Home Blog Page 2

Lessons From a Cryptocurrency Hack (A PSA)


Cryptocurrency-related cyber attacks are on the rise. As cryptocurrency continues to explode in value and public awareness, we can only expect this trend to continue. I was recently the target of such an attack. I also personally know of multiple other cases of the same attack being successfully carried out. Even worse, this type of attack is becoming ever more common and is likely to see an even bigger boost thanks to the professional excellence of firms like Equifax, making it an urgent topic as almost everyone is at immediate risk.

This article describes this increasingly common attack vector and provides immediate steps you can take to protect yourself. I will also provide additional tools and best practices to further safeguard yourself and your funds more generally.

As a computer programmer active in the crypto ecosystem since early 2013, I’ve always been too aware of the constant threat of cybersecurity attacks and the possibility that I could be targeted at any time. Cryptocurrency is the perfect hacker pay day. Once it’s transferred away from your control it’s gone forever, and it’s easily liquidated in any number of ways. Black hats are constantly prowling for possible cryptocurrency holders.

As such, I’ve always taken the minimum precaution of keeping my coins off third-party accounts, and have always advised others to do the same. But what I couldn’t prepare for was how unnerving being the target of an attack could be regardless of your level of preparation. The hypothetical can become reality in a matter of seconds, and you never truly understand the personal value of putting proper security in place until it’s too late. For those with enough at stake, it can be ruinous. Ultimately none of my funds were compromised by this attack, but others have not been so lucky.

“But not all accounts are created equal for data thieves  —  and the most valuable online accounts to steal are like the ones belonging to Mr. Burniske, who is a cryptocurrency fan. In the few minutes it took to get control of his phone, the virtual currency investor saw his virtual currency password change and its accounts drained of $150,000.” -PYMNTS

The Attack

It started when I received a text message from my cellular service provider alerting me that my SIM card had been “updated.” Included in the text was a number to call if this “update” wasn’t in fact authorized by me. I read this text several minutes after it had been sent, and by the time I called the number provided a minute or two later, my cell service and data were suddenly cut off by what I began realizing must be an attacker. Almost immediately, I was also logged out of my Facebook messenger window right before my eyes. With control of my phone number, my attacker had managed to quickly reset my Facebook password and gain control of the account.

As the reality of what was happening to me sank in, I felt an initial wave of panic. Suddenly, I didn’t know if the years of precautions I had taken amounted to anything at all. I had no idea how robust the attack was, how deep the attacker had penetrated my numerous online accounts or what my first reaction should even be. I momentarily feared the worst. Could my coins be at risk?

I forced several deep breaths. Thankfully my coins were not at risk via a phone, social media or email hijacking. Reminding myself of this eased my fears and allowed me to focus on going on the defensive and taking back control of my accounts as quickly as I could.

Using FaceTime from my laptop, I was able to get a family member to call the number provided by my cellular provider’s text message and initiate the process to eventually retake control of my phone number. Using an old email strictly used as an emergency recovery email for situations such as these, I was also able to lock down my Facebook account and regain control soon after.

What I discovered once I logged back in confirmed that the attacker had specifically targeted me due to my public cryptocurrency involvement. In the brief span of time they controlled my Facebook account, they had sent the same message to several friends of mine also involved in the ecosystem, many of whom I’ve known for years. The messages claimed I had an emergency and needed to borrow several bitcoins or the equivalent value in alternate coins for a day. The attacker was in the middle of sending out many more such messages to even more of my friends when I regained control.

%name Lessons From a Cryptocurrency Hack (A PSA)

At the end of the day, the damage done to myself was limited to being spooked. Unfortunately, however, at least one of the recipients of my fake Facebook messages was later the target of the same attack. I’ve decided to learn from these events and share those lessons, and hopefully help some avert the worst. First and foremost is eliminating this specific and trivially easy attack vector completely.

How to Stop It Before It Happens

Text message two-factor authentication (2FA) is the default security precaution for most online accounts today, and cellular service providers are woefully unprepared for this reality. It is almost trivially easy for an attacker to contact your service provider and pretend to be you.

In all the cases I’ve personally observed, it began with the attacker identifying an individual likely to have cryptocurrency and contacting their cell provider. They impersonate their target using personal information like social security numbers and home addresses from any number of possible leaks, Equifax being the most obvious and concerning source.

After successfully convincing your cell provider that they are you, they then port your SIM card to a phone they control. This approach is known as a social engineering attack, and with today’s common security default of using text messages for 2FA, they immediately have the keys to the kingdom. With your phone number they can now reset the password to any account you have with text 2FA enabled, including cryptocurrency wallets and accounts.

The minimal action you should take right now to prevent this: Contact your cellular service provider and request restrictions to be placed on your account so that no changes can be made to it without special verification. This can include setting a password on your account or requiring you to physically visit a store with your ID to make any account changes. Call again once this is in place and attempt to change your own SIM card as a test to ensure the restrictions have indeed been put in place and are being properly enforced by your cellular provider.

This simple step means that no matter what information an attacker may have on you, socially engineering a takeover of your SIM card is no longer a trivially simple endeavor. However, this precaution isn’t ironclad, and there’s also a variety of other attacks you can be the target of.

Taking It a Step Further

Black hat actors tend to focus on the low-hanging fruit, which is why the social engineering SIM attack has become so prevalent. But it is by no means the only way to compromise your accounts, and as the low-hanging fruit become harder to find, attackers will move on to these other methods. I highly recommend everyone implement these precautionary steps to further secure yourselves. The upfront investment needed to set up these measures may seem tedious now, but can pay invaluable dividends in the future.

1. If you hold any significant amounts of cryptocurrency, invest in an offline hardware storage solution.

These devices contain your cryptocurrency private keys and can remain completely disconnected from the internet or any computer until you need to make transactions, so that your funds remain totally safe regardless of any of your other devices or accounts being compromised. These devices include OpenDime, TREZOR and Ledger. Even if you do not opt for any of these solutions, at a bare minimum do not store funds on third-party services such as Coinbase or exchanges, especially on any service or wallet that integrates email or a phone number to authorize access to funds.

2. Ditch text messaging 2FA.

Placing verification restrictions on your cellular service account is a big step up in security, but can still be circumvented by an insider or even just a careless customer service rep who doesn’t do their job properly. Text message authorization is also still too incredibly insecure to be relied on in any way, period. Recent research shows that intercepting text messages is a trivial task for someone with the right tools, and many other exploits are likely to be discovered in the future.

The first item on this list will protect your personal funds from theft, but as I learned the hard way your money isn’t the only thing at risk. With access to your social media accounts and emails, an attacker can trick your friends into giving them funds or exposing themselves in other ways. They’ll also obviously have a clear look into all your messaging and file history on those accounts, which can expose you and your social circle even more. Shoring up your 2FA is a big step in preventing this.

Eliminate all of your text messaging–based 2FA and at a minimum replace it with Google Authenticator. However, like storing cryptocurrency, you can take it a step further with a dedicated hardware solution. I highly recommend YubiKeys.

You can configure many major online accounts (not Coinbase yet) to require you to physically insert and activate your YubiKey as your 2FA authorization, eliminating the risk of a remotely compromised phone.

3. Use multiple emails with interlinked recovery options, and use completely different and robust passwords for those emails and other online accounts alike.

Luckily I did not have text messaging 2FA enabled on the email account associated with my Facebook profile; otherwise my attacker could have seized control of that as well. If they did, I have a chain of recovery emails I could have used to regain control of it, all with different passwords. This practice also means that having your password being captured or leaked for any one of your accounts won’t jeopardize all of them.

4. Stay vigilant, stay paranoid.

To quote the Onion Knight, “Safety is never a permanent state of affairs.” Don’t get lazy and begin recycling passwords or leaving funds on Coinbase or other third-party accounts. Be aware of the technology you are using and the tradeoffs you are making or exposure you are generating by doing so. Stay up to date on the latest breaches, exploits and technology. Opt to use end-to-end encrypted messaging services like Signal, Telegram or WhatsApp. Don’t answer calls from strange phone numbers, and use apps like Hiya to filter out known spam numbers to reduce the risk that you do. Ultimately, however, there is no easy fix for security and no list that can guarantee you won’t get hacked.

Make no mistake, there are individuals out there who want to harm you and are actively working to do so. The time needed to reasonably secure yourself can seem tedious and time-consuming up front, but can easily and quickly become a priceless investment as I and many others have learned firsthand. 

This guest post by Ariel Deschapell was originally published on Medium and is reproduced here under a Creative Commons License. The views expressed do not necessarily reflect those of BTC Media or Bitcoin Magazine.

Source link

PR: Vietnam’s Largest Smart Vending Machine Operator Dropfoods Plans to Raise Through ICO on 21 Sept


dropfoods Logo 01 696x696 PR: Vietnams Largest Smart Vending Machine Operator Dropfoods Plans to Raise Through ICO on 21 Sept

This is a paid press release, which contains forward looking statements, and should be treated as advertising or promotional material. Bitcoin.com does not endorse nor support this product/service. Bitcoin.com is not responsible for or liable for any content, accuracy or quality within the press release.

– Dropfoods currently operates the largest network of smart vending machines in Vietnam, which already offers the functionality of using mobile money for product purchases and other transactions including paying for bills
– With the proceeds from its ICO, Dropfoods will install 1,000 new machines that will enable smart transactions using its own Cryptocurrency, Dropcoins
– Dropfoods is backed by Sugar Ventures, one of Southeast Asia’s largest venture builders with 11 startups built from scratch in its portfolio to date

Dropfoods, the largest smart vending machine operator in Vietnam, today announced the launch of an Initial Coin Offering (ICO) scheduled for September 21, 2017 to raise US$9 million with the issuance of its own Dropcoins tokens. With the proceeds from its ICO, Dropfoods will install 1,000 new machines that will enable smart transactions using Dropcoins.

The ICO issued by Dropfoods will be the first of its kind that is supporting an existing operational business outside of the blockchain space, with a solid business plan to utilize the fundraising proceeds from the ICO. Dropfoods currently operates in more than 40 locations in Vietnam, supporting automated retail operations for fast-moving consumer products.

The key value proposition of Dropfoods lies in the scalability of its business model and plug-and-play infrastructure combining its physical assets (vending machines) and digital assets (mobile application) to install a payment gateway that can advance financial inclusion in a region where more people hold smart phones than bank accounts.

Backed by one of Southeast Asia’s largest venture builders with key stakeholders from Japan, South Africa and Singapore, Sugar Ventures, Dropfoods aims to build the region’s largest network of physical touch points for cross-border transactions and digital remittance. Dropcoins may be converted into government-issued fiat currency for cash withdrawal at the Dropfoods vending machine or to make purchases on the vending machines and on the Dropfoods App. This conversion will be set according to the aftermarket coin value exchange rate.

Sugar Ventures, one of Southeast Asia’s largest specialized venture builders, is focused on nurturing greenfield ideas that will transform the region’s emerging economies. Unlike traditional accelerators or incubators, Sugar Ventures seeks to unearth great start-ups from the ideation stage, provide seed funding, support their organic growth and work towards a flourishing exit in the process.

Dr Mark Hon, Co-founder of Dropfoods and Sugar Ventures, commented: “We are excited by the prospects of launching a token that can be a game-changer for the state of play for the financial inclusion of the region’s emerging marketplace. To enable cross-border transactions and digital remittance at close to zero transaction costs will make full use of the digital opportunity presented by the region’s relatively high mobile penetration and enable the underbanked to be included in the formation of a cashless society.”

John Fearon, Co-founder of Dropfoods and Sugar Ventures, commented: “Dropcoins will revolutionize the region’s digital marketplace and is a true example of financial technology that applies emerging technologies such as blockchain and artificial intelligence to transform the current financial landscape, clearly distinguished from the realm of ‘techfin’ where you would be just applying technology to enhance existing financial capabilities.”

Sugar Ventures is founded by Dr Mark Hon, serial entrepreneur and Chairman of the Business Angel Network South East Asia (BANSEA); and John Fearon, Founder of Telr.com and ASX-listed cloud-based software platform Dropsuite (DSE:ASX). Dropfoods’ investors include Shuhei Morofuji, CEO and founder CEO of venture capital firm and venture builder REAPRA and TSE-listed SMS Co Ltd, one of the largest Asian internet healthcare information platforms; and Chiang Joon-Arn, Managing Partner, Financial Accounting Advisory Services – Asia Pacific – ‎Ernst & Young.

Vietnam has approved a plan to scrutinize and streamline the legal framework for the management of cryptocurrencies.

This ICO is only open to accredited investors. “Accredited investors” refer to persons who are defined within the meaning provided under the laws of the country or territory of such person.

About Dropfoods
Dropfoods is the largest smart vending machine operator in Vietnam. Backed by Southeast Asia’s largest venture builder, Sugar Ventures, Dropfoods supports automated retail operations for fast-moving consumer products. Its mobile application, the Dropfoods app, supports the purchase of Dropfoods products and smart transactions using a mobile wallet and will soon be integrated with a cryptocurrency gateway following its initial coin offering to be issued in September 2017.

About Sugar Ventures
Sugar Ventures is one of Southeast Asia’s largest specialized venture builders. Focused on nurturing greenfield ideas that will transform the region’s emerging economies, it has built and invested in 11 companies to date, including Dropfoods, OEScore, ITGLOO, Folr.com, LAWR, Meet Drinks, Kluje.com. Voice Map, Hot Soup, Swallows and Amazons Pre-School and Invictus International School. Unlike traditional accelerators or incubators, Sugar Ventures seeks to unearth great start-ups from the ideation stage, provide seed funding, support their organic growth and work towards a flourishing exit in the process.

The key stakeholders at Sugar Ventures are: Dr Mark Hon, Chairman of the Business Angel Network South East Asia (BANSEA); John Fearon, Founder of Telr.com and ASX-listed cloud-based software platform Dropsuite (DSE:ASX); and Shuhei Morofuji, CEO and founder CEO of venture capital firm and venture builder REAPRA and TSE-listed SMS Co Ltd, one of the largest Asian internet healthcare information platforms.

This is a paid press release. Readers should do their own due diligence before taking any actions related to the promoted company or any of its affiliates or services. Bitcoin.com is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in the press release.

Source link

Free Society Foundation Plans to Establish Libertarian Country


Free Society Foundation Plans to Establish Libertarian Country 1 1068x1068 Free Society Foundation Plans to Establish Libertarian Country


The Free Society Foundation is in the process of realizing a libertarian and crypto-anarchist dream. Currently, the organization is taking steps to purchase a piece of land from governments hoping it will be the first truly sovereign country to exist. 

Also read: Money Psychology: How Cryptocurrency Makes Us More Compassionate (Part 1)

Free Society Foundation

The project was brought to life by Free Society Foundation founder, Olivier Janssens, and other well-known libertarians and cryptocurrency figureheads. They said initial interest by surrounding countries has been positive, and talks are proceeding smoothly. 

The announcement states, “They are in preliminary talks with governments to purchase sovereignty and autonomy over a piece of land. ‘When we started contacting governments, interest was much higher than initially anticipated,’ says Mr. Janssens, who has been working on the project for the past several years.”

Janssens went on to say the project has $100 million USD from private funding and they plan to use these funds to get the country running.

 Other Attempts at a Free Society

The announcement also elaborated on how previous attempts at creating a free society or community have fallen short. Other projects were overly complicated or burdened by bureaucratic politicking.

“Genius in its simplicity by just purchasing sovereignty, it seems this is the first idea that really has a chance of succeeding. In the past, many libertarians have attempted the feat by trying to claim disputed land or by building floating ocean structures. Unfortunately, none of them were successful – either due to push-back from existing governments or being unrealistically complicated,” stated the Foundation’s press release.

Needless to say, the founders of the project are optimistic for the current project. They seem urgent to finally create a society free of government oversight and violence. Bitcoin.com’s very own CEO, and co-founder of The Free Society Foundation, Roger Ver, provided his perspective:

“I’m incredibly excited to be part of this project that will finally create a society based on voluntary interactions instead of government force.”

free country 1024x536 Free Society Foundation Plans to Establish Libertarian Country

Do you think this new libertarian and cryptocurrency-based country will succeed? Will governments and other entities try to smash it? Would you become a part of it? Share your thoughts in the comments section below!

Images courtesy of Shutterstock and The Free Society Foundation

Make sure you do not miss any important Bitcoin-related news! Follow our news feed any which way you prefer; via Twitter, Facebook, Telegram, RSS or email (scroll down to the bottom of this page to subscribe). We’ve got daily, weekly and quarterly summaries in newsletter form. Bitcoin never sleeps. Neither do we.

Source link

Weak Demand? Bitcoin’s Price Rebound May Be Starting to Fade


The rebound in the bitcoin-U.S. dollar (BTC/USD) exchange rate appears to be stalling out.

After rising from a recent low of $2,980 earlier this week, bitcoin is again trading below $4,000, a development that raises doubts as to whether the rally will continue. As per CoinMarketCap, the cryptocurrency was trading at $3,850 at press time – down 1.68 percent in the last 24 hours.

Week-on-week, BTC is up 19 percent. On a monthly basis, BTC is down 3.7 percent.

However, assumptions that China’s crypto trading crackdown will not have a long-term impact seem to have waned. This is evident from the price action analysis, which points to bullish exhaustion around $4,000 and a lack of substance in the rally from $2,980.

This runs counter to the response to a knee-jerk sell-off in bitcoin earlier this week, when, following China’s crackdown on cryptocurrency trading, the market quickly saw steep gains.

Building on that momentum, on September 15, bitcoin staged a solid rebound from the 100-day moving average levels in the wake of an oversold relative strength index.

But while a similar price action in July had yielded a record rally to $5,000 levels, September may be unlikely to offer a case of history repeated.

ATR signals lack of buying pressure

Daily Chart

download 1 3 Weak Demand? Bitcoins Price Rebound May Be Starting to Fade

The chart reveals a descending broadening wedge formation – a megaphone-shaped pattern with lower peaks and lower valleys. The breakout direction is upward more than 70 percent of the time.

However, in the bitcoin’s case, the odds of an upside breakout look weak, if the lack of buying pressure/lack of substance as shown by the average true range (ATR) indicator is taken into account.

ATR is a volatility indicator that reveals the degree of interest or disinterest in a move. A bullish reversal with an increase in ATR shows strong buying pressure/high interest and adds credence to the reversal.

Bitcoin’s reversal from $2,908 has been accompanied by a drop in the ATR, however, which indicates lack of enthusiasm in the move.


  • ATR shows bitcoin’s recovery from the low of $2,908 was the result of the unwinding of the shorts.
  • Lack of strong buying pressure and a failure to hold above the 50-day moving average indicates the cryptocurrency is likely to leave a lower high around $4,000 and drop to the 100-day moving average level of $3,252.
  • Only an upside break of the descending broadening wedge pattern would boost the odds of bitcoin rallying to record high above $5,000.

Burned match image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Interested in offering your expertise or insights to our reporting? Contact us at [email protected].

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Please conduct your own thorough research before investing in any cryptocurrency.

Source link

Chinese Bitcoin Exchange Executives Allegedly Must Remain in China


Untitled design 51 1068x1068 Chinese Bitcoin Exchange Executives Allegedly Must Remain in China


Reports have emerged alleging that Chinese bitcoin exchange executives have been forbidden from leaving the country. The travel ban has been instigated whilst the Chinese central government seeks to “clean-up” the nation’s cryptocurrency industries.

Also Read: China May Try to Block All Bitcoin Transactions in the Country 

Chinese Bitcoin Exchange Executives Are Reported to Be Required to Stay in China During the Governments Cryptocurrency “Clean-Up”

shutterstock 291401870 1 300x205 Chinese Bitcoin Exchange Executives Allegedly Must Remain in China

It has been reported that Chinese bitcoin exchange executives must stay in China during the government’s crackdown and “clean-up” of the nation’s cryptocurrency industries. A rough translation from a story published by China’s Bjnews states that “a number of informed sources say the executives of special currency trading platforms are not allowed to leave Beijing to cooperate with the investigation. In accordance with regulatory requirements, trading platform shareholders, the actual controller, executives and financial executives need to fully cooperate with the relevant work in the clean-up period in Beijing.”

The alleged travel ban has also been reported by Australia’s Financial Review (AFR), who stated that an anonymous source close to major cryptocurrency exchange Huobi told AFR that Huobi’s founder, Li Lin, must “report to the authorities and cooperate with their work at any time” – requiring that Li Lin must remain in China.

An increased regulatory presence within China’s cryptocurrency industry has significantly reduced China’s position of dominance within the bitcoin markets since last year. Chinese trading is currently estimated to account for less roughly 10% of global trade volume, compared to approximately 90% throughout most of 2016. Analysts are expecting China’s share of global bitcoin trade to drop substantially further once all of China’s major bitcoin exchanges have ceased operations, which is expected to have occurred before the end of October.

The Travel Ban Comes Following a Significant Expansion of China’s Cryptocurrency Crackdown

shutterstock 714440398 300x199 Chinese Bitcoin Exchange Executives Allegedly Must Remain in China

The increasing interference into China’s cryptocurrency industry on the part of the state led to many insiders forecasting a rocky future for China’s bitcoin economy. An anonymous bitcoin trader told AFR that “China was the country with the most favorable approach to bitcoin but it has switched very rapidly to become the most unfriendly country for the digital currency… I’m not very optimistic about the future of bitcoin in China.” MGT Capital’s John McAfee went as far as describing China’s recent actions as “the beginning of the war between the proponents of cryptocurrency and the world governments” in a recent interview with Chinese media.

The reports of a travel ban on Chinese bitcoin exchange executives have surfaced following announcements confirming that the Chinese government will extend its cryptocurrency crackdown to target all bitcoin exchanges operating in China. The ban is also expected to target over-the-counter (OTC) trading, including that which is occurring via messaging app Wechat – which has prompted a recent migration of many users to Telegram.

Many analysts are attributing China’s cryptocurrency crackdown to major economic policies introduced during July. The policies are designed to reduce high-risk speculation throughout China’s economy, further tightening Beijing’s control over financial circulations throughout China. Martin Chorzempa of the Peterson Institute for International Economics recently wrote that “the clampdown fits into a broader set of efforts to lessen financial market risks perceived by Chinese policymakers.”

Do you think that the China’s central government will maintain its heavy handed approach with regards to bitcoin exchanges long term? Share your thoughts in the comments section below!

Images courtesy of Shutterstock

At Bitcoin.com there’s a bunch of free helpful services. For instance, have you seen our Tools page? You can even lookup the exchange rate for a transaction in the past. Or calculate the value of your current holdings. Or create a paper wallet. And much more.

Source link