Category: Crypto Wallets

Categories
Crypto News Crypto Wallets Cryptocurrencies Scams

Tinder, Bumble and Grindr iOS Users Targeted by Latest Crypto Scam, Called ‘CryptoRom’

A relatively new cryptocurrency trading scam is preying on iPhone users via popular hook-up platforms such as Tinder, Bumble and Grindr.

Dubbed CryptoRom by researchers at cybersecurity firm Sophos, the scam initially targeted victims in Asia and is now attacking users in the US and Europe as well.

A Bitcoin wallet belonging to the attackers, as detected by Sophos with the aid of one victim, revealed that nearly US$1.4 million in cryptos had been harvested by the scam.

“The CryptoRom scam relies heavily on social engineering at almost every stage,” according to Jagadeesh Chandraiah, senior threat researcher at Sophos, who adds that the novel scam has the potential to do a lot more damage than just stealing cryptos.

“They could also, for instance, collect personal data, add and remove accounts, and install and manage apps for other malicious purposes,” the Sophos researchers said. 

Beware Fake Crypto Trading Apps

Initially, fake profiles are posted on legitimate dating sites to lure in victims. Once baited, the victims are persuaded to install and invest in a fake cryptocurrency trading app. 

“At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost,” the Sophos researchers warn.

The threats don’t end with lost cryptos. Sophos researchers say the scammers use Apple’s enterprise signature mechanism to install apps directly on iOS devices, circumventing the App Store.

Enterprise signature is designed for use by iOS developers to enable app developers to test iOS apps before submitting them to the official Apple App Store for review and approval.

Until recently, the criminal operators mainly distributed the fake crypto apps through fake websites that resemble a trusted bank or the Apple App Store. The addition of the iOS enterprise developer system introduces further risk for victims because they could be handing the attackers the rights to their device and the ability to steal their personal data.

Jagadeesh Chandraiah, senior threat researcher, Sophos

Next Step Is Remote Management Control

Sophos warns the scammers use the fake crypto trading app to gain remote management control over the devices of their victims, which exposes them to all kinds of malicious campaigns.

iPhone users should only install apps from Apple’s App Store. The golden rule is that if something seems risky or too good to be true – such as someone you barely know telling you about some ‘great’ online investment scheme that will deliver a big profit – sadly, it probably is.

Jagadeesh Chandraiah, senior threat researcher, Sophos

From January 1 to July 31 in the US, the FBI logged more than 1800 complaints related to romantic deceptions, resulting in personal losses of approximately US$133,400,000, much of it in cryptocurrency.

In July, Crypto News Australia also reported on the case of an American man who was drugged by a woman he met on Tinder who then attempted to steal his crypto.

Crypto News Australia has also put together an excellent guide on how to avoid Bitcoin scams, including a section on romance scams, which we strongly recommend you check out.

Categories
Bitcoin Crypto News Crypto Wallets Investing

El Salvador to Use Bitcoin Profits to Build $4 Million Pet Hospital

El Salvador President Nakib Bukele has a new pet project – using the country’s bitcoin profits to help build an animal hospital.

Bukele, who proclaimed bitcoin as legal tender on September 7, tweeted last weekend that the country had earned a surplus of US$4 million on its bitcoin reserve thanks to the surging price of the dominant cryptocurrency, up 17 percent in the past week alone.

El Salvador has accumulated 500 BTC over the past month, Bukele having bought the dip three times to bring its total reserve to 700 BTC.

Bukele says he will sink the US$4 million profit into a “pet hospital”, posting a computer-generated video of the project:

Bukele boasted that the pet hospital would be able to attend 384 consultations and 128 emergencies. He also tweeted: “By the way, we’re not selling any #BTC, we are using the USD part of the trust since the #BTC part is now worth more than when the trust was established.”

The government of El Salvador, a Central American republic beset by poverty and hyperinflation, has a bitcoin trust to facilitate transactions between US dollars and the crypto asset. Chivo is the name of both the trust and the commission-free wallet Salvadoreans can use to send remittances and make digital payments to businesses, either in dollars or bitcoin. 

According to Bukele, the trust now has a US$4 million surplus. Chivo can dispose of those millions without affecting the total amount in the trust, which retains the same quantity of bitcoin even when the US dollar amount goes down. 

Bitcoin Law Continues to Divide the Country

El Salvador uses the US dollar but businesses are also required to accept bitcoin as payment – if they have the technology to do so – as part of the country’s Bitcoin Law. The law was Bukele’s idea and has been nothing if not divisive – last month, thousands of Salvadoreans took to the streets to protest against it. Parts of the crypto community have endorsed the law, though institutions such as the World Bank say it will be problematic to enact.

Last month, Bukele announced that El Salvador would exempt foreign investors from taxes on their bitcoin profits to stimulate and hopefully increase foreign investment.

In July, the president foreshadowed that the nation’s abundant geothermal energy would be harnessed to mine Bitcoin, which according to conservative estimates could produce approximately 20,000 BTC per year and generate a profit of more than A$1 billion.

Now Bukele has his pet hospital plan in train, perhaps he might use some of these future bitcoin profits to alleviate living conditions for El Salvador’s long-suffering populace.

Maybe even build a human hospital or two?

Categories
Bitcoin Crime Crypto Hardware Wallets Crypto Wallets

UK Student Bitcoin Mugging Highlights Importance of Multisig Wallets

A student starting at England’s University of Kent last year was threatened at knifepoint in the first week of term after his new “friend” and eight East London thugs paid a visit to his on-campus dorm room and demanded access to his bitcoin.

The amount stolen by the criminals was worth around £6,000 (US$8,200) at the time (12 months ago) but is now worth around US$93,000 as the price of bitcoin has risen. Another £3,000 (US$4000) of the student’s grant money was also stolen. The suspects were never charged.

This story should come as a warning not to disclose your crypto holdings to people you don’t know. Violent crimes targeting bitcoin theft are becoming increasingly common and with the cryptocurrency economy rising significantly over the past year, crypto robberies are also on the rise. Do not trust even your next Tinder date, as he or she could be a potential threat to your crypto holdings if you aren’t careful.

Keeping digital assets in mobile or hot wallets come with significant risk. If you are bullied or tricked into giving up your wallet keys, it is very difficult to recover your money.

Multisig Wallet Benefits

By using technology such as a Casa multisig wallet, crypto holders can significantly reduce the risk of losing control over their funds. Attackers cannot spend stolen funds if they don’t have all of the client’s different keys to gain full access to the compromised wallet.

Learn more about Casa’s multisig bitcoin wallet in this video:

Categories
Crime Crypto Wallets Hackers

Apple Faces $5 Million Class Action Lawsuit Over Fake Wallet That Led to Crypto Theft

Apple is facing a US$5 million class-action lawsuit from crypto investors after one of its applications allegedly enabled hackers to steal their coins.

The suit levels accusations of negligence, fraud and several computer-specific privacy torts against Apple. It details how hackers planted a phishing application disguised as a crypto wallet called “Toast Plus” in the tech giant’s App Store and lured unwitting users into installing a criminal portal on their devices.

For all intents and purposes, the app resembled a version of popular crypto wallet Toast Wallet but had no connection to it other than sharing a similar name.

According to the suit – filed on behalf of first plaintiff Hadona Diep – Apple is liable for all victims’ losses due to its failure to vet the application before placing it on the App Store. The compensation sought is specified in the complaint as upwards of US$5 million.

Diep, a resident of Maryland who describes herself as a “full-time cyber-security IT professional”, linked her private XRP key or seed phrase into Toast Plus only to later discover her crypto assets – a total of 474 Ripple (XRP) coins – had been drained.

Court documents show that as well as compensation, all class-action plaintiffs demand that Apple be prevented from allowing similar schemes to operate in its App Store in future.

Apple User Agreement Disclaimers Do Not Apply

Apple has yet to respond to the lawsuit or make any public comment on the matter, but it seems the disclaimers in its user agreement don’t apply in this case. The fact that Toast Plus was not an actual application, but instead a medium for the commission of fraud, makes any existing contract using it as subject matter void.

As the lawsuit points out:

While the App Store does have terms and conditions, including limitations on liability, those terms and conditions are the product of adhesion, in that consumers have no other practical ability to access applications for iPhones and iPads if they do not use the App Store; those terms and conditions are therefore not applicable to this case.

Class-action complaint, Diep v Apple Inc, Maryland District Court

Just last month, fake Ronin wallets were reported to be circulating on Google and Apple app stores. The bogus wallets were designed to trick users into giving up their account information, only to find their funds or collectibles removed soon thereafter.

Also last month, Apple announced the settlement of a separate class-action suit filed by US-based software developers, promising better terms for those who make the software that iPhone users run.

Categories
Bitcoin Crypto News Crypto Wallets

Satoshi-Era 2012 Wallet With 616 BTC Has Been Activated, Triggering Speculation

For a host of reasons, Satoshi-era wallets tend to have extremely low levels of activity. It was therefore unsurprising that a recent transaction of 616 bitcoins to another wallet triggered widespread speculation as to the identity of the wallet owner.

Wallet’s Value Skyrocketed

After showing absolutely no activity since 2012, on September 9 the wallet containing 616 bitcoins shifted the entire stash to a new wallet. Since then, the bitcoins have again been moved and currently appear to be located within a previously unused, empty wallet.

BTC price chart since 2012

At the time of the bitcoins being deposited, the wallet’s value was US$8,195, or approximately US$13 per BTC. Some nine years later, the wallet had swelled to US$29.4 million, providing its owner with a rather generous return in excess of 358,000 percent.

Speculation Runs Rife

Given Bitcoin’s elusive and mysterious founder, speculation is unavoidable on each occasion that Satoshi-era transactions like this spring up.

In July this year, Crypto News Australia reported that a wallet which had been dormant for close to a decade had transferred US$21 million worth of bitcoin.

On this occasion, speculation was rife and varied: from suggestions that it was someone involved in the infamous Silk Road who had got out of jail to Satoshi himself.

Whatever the reality, the prospect of establishing the true identity behind the transaction is slim to none.

Bitcoiners tend to be private, particularly those with significant holdings. The one exception of course is the widely discredited Dr Craig Wright, an Australian with a penchant for the limelight who famously declared that he is Satoshi.

Categories
Crypto News Crypto Wallets Cryptocurrencies

Worldwide Crypto Users Reach 50 Million

In a major milestone for the global crypto community, the number of cryptocurrency user addresses has reached 50 million, according to data from CoinMetrics.

Steady Increase in Addresses

In the past half-decade, everything from governments to influencers have caused fluctuations in price. But however the market values these digital assets, the amount of crypto addresses continues to grow as more people start using cryptocurrencies and transacting on the various chains.

Crypto address growth. Source: CoinMetrics

The chart above shows the number of addresses holding at least one ten-billionth (> .00000001 percent) of total supply of various crypto assets. This tiny metric is used to determine new addresses that hold even a smidgen of crypto. Although a single user can have several wallets, the point here is that there is a steady increase in the number of crypto addresses/users.

According to a market size measurement study based on on-chain metrics, Crypto.com has shown that:

  • The number of global crypto users reached 106 million in January 2021.
  • A strong increase in bitcoin adoption was one of the main drivers for January’s 15.7 percent increase in global crypto adoption.
  • Some 2021 events have also driven crypto adoption, such as the massive growth of the DeFi sector, the NFT craze, El Salvador adopting bitcoin as legal tender, and major companies like PayPal opening up crypto services.
BTC and ETH comparative growth rate. Source: crypto.com

There has also been a significant increase in the number of bitcoin whale addresses over the past year. These are wallets that hold over 1,000 BTC. From January to December 2020, this class of bitcoin address grew by 6.7 percent, according to data from Glassnode. However, in a single month from December 2020 to January 2021, the number of addresses increased by 7.2 percent, indicating major interest from deep-pocketed investors.

Active bitcoin addresses have also been on the rise in the past month with an increase in exchange outflows, indicating investors are taking their BTC out of exchanges and putting it back into their wallets.

ETH Overtakes BTC

Data on CoinMetrics also shows that in July 2021, the number of Ethereum addresses overtook those associated with the Bitcoin network.

This is quite the turn of events but is most likely due to the adoption of NFTs, DeFi, and the use of all sorts of Dapps on Ethereum as opposed to BTC, which acts as a store of value and only recently gained the ability to run smart contracts with the Taproot upgrade. The number of addresses on the Ethereum blockchain should overtake bitcoin simply for its utility, unless the whole planet uses bitcoin at some stage.

With more blockchain projects adding real-world value, it’s obvious individuals are starting to make use of the services offered. And as the industry moves further beyond its infancy, businesses and individuals alike will need to create addresses to participate in the ecosystem.

Categories
Crypto Exchange Crypto News Crypto Wallets Cryptocurrencies Gemini Trading

Crypto-Friendly Browser Brave Integrates Gemini Wallet Support

Gemini and Brave have partnered to make it easier for users to buy, sell, store and earn crypto when using the Brave browser. Together they are building a user-centric internet with the power of crypto.

The Gemini Trading Widget is now available in Brave’s Nightly version (the browser’s testing and development version of Brave) and will go live in Brave’s general release in coming weeks. This integration will allow Brave users to engage with crypto via the new Gemini Trading Widget in a simple and secure manner.

With the Brave browser’s Gemini Trading Widget, users can easily trade any crypto asset listed on the Gemini exchange without having to leave the browser. The Brave browser blocks ads and trackers and other identifying software used by websites to monitor visitors, thus providing a much faster (3-6x) and more private internet experience.

Brave also rewards users for participating: users can earn Basic Attention Tokens (BAT) by opting in to view privacy-preserving Brave ads and online creators can earn BAT with Brave Rewards through publishing online content.

Controlling Your Online Privacy

Brave has been praised as the browser of choice for those looking for more privacy and better security. An alternative browser such as Google Chrome individually identifies and constantly tracks users as they browse, installing cookies and gathering all sorts of private information, including keeping records of your browsing history. By using Brave, your data remains private and on your device – making it the browser of choice for many crypto enthusiasts.

Meanwhile, Gemini has lately become a leader in the Asia Pacific crypto landscape, as Crypto News Australia reported in July, which can only help consolidate its new partnership with Brave.

Categories
Crypto Exchange Crypto News Crypto Wallets Hackers

Hong Kong Crypto Exchange Bilaxy Hacked for $450 Million

Hong Kong-based cryptocurrency trading platform Bilaxy has suffered a serious attack that resulted in the loss of several hundred ERC-20 tokens on its hot wallet. It’s estimated that the exchange lost about US$450 million, though Bilaxy is yet to confirm the total amount of digital assets lost to the attacker. 

Users are advised not to send any funds to their Bilaxy accounts until further notice. 

What Happened to Bilaxy?

In its official telegram channel, the Bilaxy team said they noticed the abnormal transactions from their ERC-20 hot wallet (online wallet) around 18:19 UTC on August 29. Some minutes later, they halted all services for emergency maintenance and also moved some of the tokens from the hot wallet to the cold wallet.

This was confirmed to be a security breach, and about 295 ERC-20 tokens had already been moved from the Bilaxy hot wallet to a single wallet controlled by the hacker. Hoge Finance disclosed that about one billion HOGE was stolen from the exchange, equivalent to US$145,000 at the time of writing. 

In the meantime, Bilaxy says while it’s working with third-party security and audit companies to investigate the attack, all services will remain suspended. “The time it will take to resume the platform depends on the progress of our work, [but] it will take at least two weeks or longer,” the Bilaxy team tweeted on August 30.

Crypto Exchange Attacks Are Rising

The rate of cyber attacks in the crypto space is becoming alarming. Also in August, Poly Network was drained of about US$600 million in digital assets, although the hacker has since returned all the stolen assets. 

Most recently, Japanese cryptocurrency exchange Liquid Global lost nearly US$100 million worth of cryptocurrencies in an attack that involved a hot wallet – basically any cryptocurrency wallet that functions online or requires an internet connection. Although more convenient to use, they are also more prone to attacks than cold wallets.

Categories
Crypto Wallets Cryptocurrencies Hackers

Security Warning: Hackers Can Copy Your Clipboard to Gain Your Crypto Information

If you think storing your passwords and seed phrases in your notes on your computer is safe, think again. Your computer’s clipboard keeps this information and leaves you open to hackers who can intercept it. It’s called the “clipboard hack”.

The Clipboard Hack: How It Works

If you click on the wrong thing, or visit the wrong site, you can accidentally install a malware bug that can access your computer’s clipboard. Some malware is specifically designed to target crypto users.

When dealing in crypto, users are often copying and pasting addresses and passwords to exchange tokens from one wallet or exchange to another. Some malware bugs are designed to swap out the copied text – a wallet address, say – and replace it with their own, meaning if you aren’t careful you can accidentally send your crypto straight to a hacker instead of where you intended it to go.

To avoid falling victim to this, make sure to always double-check a pasted wallet address to ensure it matches the code you originally copied. Secondly, ensure you have an updated anti-malware solution to protect your digital assets from malicious actors. If you’re on a Mac, for example, you can use an anti-malware software such as MalwareBytes. Another way to protect yourself is to clear or disable your computer’s clipboard feature.

How to Clear/Disable Your Clipboard 

How to View & Manage Clipboard in Windows 10

How to Clear Your Windows 7 Clipboard

How to view and manage clipboard history on a Mac:

More Tips on Staying Safe

Here are some extra precautions you can take to keep safe when doing crypto transactions:

  1. Always lock your wallet when you are not using it. This will prevent other websites that you visit (that could be potentially dangerous) from connecting to it. Here’s how to do that in MetaMask:
Click on Accounts, top right corner, then select Lock

Lock your wallet with MetaMask

Your MetaMask Wallet is now locked until you login in again by entering your password

Unlock and back in business

2. Use a different browser for crypto; this way you avoid forgetting to lock your wallet and minimise your exposure to other insecurities. For example, you could use Chrome for day-to-day stuff and Brave specifically for crypto.

3. For extra peace of mind, close all other tabs except the one via which you connect your wallet. This way you avoid malicious pop-ups from other possibly dodgy website pages open on other tabs, which could intercept your wallet and steal your crypto. See below – this fake MetaMask pop-up, which looks almost identical to the real thing, tricks users into entering their password and giving full control of their wallet to the hacker.

Scam Alerts

There are so many scams to watch out for online; in crypto, even more so. Beware of fake crypto trading websites. Crypto News Australia has also reported on the latest Australian crypto scams going around in 2021.

Lastly, never store your seed phrases or passwords digitally on your computer or online; keep them safe as hard copies instead. Always be careful you are accessing the legitimate sites, apps and contract addresses. Double and triple-check everything. To be paranoid is to be aware.

Categories
Crypto News Crypto Wallets NFTs Scams

Scam Alert: Fake OpenSea Support Staff Are Stealing Crypto and NFTs

OpenSea users are the latest victims in a phishing attack where scammers are posing as support staff in Discord to take over wallets and steal funds.

These fake support admins are targeting users who have asked for help and tricking them into giving access to their MetaMask wallet, resulting in the loss of everything in that wallet, including NFTs.

Breakdown of the OpenSea Scam

Here’s how it works. An OpenSea user in need of support requests help at OpenSea’s help centre or via the site’s Discord server. Scammers respond by sending private messages and inviting the user to a fake “OpenSea Support” server under their control (see image below).

After being walked through various troubleshooting steps, the fake OpenSea Support scammer asks the user to share their screen. They tell the victim that they need to resync their MetaMask Chrome extension with their MetaMask mobile app.

To synch your mobile MetaMask wallet with your Chrome extension, if you go to Settings > Advanced > Sync with your mobile phone, you enter your password and a QR code will be displayed. The scammer then screenshots this QR code and can sync it with the MetaMask app on their own mobile phone, without asking for your seed phrase or password (because you already entered it on your end).

Now scammers have full access to the victim’s MetaMask wallet and all the cryptocurrency and any NFT collectibles stored within it. They then transfer the user’s assets to their own wallets and there is nothing the real support staff can do to help get it back.

How to Avoid Getting Scammed

Always go through the official help desk ticket option for communicating with support staff to ensure you don’t lose all your crypto assets in your wallet to a dodgy scammer. As these scams are so popular right now, it is strongly advised that OpenSea users only open tickets through the site’s help centre and not use Discord or Twitter when seeking support.

This is a warning: never share your wallet’s recovery keys, password phrases or QR codes used for synchronising. Always be alert; if anyone direct-messages you through any platform they are most likely a scammer. Do not click on any links to an external server; this is a red flag. Real support staff will never directly message you, send you any link to click on, or ask you to share your screen or password, etc. These are all red flags. Go slowly and be careful out there, scammers are everywhere.

Scam Alert: The number of crypto scams continues to grow. Australians should be wary when dealing in crypto as phishing attacks, fake support staff, fake apps and fake sites are everywhere.