Bolster Your Personal Opsec With This Crypto Investor Checklist

As the internet grows and more and more of the mainstream public find themselves on the world wide web, so does cybercrime – making it especially important for crypto investors to pay close attention to personal cybersecurity.
Here is a list of the most important steps a crypto investor – or anyone concerned with their privacy – should take to protect themselves from online predators seeking to access your sensitive data and accounts.
Why OPSEC Is Important for Crypto Investors
OPSEC stands for operations security and is defined by Wikipedia as the process of identifying and protecting critical information that could be pieced together by “adversaries,” or in the case of crypto investors, cybercriminals, who may be seeking to access user’s crypto accounts hoping to steal their funds.
Related Reading | Bitcoin Bull Jack Dorsey’s Twitter Hack Is a Wakeup Call for Crypto Security 
The term was coined by a Vietnam era security team under the order of United States Admiral Ulysses Sharp and is commonly used by military entities around the world to this day. But it’s also become widely used to discuss personal data security needs of ordinary individuals – a growing issue in the digital age where sensitive user data is exposed both on purpose via social media, and without consent via hacks or other data breaches.
Crypto investors need to take personal OPSEC even more seriously, as according to a Google security expert claims, cryptocurrency is like catnip for cybercriminals, due to the added layer of anonymity they provide, making tracing their trail of crime all the more difficult.
Protect Your Assets With This Personal Security Checklist 
Despite the very real dangers, crypto investors can take a number of steps in order to protect themselves from any would-be attackers.

$crypto OPSEC checklist:
1) Secure email provider (protonmail, tutanota).
2) Different emails / different strong passwords.
3) Never link phone to $crypto platforms.
4) 2FA (NOT linked to phone).
5) Cold storage, only keep necessary on exchanges.
6) Offline back-ups.
— SalsaTekila (JUL) (@SalsaTekila) December 2, 2019

First, signing up for a secure email provider is a must. Encrypted services such as Protonmail or Tutanota are recommended. Never use your real name as an email address for sensitive user accounts, and be sure to use a unique email address for your email address that doesn’t match the password of any sensitive accounts.
Protonmail also offers a VPN or virtual private network service, that can mask a user’s IP address, further protecting privacy.
Never link your phone number to a cryptocurrency exchange platform in any way, as hackers have begun targeting users via SIM-swap attacks, gaining access to a user’s phone in order to intercept SMS-based two-factor authentication codes.
In fact, SMS-based two-factor shouldn’t be used at all, and Google Authenticator should be used on a separate, offline device, with any and all authentication codes backed up offline for safekeeping.
Related Reading | Crypto Hardware Wallets on Sale During Cyber Monday
Keeping crypto-assets off of exchanges in a cold storage wallet is also recommended, as even if hackers are able to gain access to your account data, there won’t be any crypto assets to steal. This also protects from the exchange itself from potentially being hacked, resulting in a loss of funds.
Always keep crypto assets offline in cold storage, never disclose how much cryptocurrency you are currently holding, and never invest more than you can afford to comfortably lose.
The post Bolster Your Personal Opsec With This Crypto Investor Checklist appeared first on NewsBTC.
Source: New

Ripple Moves Court to Dismiss XRP’s Securities Lawsuit, But Fails to Answer Questions

Ripple Moves Court to Dismiss XRP’s Securities Lawsuit, But Fails to Answer Questions
Ripple has recently moved to court making strong counter-allegations on one of the plaintiffs claiming XRP is a security. The company has filed a motion to dismiss the plaintiff’s claims.
Ripple Moves Court to Dismiss XRP’s Securities Lawsuit, But Fails to Answer Questions

Continue reading at Coinspeaker
Source: CoinSpeaker

Analyst Claims Almost 3,500 Successful Hacks on Non-Crypto Companies in 2019

Popular digital currency industry analysis Twitter account @Rhythmtrader states that almost 3,500 non-crypto companies have had their security breached so far this year. Well over a billion user accounts have been impacted by hackers.
Although difficult to verify (RhythmTrader rarely cites where the figures quoted are from), some of the biggest examples have impacted hundreds of millions of users. The ease with which even massive mainstream companies have been hacked should serve as a stark warning for all those choosing to store crypto via centralised methods.
Crypto Exchanges Aren’t the Only Ones that get Hacked, You Know?
Apart from volatility, one of the main fixations of the mainstream media with regards crypto assets has traditionally been exchange security compromises. There have been many huge examples of hackers making off with millions of dollars in the past. Even the biggest names eventually have their security breached and on many occasions users have been left out of pocket or the venues themselves have had to fork out to save face.
Such attacks have brought a lot of negative attention to the Bitcoin and wider crypto asset industry over the years. However, they are not unique to digital asset exchanges. One Twitter-based cryptocurrency analyst has argued that there are have been 3,494 security compromises against non-crypto “financial institutions” this year alone.
@Rhythmtrader’s Tweet below unfortunately does not say where it has sourced its data from. We therefore cannot be sure of the exact figure of successful cyber attacks this year.

There's been 3,494 successful cyberattacks against financial institutions this year alone.
Users affected in 2019:Capital One – 100 millionFirst American – 885 millionAMCA – 12 millionFacebook – 100+ millionAscension – 24 million
Anything centralized will be hacked.
— Rhythm (@Rhythmtrader) August 16, 2019

However, the six successful attacks mentioned account for well over a billion users across the different companies that fell victim to the security breaches. This has prompted @Rhythmtrader to conclude:
“Anything centralized will be hacked.”
Such a statement applies to centralised crypto asset exchanges as much as it does to financial institutions, social network providers, or any other company storing data about users on centralised servers. It should also serve as a reminder about the importance of secure private key management for crypto users.
Many popular Bitcoin proponents stress the importance of preserving your own monetary sovereignty by learning how to correctly use cold storage techniques. This might help reduce the number of exchange hacks. If there was considerably less cryptocurrency to steal, there would be much less incentive to launch an attack in the first place.
It’s not just security concerns that should make learning about private key management a priority for newcomers to crypto assets. The most innovative and potentially world-changing aspects of Bitcoin and other public blockchains can only be realised when users control their own private keys.
If your crypto assets are stored using a service that holds your private key for you, that service must submit any transaction to the network on your behalf. You can no longer transact without their permission. For many, being forced to request permission to transact would strip Bitcoin of all its revolutionary potential, rendering it a little more than a hellishly inefficient version of one of the many existing permissioned payment networks that have existed for decades now.
Related Reading: Scammer Demands 300 Bitcoin From Binance in KYC Data Ransom
Featured Image from Shutterstock.
The post Analyst Claims Almost 3,500 Successful Hacks on Non-Crypto Companies in 2019 appeared first on NewsBTC.
Source: New

Litecoin (LTC) Branded Tablets Released To Ensure Secure Storage of Cryptocurrency

Litecoin Foundation has introduced a crypto-tablet in collaboration with Cobo. Litecoin brand logo will be inscribed on the top of the tablet. The tablet can be used to secure recovery phrases for open source wallets.
The tablet offers a secure way of storing the cryptocurrency pass-phrases which are generally susceptible to theft and damage if not stored properly. The new tablets are developed with 6-series aluminum that is used on airplanes. Furthermore, it is not only water resistant but also acid and corrosion resistant.

Check out our collaboration w/ @CoboVault for our Litecoin-branded Cobo Tablet! Get yours for only $49.00 … 🔐💪⚡️
☑️ Secure your crypto on your own terms ☑️ Don't rely on paper storage for your seed/recovery phrases ☑️ Support the Litecoin Foundation!
— Litecoin Foundation (@LTCFoundation) May 3, 2019

The tablet supports 12, 18 and 24- seed/recovery phrases. The open-source wallets like Jaxx and Exodus and even cryptocurrencies like Ardor implement the recovery phrase mechanism which acts similar to a private address of the respective wallets; it is used to access and use the funds through the individual wallets.
Cobo is cryptocurrency hardware and software wallet manufacturers that aim to increase the feasibility and security in owning cryptocurrencies. Cobo offers a mobile wallet, cold storage wallet, and custodial services for institutional investors.
Litecoin, on the other hand, is one of the leading cryptocurrencies currently ranked at 5th w.r.t. total market capitalization. It is trading over 150% higher since the beginning of the year. The price of Litecoin [LTC] at 17: 00 Hours UTC on 3rd May 2019 is $79.54.
Moreover, the Litecoin Foundation’s collaboration with Cobo will benefit both the brands in increasing their global presence.
Do you think the recovery phrase security devices are essential for secure ownership of cryptocurrencies? Please share your views with us. 
The post Litecoin (LTC) Branded Tablets Released To Ensure Secure Storage of Cryptocurrency appeared first on Coingape.
Source: CoinGape

Bitcoin Cash: Schnorr Signatures to go live in two weeks on mainnet in an effort to increase privacy

Bitcoin Cash, the fourth largest cryptocurrency, announced that they will be implementing Schnorr Signatures in the next few weeks, which will theoretically improve the blockchain’s on-chain security and privacy.

The #BitcoinCash (BCH) network is ever-evolving to bring you a better global currency.
On 15th May, #SchnorrSignatures will be added during a scheduled network upgrade, offering greater security, increased privacy, and faster transactions!
— Bitcoin News (@BTCTN) May 1, 2019

Bitcoin has been struggling to scale and improve on privacy, which led developers to think of ways that will counter the shortcomings of Bitcoin. However, Bitcoin Cash has improved scalability and can settle transactions faster and more efficiently than its parent, Bitcoin.
Schnorr Signatures, in a broader context, is a method to aggregate all messages, public keys, and signatures of multiple transactions into a single one, instead of signing each transaction with its own signature, message and then sending it.
For improving the security and privacy of the blockchain, Schnorr Signatures will be implemented on the Bitcoin Cash blockchain on May 15.
The official announcement stated,
“On 15th May, the Bitcoin Cash (BCH) network will be upgraded. This hard fork will result in the introduction of an optional new way to sign your BCH transactions called Schnorr signature… Schnorr signatures will theoretically help to make your Bitcoin Cash transactions even more secure.”
The official announcement also added that smart contracts and multi-sig users will also see improved privacy after implementation. Further, a testnet has been launched, supporting Schnorr signatures, which can be used by developers to test the new feature prior to the official launch.
The post Bitcoin Cash: Schnorr Signatures to go live in two weeks on mainnet in an effort to increase privacy appeared first on AMBCrypto.
Source: AMB Crypto

Cryptocurrency Exchanges Targeted by Fake Photo Scam

Research indicates that large cryptocurrency exchanges are increasingly being targeted by scammers using doctored photographs to trick two-factor authentication reset procedures. The attack once again highlights the importance of securing one’s own private keys and not entrusting security to a third party exchange.
There is a market on dark web forums for doctored images and the rates to buy them are remarkably cheap. However, given that many large exchanges require multiple verification methods to reset a two-factor authentication, it remains to be seen just how effective the scam will be.
Cryptocurrency Exchanges are Still Not Safe Storage Options
Those cryptocurrency users choosing to leave their digital assets on centralised exchanges have a lot to be fearful of already. There is the ever-present risk of the site itself falling victim to a security comprise. Then there is the whole QuadrigaCX debacle, which appears to have been caused by either negligence on part of the now-deceased CEO or perhaps something more sinister altogether.
Add to these issues the risk of phishing attacks and potential mismanagement of company finances à la Mt. Gox and it is easy to see why almost every thought leader in the space advocates learning to secure your own digital assets.
The latest reported scam being used to defraud people out of their cryptocurrency holdings involves attempting to trick an exchange’s staff using altered photographs. The idea is to convince the exchange that a request to reset the often-mandatory two-factor authentication security process required to gain access to accounts is a legitimate one and is coming from the owner of the account.
Attempts to hack cryptocurrency exchange users’ account are getting more devious. However, this seems to lack the finesse of others.
Research by Hold Security and reported by Bank Info Security, states that there is a wealth of information relating to data fraud techniques on dark web hacking forums. Amongst these covert pages is around 10,000 doctored photographs, used for various verification techniques.
According to Alex Holden, the Chief Information Security Officer at Hold Security, an altered photograph will cost scammers around $50. Bank Info Security published an example of such a picture. It featured an anonymous individual holding up a passport and a note with the date and the words: “Reset 2FA”.
Those orchestrating the attack against cryptocurrency exchange users will submit a request to change the device used to obtain two-factor authentication codes. They will then provide a photograph that has been doctored to show information about the targeted user.
Since some exchanges do not require a customer to submit photographic identification when they sign up, Holden states that the doctored photographs will have had some success.
“Some companies have no ability to assert what their client looks like… It’s not like hackers publish success rates,” Holden says. “But because we know that [hackers who] we are monitoring are actually making money off of it, I’d say yeah.”
Largest Exchanges are Not Worried About Threat from Doctored Photographs
Of course, a lot of cryptocurrency exchanges do require new users to verify their identity with a government-issued document before trading on the platform. For this reason, many of the largest exchanges are not concerned about their users’ security – at least not from this attack. However, most were less-than-willing to talk about examples seen of scammers using fake photographs in such a manner.
A representative from Coinbase commented on the fact that the San Francisco-based exchange uses multiple levels of ID verification to reset account passwords and two-factor authentication. Similarly, Kraken stated that each ID verification picture must display a custom message and those users with the highest tier accounts will have already submitted photographic identification upon signing up for the upgrade.
Binance, meanwhile, reported that it had indeed seen examples of attempts to beat two-factor authentication using doctored photographs:
 “Unfortunately, we’re no stranger to these types of malicious attempts to gain access.”
However, a representative from the trading venue giant did go on to talk about its security procedures. The exchange requires users submit a set of photographs for resetting two-factor authentication, along with a “face verification” step using a webcam:
“Given the measures we currently have in place, I don’t believe this threat is something for Binance to be particularly worried about at the present time.”
Thanks to the heightened security at these massive cryptocurrency trading venues, it seems unlikely that many attempts to reset two-factor authentication will be successful. Even at smaller exchanges, users almost always need to send request emails from the address used at the time of registering for an account. From the crudeness of the attack detailed, the security precautions taken by both the targeted venue and individual user would need to be incredibly lax indeed for it to be successful.
Related Reading: MyEtherWallet Users Targeted with Phishing Email Scam
Featured Image from Shutterstock.
The post Cryptocurrency Exchanges Targeted by Fake Photo Scam appeared first on NewsBTC.
Source: New

Google Security Expert: Crypto is Like Catnip for Cyber Criminals

In response to increasing security concerns around SMS-based two-factor authentication (2FA) and the prominence of SIM-swapping schemes targeting crypto investors, Google last year released the Titan Security Key. The Titan Security Key enables advanced 2FA without the need to send a text message that could be intercepted by cyber criminals.
Google’s Head of Account Security Mark Risher, who helped develop the Titan Security Key, believes that crypto is like “catnip” for cyber criminals, and explains why the emerging asset class has become such a “hot target.”
Crypto Is a “Hot Target” For Cyber Criminals, Says Google Head of Security
2018 smashed all previous records for crypto-related thefts. While the bulk of the stolen cryptocurrencies are attributed to some prominent cryptocurrency exchange hacks, the rest of the stolen crypto resulted from phishing schemes, crypto giveaways scams, and a new issue involving attackers gaining access to a user’s mobile phone through SIM-card swapping.
One high-profile case involving early Bitcoin investor Michael Terpin filing a lawsuit against telecom company AT&T for their gross negligence that led to $224 million in crypto being stolen from Terpin. Cyber criminals impersonated Terpin to gain access to a SIM-card tied to his phone number, which was then used to send a text-message containing sensitive account information that led to the criminals gaining access to Terpin’s crypto wallets.
Related Reading | Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack
Terpin’s example proves that new methods – such as Google’s Authenticator App, Authy, or Google’s new Titan Security Key – are necessary to fight the growing problem.
But why target crypto investors? Google’s Head of Account Security Mark Risher, whose primary focus is around spam, phishing, and account security, says that “the instantaneous nature of it, the very, very low transaction fees, the frictionless nature of money moving around,” and “the pseudonymity” are key reasons that cyber criminals are targeting crypto investors in a big way.
“Cryptocurrency is like catnip for these attackers,” Risher added. He continued, explaining that cryptocurrency’s notorious price volatility could lead to its value doubling overnight, making investors in the new financial technology a “very hot target.”

How Can Crypto Users Protect Themselves From SIM-Swapping?
It has become increasingly clear that SMS-based 2FA solutions that protect most accounts are ineffective against preventing all attacks. And while as long as there is potential for human error, and no solutions will ever be 100% effective, cryptocurrency investors can take some key steps to protect themselves.
For one, never use SMS-based 2FA for securing cryptocurrency wallets or exchange accounts, or anything that has access to private keys or assets. Instead, use Google’s Authenticator app or Authy, which refreshes 2FA codes that can only be viewed in-app at regular intervals. Be sure to make backups of all of the QR codes to the accounts you have synced with Google Authenticator or there is risk of being permanently locked out of your own accounts.
Related Reading | Silicon Valley Execs Targeted in ‘SIM Swap’ Hacking, $1 Million in Crypto Stolen
Another commonly overlooked but highly recommended tip is to never publicly, or even privately, disclose your crypto holdings or that you are holding cryptocurrencies at all. Doing so could make you a target.
Finally, one could consider Google’s Titan Security Key. Risher says that having a Titan Key “physically present makes SMS a non-threat.”
“There’s no code that sends over the airwaves, nothing is sent to the telcos,” he added. “If your phone number has changed, we won’t even know as part of this flow, and if someone else has grabbed your phone number, they won’t have any higher credibility than a complete stranger.”
The post Google Security Expert: Crypto is Like Catnip for Cyber Criminals appeared first on NewsBTC.
Source: New

DigiCash founder talks about privacy and security in cryptocurrency and blockchain technology

In a Money 20-20 conference held on October 23, David Chaum, the founder of DigiCash, explained the need for privacy and how it has evolved over the years.
The Cypherpunk movement was set off by David Chaum with his anonymous digital cash and pseudonymous reputation systems described in his “Security without Identification: Transaction Systems to Make Big Brother Obsolete (1985).”
Chaum shared his thoughts on privacy and what it means to him. He stated that he started looking at possibilities to protect privacy way back in the 80s when he published “Achieving Electronic Privacy,” detailing how users could protect their information.
He further explained the reasons why anonymity matters and stresses the need for privacy meta-data and call protection. According to the article, records of purchase of goods, subscription to a magazine and tax information can all be linked into a single dossier on the users’ life without their knowledge.
Chaum stated that the aim of development of Digicash in the 90s was to bring a privacy-protected digital bearing instrument to the web. Digicash was an electronic money corporation that developed a software to make the electronic payments untraceable by the issuing bank, government or third parties. He added: 
“In those days it was unclear whether the democratic distributed nature of the web and internet will prevail and dominate the telecom industry and the banks as well. And now we see how its more centralized collaborative distributed mechanism.”
He went on to explain the reason he was looking forward to e-cash’s success which was issued by Deutsche Bank. E-cash, he said, was a really “big thing” in those days which provided a much-needed traction for the start of the digital era.
He also expresses optimism on digital currencies. He says that “privacy”, “distributedness” and “security” are the building blocks of cryptocurrencies.
Furthermore, he spoke about a new type of cryptography that he had developed over the years for his cryptocurrency project “Elixir” which has reportedly made a “breakthrough in blockchain technology adoption” and can handle thousands of transactions per second.
The post DigiCash founder talks about privacy and security in cryptocurrency and blockchain technology appeared first on AMBCrypto.
Source: AMB Crypto

IOTA to power biometric system which verifies users’ identity using palm veins

IOTA foundation recently announced that it is planning to power a biometric authentication system that will use users’ palm vein pattern to authenticate their identity.
The proposed system will use an open source digital ledger of technology called Tangle, developed by IOTA. The new system will be called IAMPASS Proof of Concept.
The system creates a distinctive and verifiable identity for each user after scanning their palm vein pattern. This helps each individual to enable audit trails for accessing high-security platforms, secure identification and asset management. The system can also work in coordination with permissioned facilities, including “smart car charging platforms”.
Once the system is implemented, consumers will be able to manage their accounts, control their data and thwart identity theft by using the foundation’s biometric identifier.
The proposed system will use an open source digital ledger of technology called Tangle, developed by IOTA. | Source: Twitter
Dominick Schiener, the co-founder of IOTA foundation, said that the system was made to tackle some of the biggest problems affecting the cryptocurrency space, including identity theft, and effective authentication methods. He said:
“This is why we are excited about IAMPASS Proof of Concept, which uses the IOTA permission-less distributed ledger to make identity not only portable, but also give users assess and ownership over their own data. With the maturation of identity solutions like these, we will see the IOTA ecosystem providing a key technical puzzle piece for the adoption of distributed ledgers.”
Toan Nguyen, the director of business development and cloud platform, said that Tangle’s unique design helps firms amalgamate digital identity security and personal data. He added that it is crucial for the cryptocurrency space as both the entities are crucially intertwined.
He said:
“Together, we expect the IOTA ecosystem and IAMPASS to help drive the next phase of digital identity management for high secure environments like data centers and in the smart city.”
IOTA has been very active in developing identity solutions for a plethora of clientele. IAMPASS is the newest addition to their pool of products.
The post IOTA to power biometric system which verifies users’ identity using palm veins appeared first on AMBCrypto.
Source: AMB Crypto

Cyber Criminals Are Finding Ways To Steal Your Cryptos

You stored your Bitcoin private keys (CRYPTO: BTC) in a safety deposit box so you should be good, right? Not so fast. Criminals are getting more manipulative in how they access your cryptos.
Hacked Browsers Can Steal Your Passwords
This week, a Google Chrome extension for file-sharing service MEGA was hacked by cyber criminals who are potentially stealing private keys and login passwords, among other information. The compromised extension is able to monitor and retrieve sensitive information that are saved on Google Chrome.
Continue reading Cyber Criminals Are Finding Ways To Steal Your Cryptos at Crypto Daily™.
Source: Crypto Daily