Where to store your crypto: Wallets provide diverse options for holders

May 5, 2024 Coin Telegraph

Trust the best strategy in crypto bear market — Trust Wallet CEO

December 4, 2023 Coin Telegraph

Binance

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen to talk about how Web3 can become a better experience for everyone.

Bringing the global crypto and blockchain communities together in Istanbul, Turkey, the Binance Blockchain Week 2023 was a clear indicator that the Web3 ecosystem continues to grow regardless of price movements.

Despite being a Binance event, the conference housed several key players from the crypto industry.

Among them was Trust Wallet, a decentralized Web3 wallet provider acquired by Binance back in 2018. Since its acquisition, Trust Wallet has been widely seen as “the wallet arm of Binance.” This is why the Binance Blockchain Week visitors were caught off-guard when the crypto exchange announced its own Web3 wallet.

Trust Wallet CEO Eowyn Chen — a former vice president at Binance — clarified that “Binance focuses on the centralized, while Trust Wallet works toward the decentralized ecosystem,” adding that Trust Wallet has a neutrality that can serve and partner with anyone in the crypto industry.

“We think that keeping that independence and distance is the best way to keep the culture and the talents running for its own mission.”

Trust Wallet was born in 2017 during the initial coin offering craze due to the need for an accessible mobile wallet, Chen said.

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen during Binance Blockchain Week Istanbul. Source: Cointelegraph

“Recently, we became a sister company of Binance rather than operating under Binance because we can have a better playing field,” Chen explained.

“Scammers provide better customer support”

Compared to fixing the user experience, solving the security issues across Web3 is trickier, according to Chen.

Crypto exchange Upbit targeted by hackers 159K times in H1: Report

October 9, 2023 Coin Telegraph

Coin Telegraph

The figure is more than double recorded in the first half of 2022 and a massive 1,800% increase from the same period in 2020, according to Dunamu.

South Korean cryptocurrency exchange Upbit has been targeted by hackers on more than 159,000 occasions in the first half of 2023, according to its operating firm.

The figures were reported by Dunamu — the firm that owns and operates Upbit — to South Korean Representative Park Seong-jung of the People Power Party, according to an Oct. 9 report by the South Korea-based Yonhap News Agency.

The report shows a 117% increase from the first half of 2022 and a whopping 1,800% increase from the first half of 2020.

Upbit is one of South Korea’s largest cryptocurrency exchanges, with a 24-hour trading volume of around $1.2 billion, according to CoinGecko. Other major exchanges include Bithumb, Coinone and Gopax.

To counter hacking attempts and strengthen security, Dunamu said Upbit increased the proportion of funds it holds in cold wallets to 70%. Upbit also upped its security measures for funds held in hot wallets.

Hot wallets tend to be hacked more often than cold wallets because their private keys are stored online, unlike the former, where the keys are stored offline on external hard drives and USBs.

Upbit suffered a $50 million exploit in 2019. But since then, Upbit hasn’t suffered a single security breach, a Dunamu spokesperson told Yonhap.

“After the hacking incident in 2019, we took various measures to prevent recurrence, such as distributing hot wallets and operating them, and to date, not a single cyber breach has occurred.“

However, Upbit had to halt Aptos token services in late September after the platform failed to recognize a fake token, “ClaimAPTGift.com,” which reached 400,000 Aptos (APT) wallets.

1/ Crypto Deposits Security Thread

Today’s Upbit incident highlights a crucial aspect that is often overlooked - the security of crypto deposits. While a lot is discussed around private key management & withdrawals security, deposits have a similar attack surface. ⤵️ pic.twitter.com/5NEAyJB63N
— Nass Eddequiouaq (@nassyweazy) September 25, 2023

Seong-jung acknowledged that cryptocurrency hacks have increased across the board but called on the South Korean government to take more action:

“The Ministry of Science and Technology must conduct large-scale whitewashing mock tests and investigate information security conditions in preparation for cyber attacks against virtual asset exchanges where hacking attempts are frequent.”

“The role of the Ministry of Science and ICT in managing and supervising them is ambiguous,” Seong-jung added.

Cointelegraph reached out to Upbit for comment but did not receive an immediate response.

Meanwhile, crypto exchanges have been targeted in a string of attacks in September.

Hong Kong-based exchange CoinEx suffered a $70 million hack in September after one of the firm’s private keys was compromised. The firm stated that affected users will be compensated for any lost funds.

In a separate attack, Huobi Global’s HTX exchange lost $7.9 million in a Sept. 24 exploit.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

CoinEx hack – compromised private keys led to $70M theft

September 19, 2023 Coin Telegraph

CoinEx hack - compromised private keys led to M theft

Coin Telegraph

CoinEx confirms that compromised private keys gave hackers access to hot wallets, leading to $70 million hack.

Hong Kong-based cryptocurrency exchange CoinEx has revealed that compromised private keys allowed hackers to steal over $70 million of tokens, while the team looks to open lines of communication to claw back funds.

CoinEx representatives unpacked the finer details of their continuing investigation to Cointelegraph as the team works to build and deploy a new wallet architecture to restore impacted users and functionality of the platform.

Despite an estimated $70 million worth of cryptocurrency being stolen from the platform, the exchange claims this amount represents a small percentage of its total assets under management. CoinEx stated that affected users will be compensated entirely for any lost funds.

2/ We've finalized our strategy to resume withdrawals and are set to progressively resume these services within 7 working days. Ensuring 100% asset security remains our top priority before reactivating withdrawal functionalities.
— CoinEx Global (@coinexcom) September 18, 2023

CoinEx said that it was still investigating the identity of those responsible for the security breach, which handful of blockchain security firms are attributing to to North Korean “Lazarus Group” hackers.

“Additionally, we have opened communication channels to the hackers in hopes of proactive engagement toward a mutually agreeable resolution.”

The exchange explained that a preliminary investigation pinned the root cause to a compromised private key for its hot wallets. These were used to store exchange assets for carrying out deposits and withdrawals.

CoinEx suspended its withdrawal service to avoid further losses, patched system vulnerabilities and transferred remaining assets from the affected hot wallets. The exchange told Cointelegraph that it expects to resume withdrawals progressively within 7 working days.

“Our team is currently focused on building and deploying an entirely new and robust wallet system to handle activities within the 211 chains and 737 assets.”

As Cointelegraph initially reported, CoinEx first flagged “anomalous withdrawals” from one of its hot wallets on Sept. 12, beginning with a transfer of 4,947 Ether (ETH). The hackers then began to withdraw large amounts of other tokens to the same address.

The value of stolen funds was first estimated at $27 million but has doubled in the week following the incident.

North Korean hackers have preyed on the cryptocurrency space for the past few years and have been responsible for the largest thefts in the space to date. The 2022 Axie Infinity Ronin Bridge hack alone saw over $650 million stolen.

Blockchain analytics firm Chainalysis estimates that North Korean hackers have stolen around $340 million of cryptocurrency in 2023. This number is now expected to rise with attributions made to the CoinEx hack as well a $41 million hack of cryptocurrency gambling platform Stake on Sept. 4.

Magazine: Web3 Gamer: PUBG devs’ Web3 project, Animoca’s $20M raise, Shardbound review

Crypto exchange Bitrue suffers $23M hack due to hot wallet exploit

April 14, 2023 Coin Telegraph

Crypto exchange Bitrue suffers M hack due to hot wallet exploit

Coin Telegraph

Bitrue executives promised to fully compensate all the identified users affected by the hot wallet hack that accounted for 5% of all funds on the exchange.

Bitrue cryptocurrency exchange has suffered a hot wallet exploit, allowing attackers to withdraw various crypto assets worth nearly $23 million.

Announcing the news on April 14, Bitrue said that it had to temporarily suspend all withdrawals due to a “brief exploit” of its hot wallet. The firm expects to reopen withdrawals on April 18, 2023, after conducting additional security checks.

3/4: To conduct additional security checks, Bitrue will temporarily suspend all withdrawals and will reopen withdrawals on 18 April 2023. We seek your understanding and patience at this time. All identified users who are affected by this incident will be compensated in full.
— Bitrue (@BitrueOfficial) April 14, 2023

Bitrue stressed that it was able to address the matter quickly, which allowed the platform to prevent the further draining of funds. “We take this matter seriously and are currently investigating the situation,” Bitrue stated, adding that the affected hot wallet only accounted for less than 5% of the exchange’s overall funds. The firm wrote:

“The rest of our wallets continue to remain secure and have not been compromised. We are conducting a thorough security review and will update you as we make progress.”

Bitrue executives promised to fully compensate all the identified users affected by the incident. According to the announcement, the affected currencies on the exploited hot wallet included Ether (ETH), Shiba Inu (SHIB), Quant (QNT), Gala (GALA), Holo (HOT) and Polygon (MATIC).

Metamask addresses privacy concerns with new features for enhanced control

March 14, 2023 Coin Telegraph

Coin Telegraph

The new features allow a user to manage which servers are able to receive their IP address.

Web3 wallet app Metamask has introduced a number of new features aimed at enhancing privacy and giving users more control, according to a March 14 blog post by the developer. The new features come after Metamask had previously been criticized for allegedly intruding on users’ privacy.

MetaMask Mobile v6 is now available to everyone! Our biggest release yet fixes issues around slow load times and provides a new and improved UX that gives users more control over their funds and digital identities.

Upgrade to the latest version todayhttps://t.co/tGtA4GUXR1
— MetaMask (@MetaMask) March 14, 2023

Previously, Metamask used its Infura RPC node to connect to Ethereum automatically, whenever a user first set up the wallet. Although the user could change the settings later, this still meant that the user’s public address was transmitted to Infura before they had a chance to change their node, according to a report from Ethereum node operator Chase Wright.

Infura is owned by Metamask’s parent company, Consensys.

Under the new version of Metamask extension, labeled “10.25.0,” users are prompted with the option to use an “advanced configuration” during setup. Choosing this option reveals a number of settings that can be configured, including one that allows the user to choose a different RPC node than the default Infura one.

In addition to letting the user enter their own node details, the “advanced configuration” dialogue box also allows them to turn off incoming transactions, phishing detection, and enhanced token detection. These features require data to be sent to third-parties such as Etherscan and jsDeliver, according to the app’s UI. Users concerned about privacy can now turn off these features during setup if they want to.

According to the post, the new mobile version of Metamask also includes privacy enhancements. Previously, the app did not allow users to connect one account to a Web3 app while leaving another account disconnected. The user only had the option of connecting all of them or none at all.

However, the new version allows users to select which particular accounts they want to connect to an app, without disclosing the other addresses they control.

In its post, Metamask stated that it has always intended to preserve privacy for users and that it believes these new features align with these values, stating:

“Data exploitation goes against MetaMask core values. Instead, we believe in equipping our community with the founding principles that guide our development—true ownership and privacy[…]We are committed to protecting the privacy of our users so that you will not, and ultimately, cannot be exploited by yet another centralized entity.”

On November 23, Metamask became heavily criticized in the crypto community for releasing a privacy policy that stated it would collect IP addresses from users. Consensys responded to the criticism on Nov. 24 by saying that RPC nodes have always collected IP addresses and that the substance of the privacy policy was not new, although the language used in it had changed. On Dec. 6, Consensys announced that IP addresses collected through Infura would no longer be stored for more than 7 days.

How to keep your crypto safe in 2023: a few tips from an analyst

January 9, 2023 Coin Telegraph

Bitcoin Wallet

Lead on-chain analyst at Glassnode, James Check, explains why taking self-custody of your private keys has become more important than ever and how to do it in a few simple steps.

There is no excuse for not putting a few hours of research into how to properly custody your crypto, according to lead on-chain analyst James Check. Joining the latest debate around self-custody, the analyst pushed back against the notion that managing private keys is too complicated and risky for the average crypto user.

“If you have gold in your vault, if you have cash in your wallet, it's the same concept: you need to exercise a level of responsibility,” said Check in our latest Cointelegraph interview.

Check argued that, while third-party custody and semi-custodial solutions such as collaborative custody may appear more user-friendly for the average user, they also have their own, even bigger, vectors of risks.

To the analyst, when it comes to custody "there are no solutions, only trade-offs." His position is that being in full control of your own crypto and eliminating the third-party risk is well worth the effort of learning how to keep your wallet's 12 word seed phrase safe.

Ultimately, Check pointed out that the amount of time and effort someone should put into learning self-custody should be scaled proportionally to the size of thei holdings.

“If you're not willing to put more than 5 minutes into it, then don't put more than $5 into it. If you're willing to do 100 hours now, you can start talking about doing your significant sums of savings,” he said.

To find out more about Check's approach to self-custody, check out the full interview on our YouTube channel and subscribe!

Bitcoin Family Says They Are Moving $1M in Crypto to Decentralized Exchanges After FTX Collapse

December 1, 2022 Bitcoin.com

MetaMask rolls out NFT portfolio value tracker with new partnership

November 2, 2022 Coin Telegraph

Coin Telegraph

Through a recent partnership with NFTBank, a new MetaMask wallet utility will allow users to track the value of their NFT collections.

MetaMask users will now have the ability to track the value of their nonfungible token (NFT) portfolio through its latest product. The wallet provider announced a new feature on Nov. 2, which will bring updated pricing information for the over 5,000 NFT collections held by MetaMask users.

The new utility comes as a result of a partnership with NFTBank, an NFT portfolio management tool and valuation engine. To create its predictions, NFTBank uses machine learning algorithms which update users with price estimates for individual NFTs within a collection.

According to the announcement the algorithm takes into consideration parameters such as floor price, rarity, and bid/ask distribution when calculating a price value. The tool allegedly offers around 90+% accuracy price predictions.

Daniel Kim, the CEO of NFTBank said the current state of the market and volatility make understanding pricing even more crucial.

“The need for understanding the appropriate price of NFTs has become ever more clear with many learning the dramatic volatility of NFT markets the hard way.”

The new portfolio value product comes as MetaMask continues to expand its capabilities in the Web3 space.

Recently the news broke that the blockchain software company ConsenSys plans to commit $2.4 million every year to help launch the MetaMask Grants decentralized autonomous organization (DAO). The DAO will be led by MetaMask employees in order to issue grants to external developers to build within the ecosystem.

MetaMask also unveiled another wallet feature for its institutional, just weeks before the announcement of the portfolio tracker. In collaboration with Cobo NFT management, it unveiled new custodial features for NFT institutional investors.

In a previous interview with Cointelegraph, MetaMask Institutional said it is also exploring improving education and information available to users before interacting with the platform.

Deribit crypto exchange halts withdrawals amid $28M hot wallet hack

November 2, 2022 Coin Telegraph

Deribit crypto exchange halts withdrawals amid M hot wallet hack

Coin Telegraph

Crypto exchange Deribit halted withdrawals following a hot wallet hack where hackers got away with $28 million in stolen funds.

Major cryptocurrency derivatives exchange Deribit has halted withdrawals after suffering a $28 million hot wallet hack.

Deribit exchange got its hot wallet compromised before midnight UTC on Nov. 1, the firm reported on Twitter.

The exchange emphasized that client funds are safe as losses are covered by Deribit’s reserves, stating:

“Client assets, Fireblocks or any of the cold storage addresses are not affected. It's company procedure to keep 99% of our user funds in cold storage to limit the impact of these type of events.”

As part of the ongoing security checks, Deribit had to halt withdrawals, including custodians Copper Clearloop and Cobo, until the exchange is 100% confident about security following the hack. “Deposits already sent will still be processed, and after the required number of confirmations, they will be credited to accounts,” the firm added.

According to the information on Deribit’s Telegram chat, trading on Deribit is operating as usual. “Due to our hotwallet policy we were able to limit loss of user funds,” a Deribit support person noted.

Deribit’s insurance fund will not be affected by the hack, as the exchange will pay the loss for it as well. “Deribit remains in a financially sound position and ongoing operations will not be impacted,” the statement notes.

A spokesperson for Deribit told Cointelegraph that the company is aiming to resume withdrawals as soon as possible and is now checking “all security measures.” The platform is also working on a full incident review at the moment to provide more details about the vulnerability that could have caused the issue, the person added.

The hack was the first time for Deribit to experience such an attack and losses since the company’s launch, the representative said.

Founded in 2016, Deribit is one of the largest crypto derivatives exchanges in the world, allowing users to trade crypto futures and options. At the time of writing, Deribit’s daily trading volume amounts to $280 million, according to data from CoinGecko.

At the time of writing, some of Deribit’s website sections also appear to be nonoperating. Deribit Insights, the firm’s crypto data hub, is not available at the time of writing, showing a “critical error on this website.” In the meantime, Deribit’s trading website is intact. According to a Deribit representative, the website issue and the hack are not related.

hot wallet

“Scammers provide better customer support”

Share this video