Category: Crypto Wallets

Categories
Crypto News Crypto Wallets Hackers Scams

Scam Warning: Fake Crypto Hardware Wallets Sent to Ledger Customers

Last year, hardware wallet provider Ledger suffered an internal breach of security resulting in the exposure of 250,000 to 1,000,000 customer email addresses. In some cases, the information leaked included full names and addresses. A class action is under way, but the after-effects linger.

Initial Concern Regarding Bad Actors

Since self-custody and privacy remain crypto’s greatest drawcards, the initial concern was that the information would be used by malicious actors to separate users from their crypto holdings.

Within a short space of time, Reddit users described various phishing attempts (such as links to the “latest software upgrade”) and death threats (so-called “$5 wrench attacks”). At the time, users quite reasonably began asking questions as to whether or not Ledger was a secure hardware wallet.

Unsurprisingly, once leaked private information becomes available in the public domain, the consequences are likely to linger. Ledger’s 2020 data breach is no different as the ramifications persist.

Latest Fraudster Activity

Recently, Ledger customers have revealed a new and sophisticated effort by fraudsters involving fake hardware wallets being sent to exposed Ledger customers’ addresses.

https://twitter.com/BitcoinMagazine/status/1405572965480153095

Overlooking the fact that Ledger is unlikely to ever send a “new” unsolicited hardware device to its users (much less one that is unsealed/damaged), the clear giveaway in this instance was a single use of slang in the letter:

… For this reason, we have changed our device structure. We now guarantee that this kinda [emphasis intentionally added] breach will never happen again.

Extract from fake Ledger letter

In addition to examples such as that outlined above, some users have also described fake hardware being sent with a pre-installed recovery seed:

https://www.reddit.com/r/CryptoCurrency/comments/o609v2/hardware_wallet_scam/
https://imgur.com/a/WNjlkyc

How to Avoid Getting Scammed

Unfortunately, scammers continue to thrive and innovate within the crypto space. In 2020 alone, Australians lost $26 million in Bitcoin to scams.

The good news, however, is that there are some basic principles within the domain of hardware wallets that dramatically reduce the prospects of being scammed:

  • Only buy hardware directly from the manufacturer or authorised reseller
  • Never buy a used device
  • Make sure the packaging has not been tampered with
  • When starting the device up, make sure there aren’t any error messages that could be evidence of tampering
  • Remember that no hardware wallet comes pre-installed with a 24-word recovery phrase.

.

Categories
Crypto News Crypto Wallets

Crypto Wallet Provider Ledger Raises $380 Million to Expand into Defi and NFTs

Following a 500% surge in revenue for Q1 2021, Ledger has announced a new fundraising round that has elevated the company’s valuation to in excess of US$1.5 billion.

Ledger, a company best known for its cryptocurrency hardware wallets, already secures an estimated 15% of all cryptocurrency assets globally. Since its founding in 2014, it has sold 3 million hardware wallets in 190 countries and has more than 1.5 million monthly users.

Ledger’s flagship hardware wallet, the Nano X

Ledger Looks To The Future

In the announcement, Ledger chairman and CEO Pascal Gauthier highlighted that he was looking to capitalise on the hypergrowth of digital assets as they become increasingly mainstream. The funding, he said, would be used to extend Ledger’s leading position in cryptocurrency security and services to become “the secure gateway” to the entire digital asset ecosystem. In addition, it would allow the company to innovate its hardware products and expand its services via Ledger Live:

We expect to see the ecosystem diversify beyond cryptocurrencies to include NFTs, real estate and other forms of value that can be shifted onto the blockchain.  As we look to the future, we see ourselves as the secure gateway to this growing ecosystem. Our goal is to empower users to buy, sell, swap, borrow, and lend digital assets through the Ledger Live platform, which – when combined with our hardware – offers best-in-class security and a seamless user experience.

Ledger chairman and CEO, Pascal Gauthier

Concerns Over Ledger’s Data Breaches

While it certainly appears as if there is cause to be optimistic about Ledger and its future, the company continues to deal with user security concerns and reputational damage after last year’s data leak in which 270,000 users’ details were exposed.

We also saw Ledger hit with a lawsuit following a data breach with Shopify after 9,500 customers’ personal data was leaked along with up to 100,000 email addresses.

Categories
Crypto News Crypto Wallets Ethereum Mining

Norton Antivirus Reveals Norton Crypto, a Crypto Mining Add-on

NortonLifeLock is launching a new feature for their users that will allow them to mine Ethereum (ETH) from their own computers. The software is there to allow users who opt in to skip all the steps and mine crypto with only a few clicks.

From June 3, Norton 360 customers in the early adopter program were invited to mine Ethereum. At launch, the tool would only allow users to mine Ether, the cryptocurrency of the Ethereum network, the world’s second-largest crypto. However, Norton told CNN it may allow users to mine other “reputable cryptocurrencies” in the future.

We are proud to be the first consumer Cyber Safety company to offer coinminers the ability to safely and easily turn the idle time on their PCs into an opportunity to earn digital currency.

Gagan Singh, chief product officer at NortonLifeLock

The Norton press release claims its service is well suited to people who don’t want to deal with the nitty-gritty of setting up mining software and are afraid of using “unvetted code” that could be skimming or planting ransomware on their machines.

The Norton Mining Pool

Mining from a normal computer is very difficult since one requires significant power to crack the Proof-of-Work puzzle. Mining in a pool allows many computers to contribute joint resources over a network and split the reward based on how much work their machines did together.

Pools almost universally take a percentage cut of all earnings, this being a widely used standard. If it is indeed the case that users will be contributing to a mining pool, Norton will be leveraging its millions of customers’ computers to generate a new income stream.

Norton Crypto Wallet

Any earnings will be funnelled into a cloud-based wallet called the Norton Crypto Wallet. From there, users will be able to trigger transactions and receive payments. It’s funny to consider the possible additions to hashrate from 13 million Norton 360 users.

There Could Be Some Issues

Norton 360 users might need to consider tax implications before getting a surprise in the tax season. In the US, mined cryptocurrency is considered by the IRS as a taxable event and must be reported on tax returns as income.

The other side is environmental; does this mean that more people will leave their personal computers in idle to mine crypto? This might cause a higher electricity bill for some unsuspecting customers. Also, most mining farms have carbon offset technologies or make use of sustainable energy, where most individuals don’t.

Categories
Crypto Exchange Crypto News Crypto Wallets Google

Google Revokes Its 2018 Ban on Crypto-Related Advertising

Google is lifting its advertising ban regarding cryptocurrency exchanges and digital wallets. The new policy outlines the hurdles that need to be cleared to allow advertising for cryptocurrency-related business and services.

New Crypto Ad Rules

An official policy update by Google stated that “(from) August 3, advertisers offering Cryptocurrency Exchanges and Wallets targeting the United States may advertise those products and services”. However, they will need to be certified by Google first, through meeting these specific requirements:

  • To be registered with either a Financial Crimes Enforcement Network (FinCEN) as a Money Services Business and with at least one state as a money transmitter; or a federal or state chartered bank entity. 
  • Must comply with relevant legal requirements, including any local legal requirements, whether at a state or federal level.
  • Must ensure their ads and landing pages comply with all Google Ads policies.

There are still some categories in the crypto space that will not be permitted to advertise. These include Initial Coin Offerings (ICOs), Decentralised Finance (DeFi) trading protocols, and “Ad destinations that aggregate or compare issuers of cryptocurrencies or related products”. For an exhaustive list of restricted financial products, have a look here.

Since all previous certifications will be revoked after August 3, advertisers will need to create a new application using the application form that Google will publish on July 8. This policy will apply to all accounts globally, and will need to comply with local legislation and the laws of targeted territories.

Why Crypto Ads Were Banned

This policy change comes after a three-year ban on advertising cryptocurrencies where at one stage even “Ethereum” was added as a blacklisted word in the ads filter.

Google caused quite a stir back in 2018 when it banned crypto advertising, following a ban implemented by Facebook. Both companies cited the sudden spike of crypto offers coaxing investors into making speculative investments, and the ban was a precautionary measure to protect their customers.

By the end of June 2018, other social media conglomerates, Snapchat and Twitter, also issued crypto-ad bans. However, some critics have long accused Google of not properly addressing crypto ad scams which have claimed various institutional and retail victims.

Categories
Crypto News Crypto Wallets Cryptocurrencies DeFi

Crypto Wallet Metamask Reaches 5 Million Active Users

MetaMask
MetaMask

MetaMask is one of the most popular crypto wallets at the moment as it’s active monthly users reaches a massive 5 million milestone.

Powered by the Ethereum blockchain, MetaMask sports a flashy yet welcoming user interface which provides easy access to cryptocurrencies and tokens, especially DeFi and NFTs.

In a recent blog post, the team announced that MetaMask had reached a total number of 5 million active users – and reiterated their commitment to keeping the internet accessible to all.

“We cannot express how honoured we are to continue democratizing access to Web 3.0, and we look forward to serving the millions more users that are joining the decentralized web. This growth opens the possibility of a more ethical internet where people control their own data and identities, can build communities, and freely associate with one another through interactions that are empowering and based on consent.”

Metamask

Could DeFi Compete With The Banks?

One of the main vectors identified in the post for the growth of Metamask’s user base is the adoption of DeFi – specifically by those in countries where banks and financial services are lacklustre – if they exist at all.

Although in places such as Australia, China, the USA and the EU a bank account is more or less a necessity in this day and age, things are somewhat different elsewhere. For instance, 54% of people living in South America do not have access to bank accounts. This is not only due to denial of service by banks – many simply do not trust either their national banks or private banks operating locally.

As a result, many of these citizens have turned to cryptocurrency and DeFi as a way to store their assets, make investments, and take care of their daily expenses.

Following a rise in popularity that brought MetaMask to 1 million users by October 2020, their userbase has continued to grow exponentially – leading to the current figure of 5 million monthly users, carrying out transactions worth $2 billion within the past 6 months.

Categories
Crypto Wallets Cryptocurrencies Hackers Illegal

Ledger And Shopify Hit With Class-Action Lawsuit Over 2020 Data Breach

One of the most popular hardware wallet companies, Ledger suffered a massive blow to their reputation last year when a massive data breach occurred, causing somewhere between 250,000 and 1,000,000 customer email addresses to be leaked – and among the affected customers, 9500 also had more personal information leaked, such as their names and addresses.

ID Tag Team Theft

It turns out that the incident was actually part of a coordinated effort by two rogue Shopify employees to harvest data from Shopify users, with slightly less than 200 distinct merchants affected.

As Ledger used Shopify’s platform to create their online store, both companies are now being sued in a class-action effort.

The lawsuit will be coordinated by Roche Freedman, a company known for taking on crypto-related cases.

Although Pascal Gauthier – the CEO of Ledger – took to Twitter at the time to reassure customers that the cryptocurrencies stored in the hardware wallets – also known as cold wallets – were not affected in the least, his statement was not well-received by several users who received threatening e-mails rife with promises of midnight visits and the like.

Ledger’s general counsel Antoine Thibault commented on the case, stating that although they will not comment on ongoing legal cases, the company would like to remind Ledger customers that their cryptocurrency stashes were safe.

“Ledger does not comment on ongoing legal issues. Ledger would however like to take this moment to remind our customers, yet again, never to divulge their 24 words and validate the identity of the recipient of your transactions. You are in sole and total control of access to your funds.”

In turn, Kyle Roche of Roche Freedman stated that the class-action lawsuit had been in preparation for a while – and that he and his firm had been consulting with blockchain experts ever since the incident had taken place.

Categories
Crypto Wallets Dogecoin Investing

Crypto Wallet Service Attempts To Promote Itself, Gets Firmly Rebuffed By Elon Musk

Freewallet, an online-hosted crypto wallet service attempted to promote their service by jumping on the Dogecoin bandwagon started by Elon Musk.

However, their ill-advised PR stunt promptly – and very publicly – backfired.

Heavy Criticism Due To Non-Ownership Of Keys

The company retweeted one of Elon’s many Doge-related tweets, announcing that Doge is readily available on their app.

Unfortunately for them, Twitter can often be the Wild West, and Elon Musk promptly criticized their services. Stating that the “always online” approach should not be trusted when it comes to cryptocurrency, Elon Musk replied to the promotional message with his views on their service.

Freewallet defended themselves, stating that hosting tokens on their own servers allows them to offer “bank-level” customer support and security. It’s worth mentioning that if we’re taking into account the customer support some banks offer, this may have been a poor choice of words.

“The accusations relating to this fact are never followed by a support ticket. People saying ‘stay away from Freewallet’ express prejudice towards custodial wallets because they believe that a ‘true’ blockchain wallet is supposed to leave the management of private keys to the user (no). However, there are other services (like exchanges) that have access to user private keys.”

Avid crypto users have criticized online storage for a long time, stating that an app that is always online can be attacked by bad actors – an event that, although rare, still does happen. To be fair, despite strong messages in favor of storing crypto on your own hard wallets from many sources – such as Aussie exchange Swyftx – many are still keeping their assets on exchanges. For instance, up to 92% of institutional investors do not host their own crypto assets.

Categories
Crypto Wallets Cryptocurrencies Ripple

Ripple CTO Can No Longer Remember The Password To His Bitcoin Wallet Worth Hundreds of Millions

Staying on top of a company preparing to go to court with the SEC and dealing with the resulting delisting of your company’s token from multiple leading crypto exchanges can be quite challenging and stressful.

However, it must be at least equally stressful to have a multi-million dollar fortune locked away with a low chance of recovery.

Only 2 Attempts Left

Originally reported on by The New York Times among other long-time HODLers in a similar situation, Ripple CTO Stefan Thomas can no longer remember the combination necessary to unlock his hardware Bitcoin wallet worth  nearly $250.6 million at the time this article was written.

Mr. Thomas owns an IronKey hardware wallet that only has 2 more password attempts left before the device encrypts for good, out of a total of 10.

According to Mr. Thomas, the idea of being your own bank comes with some drawbacks – but he still retains some hope.

This whole idea of being your own bank—let me put it this way, ‘Do you make your own shoes?’ The reason we have banks is that we don’t want to deal with all those things that banks do. […] I would just lay in bed and think about it. Then I would go to the computer with some new strategy, and it wouldn’t work, and I would be desperate again…I got to a point where I said to myself, ‘Let it be in the past, just for your own mental health.’

The 7002 bitcoins were given to him back in 2011 for making an informative video about Bitcoin – one that down the line ended up being the video that got vast swathes of people into the world of cryptocurrency.

According to Chainalysis, 2.4 million BTC are yet to be mined – but 3.7 million BTC have already been lost.

For now, Mr. Thomas has stashed the IronKey away in a secure location, in case new ways of cracking complex passwords are discovered in the future. Here’s to hoping he gets his stash back one way or another.

Categories
Crypto Wallets

Exodus Crypto Wallet Now Works Directly With Your Trezor Offline Wallet

Exodus and Trezor worked in partnership to advance the hardware wallet experience.

Exodus helps individuals control their wealth independent of old banking models and free from institutional control. Now, Exodus & Trezor make advanced security easy – allowing anyone to safely manage digital assets.

Benefits Of Exodus User Experience with Trezor Security

  • Exchange assets between Trezor and Exodus
  • Assets stay securely offline on Trezor hardware
  • Plug and play with all existing Trezors
  • Manage multiple Trezor devices simultaneously
  • 90+ Trezor Supported Cryptocurrency Assets

Watch the video

How to set up

Read the support article with detailed instructions.

Exodus User Interface

Categories
Crypto Wallets Hackers Scams

Death Threats And Fake Emails: Ledger Users In Danger As Hackers Start Massive Attacks Following The Database Leak


The Sim Swap attacks have begun following Ledger’s database leak, now that hackers have all the personal information of at least 270,000 users. Now scammers are sending apology messages on Ledger’s behalf, tricking users into installing the “latest version”.

Hackers are sending malicious links into tricking users to “Download the latest version” with a convincing letter. One of Ledger’s user fell into the trap and reported losing $4,000 thanks to a modified metatask extension.

Below is a screenshot uploaded by a Twitter user who received the message from the hackers. People on Twitter are alarmed by how compelling and convincing the message is, despite a minor spell error at the end.

But the outrage is even greater since the affected users have reported that Ledger has not commented nor provided assistance of any kind on these messages.

A user from Reddit that goes by the name u/goldcakes reported receiving several death threats over his ledger:

Taken from: Reddit

At least 1 million users were exposed on Raidforum since the attacks on Ledger began. According to the staff, the attack only leaked the personal data of 9,000 users. The company downplayed the issue, saying it was “old data.”

Now it turns out that those 9,000 users became 270,000 people which have all their personal info in hands of cyber-thieves, and are exposed to these types of messages. Likewise, Ledger could be in serious trouble if affected users take legal action, which might start soon.