Wallet

NFT, DeFi and crypto hacks abound — Here’s how to double up on wallet security

June 22, 2022 Coin Telegraph

Falling prey to a fraudulent link can be devastating to one’s personal investment portfolio. Here are three ways a hard wallet can protect you.

The explosiveness and high dollar value of nonfungible tokens (NFTs) seem to either distract investors from upping their operational security to avoid exploits, or hackers are simply following the money and using very complex strategies to exploit collectors’ wallets.

At least, this was the case for me way back when after I fell for a classic message sent to me over Discord that caused me to slowly but all too quickly lose my most valuable assets.

Most of the scams on Discord occur in a very similar fashion where a hacker takes a roster of members on the server and then sends direct messages to them in hopes they will bite at the bait.

BEWARE: Several scams happening on Discord tonight. QUESTION EVERYTHING. Before clicking on links, quadruple check who it’s from and if it’s legitimate. Then check 12 more times on Twitter via trusted sources.
— Farokh (@farokh) October 27, 2021

“It happens to the best of us,” are not the words you want to hear in relation to a hack. Here are the top three things I learned from my experience on how to double-up on security, starting with minimizing the use of a hot wallet and simply ignoring DM’d links

A quick crash course in hardware wallets

After my hack, I was immediately reminded and I cannot reiterate it enough, never share your seed phrase. No one should be asking for it. I also learned that I could no longer forego security at the privilege of convenience.

Yes, hot wallets are much more seamless and quicker to trade with, but they do not have the added security of a pin and a passphrase like they do on a hardware, or cold, wallet.

Hot wallets like MetaMask and Coinbase are plugged into the internet, which makes them more vulnerable and susceptible to hacks.

Contrary to hot wallets, cold wallets are applications or devices whereby the user’s private keys are offline and do not connect to the internet. Since they operate offline, hardware wallets prevent unauthorized access, hacks and typical vulnerabilities by systems, something which are susceptible to when they are online.

4/ USE A HARDWARE WALLET

A hardware based wallet stores the keys off of your main device. Your device that could have malware, key loggers, screen capture devices, file inspectors, that could also be snooping for your keys.

I recommend a Ledger Nano Shttps://t.co/LoT5lbZc0L
— richerd.eth (マ,マ) gm NFT.NYC (@richerd) February 2, 2022

Moreso, hardware wallets allow users to set up a personal pin to unlock their hardware wallet and create a secret passphrase as a bonus layer of security. Now, a hacker not only needs to know one’s recovery phrase and pin but also a passphrase to confirm a transaction.

Pass-phrases are not as spoken about as seed phrases since most users may not use a hardware wallet or be familiar with the mysterious passphrase.

Access to a seed phrase will unlock a set of wallets that corresponds with it, but a passphrase also has the power to do the same.

How do pass-phrases work?

Passphrases are in many ways an extension of one’s seed phrase since it mixes the randomness of the given seed phrase with the personal input of the user to compute a whole different set of addresses.

Think of passphrases as an ability to unlock a whole set of hidden wallets on top of the ones already generated by the device. There is no such thing as an incorrect passphrase and an infinite amount can be created. In this way, users can go the extra mile and create decoy wallets as plausible deniability to diffuse any potential hack from targeting one main wallet.

*Recovery seed/passphrase diagram. Source: Trezor*

This feature is beneficial when separating one’s digital assets between accounts but terrible if forgotten. The only way for a user to access the hidden wallets repeatedly is by inputting the exact passphrase, character by character.

Similar to one’s seed phrase, a passphrase should not come in contact with any mobile or online device. Instead, it should be kept on paper and stored somewhere secure.

How to set up a passphrase on Trezor

Once a hardware wallet is installed, connected and unlocked, users who want to enable the feature can do so in two ways. If the user is in their Trezor wallet, they will press the “Advanced settings” tab, where they will find a box to check off to enable the passphrase feature.

*Trezor wallet landing page. Source: Trezor*

Similarly, users can enable the feature if they are in the Trezor suite, where they can also see if their firmware is up-to-date and their pin installed.

There are two different Trezor models, Trezor One and Trezor Model T, both of which enable users to activate passphrases just in different ways.

The Trezor Model One only offers users the option to type in their passphrase on a web browser which isn’t the most ideal in the event the computer is infected. However, the Trezor Model T allows users the option to use the device’s touch screen pad to type out the passphrase or type it within the web browser.

*Trezor Model T / Trezor wallet interface. Source: Trezor*

On both models, after the passphrase is entered, it will appear on the device’s screen, awaiting confirmation.

The flip side to security

There are risks to security, although it sounds counterintuitive. What makes the passphrase so strong as a second step of authentication to the seed phrase is exactly what makes it vulnerable. If forgotten or lost, the assets are as good as gone.

Sure, these extra layers of security take time and the extra precaution and may seem a bit over the top, but my experience was a hard lesson in taking responsibility to ensure each asset was safe and secure.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.

Binance-owned Trust Wallet adds buy option via Binance Connect

June 22, 2022 Coin Telegraph

Binance

Binance's self-custodial crypto wallet Trust Wallet aims to enable buying more than 200 digital assets with 40 fiat currencies via Binance Connect, formerly known as Bifinity.

Trust Wallet, a major self-custodial cryptocurrency wallet owned by the Binance crypto exchange, has completed a significant integration to enable easier crypto purchases.

The Trust Wallet platform has integrated Binance’s official fiat-to-crypto provider Binance Connect with a plan to gradually enable users to purchase more than 200 crypto assets directly from credit or debit cards, the firm announced to Cointelegraph on June 22.

Trust Wallet’s new crypto buy option is designed to simplify the process of buying crypto, enabling verified Trust Wallet users to fund their wallet with more than 40 fiat currencies.

In order to add funds on Trust Wallet via Binance Connect, users will need to proceed with the similar Know Your Customer (KYC) checks to those on Binance. “It will keep a similarly high standard and process as Binance’s KYC,” a spokesperson for Binance told Cointelegraph.

The fee for adding deposits on Trust Wallet via Binance Connect is 2%, the representative noted.

The integration is available to all Trust Wallet customers except those located in restricted countries like the United States, Singapore, China, Canadian Ontario, Cuba, Belarus, Crimea and others. The integration went live on June 21, according to the spokesperson.

The new integration is designed to provide a seamless and simplified method for users to access Web3, or decentralized assets. “Previously, Web3 users needed to undergo a long process to buy crypto on the blockchains directly. They had to do it through different centralized exchanges before finally sending their assets onto a blockchain,” the announcement reads.

Binance did not elaborate on benefits and drawbacks of funding an account on Trust Wallet versus adding funds on the Binance exchange. The representative only stated:

“It depends on how you wish to use your crypto, by using Trust Wallet, it will be an easier way to get the crypto assets on different blockchains and enter the Web3 world.”

Formerly known as Bifinity, Binance Connect is a new Binance’s subsidiary focused on fiat-to-crypto payments technology, launched in March 2022. Bifinity subsequently received a warning from the United Kingdom’s Financial Conduct Authority regarding the firm’s partnership with the investment firm Eqonex.

HM Treasury changes course on collecting data around unhosted crypto wallets

June 20, 2022 Coin Telegraph

Bitcoin Wallet

“There is not good evidence that unhosted wallets present a disproportionate risk of being used in illicit finance,” said the Treasury update.

The government of the United Kingdom said it intends to modify a proposal that would have required crypto firms to collect personal data from individuals holding unhosted wallets that were the recipients of digital asset transfers.

In its Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds updated on Wene, HM Treasury said it will be scaling back its requirements for gathering data from both the senders and recipients of crypto sent to unhosted wallets, unless the transaction poses “an elevated risk of illicit finance.” The U.K. government added that unhosted wallets could be used for a variety of legitimate purposes, including asan additional layer of protection as is sometimes the case for cold wallets.

“There is not good evidence that unhosted wallets present a disproportionate risk of being used in illicit finance,” said the HM Treasury report. “Nevertheless, the government is conscious that completely exempting unhosted wallets from the Travel Rule could create an incentive for criminals to use them to evade controls.”

The U.K. government made the change in response to a consultation held between July and October 2021 with “[Anti-Money Laundering] (AML)/[Counter-Terrorism Financing] (CTF) supervisors, industry, civil society, academia and several government departments,” in which many expressed concerns about the “breadth of personal information collected” around transfers to unhosted wallets as well as the time required to enact such policy. According to the Treasury Department, the amendments will have a one-year grace period, taking effect in September 2023 if approved by Parliament.

HM Treasury hinted it would implement the changes in accordance with the Financial Action Task Force’s Travel Rule, which sets out recommendations for regulators aimed at having cryptocurrency transactions comply with Combating the Financing of Terrorism and Anti-Money Laundering regulations. The FATF will release a report on how participating countries are implementing their travel rule at the end of June.

Bitcoin miners’ exchange flow reaches 7-month high as BTC price tanks below $21K

June 15, 2022 Coin Telegraph

<div>Bitcoin miners' exchange flow reaches 7-month high as BTC price tanks below K</div>

Bitcoin Community

Bitcoin mining profitability has dropped by over 75% from the market top and is currently at its lowest since October 2020.

Bitcoin's (BTC) price tanked to a 52-week low of $20,800 earlier on Wednesday, down by over 70% from its all-time high of $68,788. Although the price has since recovered above $21,000, key market indicators point toward bears having a significant hold on the current market.

Bitcoin Miners to Exchange flow, a metric that indicates the volume of BTC sent by miners to crypto exchanges, rose to a seven-month high of 9,476. The rise in exchange flows indicates miners are currently selling their BTC in anticipation of the price going down.

The actions of the BTC miners often reflect the larger market sentiment as they mostly sell BTC to ensure they don’t incur losses on their mining rewards. The rise in Bitcoin miners selling activity is backed by the significant decline in mining profitability.

Mining profitability has dropped over 75% from the top, and Bitcoin's hash price currently sits at $0.0950/TH/day, which is the lowest point since October 2020.

*Bitcoin Hashprice Index one-year chart. Source: Hashrate Index*

The miner netflow to exchanges has also turned positive. When the miner netflow is positive, it signifies that more coins are being sent to exchanges than are being sent to personal wallets. Such behavior would indicate that miners are bearish on the price and are under pressure to sell.

Many BTC mining rigs have turned unprofitable with the price dropping below $21,000 and risk being shut down if the price doesn’t recover. The rest of the crypto market followed BTC in its price action as the overall market cap dipped below $1 trillion.

Over the course of the past decade, BTC has seen numerous bull cycles followed by an 80%-90% decline from the top, however, the BTC price has never fallen below the all-time-high of the previous cycle. Currently, BTC is trading very close to its 2017 high of $19,783, and any possible sell-off from here could push it to 2017 territory.

What happens if you lose or break your hardware crypto wallet?

June 14, 2022 Coin Telegraph

Coin Telegraph

The safety of the recovery phrase is way more important than keeping the hardware wallet safe, according to executives at Ledger and Trezor.

Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss.

Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all.

There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys.

A private key is a cryptographic string of letters and numbers that allows users to access crypto assets as well as to complete transactions and receive crypto.

Most crypto wallets usually provide a private key in the mnemonic form of a recovery phrase, which contains a human-readable backup allowing users to recover private keys. The mnemonic form is typically enabled through BIP39, the most common standard used for generating seed phrases for crypto wallets.

Also referred to as a seed phrase, a BIP39 recovery phrase is basically a password consisting of 12 or 24 random words that are used to recover a cryptocurrency wallet. Crypto wallet platforms typically generate a seed phrase at the very beginning of setting up a wallet, instructing users to write it down on paper.

Not your keys, not your coins

According to executives at major hardware crypto wallet firms Ledger and Trezor, the safety of the recovery phrase is way more important than keeping the hardware wallet safe.

Keeping a private key safe is a guiding principle for the crypto community, embodied in the phrase: “Not your keys, not your coins.” The principle means that users are not really in control of their coins if they don’t own their private keys.

Both Ledger and Trezor wallets allow users to recover access to their wallets through a seed phrase by simply using another hardware wallet.

“A user could recover their wallet and funds on any of the other new Ledger wallets. Alternatively, they could also recover on a Trezor, SafePal or another hardware wallet device,” Ledger chief technology officer Charles Guillemet told Cointelegraph.

Users can also turn to software wallets to access their funds in case the hardware wallet was lost, stolen or destroyed. “If you lost your Trezor, but you still have your recovery seed, you can recover your funds through many hardware wallets and software wallets in the market,” Trezor chief information security officer Jan Andraščík said.

According to the Ledger and Trezor executives, the list of compatible software wallets includes platforms such as Electrum, Exodus, MetaMask, Samourai, Wasabi, Spot and others.

Threats to a backup phrase

As the safety of the recovery phrase is the top priority in maintaining access to a crypto wallet, one may be wondering how to best protect the seed phrase.

“Preserving the seed is one of the most crucial topics in Bitcoin security,” Andraščík told Cointelegraph. He pointed out three main threats when it comes to BIP39 passwords: those caused by the user themselves, any type of natural or human-made disasters, or theft.

Loss of a recovery phase is very common: A wallet user could accidentally throw it out or just not understand the importance of it at the very beginning of setting up the wallet.

Users could also choose the wrong place to keep their recovery phrase, with one common mistake of simply putting the phrase online. Crypto wallet users should never digitize their seed phrases in order to avoid unfortunate events such as hacking, Ledger’s Guillemet said, adding:

“It is paramount for users to secure the recovery phrase. It should be stored in a safe place and should not be digitized — in other words, don’t put your words in an email or a text file and don’t take photos.”

As such, most crypto wallets recommend their users simply write the seed phrase down on a piece of paper and store it in a safe place.

Tips to protect the recovery phrase

In order to ensure reliable protection for the recovery phrase, one may go further than just writing it down on paper.

Ledger and Trezor executives provide a number of recommendations for crypto wallet users to boost the protection of their seed phrases, including using fire-proof storing capsules or steel plates to engrave the recovery phrase.

Other sophisticated methods to protect a seed phrase also include distributing backups between several groups of people and locations such as family, a safe box at the bank, or a secret spot in the garden. One such method is known as Shamir Backup, allowing users to distribute their private keys into several parts that, together, are needed to recover the wallet.

While hardware wallet providers do their best to help users recover their assets in case they lose their wallets, there’s still nothing much they can do about losing a recovery phrase.

That is because the private key is designed to be held solely by the user of a noncustodial wallet, Trezor’s Andraščík said. He noted that the principle of noncustody and its security implications are completely against the idea of having some kind of “backup,” adding:

“If anyone has an opportunity to recover your Bitcoin, it means they have access to your Bitcoin, and you need to trust that these actors will always treat you with goodwill. We are getting rid of the need to trust, and rather, we encourage them to verify.”

“Ledger is also working to improve the user experience generally, removing the pain points without compromising security. That said, self-custody remains the DNA of blockchain and the DNA of Ledger. Users always remain in control,” Guillemet stated.

Taxes of top concern behind Bitcoin salaries, Exodus CEO says

June 14, 2022 Coin Telegraph

Bitcoin Price

Cryptocurrency wallet firm Exodus has been paying all its staff fully in Bitcoin since launching its software wallet in 2015, CEO JP Richardson said.

Major cryptocurrency wallet provider Exodus continues paying its employees in Bitcoin (BTC) despite the ongoing bear market, with the total market cap dropping below $1 trillion on Monday.

Since launching its software crypto wallet back in 2015, Exodus has been paying its staff 100% in BTC, Exodus co-founder and CEO JP Richardson told Cointelegraph.

The company continued to pay all its 300 employees in BTC even during major market downturns, by providing monthly payroll based on their salary in U.S. dollars.

“For example, if Bitcoin is $30,000 per token, and someone makes $15,000 a month, they’ll get half a Bitcoin on the first of that month,” Richardson noted.

In addition to converting each salary to BTC each month, Exodus also adds a small percentage to every “paycheck” to account for the volatility. “This has helped us recruit those who remain committed to the mission of DeFi, while also accommodating people with financial obligations who still want to convert any percentage of their paycheck to fiat currency,” Richardson said.

Exodus employees are free to convert their BTC pay to fiat or stablecoins, which is a “personal investment choice that is not driven by Exodus,” the CEO added.

Tax implications remain the biggest question of employees when it comes to a salary paid in Bitcoin, Richardson stated:

“The most popular question we get from new employees is how their crypto salary impacts their taxes. That’s why we offer everyone a tax consultation with an accountant to properly give them the education on how to use Bitcoin and make sure they’re appropriately paying their taxes.”

According to the CEO, a third of Exodus’ team members are located in the U.S. while the rest is spread out worldwide. On its official website, Exodus mentions that some jurisdictions are more restrictive than others when it comes to Bitcoin payments, requiring employees to double check whether it’s legal or not to receive Bitcoin as payment in some U.S. states.

Bitcoin salaries are part of Exodus’ strategy for enabling people to “experience the financial revolution from the front seats.” Such payments not only allow employees to easily stack sats on their investment accounts but also aim to enable salary transparency. According to the firm, everyone in the Exodus’ remote team knows what their coworkers make, even the CEO.

Richardson declined to comment on whether the latest market sell-off had any direct impact on the company’s staff. “While we have been impacted — like the rest of the market — by the crypto volatility, we remain focused on doubling down to deliver value through a one-stop hub for Web3 through our multichain browser extension,” he summarized.

Blockchain.com Plans to Provide an NFT Domain Name to 83 Million Wallet Users

June 11, 2022 Bitcoin.com

Lithuania to Ban Anonymous Wallets Following EU Regulation

June 9, 2022 The Crypto Briefing

Alleged Hydra Administrator Refuses to Provide Access to His Crypto Wallet, Report Claims

June 1, 2022 Bitcoin.com

KuCoin plugs into Web3 with new decentralized wallet

June 1, 2022 Coin Telegraph

Coin Telegraph

KuCoin enters the Web3 world with a new decentralized wallet platform featuring cross-blockchain trading, DeFi and NFT functionality.

Cryptocurrency trading platform KuCoin has launched a new decentralized wallet platform as interest in Web3 continues to gather steam.

KuCoin Wallet is now live for users, with the browser-based platform paving the way for a mobile application which is still in development.

The platform plugs into the KuCoin ecosystem and features cross-blockchain integration. Users will be able to buy, sell, trade and send a variety of cryptocurrencies including Bitcoin (BTC), Ether (ETH) and Tether (USDT) in addition to other tokens.

The wallet is self-custodial, giving users full control and responsibility over their private keys.

As the cryptocurrency ecosystem continues to adopt and support decentralized finance (DeFi) and nonfungible token (NFT) functionality, KuCoin Wallet's roadmap will include the addition of DeFi, NFT and GameFi services.

KuCoin's proprietary NFT marketplace Windvane powers this functionality at launch, allowing users to trade and view NFTs in the KuCoin Wallet. Windvane unveiled a $100 million “Creators Fund” in April 2022 to help support and encourage early-stage NFT projects to build on the platform.

KuCoin netted $150 million of investment in a pre-series B round in 2022 - with the firm valued at $10 billion. The firm intends to use the proceeds of the latest fundraising round to continue developing Web3, DeFi and NFT services and offerings within its ecosystem. KuCoin Labs and KuCoin Ventures will spearhead these efforts - which have already come to fruition with the launch of KuCoin Wallet.

A number of prominent cryptocurrency exchanges and service providers have recently launched non-custodial, multi-blockchain wallets in recent months to keep pace with interest in Web3 functionality.

Leading United States-based cryptocurrency exchange Coinbase integrated Web3 functionality with a wallet and browser for a select group of its mobile app clients in May 2022. Trading on NFT marketplaces was a big focus, while token swaps and other DeFi services were made available through exchanges like Uniswap and Opensea.

Robinhood promoted an upcoming non-custodial cryptocurrency wallet in May 2022 with cross-blockchain accessibility which will also feature NFT storage and access to marketplaces. American brick-and-mortar gaming retailer GameStop followed suit with the launch of its own blockchain wallet that will also feature NFT functionality.