Browsing Category

security

security,

MetaMask Adds Trezor Integration

MetaMask is perhaps the most popular Ethereum browser extension. It has long been bridging the gap between regular websites and the Ethereum network. In short, it allows ordinary people to interact with the Ethereum blockchain through their Chrome or Firefox browser.

The reason why we are talking about MetaMask here is that the team behind has added yet another fascinating feature – Trezor integration.

What does it mean for Trezor users?

Simply said, users are now able to check account balances for Ether and Ethereum-based tokens and confirm transactions through MetaMask. As usual, users can still manage their favorite decentralized apps and utilize smart contracts. The thing is, you instantly trade Ethereum and tokens built on the top of Ethereum without having to send them to MetaMask first.

This further secures your digital assets as you do not have to rely on MetaMask to keep your private keys safe. Trezor protects them because they never leave its cold storage.

It is extremely easy to utilize this new feature as you only have to connect your Trezor device with MetaMask. Your balances, transaction history, etc. will automatically appear. It really feels like using an ordinary account with the exception that every time you are about to conduct a transaction you will need to manually confirm it on your hardware device.

“All operations involving your keys, including signing, happens inside your Trezor device. Your keys are never exposed.

You can disconnect your Trezor after importing your account, and your transaction history will be remembered in MetaMask, as the app stores the public key to your connected account. To delete your history from the app, disconnect your account in MetaMask settings. Your account balance will remain intact,” Trezor notes.

MetaMask further adds:

“Another cool thing is that you don’t need to keep your TREZOR device connected all the time in order to see your different accounts and balances, but of course you can also opt to disconnect your device from MetaMask and link it again the next time you need to use it.”

security,

Monero GUI Wallet Now Offers Ledger Support

Most recently, the team behind Monero GUI wallet announced an update, which pleasantly surprised the Monero community. The new Version 0.12.3.0 offers Ledger support.

Monero has always stood out as privacy and security-oriented token but this time the development team really outdid itself. In fact, Monero has perhaps the most dedicated community and that dedication is often paid off. Without creating any unnecessary hype, the developing team silently builds a sustainable ecosystem.

These tactics over put Monero in the shadows and regular updates often go unnoticed. However, the last Monero GUI wallet release was difficult to miss. The most important update is definitely the one which allows for a native Ledger wallet support. The fact that the hardware wallet now integrates easily with Monero is a win-win situation. The cold wallet manufacturer adds a trusted token, while the Monero lovers get a chance to fully reap the benefits of Ledger’s hardware wallet.

GUI wallet users are now able to open Monero Ledger wallet within GUI itself. However, this is only possible if the user has connected a physical Ledger wallet to their computer. This further adds to the security offered by Ledger. Furthermore, this is not the only update GUI wallet comes with. The user interface is slightly adjusted as well as some minor bugs apparent in previous versions.

Unsurprisingly, one Redditor wrote:

“The professionalism and passion of this dev team continues to astound me. Well done!!!”

The price of Bitcoin may define the whole market and the unmatchable diversity of the Ethereum ecosystem may make or break the industry but it’s really projects like Monero that bring something special to the cryptocurrency world. It is fascinating to see how Monero evolves over time. We have to say that the team has really upped its game with the integrated Ledger wallet support.

More on Ledger, here.

security,

The Ultimate Guide To Cryptocurrency Wallets

For many newcomers, cryptocurrency trade is easier than the handling of their digital assets. There are various ways to store your tokens and each of them has its pros and cons. In this article we will try to outline each of them, leaving it up to you to decide what’s best for you.

It may be quite confusing for newbies to go straight for a single wallet, as the internet is flooded with controversial opinions. This only adds to the otherwise stressful world of crypto finance. Just think about it for a second, one really has to have balls to survive here – the market is extremely volatile, there is uncertainty regarding the regulation of the sector, every single day there are hacker’s attacks, and somehow we have to navigate our way through the ocean waves.

When it comes to storing cryptocurrencies, there are several methods to consider – what type of wallet should you choose, how secure it is, how can you level up its security. Some of the options are far easier to use, while others require more caution and dedication. The same goes for their protection – it may vary from very weak to super strong. So, without further ado, let’s kick off this guide.

Storing your tokens in an exchange

Perhaps, keeping your cryptocurrency coins in an exchange is the most convenient way to store them. We believe so because the only thing you have to do is open an account in an exchange, purchase the digital assets you like and keep them in your account. It is that simple. Of course, you can always relocate your coins to another wallet or add new tokens in a nick of time.

This method is great especially if you are a quick trader. Let’s say that you monitor certain tokens and you want to sell them or purchase more of them when their value reaches a certain price. You are virtually able to sell off hundreds of them right on the spot because they are already on your wallet within the exchange. This is a major advantage. In contrast, if you use different wallets you have to first relocate your coins to your account in the exchange and then sell them. This consumes time and you might miss the moment.

Unfortunately, exchanges have their drawbacks as well. Since not all of them have the resources to protect their databases, exchanges are prone to hackers’ attacks. This year, Coinrail, BitGrail, Coinsecure, Bithumb, and Coincheck collectively lost over $640 million worth of cryptocurrencies due to hacks.

That being said, leaving your wallets in a centralized exchange is a bit of a gamble. We know it sounds lucrative to use in-house wallets but please for the sake of your financial balance do not leave large sums in them.

Usually, when you buy tokens via an exchange, the system automatically creates a wallet for you. Regardless of the cryptocurrency you’ve just purchased, in-house wallets can store it. This is not the case with crypto-specific wallets. We are not discussing the security of different exchanges here because we have seen even the industry giants taking a blow. However, we have to note that decentralized exchanges are much more secure compared to their centralized counterparts.

Desktop wallets

I don’t know why but every time someone mentions the phrase “desktop wallet” I come to think of Ripple (Rippex) Desktop Wallet. Perhaps because it takes less than 10 minutes to set it up and perhaps because it looks like an official wallet. Unfortunately, the service was disabled at the beginning of April. So, in other words, don’t go for Rippex as it has no support.

You understand it is impossible to cover all desktop wallets in this article just because some wallets store only one cryptocurrency. Still, if you are new to the crypto world and need some help regarding Bitcoin wallets, here are some top-notch examples:

Exodus

Exodus has been around for almost two years now. It is gaining traction for two particular reasons – it is user-friendly and it is easy to navigate. These two features are crucial to newcomers. What we also like about it is that you can store over 85 altcoins in it. This is super convenient as you don’t have to install multiple wallets on your PC or laptop.

The downside is that it is not open-source. When it comes to cryptocurrencies you have to be careful about that. The space is not regulated and if the company behind Exodus decides to screw you up, nothing will stop it. The developers can just insert a malicious code and then stage a hacker’s attack. Boom! All tokens gone. For your own safety, refrain from storing large sums in it.

Available for Mac, Windows, and Linux.

Electrum

Well, if you like fancy looks, you are definitely going to hate Electrum. It is ugly as…Windows 95, I guess. Anyways, it is a little bit complex and you got to have some experience in the crypto world to navigate your way through it. Despite that, it is one of the most trusted open-source desktop wallets out there. Since many independent developers regularly review its code, it is virtually impossible for the bad actors to sneak a malicious script in it. However, as any other wallet that stores information on your computer, it is not to be trusted for more than a couple of bucks. Plus, it was targeted by hackers earlier this year.

Available for Mac, Windows, and Linux.

Green Address

Green Address insists that its watch-only mode is safe yet, something you would enjoy. Via username and passwords, it allows you to check your balance and review transaction even in public networks. The idea is that you don’t need to input your private keys to do that. Green Address supports multisig and 2FA (two-factor authentication), which is never a bad idea.

The problem with desktop wallets, in general, is their access to the internet. Unless you don’t have a desktop wallet installed on a separate computer you only connect to the internet when you trade, then hackers can compromise your device. It is a piece of cake for the experienced cybercriminals to sneak into ordinary people’s laptops. Once they do that, they can easily drain your wallet.

Mobile wallets

In many cases, renowned desktop wallets have trustworthy (to a certain extent) mobile versions as well. If you are to go for a wallet strictly designed for mobile devices then you might want to try Freewallet, Airbitz, Jaxx, and Infinito Wallet. Most of them run both on iOS and Android.

Now before you head for a mobile wallet consider this. Mobile devices offer even less security compared to PCs and laptops. There are several reasons for that. First of all, your wallet might not be compromised itself but other apps could be. If you download an app infected with a malware then you can say goodbye to your cryptocurrencies. Besides, what happens when you drop your smartphone in the underground? We all know the answer.

the ultimate guide to crypto wallets

Hardware wallets

A hardware wallet could be any device that is not connected to the internet. Virtually a hard drive could be used as a cold storage, too. The problem is, not every cold storage makes for an ultra-secure cryptocurrency wallet. On the other hand, there are hardware wallets that are specifically built to keep your tokens safe.

Cold wallets do not just store your funds offline. They offer way more than just being a convenient hard drive. They have additional security layers such as PIN, passwords, and recovery seeds. Cold wallets take crypto security to a whole new level because you have to approve manually each and every transaction by pushing a physical button. You don’t press the button on the device and the transaction is never settled. Plus, even if you lose your device, there is a way to recover your funds. Check how here.

Trezor

Trezor was one of the first hardware wallets on the market. And we have to say it is still one of the community favorites. And you know the crypto community has high standards. In short, it works in temperatures from way below zero to tropical heats. Learn more about Trezor.

Ledger

The company behind these extraordinary wallets emerged in 2014 and during its short lifespan, it proved over and over again that it takes crypto and blockchain security very seriously. Both Ledger Nano S and Ledger Blue are out of this world. More detailed info, here.

KeepKey

KeepKey may not be as popular as Ledger and Trezor but it is just as badass. In fact, what we really like about it is its metal body. And be metal we mean real solid metal. It integrates just perfect with other crypto applications such as Electrum and MultiBit HD as well as with its own KeepKey Chrome app. See more.

Bonus

If you really really really want to add even more to your cryptocurrency security, then you might like Crypto Key Stack. It is a stainless steel cold storage that is virtually indestructible. A full guide on how to use it properly is available right here.

security,

Secure Your Recovery Seeds With Crypto Key Stack

Last time we discussed how important recovery seeds really are. Earlier this year we also outlined the best practices when it comes to storing your recovery seed. Since everybody knows that the best way to store such confidential information is to put it offline, we’ve decided to show you one of the best products on the market that can help you do just that.

Of course, you can always write your seed on a piece of paper and lock it somewhere safe but water, fire, and even sunlight can destroy the paper, leaving you with empty hands. What I’m talking about is – Crypto Key Stack.

Crypto Key Stack is the perfect cold storage for your cryptocurrencies. Simply said, you get a stainless steel plate that can store up to 24-word mnemonic phrases. Ideal for backing up you hardware wallet or MetaMask. Since the team behind this revolutionary stack take security very seriously, they ask you to engrave your back up phrase by hand. When you purchase Crypto Key Stack you get one, three or ten stainless steel plates plus personal electric engraver. This way you can safely write your recovery seed at the comfort of your home, without having to worry that you might expose your backup phrase to someone else.

Why Crypto Key Stack?

Because it is manufactured out of black anodized stainless steel. Or simply said the black finish offers enhanced visibility once you engrave your precious words. Additionally, stainless steel is so durable that neither water nor fire can damage it. First of all, even fire above 2100o F (1150oC) cannot destroy it. This temperature is two times higher than the average temperature of house fires. Even if you store Crypto Key Stack in your wet basement it won’t get rusty and unusable because it’s made out of stainless steel, remember?

You can personalize your stack by purchasing additional plates (up to ten in one stack) or get plates featuring the logos of Bitcoin, Ethereum, and Litecoin.

GET YOUR INDESTRUCTIBLE CRYPTO KEY STACK NOW!

security,

MyCrypto Adds Hardware Wallets Support

There are numerous reasons why people refrain from cryptocurrencies and obviously one of them is security. Hackers’ attacks happen on a daily basis and many novice traders are afraid of losing their money. What’s more, people refuse to accept that it is up to them to protect their tokens. Needless to say, leaving them in an exchange is the easiest thing. Unfortunately, it is the riskiest decision as well.

This is why experienced traders prefer to invest in a hardware wallet. However, cold wallets not always provide the smoothest user experience on planet Earth. They can often be accessed only through official browser extensions, which is sometimes a pain. The other option is to visit MyEtherWallet but hey, MyCrypto has come up with a better idea.

Hardware wallets support

MyCrypto has just added support for both Ledger and Trezor. Why am I telling you this? Because now you can connect your cold storage with the native MyCrypto app and manage your cryptocurrency portfolio. Instead of using two different browser extensions for each of your hardware wallets, you can just stick to MyCrypto. This key feature takes crypto management to a whole new level.

The cybersecurity firm Cure53 has reviewed the app update, which makes us think that it is trustworthy. The MyCrypto app will definitely change the game but pay attention that the website does not support private keys, mnemonics, and keystores anymore. This is always a wise decision, especially when it’s made by a platform pretending to make cryptocurrency protection easier and smarter.

Nevertheless, I have to say that after everything that is happening in the crypto world perhaps not everyone is going for the new MyCrypto app. With all these scams and hacks plaguing the space, one might expect the new MyCrypto features are not going viral overnight.

security,

Understanding The Importance Of Cold Wallet Recovery Seeds

As we have discussed many times, hardware wallets offer by far the best protection for your cryptocurrency funds. However, saying they are completely tamperproof would be a major overstatement as they have their vulnerabilities, too. Perhaps the worst thing that can happen to you would not be to have your cold wallet stolen but to lose your recovery seed.

Simply said, your recovery seed is your master key. With it, you have full and complete control over your cold storage. That’s why you have to do your best to protect it. It’s not only that someone might steal it from you if you’re not careful but you can just lose it. As simple as that – write it down on a piece of paper and leave it on the table. I bet my ass that “mom” is gonna throw it away the next morning. If you are not sure how to protect and store your recovery seed, this article might be of help.

Why recovery seed is that important?

I will quickly explain how your recovery seed works and you’ll make two and two. Most hardware wallets like Trezor, Ledger, and KeepKey will generate a unique recovery seed just for you. Usually, it will be a string of 12 to 24 simple words in English. Cold wallets’ manufacturers are taking it so seriously that they advise you to trust only seeds showed on the device’s display. In fact, they go as far as saying that even official apps should not be trusted when it comes to recovery seeds.

Once you set up your hardware wallet it would automatically generate your recovery seed. Now the only thing you have to do is to write down the words in the exact same order and keep them safe. Again, if you are having trouble, refer to “How To Store Recovery Seeds The Right Way In 2018”. Now take notes, one word may appear more than once in your recovery seed and this is completely normal. No, your device is not compromised.

Why does the recovery seed do?

Let’s imagine Joe loses his Trezor on the bus while going to work. Joe doesn’t freak out because he knows that his seed is safe and the device is useless without it. Joe just has to get a new device and enter his “old” recovery seed. Then the magic happens, everything is restored – passwords and all kind of data associated with his lost or stolen wallet. Now you know why it’s called “recovery seed”.

On the other hand, handling such a powerful tool as your recovery seed is a serious task because if someone obtains your seed they will have access to all your tokens, cryptocurrencies, digital assets, and passwords. I bet you don’t want that.

To find out how to check your recovery seed, click here.

security,

Coinhive Has Evolved Into An URL Shortener

Coinhive is evolving. The JavaScript code that secretly forces your computer to mine Monero is cryptojackers’ favorite tool to exploit reckless users’ CPU power. Here’s what security researchers have found in the past weeks.

Since web browsers and cybersecurity specialists have come up with an array of tools that scan the internet and block the mining script, hackers have updated Coinhive so it could still function just as well. In short, Coinhive has an “URL shortener” service. The URL shortener indeed shortens any URL but adds the mining script in it. Then when someone clicks on the short URL some time passes before the service redirects them to the original URL. During that time his devices mines cryptos.

Researchers at Malwarebytes said:

“In the past weeks, our crawlers have catalogued several hundred sites using a variety of CMS all injected with the same obfuscated code that uses Coinhive’s short link to perform silent drive-by mining.”

This completely new scheme to utilize Coinhive was first discovered at the end of May by Sucuri researchers. Most likely both Sucuri and Malwarebytes analysts have stumbled upon the very same malicious Coinhive campaign.

Jérôme Segura from Malwarebytes believes that the short-link redirection time can be adjusted via Coinhive’s hash value settings. Literally, this means that bad actors can force devices to their maximum for longer periods.

“Indeed, while Coinhive’s default setting is set to 1024 hashes, this one requires 3,712,000 before loading the destination URL,” Segura said.

What’s more, once the time passes the script redirects back to the previous page simulating a page refresh. Obviously, the idea is to trick the users to start the process all over again. On the top of that, hackers have created software copycats that look like legitimate software but actually force devices to mine.

“In this campaign, we see infrastructure used to push an XMRig miner onto users by tricking them into downloading files they were searching for online. In the meantime, hacked servers are instructed to download and run a Linux miner, generating profits for the perpetrators but incurring costs for their owners,” researchers add.

The best way to protect yourself from cryptojacking attacks is to use browser extensions that detect and block unauthorized mining scripts. No Coin and minerBlock are crafted to do just that.

Exchanges, security,

Korean Exchange Bithumb Lost Over $30 Million During A Hack

You know there is something wrong when a whole week passes by without a trouble. Needless to say, the cryptocurrency community has never experienced such thing. Just days after the Coinrail hack, hackers crushed their next victim.

On Tuesday an unknown group of hackers managed to breach the security of Bithumb. The Korean exchange was the sixth-largest cryptocurrency marketplace in terms of trading volumes. Unfortunately, it joins a long queue of exchanges that got hacked this year. The company reported about the stunt on its official website.

As of the statement, over $30 million worth of digital currencies has been stolen. As a security measure, the exchange has blocked all deposits, transactions, and withdrawals. Another smart move by Bithumb was the removal of all remaining funds into cold wallets. After all, the exchange staff should have done that a long time ago.

Anyways, the exchange promises to refund all the victims from its own vaults in case the stolen funds cannot be traced and returned to the exchange.

Why Bithumb?

If you closely investigate trading data on CoinMarketCap you may notice that when the attack took place, Bithumb accounted for 10% of the world’s XRP trading volume. This makes us think that the prime target of the attackers was Ripple’s in-house token. However, this is yet to be confirmed.

On June 16 Bithumb team did a security enhancement operation. The exchange explained back then:

“Recently, the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system.”

Furthermore, Bithumb started relocating user funds into hardware wallets. Having said that, we believe that the recent fiasco is just a successful attempt after a long series of failed ones. It looks like, the exchange staff started to figure out what is going on but it was too late.

So far, we don’t know how exactly the hackers managed to sneak past security layers but it’s obvious that they had found vulnerabilities long time ago.

Stay tuned for more and don’t forget to store your funds in hardware wallets.

security,

Cryptojacking Script Infects Amazon Fire TVs

Hackers are taking cryptojacking to a whole new level literally every day. So far we have seen websites infected with mining scripts, Apple and Android applications, ad banners, and wi-fi networks. Oh boy, for a second I thought “That’s it, the bastards have finally exploited everything possible”. Poor me, I was wrong in so many ways.

Hold on tight, from now on smart TVs can be turned into mining rigs. Well, at least that’s the case with Amazon Fire TV. The hackers have found a way to trick the Android-based software to run an application known as ABD.miner. It usually presents itself to the users as “com.google.time.timer.”

Once you run the false “test application” it starts using your TV’s computing power to mine digital currencies and send the profit the bad actors’ wallets. Of course, nobody authorizes the app to do so. However, you only start to realize something is wrong when your TV starts to show errors, to pause your videos or to completely stop responding. That’s it, you are screwed now because deleting the ABD.Miner won’t do the trick. Your only chance of watching your favorite shows again is to restore the default settings. Needless to say, this wipes out off of your preferences and stored data but hey, it’s better than not having TV at all.

Those of you who are familiar with cryptojacking have probably already guessed that we talking Coinhive here. Interestingly, ABD.Miner replicates itself over various Android devices through their ABD debugging interface. The number of infected devices used to double every 12 hours though for the moment everything is under control. Having said that, it is advisable to turn off the ABD debugging interface of your Amazon Fire TV.

Today your TV, Tomorrow the world

Such pandemic cases of hacking attacks just go to show how vulnerable we are. Cryptojacking is relatively harmless but let’s think about it for a moment. If a bunch of hackers can force any device on the planet to mine Monero it can force it to make anything. Driverless cars, anyone? What about life support systems? What about large energy facilities? Cryptojackers are just some kids foolin’ around compared to internet extremists.

At the same time, we dub some gadgets “smart” and we thrive to interconnect them into the Internet of Things. Sure it sounds, exciting but come on, we are not ready for that.

Exchanges, security,

Hackers Snatched $40 Million Worth Of Altcoins From Coinrail

Well, it happened again. We have another cryptocurrency exchange that just got hacked. The South Korea-based Coinrail fell victim to an unknown group of hackers who did away with roughly $40 million worth of altcoins.

What exactly happened?

In the 24 hours prior to the attack, Coinrail’s trading volume accounted for $2.48 million. According to CoinMarketCap, it was enough to take the exchange to the top 100 list. Just after the attack took place, the exchange was quick to notify its customers about the breach via Twitter:

coinrail

As of writing, the official website is unavailable. Not surprising, having in mind the hacker have snatched nearly 30% of its token supply. They have stolen altcoins most of which based on Ethereum. Coinrail claims it may refund 20% of the theft thanks to the support of other exchanges, which can halt transactions during the investigation but it cannot guarantee for the remaining 10%. The thieves ran away with $20 million worth of NXPS, which is 3% percent of its market cap. Other coins that took heavy blows were Aston X, Dent, TRON, NPER, Kyber Network, Jibrel Network, Storm, and B2BX.

What’s next?

All Pundi X (NXPS) tokens were relocated to IDEX (decentralized exchange), while all others ended up in EtherDelta. Luckily, IDEX has agreed to freeze all transactions involving NXPS tokens. Investigations have already begun and the Korean Internet & Security Agency is also taking part as per the local media Korea Herald.

Unfortunately, Coinrail is not the first and it won’t be the last exchange that gets hacked. Earlier this year, the Japanese Coincheck lost a staggering $420 million, Coinsecure joins the list with $3.5 million, while BitGrail said goodbye to roughly $150 million if not more. According to certain sources, thieves have already stolen more than $1 billion worth of crypto this year.

Hacker’s attacks have been around since the arrival of the internet and nothing can prevent them. However, you can protect your coins just by storing them in a hardware wallet. And the better cold wallets out there are Trezor, KeepKey, and Ledger.