1. Home
  2. Cold Storage

Cold Storage

Bingx Hit With $52 Million Hack, Lazarus Group Suspected

Bingx Hit With  Million Hack, Lazarus Group SuspectedAsian crypto exchange Bingx suffered a hacking attack, leading to a suspension of withdrawals and an estimated loss of $52 million. Bingx claims the stolen amount is minimal because it primarily stores users’ assets in cold wallets, which were not targeted by the hackers. A security firm believes a North Korea-linked hacking group, Lazarus Group, […]

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

First ‘Bitcoin Diploma’ Recipients Graduate From El Salvador’s New BTC Education Program

First ‘Bitcoin Diploma’ Recipients Graduate From El Salvador’s New BTC Education Program

El Salvador is handing out the first-ever batch of “Bitcoin Diplomas” as students graduate from the nation’s cutting-edge Bitcoin (BTC) education program. According to El Salvador’s Mi Primer Bitcoin, earlier this week, students completed a 10-week-long educational program, which teaches children the history and technology behind the top crypto asset by market cap for free. […]

The post First ‘Bitcoin Diploma’ Recipients Graduate From El Salvador’s New BTC Education Program appeared first on The Daily Hodl.

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

El Salvador President Says Country Moving Bitcoin Into Cold Storage Amid Daily One BTC Investment Plan

El Salvador President Says Country Moving Bitcoin Into Cold Storage Amid Daily One BTC Investment Plan

The President of El Salvador says that the country is now moving its Bitcoin (BTC) stash into cold storage. In a new thread on the social media platform X, President Nayib Bukele says El Salvador will create a Bitcoin “piggy bank” and continue to implement its plan of accumulating one BTC per day. “We’ve decided to […]

The post El Salvador President Says Country Moving Bitcoin Into Cold Storage Amid Daily One BTC Investment Plan appeared first on The Daily Hodl.

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

Chinese State Media Warns Corrupt Officials May Be Using Cold Storage Crypto To Avoid Investigation: Report

Chinese State Media Warns Corrupt Officials May Be Using Cold Storage Crypto To Avoid Investigation: Report

A Chinese state-owned newspaper has warned that corrupt officials could be funneling crypto into cold storage to avoid investigations. Legal Daily, a media outlet directly under the control of the Chinese Communist Party (CCP), notes in a new report that experts at the China Integrity and Legal Research Association’s 2023 annual meeting drew attention to […]

The post Chinese State Media Warns Corrupt Officials May Be Using Cold Storage Crypto To Avoid Investigation: Report appeared first on The Daily Hodl.

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

IBM unveils new air-gapped cold storage solution for digital assets

The new system works a lot like a time delay safe for digital assets with a policy engine to broker communications.

IBM announced the launch of IBM Hyper Protect Offline Signing Orchestrator (OSO), an air-gapped cold storage solution for digital assets, on Dec.

Working with digital asset manager Metaco, an IBM partner and Ripple subsidiary, and tier-1 banks, IBM developed the end-to-end asset encryption service to address common vulnerabilities found in typical cold storage solutions.

Per an IBM blog post:

“When it comes to offline or physically air-gapped cold storage, there are limitations, including privileged administrator access, operational costs and errors and the inability to truly scale. All these limitations are due to one underlying factor—human interaction.”

Cold storage

IBM designed OSO to address these vulnerabilities by removing the manual functions of initiating and conducting transactions.

This, according to the blog post and accompanying research, prevents most common forms of insider attack including physical access, administrative manipulation, and coercion attacks.

Further ensuring OSO’s resilience to attack, digital assets can be placed in “air-gapped” storage container.

Securing blockchain transactions

Administrators managing cold storage solutions in a typical air-gapped paradigm usually have to hand-carry physical storage devices such as laptops or USB drives to offline hardware in order to sign transactions.

Read more

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

Crypto wallet with zero connectivity: NGRAVE joins Cointelegraph Accelerator

NGRAVE, a digital asset security provider, offers user-friendly, self-custody solutions that combine offline key creation with advanced recovery options for crypto users.

Cryptocurrencies are digital-only assets that investors can delegate custody to a third party, such as an exchange, store in hot wallets, or rely on their own hardware wallets. Security concerns with online solutions and third-party risks (not your keys, not your coins) have increased the need for crypto investors to find offline, easy-to-use solutions to securely manage their crypto assets. This demand, along with a growing awareness of self-custody, is driving the expansion of the hardware wallet market, which is expected to reach 3.6 billion by 2031.

However, hardware wallet manufacturers need to overcome several challenges to compete effectively with software-based Web3 wallets. Unlike their software counterparts, hardware wallets require an upfront purchase and can be complex to use, especially for beginners. Additionally, like any physical wallet, hardware wallets are vulnerable to real-world security risks such as theft or structural damage — just like any physical wallet.

However, a well-designed hardware wallet can improve security without compromising accessibility. This is where NGRAVE, a digital asset security provider, steps in. The team believes that achieving air-gapped protection for cryptocurrency storage necessitates 100% offline usability, which hardware wallets and anti-tampering measures can provide. This means not having any connectivity like Bluetooth, NFC, WiFi or even USB to completely eliminate any hack or malware attempts.

NGRAVE applied this approach to its flagship product, the NGRAVE ZERO hardware wallet. As a fully offline wallet, ZERO only communicates with the outside world through verifiable QR codes. The device has a 4” touchscreen to help users create keys, manage wallets and sign transactions directly through ZERO’s swipe-and-tap user-friendly interface.

NGRAVE ZERO features its own interface for simple management of crypto assets. Source: NGRAVE

NGRAVE ZERO features its own interface for simple management of crypto assets. Source: NGRAVE

The anti-tampering protection protects the hardware wallet against physical damage and attacks, while the EAL7 certificate — one of the highest security levels in the blockchain and finance industry — ensures the keys stored on ZERO are safe against digital attacks.

The NGRAVE team is on a mission to help people “safeguard their wealth, so they are free to live the life they want.” Their security-first approach led to an end-to-end solution that combines security with ease of use. NGRAVE is currently raising a Series A round of funding.

The premise of a fully offline hardware wallet and the potential of NGRAVE’s tiered product line helped the team to get a seat at the Cointelegraph Accelerator — a program designed to boost promising Web3 and crypto startups. Down the line, NGRAVE plans to add more coins to its growing list of supported crypto assets and offer other wallet solutions that bridge the security of offline use and the flexibility of online connectivity. The team is also working on integration with Trust Wallet, MetaMask and other hot wallets, bringing passphrase support to its products as well as a portfolio tracking feature.

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

Casa launches multi-signature Ethereum self-custody vault

Casa has added Etheruem support to its self-custody storage solutions, providing multi-signature security for BTC and ETH.

Since its inception in 2016, Casa promoted multi-signature self-custody of BTC in the industry with its flagship Bitcoin vault allowing users to store the cryptocurrency using up to five keys for more distributed security.

Casa's service originally catered to Bitcoin 'whales' that were willing to spend $10,000 a year on custody, before opening its service to a broader base of Bitcoin users. The company has now added an Ethereum vault to its platform, with ETH holders also able to use up to five keys to secure their holdings.

According to Casa CEO Nick Neuman, the fact that Bitcoin and Ethereum operate as completely different protocols, the industry had not yet built a security solution that accommodates both on the same platform aside from various hardware wallet models.

The firm is also engaging with users over the potential of adding self-custody support for various ETH-related assets including nonfungible tokens (NFTs), stablecoins and ERC-20 tokens.

As previously reported by Cointelegraph, Casa co-founder and chief technical officer Jameson Lopp highlighted increasing calls for a multi-signature ETH self-custody from its users and the wider cryptocurrency community.

Driven by a number of high profile collapses of major exchanges like FTX, Casa announced its intent to launch ETH storage solution given that many users not only lost access to ETH but their Ethereum-based stablecoins and other ERC tokens.

Related: Ledger CEO says crypto key recovery service makes self-custody easier

Hackers wrought havoc within the web3 space in 2022, with billions of dollars stolen through decentralized finance bridge hacks and smart contract exploits. It’s a point that Neuman highlighted when Casa announced its plans for ETH storage on its platform, with a multitude of hacks across the ‘web3/crypto space due to poor private key management.’

Cryptocurrency self-custody platform Casa has rolled out support for Ethereum (ETH) storage, touting its support for multi-signature Bitcoin (BTC) and ETH self-storage as a first in the industry.

In an interview with Cointelegraph journalist Joe Hall, Lopp stressed the importance of making self-custody solutions more accessible and easier to use to give users full control of their assets and peace of mind managing the associated responsibilities.

Industry experts have also suggested that its difficult to estimate the amount of BTC currently held in self-custody wallets.

Magazine: Ordinals turned Bitcoin into a worse version of Ethereum: Can we fix it?

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

Ethereum users are increasingly demanding self-custody: Casa CTO

Security expert Jameson Lopp said some users lost Ethereum tokens because of the lack of a secure storage method.

The demand for Ethereum self-custody solutions is growing, according to Jameson Lopp, co-founder and chief technology officer of Bitcoin wallet provider Casa. In a conversation with Cointelegraph at Bitcoin 2023, Lopp stated that Casa has found it necessary to provide Ethereum support due to the increased number of Ethereum users seeking the service.

Incidents like the collapse of FTX in 2022 have raised awareness of the need for a secure way to store Ethereum and Ethereum tokens such as stablecoins, Lopp said:

“I’ve actually spoken to Casa clients who suffered losses as a result of some of the collapses last year. Those that kept their Bitcoin in Casa did well, but some of them ended up losing other things — even stablecoins, for example — because they didn’t have a way to put those into a distributed cold-storage setup.”

In order to respond to this problem, Casa announced in December that it would be adding Ethereum support. This decision was “controversial for some,” Lopp said, referring to criticism of it from Bitcoin enthusiasts on social media. However, the company went forward with the plan anyway because its clients demanded it.

According to Lopp, users still perceive self-custody as having a daunting “learning curve.” Although setting up a wallet and sending crypto to it is easy, practicing the proper security habits can be complex, making clients feel that self-custody is difficult.

“It certainly can be intimidating if you start by looking at all of the literature around how to do security,” he said. But “we’re baking all of those best practices into the product itself so that you follow the directions of our software, and it puts you into the position where […] you can be human, you can make a mistake, and it won’t result in a catastrophic loss.”

Lopp described the Casa service itself as an “extreme-security cold-storage setup with distributed keys.” It originally targeted “mega-whales” willing to spend $10,000 a year on custody but has expanded its offerings to the point where it even offers a free version with limited features today.

Related: How to use a crypto hardware wallet

The concept of crypto self-custody began with the very first Bitcoin wallet, BitcoinQT, developed by Satoshi himself. However, as the crypto user base has grown, many new users have preferred to keep their crypto under the control of centralized exchanges, despite many experts arguing that this practice is risky. Some wallet providers are attempting to solve this problem through new tech that they say will make self-custody simpler and will entice more users to take control of their crypto assets.

Portions of this story were based on an interview with Jameson Lopp conducted by Sam Bourgi at Bitcoin 2023.

Magazine: Ordinals turned Bitcoin into a worse version of Ethereum

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

I run a Ledger competitor — but I support them in blow-up over keys

Ledger’s latest update — aimed at making private seed phrases on its wallets recoverable — was simply an attempt to innovate and improve user security.

It’s counterintuitive for a CEO to defend a competitor, particularly when that competitor is rolling out a feature similar to one we pioneered years ago. But given the debacle around Ledger’s new “Ledger Recover” feature, it’s time to provide a balanced perspective.

The company is under fire for releasing an update to its wallet firmware that allows it to send a version of the wallet seed phrase to third parties. But the outrage feels out of proportion. The perception that Ledger is carelessly “sending seed phrases to a server” is fundamentally misinformed. Let’s be clear: The new system is opt-in only. There is no forced participation or hidden backdoor. The seed is locally split into three encrypted shards using Shamir Secret Sharing, a well-respected cryptographic process, and sent encrypted, a practice the industry has been familiar with for years.

One of the corporations hosting the shards is EscrowTech, a company we brought into the crypto sector four years ago. I’m confident that Ledger, despite our rivalry, can successfully implement a system that matches its claims. They’ve shown commitment and seriousness in the past, and there is no reason to expect otherwise now.

In the face of backlash, it’s essential to remember: If you don’t like it, don’t use it. Period.

We have always strived to provide an upgrade to such systems, but for those who choose to stick with seed phrases, Ledger Recover is undeniably a step forward. I’m giving credit to Ledger where it is due: To truly onboard billions, and move assets to our self-custodial universe, Ledger Recover is a potential solution. Securely encrypted secrets stored in the cloud are the future, not pieces of paper or steel plates stored under your mattress or worse in a bank vault (the irony…)!

Related: Elizabeth Warren is pushing the Senate to ban your crypto wallet

That being said, there are a few things Ledger got wrong. Their suggested solution identifies a fundamental problem that cannot be fixed by Ledger Recover: seed phrases. I dislike them and consider them outdated and unfit for personal security. An estimated $100 billion in Bitcoin (BTC) (alone) has been lost or stolen in the last decade because of seed phrase mismanagement. And it’s not getting any better: Every day, new stories of key misplacement and loss appear on forums, such as Reddit and Twitter.

Seed phrases represent a single point of failure, which puts too much burden on the user and is prone to human error, phishing attacks, account takeovers and so many more disasters. Multiparty computation (MPC) wallets and other battle-tested cryptographic techniques offer vastly superior trade-offs where seed-based approaches seem archaic in today’s rapidly advancing digital landscape.

Ledger’s current users, mostly hardcore crypto enthusiasts, feel betrayed, but the existing seed model simply doesn’t work for everyone. Even Ledger acknowledged it on its own website.

Beyond ignoring the fundamental seed phrase vulnerability, Ledger Recover itself has its own share of issues: The one-way firmware update, the closed-source sharding, the Know Your Customer (KYC) gating, the pay-to-recover scheme and, most of all, the “trust me this is opt-in only” without ways to verify the source code. The closed code, dependence on external custodians and the seven-day cut-off if payment ceases will absolutely surface more questions (and already has).

The introduction of Ledger Recover might also invite new attack vectors on and off systems: From local malware to government coercion, social engineering (already deployed at scale in their last e-commerce breach) and fake KYC recovery, which need to be addressed. Lastly, Ledger’s communications and timing could have been better articulated and managed to avoid the current uproar.

Related: Cryptocurrency miners are leading the next stage of AI

However, this doesn’t take away from the fact that they are trying to innovate and improve user security, albeit in a different way than we might.

To Ledger, I suggest providing a comprehensive demo video end-to-end, a documented white paper with possible third-party audit reports, and a thorough explanation of how Ledger Recover works. The FAQs leave questions unanswered, and customers are left guessing or misinterpreting the service. The community thought they could trust you blindly, but you need to earn this back after this episode.

This is not a clear-cut case of right or wrong. Ledger is making strides in the right direction and has built a remarkable track record in an incredibly hostile environment — we know that first-hand. But they also have room to learn and improve.

Imposing a new security path, even optional, is like asking to believe in a second religion you did not choose in the first place. It’s a divisive issue, certainly, but it’s vital for the crypto community to focus on facts rather than interpretations. Eventually, our words here (or on social media) will not matter, and people will vote with their dollars (I mean their crypto). As competitors, we may not agree on every detail, but we can all agree on the need for innovation, security and transparency.

Ouriel Ohayon is a co-founder and the CEO of ZenGo, a consumer MPC wallet established in 2018. He’s a former executive at ICQ/AOL; the founder of TechCrunch France (sold to AOL); and the founder rof Isai.fr, a leading French VC. He was general manager of the Gemini’s internet lab and Lightspeed Ventures.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum

Binance self-custody wallet launches crypto-to-fiat off-ramp

Trust Wallet has partnered with MoonPay and Ramp to allow customers to convert their crypto to fiat without using any centralized exchange.

Trust Wallet, the noncustodial and multichain crypto wallet, has partnered with Ramp and MoonPay to introduce seamless crypto-to-fiat withdrawals for its users. The partnership will allow wallet users to convert crypto to fiat directly within the wallet app.

The feature eliminates the need for transferring funds to a centralized wallet to liquidate or convert to fiat. With the help of this new functionality, users may now enter and exit the cryptocurrency market totally through their self-custody wallet and take complete control of their cryptocurrency funds.

Cash out window. Source: Trust Wallet

The crypto-to-fiat conversion feature comes when centralized exchanges and even peer-to-peer platforms are shutting down. The latest to shut up shop is Paxful, a popular P2P global exchange that announced its closure on April 4, citing regulatory challenges and staff shortages.

Trust Wallet’s head of product, Eric Chang, said that the off-ramp feature would prove to be a boon for customers, especially at a time when the market is turbulent, and crypto platforms are under heavy scrutiny over managing customers’ funds.

Trust Wallet is the official cryptocurrency wallet of Binance. It offers access to 65 different blockchains and boasts a customer base of 60 million users. The wallet also gives users access to decentralized applications (DApps), enabling them to communicate with DApps on any supported blockchain. Some of its key features include buying, staking, trading and storing various cryptocurrencies.

However, Trust Wallet is not a cold wallet or hardware wallet, where it remains offline until given access by the users. Trust Wallet works as a hot wallet as long as there’s an internet connection. The wallet can be accessed via a secure connection online. While this feature was intended to help users, it proved to be a disaster for the co-founder of the Web3 metaverse game engine “Webaverse,” who lost $4 million from his Trust Wallet.

2021 Bull Run Déjà Vu? Altcoin Market Gains Momentum