1. Home
  2. hot wallet

hot wallet

Bingx Hit With $52 Million Hack, Lazarus Group Suspected

Bingx Hit With  Million Hack, Lazarus Group SuspectedAsian crypto exchange Bingx suffered a hacking attack, leading to a suspension of withdrawals and an estimated loss of $52 million. Bingx claims the stolen amount is minimal because it primarily stores users’ assets in cold wallets, which were not targeted by the hackers. A security firm believes a North Korea-linked hacking group, Lazarus Group, […]

PancakeSwap launches Telegram Swap Bot for crypto trading access

Germany’s Information Security Office champions hardware wallets

According to a recent Chainalysis report, thefts resulting from crypto hacks and exploits have totaled $1.58 billion in 2024.

In an Aug. 16 LinkedIn post, Germany’s Federal Office for Information Security, also known as BSI, explained the best practices for crypto storage and ultimately told users that a crypto hardware wallet was the most secure way to store private keys.

The post began with exchange-linked wallets, also known as “hot” wallets, and explained that while keeping crypto in an exchange wallet may be convenient for the end-user, it is also the least secure way of storing keys. This is because these wallets are always connected to the internet, creating an attractive target for hackers.

Next were self-custodial wallets on a user’s computer or smartphone. While this colder storage method is safer than keeping crypto on exchanges and allows users to control their keys, self-custodial wallet applications still suffer from “security gaps,” according to the BSI.

Read more

PancakeSwap launches Telegram Swap Bot for crypto trading access

Switching from MetaMask? Here are 5 alternative crypto wallets

Which cryptocurrency wallets are good alternatives to MetaMask?

Since the inception of cryptocurrencies, a plethora of crypto wallets have emerged, with one of the most popular being the MetaMask browser extension wallet from software technology firm Consensys. 

Launched in 2016, MetaMask is now the most popular wallet for interacting with decentralized finance (DeFi).

MetaMask owes much of its popularity to its ease of use and wide range of functionalities.

Read more

PancakeSwap launches Telegram Swap Bot for crypto trading access

Where to store your crypto: Wallets provide diverse options for holders

Choosing a crypto wallet can be intimidating for newcomers. Which wallet is the easiest to use and the safest for storing digital assets?

Being in control of your own assets — having total freedom of how and to whom they are sent — is a foundational tenant of cryptocurrencies. 

Today, over 10,000 cryptocurrencies exist on a multitude of blockchains. With the increased adoption and proliferation of digital assets, crypto users have more options than ever regarding how they store their assets.

However, there are trade-offs to consider: Hot wallets, those connected to the internet, are convenient for making frequent transactions but are more susceptible to hacks.

Read more

PancakeSwap launches Telegram Swap Bot for crypto trading access

Trust the best strategy in crypto bear market — Trust Wallet CEO

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen to talk about how Web3 can become a better experience for everyone.

Bringing the global crypto and blockchain communities together in Istanbul, Turkey, the Binance Blockchain Week 2023 was a clear indicator that the Web3 ecosystem continues to grow regardless of price movements. 

Despite being a Binance event, the conference housed several key players from the crypto industry.

Among them was Trust Wallet, a decentralized Web3 wallet provider acquired by Binance back in 2018. Since its acquisition, Trust Wallet has been widely seen as “the wallet arm of Binance.” This is why the Binance Blockchain Week visitors were caught off-guard when the crypto exchange announced its own Web3 wallet.

Trust Wallet CEO Eowyn Chen — a former vice president at Binance — clarified that “Binance focuses on the centralized, while Trust Wallet works toward the decentralized ecosystem,” adding that Trust Wallet has a neutrality that can serve and partner with anyone in the crypto industry.

“We think that keeping that independence and distance is the best way to keep the culture and the talents running for its own mission.”

Trust Wallet was born in 2017 during the initial coin offering craze due to the need for an accessible mobile wallet, Chen said.

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen during Binance Blockchain Week Istanbul. Source: Cointelegraph

“Recently, we became a sister company of Binance rather than operating under Binance because we can have a better playing field,” Chen explained.

“Scammers provide better customer support”

Compared to fixing the user experience, solving the security issues across Web3 is trickier, according to Chen.

Read more

PancakeSwap launches Telegram Swap Bot for crypto trading access

Crypto exchange Upbit targeted by hackers 159K times in H1: Report

The figure is more than double recorded in the first half of 2022 and a massive 1,800% increase from the same period in 2020, according to Dunamu.

South Korean cryptocurrency exchange Upbit has been targeted by hackers on more than 159,000 occasions in the first half of 2023, according to its operating firm.

The figures were reported by Dunamu — the firm that owns and operates Upbit — to South Korean Representative Park Seong-jung of the People Power Party, according to an Oct. 9 report by the South Korea-based Yonhap News Agency.

The report shows a 117% increase from the first half of 2022 and a whopping 1,800% increase from the first half of 2020.

Upbit is one of South Korea’s largest cryptocurrency exchanges, with a 24-hour trading volume of around $1.2 billion, according to CoinGecko. Other major exchanges include Bithumb, Coinone and Gopax.

To counter hacking attempts and strengthen security, Dunamu said Upbit increased the proportion of funds it holds in cold wallets to 70%. Upbit also upped its security measures for funds held in hot wallets.

Hot wallets tend to be hacked more often than cold wallets because their private keys are stored online, unlike the former, where the keys are stored offline on external hard drives and USBs.

Upbit suffered a $50 million exploit in 2019. But since then, Upbit hasn’t suffered a single security breach, a Dunamu spokesperson told Yonhap.

“After the hacking incident in 2019, we took various measures to prevent recurrence, such as distributing hot wallets and operating them, and to date, not a single cyber breach has occurred.“

However, Upbit had to halt Aptos token services in late September after the platform failed to recognize a fake token, “ClaimAPTGift.com,” which reached 400,000 Aptos (APT) wallets.

Seong-jung acknowledged that cryptocurrency hacks have increased across the board but called on the South Korean government to take more action:

“The Ministry of Science and Technology must conduct large-scale whitewashing mock tests and investigate information security conditions in preparation for cyber attacks against virtual asset exchanges where hacking attempts are frequent.”

“The role of the Ministry of Science and ICT in managing and supervising them is ambiguous,” Seong-jung added.

Cointelegraph reached out to Upbit for comment but did not receive an immediate response.

Related: CoinEx exchange drained of $27M worth of crypto in suspected hack

Meanwhile, crypto exchanges have been targeted in a string of attacks in September.

Hong Kong-based exchange CoinEx suffered a $70 million hack in September after one of the firm’s private keys was compromised. The firm stated that affected users will be compensated for any lost funds.

In a separate attack, Huobi Global’s HTX exchange lost $7.9 million in a Sept. 24 exploit.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

PancakeSwap launches Telegram Swap Bot for crypto trading access

CoinEx hack – compromised private keys led to $70M theft

CoinEx confirms that compromised private keys gave hackers access to hot wallets, leading to $70 million hack.

Hong Kong-based cryptocurrency exchange CoinEx has revealed that compromised private keys allowed hackers to steal over $70 million of tokens, while the team looks to open lines of communication to claw back funds.

CoinEx representatives unpacked the finer details of their continuing investigation to Cointelegraph as the team works to build and deploy a new wallet architecture to restore impacted users and functionality of the platform.

Despite an estimated $70 million worth of cryptocurrency being stolen from the platform, the exchange claims this amount represents a small percentage of its total assets under management. CoinEx stated that affected users will be compensated entirely for any lost funds.

CoinEx said that it was still investigating the identity of those responsible for the security breach, which handful of blockchain security firms are attributing to to North Korean “Lazarus Group” hackers.

“Additionally, we have opened communication channels to the hackers in hopes of proactive engagement toward a mutually agreeable resolution.”

The exchange explained that a preliminary investigation pinned the root cause to a compromised private key for its hot wallets. These were used to store exchange assets for carrying out deposits and withdrawals.

Related: New York bans CoinEx exchange, seizes $1.7M in crypto assets

CoinEx suspended its withdrawal service to avoid further losses, patched system vulnerabilities and transferred remaining assets from the affected hot wallets. The exchange told Cointelegraph that it expects to resume withdrawals progressively within 7 working days.

“Our team is currently focused on building and deploying an entirely new and robust wallet system to handle activities within the 211 chains and 737 assets.”

As Cointelegraph initially reported, CoinEx first flagged “anomalous withdrawals” from one of its hot wallets on Sept. 12, beginning with a transfer of 4,947 Ether (ETH). The hackers then began to withdraw large amounts of other tokens to the same address.

The value of stolen funds was first estimated at $27 million but has doubled in the week following the incident.

North Korean hackers have preyed on the cryptocurrency space for the past few years and have been responsible for the largest thefts in the space to date. The 2022 Axie Infinity Ronin Bridge hack alone saw over $650 million stolen.

Blockchain analytics firm Chainalysis estimates that North Korean hackers have stolen around $340 million of cryptocurrency in 2023. This number is now expected to rise with attributions made to the CoinEx hack as well a $41 million hack of cryptocurrency gambling platform Stake on Sept. 4.

Magazine: Web3 Gamer: PUBG devs’ Web3 project, Animoca’s $20M raise, Shardbound review

PancakeSwap launches Telegram Swap Bot for crypto trading access

Crypto exchange Bitrue suffers $23M hack due to hot wallet exploit

Bitrue executives promised to fully compensate all the identified users affected by the hot wallet hack that accounted for 5% of all funds on the exchange.

Bitrue cryptocurrency exchange has suffered a hot wallet exploit, allowing attackers to withdraw various crypto assets worth nearly $23 million.

Announcing the news on April 14, Bitrue said that it had to temporarily suspend all withdrawals due to a “brief exploit” of its hot wallet. The firm expects to reopen withdrawals on April 18, 2023, after conducting additional security checks.

Bitrue stressed that it was able to address the matter quickly, which allowed the platform to prevent the further draining of funds. “We take this matter seriously and are currently investigating the situation,” Bitrue stated, adding that the affected hot wallet only accounted for less than 5% of the exchange’s overall funds. The firm wrote:

“The rest of our wallets continue to remain secure and have not been compromised. We are conducting a thorough security review and will update you as we make progress.”

Bitrue executives promised to fully compensate all the identified users affected by the incident. According to the announcement, the affected currencies on the exploited hot wallet included Ether (ETH), Shiba Inu (SHIB), Quant (QNT), Gala (GALA), Holo (HOT) and Polygon (MATIC).

Related: South Korean crypto exchange GDAC hacked for nearly $14M

PancakeSwap launches Telegram Swap Bot for crypto trading access

Metamask addresses privacy concerns with new features for enhanced control

The new features allow a user to manage which servers are able to receive their IP address.

Web3 wallet app Metamask has introduced a number of new features aimed at enhancing privacy and giving users more control, according to a March 14 blog post by the developer. The new features come after Metamask had previously been criticized for allegedly intruding on users’ privacy.

Previously, Metamask used its Infura RPC node to connect to Ethereum automatically, whenever a user first set up the wallet. Although the user could change the settings later, this still meant that the user’s public address was transmitted to Infura before they had a chance to change their node, according to a report from Ethereum node operator Chase Wright.

Infura is owned by Metamask’s parent company, Consensys.

Under the new version of Metamask extension, labeled “10.25.0,” users are prompted with the option to use an “advanced configuration” during setup. Choosing this option reveals a number of settings that can be configured, including one that allows the user to choose a different RPC node than the default Infura one.

In addition to letting the user enter their own node details, the “advanced configuration” dialogue box also allows them to turn off incoming transactions, phishing detection, and enhanced token detection. These features require data to be sent to third-parties such as Etherscan and jsDeliver, according to the app’s UI. Users concerned about privacy can now turn off these features during setup if they want to.

According to the post, the new mobile version of Metamask also includes privacy enhancements. Previously, the app did not allow users to connect one account to a Web3 app while leaving another account disconnected. The user only had the option of connecting all of them or none at all.

However, the new version allows users to select which particular accounts they want to connect to an app, without disclosing the other addresses they control.

In its post, Metamask stated that it has always intended to preserve privacy for users and that it believes these new features align with these values, stating:

“Data exploitation goes against MetaMask core values. Instead, we believe in equipping our community with the founding principles that guide our development—true ownership and privacy[…]We are committed to protecting the privacy of our users so that you will not, and ultimately, cannot be exploited by yet another centralized entity.”

On November 23, Metamask became heavily criticized in the crypto community for releasing a privacy policy that stated it would collect IP addresses from users. Consensys responded to the criticism on Nov. 24 by saying that RPC nodes have always collected IP addresses and that the substance of the privacy policy was not new, although the language used in it had changed. On Dec. 6, Consensys announced that IP addresses collected through Infura would no longer be stored for more than 7 days.

PancakeSwap launches Telegram Swap Bot for crypto trading access

How to keep your crypto safe in 2023: a few tips from an analyst

Lead on-chain analyst at Glassnode, James Check, explains why taking self-custody of your private keys has become more important than ever and how to do it in a few simple steps.

There is no excuse for not putting a few hours of research into how to properly custody your crypto, according to lead on-chain analyst James Check. Joining the latest debate around self-custody, the analyst pushed back against the notion that managing private keys is too complicated and risky for the average crypto user. 

“If you have gold in your vault, if you have cash in your wallet, it's the same concept: you need to exercise a level of responsibility,” said Check in our latest Cointelegraph interview.

Check argued that, while third-party custody and semi-custodial solutions such as collaborative custody may appear more user-friendly for the average user, they also have their own, even bigger, vectors of risks.

To the analyst, when it comes to custody "there are no solutions, only trade-offs." His position is that being in full control of your own crypto and eliminating the third-party risk is well worth the effort of learning how to keep your wallet's 12 word seed phrase safe.

Cast your vote now!

Ultimately, Check pointed out that the amount of time and effort someone should put into learning self-custody should be scaled proportionally to the size of thei holdings. 

“If you're not willing to put more than 5 minutes into it, then don't put more than $5 into it. If you're willing to do 100 hours now, you can start talking about doing your significant sums of savings,” he said. 

To find out more about Check's approach to self-custody, check out the full interview on our YouTube channel and subscribe!

PancakeSwap launches Telegram Swap Bot for crypto trading access