Germany’s Information Security Office champions hardware wallets

August 16, 2024 Coin Telegraph

Switching from MetaMask? Here are 5 alternative crypto wallets

July 12, 2024 Coin Telegraph

Valora launches ‘Mobile Stack’ Web3 launchpad for iOS and Android

July 6, 2024 Coin Telegraph

Where to store your crypto: Wallets provide diverse options for holders

May 5, 2024 Coin Telegraph

Vodafone looks to integrate crypto wallets with sim cards

May 4, 2024 Coin Telegraph

Trust the best strategy in crypto bear market — Trust Wallet CEO

December 4, 2023 Coin Telegraph

Binance

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen to talk about how Web3 can become a better experience for everyone.

Bringing the global crypto and blockchain communities together in Istanbul, Turkey, the Binance Blockchain Week 2023 was a clear indicator that the Web3 ecosystem continues to grow regardless of price movements.

Despite being a Binance event, the conference housed several key players from the crypto industry.

Among them was Trust Wallet, a decentralized Web3 wallet provider acquired by Binance back in 2018. Since its acquisition, Trust Wallet has been widely seen as “the wallet arm of Binance.” This is why the Binance Blockchain Week visitors were caught off-guard when the crypto exchange announced its own Web3 wallet.

Trust Wallet CEO Eowyn Chen — a former vice president at Binance — clarified that “Binance focuses on the centralized, while Trust Wallet works toward the decentralized ecosystem,” adding that Trust Wallet has a neutrality that can serve and partner with anyone in the crypto industry.

“We think that keeping that independence and distance is the best way to keep the culture and the talents running for its own mission.”

Trust Wallet was born in 2017 during the initial coin offering craze due to the need for an accessible mobile wallet, Chen said.

Cointelegraph sat down with Trust Wallet CEO Eowyn Chen during Binance Blockchain Week Istanbul. Source: Cointelegraph

“Recently, we became a sister company of Binance rather than operating under Binance because we can have a better playing field,” Chen explained.

“Scammers provide better customer support”

Compared to fixing the user experience, solving the security issues across Web3 is trickier, according to Chen.

ETF filings changed the Bitcoin narrative overnight — Ledger CEO

October 3, 2023 Coin Telegraph

Bitcoin Price

Ledger’s CEO says that, while it may take a few years, big money is getting into crypto.

Over the past 12 months, some investors learned the hard way why they needed to move their crypto offline. Those who kept Bitcoin (BTC) and altcoins on crypto exchanges like FTX lost control of their assets, sometimes forever. Events drew a red line under the storied crypto adage: “Not your keys, not your coins.”

FTX’s loss was hardware wallet manufacturer Ledger’s gain, however. The Bahamas-based exchange’s November 2022 bankruptcy filing delivered to Ledger “our biggest sales day ever,” the firm’s chief experience officer, Ian Rogers, told Cointelegraph, and “November turned out to be our biggest sales month on record.”

Paris-based Ledger has been on a strong growth curve recently, though the past year has not been without controversy. In May, for instance, the firm drew industry ire when it launched a new secret recovery phrase storage service called Ledger Recover. Still, it remains one of the best-known and most-used crypto wallet makers in the world.

Cointelegraph recently caught up with Rogers and Ledger CEO Pascal Gauthier in New York City to discuss the new crypto climate in the United States, the latest trends in crypto storage and differences in doing business in the U.S. and Europe, among other topics.

Cointelegraph: Many think that the crypto/blockchain sector is still in the doldrums or moving sideways at best, but you see reasons to be cheerful even here in the U.S.?

Pascal Gauthier: What happened in 2023 — and went virtually unnoticed — is a change of tone regarding Bitcoin. When the SEC [Securities and Exchange Commission] implied that Bitcoin was a utility and/or commodity — and not a security [like other altcoins] — this triggered two things: large companies like BlackRock began their ETF [exchange-traded fund] application process, and then the media narrative around Bitcoin changed almost overnight.

As 2023 began, Bitcoin was for drug dealers, terrorists, bad for the planet, etc. — and suddenly it became completely kosher. The biggest financial institutions in the U.S. are suddenly doing Bitcoin.

CT: The BlackRock application for a spot-market Bitcoin ETF was a turning point?

PG: Big money is coming into crypto; it’s been announced. It may take a few years to really finally arrive, but if you look at Fidelity, BlackRock, Vanguard…

CT: What about U.S. regulations? Aren’t they still a barrier?

PG: The next administration will decide the fate of crypto in the United States. If Biden stays in power, this administration could continue to be aggressive toward crypto. If it’s someone else, we’ll see what happens.

CT: Let’s talk about offline storage devices. Mark Cuban said in 2022 that crypto wallets were “awful.” Did he have a point?

PG: A lot of our early customers used our [cold wallet] product to “buy and hold.” You would purchase a Ledger [device], you put your Bitcoin in it, and then you put it someplace and forget about it. But that’s not what we recommend now.

Recent: AI a powerful tool for devs to change gaming, says former Google gaming head

Today, you can connect your wallet to Web3 and use your private keys to do many things, including buying, selling, swapping and staking crypto, as well as engaging with DApps [decentralized applications] and even declaring your taxes.

CT: On a 1 to 10 scale, where would you put cold wallets today in terms of user experience (UX)?

PG: For the industry, it’s a three. For Ledger, maybe a four — and we’re striving to be a 10. The industry has a lot to do in terms of UX and UI [user interface].

Ian Rogers: Your hardware-software combo today is not just about hardware and software. It’s an end-to-end experience.

When you’re buying an Apple iPhone, for instance, you’re not buying a piece of hardware; you’re buying into the Apple experience. We would ultimately like that to be the same thing with Ledger. Our approach is to do the absolute best user experience possible without compromising on security or self-custody.

CT: Still, there’s these UX issues like the 24 seed words you need to recover your private key if you lose your Ledger device. Some users go to great lengths to safeguard those words, even engraving them in steel just in case their house burns down. Doesn’t that sound sort of extreme?

PG: It is a little backwards to have something like a metal plate in your home. It’s not very 21st century. But we came up with a solution for this.

*Gauthier (center) speaking at the Viva Technology conference. Source: X*

When you use a Ledger product, you end up with your Ledger device and a PIN code. And you will also have those 24 words that become your master password, basically. You need to keep those 24 words safe, and this is a major barrier to entry for a lot of people. They don’t trust themselves with those 24 words. They don’t trust themselves not to lose them.

So, we came up with a service called Ledger Recover [i.e., an optional paid subscription service provided by Coincover that is expected to launch in October] to deal with that. It allows you to shard your private key into three encrypted shards and then send them to three different custodians. They cannot do anything with the [single] encrypted shard. Only you can bring your 24 words together again if necessary.

CT: Don’t we already have something like that with “social recovery,” where you entrust your cold wallet recovery to several friends or “guardians?”

PG: Social recovery doesn’t really work. We’ve done something that resembles social recovery — but with businesses [i.e., Ledger, Coincover and EscrowTech]. You will have to present your ID if you want to initiate the shard recovery.

CT: You were criticized when you first announced the Ledger Recover service in May. Then, the launch was postponed amid the “backlash.” There were security concerns. People said these three shard-holding companies could reconstruct your private key.

PG: There is still a lot of education to be done for people to understand really how security works. People said [at that time] that it might be a good product if it were more transparent and easier to adopt. So we didn’t go live in May, as planned, in order to make the product ‘open source,’ which adds something in terms of transparency though not security,

CT: But couldn’t three sub-custodial companies, at least in theory, collaborate and reconstruct your privacy key?

PG: It’s not possible. They don’t have the necessary tools necessary to decrypt and reconstruct.

CT: Moving on to Ledger’s business model, do you sometimes worry that as big institutions like Fidelity Investments or banks like BNY Mellon enter the crypto space that users may simply park their crypto with them? If they get hacked, those giant custodial institutions will then make them whole again. Or at least that is sometimes the thinking.

PG: We’re a pure technology company. So when Fidelity decides to become a [retail] crypto custodian, they’ll probably come to us and buy a part of our technology to build their own technology stack.

CT: Your business strides several continents. You’re based in France, but you sell many of your devices in the United States. You have first-hand experience of those two business climates — the U.S. and Europe. Are there key differences when it comes to crypto?

PG: Europe has a tendency to over-regulate or regulate too fast, generally speaking. Sometimes people say, well, you know, Europe has clarity because it has MiCA [Markets in Crypto-Assets, the EU’s new crypto legislation], while in the U.S., there is a lack of clarity and lots of lawsuits.

But in the U.S., the way that the law is designed is slow and bumpy. It takes time to change laws in the U.S., but when change finally does come, it’s often for the better.

Magazine: 6 Questions for JW Verret — the blockchain professor who’s tracking the money

If you look at the biggest tech champions in the world, they're mostly American or Chinese. Zero are European.

CT: Are you linking heavy regulation with a lack of innovation?

PG: It’s hard to say if they are directly linked, but Europe has always had a heavy hand in terms of taxation and regulation.

Ian Rogers: To me, there’s no question they are linked. At LVMH [the French luxury goods conglomerate where Rogers served as chief digital officer for five years], we worked with a lot of startups. Every European startup wanted to get to the U.S. or China to “get scale” before they came back to Europe. Europe is not a good market if you’re a startup.

CT: But Ledger remains positive about the future of cryptocurrencies and blockchain technology overall?

PG: Things are not necessarily what they seem to be. It was our [late] French president François Mitterrand, who said: “Give time for time.” There’s something going on now, and only the future will be able to make clear what is happening.

Atomic Wallet says hack affected 1% of active users, but investors claim otherwise

June 5, 2023 Coin Telegraph

Coin Telegraph

In the aftermath of the attack, Atomic Wallet — along with individual blockchain investigators — have amped up efforts to track and revert stolen funds.

A hack that drained $35 million from Atomic Wallet users since June 2 impacted less than 1% of its monthly active users, according to the company. In the aftermath of the attack, Atomic Wallet — along with individual blockchain investigators — have amped up efforts to track and revert stolen funds.

Trying to cash in on the commotion, a few verified scam Twitter accounts impersonated Atomic Wallet while sharing phishing links claiming to help users recover lost funds.

Pseudonymous on-chain researcher ZachXBT further claimed to have helped a victim recover $1 million of lost funds. However, the recovery process is yet to be disclosed, which ZachXBT allegedly “Will share in time but best not to yet.”

A huge shoutout goes to @buffalu__ @brian_smith_0 for helping us successfully rescue $1m from the Atomic Wallet hacker for one of the victims.
— ZachXBT (@zachxbt) June 4, 2023

Despite Atomic Wallet’s announcement, numerous users were continuing to report loss of funds at the time of writing. Additionally, the community called out the company’s attempt to water down the damage, as one user stated:

“% doesn't matter, hacker intend to focus on big fund wallet only.”

The episode reflects on the importance of researching the right service provider when it comes to the safekeeping of crypto assets. Moreover, it questions the “not your keys, not your coins” narrative preached by numerous crypto wallet providers such as Atomic Wallet, as shown below.

ZachXBT’s investigation found that the largest amount lost by an individual in the Atomic Wallet hack was $7.95 million in Tether (USDT) on the Tron blockchain. As per the last update, the five biggest losses account for $17 million.

Over the weekend, on June 4, a hacker took control of the mobile phone owned by pro-XRP (XRP) lawyer, John Deaton. Deaton’s Twitter account was then used to shill LAW tokens.

John Deaton’s phone has been hacked today after a relentless cyberattack over several days.

This is NOT a legitimate tweet. His account has been taken over. He has taken immediate steps to remedy the situation.

Please disregard it and all communications from it until you… https://t.co/anOjGBloEi
— CryptoLaw (@CryptoLawUS) June 3, 2023

Soon after the tweet, Deaton and accounts representing him warned users about the hack and were advised against investing in the cryptocurrency.

Magazine: AI Eye: 25K traders bet on ChatGPT’s stock picks, AI sucks at dice throws, and more

Money stored on mobile payment apps may not be FDIC insured, US watchdog warns

June 1, 2023 Coin Telegraph

Coin Telegraph

Deposits on mobile payment apps may not be insured by the FDIC, and customers may not know whether their money is insured or not.

Keep your money in an insured account, not on an uninsured payment app, the United States Consumer Financial Protection Bureau (CFPB) warned Americans in a report released June 1. The increasing popularity and utility of nonbank peer-to-peer (P2P) payment apps, including for crypto asset transactions, makes the risk of loss in the event of a crisis ever more concerning, the watchdog said.

Public awareness of Federal Deposit Insurance Corporation (FDIC) coverage has grown since the bankruptcy of crypto platforms like FTX, Voyager and others last year, and this year’s banking crisis led to the loss of hundreds of millions of customer dollars, CFPB said. Nonetheless, billions of dollars are being stored on payment service apps without the benefit of FDIC coverage.

Many P2P apps — the CFPB lists PayPal, Venmo, Cash App, Apple Pay and Google Pay as examples — offer stored value services “that closely resemble deposit accounts.” Meta Pay does not offer services of that type.

Payment service providers are motivated to encourage customers to store funds with them because those funds can be used by the provider for investment purposes, subject to legal constraints, while the services rarely pay interest on stored funds. Providers are subject to the risk of those investments losing value.

Even in the event that customer funds were held in an FDIC-insured account, the customer’s eligibility for pass-through deposit coverage is only determined after a failure has occurred, CFPB said. Furthermore, the insurance protects against the failure of the bank, not the payment service, which is typically regulated at the state level and not subject to federal supervision. Most state regulation was designed for money transfer, not storage.

Thus, funds held by PayPal or Venmo in their program banks may be eligible for pass-through insurance, but funds that have been invested by the providers are not eligible. Customers may not know where their deposits are stored.

Mobile payment services are increasingly enabling crypto asset transactions. Crypto assets are not insured, although services like PayPal and Venmo allow customers to hold crypto in their accounts.

Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide

Crypto phishing scams: How users can stay protected

May 31, 2023 Coin Telegraph

Biometric security

A look at the different techniques employed by crypto phishing scammers and how users can stay protected.

In the fast-paced and ever-evolving world of cryptocurrency, where digital assets are exchanged, and fortunes can be made, a lurking danger threatens the safety of both seasoned investors and newcomers alike: crypto phishing scams.

These schemes are designed to exploit the trust and vulnerability of individuals, aiming to trick them into revealing their sensitive information or even parting with their hard-earned crypto holdings.

As the popularity of cryptocurrencies continues to rise, so does the sophistication of phishing techniques employed by cybercriminals. From impersonating legitimate exchanges and wallets to crafting compelling social engineering tactics, these scammers stop at nothing to gain unauthorized access to your digital assets.

Malicious actors use different methods of social engineering to target their victims. With social engineering tactics, scammers manipulate users’ emotions and create a sense of trust and urgency.

Eric Parker, CEO and co-founder of Giddy — a noncustodial wallet smart wallet — told Cointelegraph, “Did someone reach out to you without you asking? That’s one of the biggest rules of thumb you can use. Customer service rarely, if ever, proactively reaches out to you, so you should always be suspicious of messages saying you need to take action on your account.”

“Same idea with free money: If someone is messaging you because they want to give you free money, it’s likely, not real. Be wary of any message that feels too good to be true or gives you an immediate sense of urgency or fear to make you act quickly.”

Email and messaging scams

One common technique used in crypto phishing scams is impersonating trusted entities, such as cryptocurrency exchanges or wallet providers. The scammers send out emails or messages that appear to be from these legitimate organizations, using similar branding, logos and email addresses. They aim to deceive recipients into believing that the communication is from a trustworthy source.

Bitcoin Scams, Scams, Security, Cybersecurity, Biometric Security, Wallet, Bitcoin Wallet, Hardware Wallet, Mobile Wallet

To achieve this, the scammers may use techniques like email spoofing, where they forge the sender’s email address to make it appear as if it’s coming from a legitimate organization. They may also use social engineering tactics to personalize the messages and make them seem more authentic. By impersonating trusted entities, scammers exploit the trust and credibility associated with these organizations to trick users into taking actions that compromise their security.

Fake support requests

Crypto phishing scammers often pose as customer support representatives of legitimate cryptocurrency exchanges or wallet providers. They send emails or messages to unsuspecting users, claiming an issue with their account or a pending transaction that requires immediate attention.

The scammers provide a contact method or a link to a fake support website where users are prompted to enter their login credentials or other sensitive information.

Omri Lahav, CEO and co-founder of Blockfence — a crypto-security browser extension — told Cointelegraph, “It’s important to remember that if someone sends you a message or email unsolicited, they likely want something from you. These links and attachments can contain malware designed to steal your keys or gain access to your systems,” continuing:

“Furthermore, they can redirect you to phishing websites. Always verify the sender’s identity and the email’s legitimacy to ensure safety. Avoid clicking on links directly; copy and paste the URL into your browser, checking carefully for any spelling discrepancies in the domain name.”

By impersonating support personnel, scammers exploit users’ trust in legitimate customer support channels. In addition, they prey on the desire to resolve issues quickly, leading users to willingly disclose their private information, which scammers can use for malicious purposes later.

Fake websites and cloned platforms

Malicious actors can also build fake websites and platforms to lure in unsuspecting users.

Domain name spoofing is a technique where scammers register domain names that closely resemble the names of legitimate cryptocurrency exchanges or wallet providers. For example, they might register a domain like “exchnage.com” instead of “exchange.com” or “myethwallet” instead of “myetherwallet.” Unfortunately, these slight variations can be easily overlooked by unsuspecting users.

Lahav said that users should “verify whether the website in question is reputable and well-known.”

Recent: Bitcoin is on a collision course with ‘Net Zero’ promises

“Checking the correct spelling of the URL is also crucial, as malicious actors often create URLs that closely resemble those of legitimate sites. Users should also be cautious with websites they discover through Google ads, as they may not organically rank high in search results,” he said.

Scammers use these spoofed domain names to create websites that imitate legitimate platforms. They often send phishing emails or messages containing links to these fake websites, tricking users into believing they are accessing the genuine platform. Once users enter their login credentials or perform transactions on these websites, the scammers capture the sensitive information and exploit it for their gain.

Malicious software and mobile apps

Hackers can also resort to using malicious software to target users. Keyloggers and clipboard hijacking are techniques crypto phishing scammers use to steal sensitive information from users’ devices.

Keyloggers are malicious software programs that record every keystroke a user makes on their device. When users enter their login credentials or private keys, the keylogger captures this information and sends it back to the scammers. Clipboard hijacking involves intercepting the content copied to the device’s clipboard.

Cryptocurrency transactions often involve copying and pasting wallet addresses or other sensitive information. Scammers use malicious software to monitor the clipboard and replace legitimate wallet addresses with their own. When users paste the information into the intended field, they unknowingly send their funds to the scammer’s wallet instead.

How users can stay protected against crypto phishing scams

There are steps that users can take to protect themselves while navigating the crypto space.

Enabling two-factor authentication (2FA) is one tool that can help secure crypto-related accounts from phishing scams.

2FA adds an extra layer of protection by requiring users to provide a second form of verification, typically a unique code generated on their mobile device, in addition to their password. This ensures that even if attackers obtain the user’s login credentials through phishing attempts, they still need the second factor (such as a time-based one-time password) to gain access.

Utilizing hardware or software-based authenticators

When setting up 2FA, users should consider using hardware or software-based authenticators rather than relying solely on SMS-based authentication. SMS-based 2FA can be vulnerable to SIM-swapping attacks, where attackers fraudulently take control of the user’s phone number.

Hardware authenticators, such as YubiKey or security keys, are physical devices that generate one-time passwords and provide an extra layer of security. Software-based authenticators, such as Google Authenticator or Authy, generate time-based codes on users’ smartphones. These methods are securer than SMS-based authentication because they are not susceptible to SIM-swapping attacks.

Verify website authenticity

To protect against phishing scams, users should avoid clicking on links provided in emails, messages or other unverified sources. Instead, they should manually enter the website URLs of their cryptocurrency exchanges, wallets or any other platforms they wish to access.

By manually entering the website URL, users ensure they access the legitimate website directly rather than being redirected to a fake or cloned website by clicking on a phishing link.

Be cautious with links and attachments

Before clicking on any links, users should hover their mouse cursor over them to view the destination URL in the browser’s status bar or tooltip. This allows users to verify the link’s actual destination and ensure that it matches the expected website.

Phishing scammers often disguise links by displaying a different URL text than the destination. By hovering over the link, users can detect inconsistencies and suspicious URLs that may indicate a phishing attempt.

Parker explained to Cointelegraph, “It’s very easy to fake the underlying link in an email. A scammer can show you one link in the email’s text but make the underlying hyperlink something else.”

“A favorite scam amongst crypto phishers is to copy a reputable website’s UI but place their malicious code for the login or Wallet Connect portion, which results in stolen passwords, or worse, stolen seed phrases. So, always double-check the website URL you’re logging into or connecting your crypto wallet with.”

Scanning attachments with antivirus software

Users should exercise caution when downloading and opening attachments, especially from untrusted or suspicious sources. Attachments can contain malware, including keyloggers or trojans, which can compromise the security of a user’s device and cryptocurrency accounts.

To mitigate this risk, users should scan all attachments with reputable antivirus software before opening them. This helps detect and remove any potential malware threats, reducing the chances of falling victim to a phishing attack.

Keep software and apps updated

Keeping operating systems, web browsers, devices and other software up to date is essential for maintaining the security of the user’s devices. Updates can include security patches that address known vulnerabilities and protect against emerging threats.

Utilizing reputable security software

To add an extra layer of protection against phishing scams and malware, users should consider installing reputable security software on their devices.

Antivirus, anti-malware and anti-phishing software can help detect and block malicious threats, including phishing emails, fake websites and malware-infected files.

By regularly updating and running security scans using reputable software, users can minimize the risk of falling victim to phishing scams and ensure the overall security of their devices and cryptocurrency-related activities.

Educate yourself and stay informed

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. In addition, stay informed by researching and reading about recent phishing incidents and security best practices.

Recent: What is fair use? US Supreme Court weighs in on AI’s copyright dilemma

To stay updated on security-related news and receive timely warnings about phishing scams, users should follow trusted sources in the cryptocurrency community. This can include official announcements and social media accounts of cryptocurrency exchanges, wallet providers and reputable cybersecurity organizations.

By following reliable sources, users can receive accurate information and alerts regarding emerging phishing scams, security vulnerabilities and best practices for protecting their crypto assets.

Mobile wallet