and Privacy Policy commitments but went so far as to willingly cooperate with the phone hacker. Terpin claimed that he was victim to digital identity theft two times in seven months when his digital assets were taken via his cell phone number.

Suspicious circumstances were cited by Terpin regarding the actions of at least one AT&T employee. He alleged that ”insider cooperation with the hacker” took place after a store employee offered out his phone number without verifying the person’s identity or requesting any of his private information. Terpin’s complaint details that his number was then used to break into his cryptocurrency accounts and compares the incident to a hotel providing a thief with a fake ID the key to a room and the safe to steal from the rightful owner.

The legal complaint seeks from AT&T USD 200 million in punitive damage and USD 24 million in compensatory damages.

AT&T responded to the accusations, providing CNBC with a statement reading: “We dispute these allegations and look forward to presenting our case in court.”

Terpin may well have been considered a profitable target by potential thieves due to his work in the cryptocurrency industry. In 2013, he co-founded Bitcoin angel investor group BitAngels, as well as the BitAngels/Dapps Fund.

The cryptocurrency community has recently placed a significant focus on increased security as imperative for increasing adoption levels and seeing market prices recover from a relatively poor performance this year, although in this instance it appears to be only AT&T at fault.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Crypto Investor Sues AT&T for $224M After Phone Hack Losses appeared first on BitcoinNews.com.

Spencer Bogart: Bitcoin Waiting for Trigger to Hit New Highs

Cryptocurrency hedge fund manager Spencer Bogart has weighed in on Bitcoin price speculation, saying he is waiting for any positive trigger to push the price of Bitcoin up.Featuring on CNBC’s Fast Money, Bogart shared that he has been encouraged by Bitcoin’s recent upward trend, believing that this will continue. He added that he thinks the pullback momentum has passed and he is now waiting for any catalyst to send it to new price highs. Bogart cited several possibilities for this including the current global currency and trade wars.

Foreseeing the US Securities and Exchange Commission’s (SEC) rejection of the Bitcoin exchange-traded fund (ETF), he noted that 2019 may be a more realistic time frame for this to happen. Despite this, Bogart sees several other vehicles already available for retail and institutional investors to enter the market, pointing out Coinbase’s exposure of retail companies, and firms such as Bitwise Asset Management’s outreach to institutional investors.

While naysayers may query specific price forecasts, predicting market swings is essential for investors looking to maximize profits.

Bitcoin has not surpassed USD 8,000 since May this year before it fell back to approximately USD 6,000. While many pundits have shared their expectations and predictions during this most recent upswing, Bitcoin’s valuation is still far from its top price of nearly USD 20,000 in December last year.

Calls for increased security

With many spectators such as Bogart sharing their price rise expectations, another rally is suspected to attract such bad actors as it did in 2017 when the number of hacks on cryptocurrency exchanges and sited increased sharply. While this is not surprising as the potential profits increase substantially for attackers, there has been a call for all investors to prioritize their security.

There is nothing to stop hackers from trying, but so long as investors and cryptocurrency service providers practice due diligence the majority of such attacks can be prevented, and it is indeed important to do so for the reputation of the industry.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Spencer Bogart: Bitcoin Waiting for Trigger to Hit New Highs appeared first on BitcoinNews.com.

Samsung Claims Smartphones Provide Best Security for Crypto

Multinational tech conglomerate Samsung has argued that smartphones can provide the best security for cryptocurrency holdings because of the combined efficiency of apps and the presence of the trusted execution environment (TEE).

Cryptocurrency wallet apps like Blockchain and Jaxx are a convenient and popular way to transfer, send and store assets on a smartphone. What Joel Snyder, a senior IT consultant and a contributor to Samsung Insights pointed out, is that the TEE under which the majority of smartphones operate offers a nearly impenetrable barrier for hackers.

Because the TEE is completely independent of an individual’s device with its own separate memory and storage, potential hackers and even operating systems such as Android cannot penetrate and alter or access the data. This prevents passwords and private keys of wallets from being accessed.

Laptops and such devices that utilize conventional data storage units such as an SSD are more vulnerable to risk due to their persistent nature that gives an opportunity for hackers to enter and steal data, cryptocurrency account information included.

Snyder for Samsung noted that while ”a naive wallet developer” might fail to employ the advantages of the TEE and store keys on the phone’s internal storage, the combination of the TEE and an effective wallet offer the most secure place for your cryptocurrency holdings.

What else the TEE can offer

A research effort conducted by Cornell University in December 2016 first offered the concept of Bitcoin scaling via the TEE. The team developed a technology called Teechan which they built on top several TEEs including the Software Guard Extensions of Intel.

The results were promising. Transactions were able to be processed off-chain, then fixed into larger transactions to be established on the blockchain. Significant progress has been seen, with over 2,480 transactions per second recorded as successfully processed.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Samsung Claims Smartphones Provide Best Security for Crypto appeared first on BitcoinNews.com.

How to Properly Secure Bitcoin by Controlling the Private Key

Bitcoin’s popularity and use has grown astronomically since it was first released in 2009; now there is over USD 100 billion invested into Bitcoin with several billion USD of trading volume. However, most people do not take the proper steps to ensure that they fully control their Bitcoin by controlling the private key.

One of the key beneficial attributes of Bitcoin is that it gives control of money to its owner, as opposed to banks which can seize or freeze money at any time at their discretion. However, one does not fully control their Bitcoins unless they control their private key. This is an aspect of Bitcoin many users are unaware of, often resulting in mistakes and loss of funds.

Many new users buy Bitcoin on exchanges and just leave it there. This does not give them access to the private key, so they don’t control the Bitcoins at all. Bitcoin should be immediately withdrawn to a personal wallet after purchasing on an exchange. It is not good practice to leave Bitcoins on exchanges for extended periods of time even when trading, as exchanges can disappear or be hacked, losing user funds.

To ensure full control and safety of funds, it is crucial to use a Bitcoin wallet that gives the user sole access to the private key. This means that the private key is not available to anyone else or stored online in a server.

Most Bitcoin wallet services fail in these criteria. Even the most popular online or web-based wallets fail to give Bitcoin owners full exclusive control of their private keys if they store private keys on an online server. No matter how secure one makes these wallets, even with a strong password and 2-FA, the private key is vulnerable to hacking.

Bitcoin Core is the original Bitcoin wallet and is fully self-sufficient, it is not dependent on any online server to operate since it downloads the entire blockchain into a user’s computer and connects with the actual Bitcoin network. It gives Bitcoin users full control of private keys and doesn’t store those private keys anywhere else. As extra security, a Bitcoin Core user should encrypt the wallet with a strong password that they won’t forget.

A downside of Bitcoin Core is it can take a long time to download since the blockchain is over 170 GB of data, and growing. However, it is definitely worth the wait to ensure Bitcoin safety. A big upside is that Bitcoin Core is a full node, so any user that is running it is running 1 of about 10,000 Bitcoin nodes in the entire world, helping secure the network.

If a computer running Bitcoin Core is destroyed then the Bitcoins would be lost, so as extra safety it is prudent to make a copy of the private key. Do not store this private key on a computer or device connected to the internet. If storing the private key digitally, it is best to put it into a USB memory stick and put a password on the file containing the private key, and then to keep that USB memory stick in a safe place.

Physically recording the private key is a good option too, which can simply be done with a pen and paper, but one must be extremely careful to get it completely right since missing a letter would make it useless. A polaroid camera that instantly prints out photos but does not store the photos is also a great option to record private keys. Any physical record of the private key must be kept absolutely safe, since if someone finds it they would have full access to the Bitcoins.

Electrum is another Bitcoin wallet that gives full control of the private key to the user, and is a lot faster to download than Bitcoin Core since it doesn’t download the whole blockchain. However, if Electrum’s servers aren’t working for whatever reason then a user would have to import their private key to another wallet service to gain access to their funds.

In any case, as long as the wallet only gives the user sole control of private keys, it is the first step to securing your Bitcoin and being in full control of your funds.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

The post How to Properly Secure Bitcoin by Controlling the Private Key appeared first on BitcoinNews.com.

Amex Looks to Blockchain for Customer, Merchant Security

Multinational financial services corporation American Express is exploring the potential of a blockchain solution to increase customer and merchant security.

Vice president of technology at American Express, Tereasa Kastel, spoke at the Oktane 18 conference in Las Vegas earlier this week, discussing the multiple uses for blockchain being explored by the corporation.

Protecting identities and information

As reported by TechRadar, identification security and protecting user information formed the basis of Kastel’s speech. She discussed the prospect of an immutable blockchain solution to American Express’s objective of providing the highest levels of user security and data protection.

“If you’re in this industry, you have to have a voracious appetite for all things identity… to be able to work in a world where there is constant change, you… have to always ensure you can stay ahead of the curve,” she noted.

“Being in the financial industry, we have to be somewhat conservative on what legal and regulatory requirements there are,”‘ she added, commenting on the disparity between government policy, or lack of, regarding blockchain.

Despite this, Kastel said: ”On the other hand, what empowers an individual user to do in terms of controlling their identity, and have that identity be immutable, is something you can’t pass by.”

A blockchain identity wallet

Kastel outlined that initial blockchain probes would be limited to financial transactions. Now, however, she reported American Express is looking into creating a blockchain identity wallet.

”We were starting to explore what would an identity wallet look like, and could blockchain be used to help serve as, both internal, but also external card members and merchants,” Kastel said, detailing a visit to the corporation’s research and development lab.

She added that “American Express is a very innovative company”, in an acknowledgement of blockchain as the next seminal development in the technology industry.

Hyperledger blockchain technology

While Kastel’s talk was predominantly focused on the significant role of blockchain in American Express’s future service development, it coincided with the announcement of the corporation’s utilization of hyperledger blockchain technology.

This is being offered to merchants as an opportunity to create tailormade rewards programmes for individual American Express cardholders.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

The post Amex Looks to Blockchain for Customer, Merchant Security appeared first on BitcoinNews.com.

FacexWorm Part of a Growing Statistic of Crypto Crime

Cybersecurity experts were able to expose a dubious Chrome extension dubbed FacexWorm after hackers were able to steal a total of one Bitcoin through its use.

The exact amount of currency generated from the hijacking of computer hardware to perform mining is unknown. After similar activity monitored last year it was quickly established that hackers were yet again attempting familiar modus operandi.

The FacexWorm extension is capable of stealing user credentials and hijack cryptocurrency transactions by adjusting the destination wallet ID on several large exchanges including Binance, HitBTC, Bitfinex, Poloniex, and Ethfinex. Victims’ browsers were redirected to scam sites misleading them to send currency to the hackers wallet as well as remotely using their hardware for cryptocurrency mining.

FacexWorm part of a growing statistic of crypto crime

In this new market with little regulation on security standards, cybercrime is a growing issue among the crypto community.

Phishing scams have led to losses of around USD 225 million in 2017 alone. Most commonly, investors were being misled into transferring funds to what they perceived to be fundraising sites for ICOs, especially those using Ethereum blockchain technology.

Browsealoud, a suite of translation tools, was edited by hackers to mine cryptocurrencies. With the assumption that the infected plugin compromised most of the sites that were actively using it, around 4,275 websites were affected, including some hosting important services.

Ethereum-related cybercrime is one of the worst with around 30,000 people affected, averaging a loss of about USD 7,500 each.
The combination of losses due to phishing, hacks, Ponzi schemes, and exploits in systems is fast approaching similar levels to robberies in the US during 2015. The Federal Bureau of Investigation estimated theft at a total of USD 390 million, with Chainalysis evaluating Ethereum crime alone at USD 225 million.
“The cryptocurrency phishers are doing pretty good against all the other types of criminals that are out there,” said Jonathan Levin, Chainalysis co-founder.
With a shortage of expertise in a new and upcoming industry, cyber threats will need to be taken more seriously. As the technology moves to become more mainstream and regulation sets standards for security there will be a shift towards a safer market.
Image source: https://www.flickr.com/photos/140988606@N08/27891578868/in/photostream/ – Christoph Scholz – IT Security Schloss vor Crypto-Hintergrund – blau – Kontrast

The post FacexWorm Part of a Growing Statistic of Crypto Crime appeared first on BitcoinNews.com.

Bitcoin security? Its’ not bitcoin which is unsafe…

Bitcoin security? Its’ not bitcoin which is unsafe…

It happened again. Last week, hackers stole 4,700 Bitcoins (over $80 million at today’s price) from mining marketplace NiceHash.

(The company pairs up people with spare computing power with others who are willing to pay to use that capacity to mine Bitcoin– and then announced they would reimburse users who lost money from the hack.)

On top of that, last month hackers stole $31 million of another cryptocurrency called Tether.

But those are only two recent attacks.

Remember Mt. Gox?

The Bitcoin exchange was founded 2010. By 2013, it was handling around 80% of all Bitcoin transactions.

Then the company halted all trading after “technical issues” caused 850,000 Bitcoins to go missing.

Those missing coins are worth over $15 billion at today’s price.

All of the crypto theft making people question the security of Bitcoin and other digital currencies.

But it’s important to remember, in these cases, “Bitcoin” didn’t get hacked… it was the exchanges or marketplaces that got hacked.

This happens almost every day; people unwittingly get their phones and emails hacked and end up losing their cryptocurrency in the process.

It reminds me of the early days of the Internet, back when WiFi was still a new thing and banks were just starting to provide online account access.

Back then, hacks were commonplace. Users didn’t know enough about wireless network security, and banks didn’t have SSL enabled… so hackers could easily ‘sniff’ data packets and steal bank login details.

Fast forward 10-15 years and all of that’s changed.

Most people at this point (hopefully) know how to secure their WiFi networks with WPA2 security or better, and banks employ much better security and encryption standards.

But with cryptocurrencies it’s still very Wild West out there, vastly increasing the chances of hacks, cracks, and theft.

You’d be amazed, for example, how many people use a ridiculously unsecure password like “123456” for a website login that stores their Bitcoin secret key.

And even if hackers don’t steal your crypto, there’s still a chance you’ll lose it.

A friend of mine bought some Bitcoin in 2010 and stored it on a laptop. Then he threw the laptop away… along with all the Bitcoin. And there’s no way to get it back.

Like just about anything, all it takes is a little bit of education to prevent a major disaster from occurring.

One approach I encourage you to learn about for storing crypto is called “cold storage.”

Before I define cold storage, a bit of background if you’re unfamiliar with how the public key/private key system works.

A public key is a code available to anyone who trades cryptocurrency with you. A private key is a secret, alphanumeric number never to share with anyone.

Imagine a cryptocurrency public key is your home address. That address is in just about every public database imaginable, from the county clerk’s property registry to the local phone book.

And if you want someone to send you mail, you give them your address. Easy.

But the simple fact that someone has your home address doesn’t give them access to the inside of your house, and the contents within it.

No, for that, they’ll need your house key. And that’s essentially what your crypto private key is: something that allows only you to access the property.

So: public key = home mailing address, private key = house key.

Clearly it makes sense to safeguard your house key. You wouldn’t make copies and distribute them in public to everyone who walks by.

Similarly it makes sense to safeguard your private key (sometimes called secret key).

When you store your cryptocurrency with an exchange, or even in a web or mobile wallet, it means that some other service or application has control of your private key.

If they get hacked, you’ll lose everything. If they go rogue, you’ll lose everything.

I’m always amazed that so many people store crypto in this way.

Part of the benefit of holding crypto is that you can essentially be your own banker, i.e. there is no middle man between you and your savings.

Bottom line, you don’t need some website storing your key online for you. With a bit of education, it’s possible to create your own wallet and store the private key -offline-.

This is what’s known as cold storage.

Bear in mind that a private key is nothing more than a string of digits, something like

5Kb8kLf9zgWQnogidRq76MzPL6TsZZY36hWXMssSzNydYXYB9KF

If you really wanted you could simply write this down on a piece of paper, or even memorize it if you’re so inclined (though those methods are prone to errors).

But one safer option is to go to a site like bitaddress.org, which is a client-side application to create a public/private key pair.

This is important, because once you load the page you can actually disconnect your computer from the Internet entirely, ensuring that no one is spying or sniffing on your activity.

(There are other steps you can take to be even more secure, like setting up a stand-alone virtual machine solely for creating a wallet– but we’ll save those for another time.)

The page will go through a process to generate a key, and when prompted, you can choose the “paper wallet” option.

At that point you can simply print your paper wallet, put it in your home safe (or wherever you store your other valuables), and never give it to anyone.

Once you’ve secured your paper wallet in your safe, the bulk of your crypto wealth is offline and safe from computer glitches or hacks.

And the next time some poor soul loses his hard drive… or another major Bitcoin exchange gets hacked… you can rest assured that your crypto wealth is safe.