1. Home
  2. Wallet

Wallet

Atomic Wallet freezes $2M in ‘suspicious deposits’ on exchanges

The freeze resulted from a collaboration between Atomic Wallet, forensic companies and centralized exchanges following reports from users claiming unauthorized transactions from their wallets.

Hacked cryptocurrency wallet Atomic Wallet has frozen $2 million in “suspicious deposits” in a joint effort with major crypto exchanges.

Announcing the news to Cointelegraph on Oct. 19, Atomic Wallet said that blockchain intelligence firms Chainalysis and Crystal have assisted the wallet firm in identifying and containing the threat.

Citing reports from Chainalysis and Crystal, Atomic Wallet reported that the “threat actor” used sophisticated methods to bridge the funds to the Bitcoin blockchain, including bridges and mixers. “Most funds have ultimately ended up on the Tron blockchain and Bitcoin network,” the report reads.

The report specifically mentioned that the funds were bridged through the Avalanche bridge and then to the Tron blockchain.

“Atomic Wallet extends heartfelt gratitude to the centralized cryptocurrency exchanges collaborating promptly to freeze assets linked to reported transactions. Their swift response and cooperation were pivotal in mitigating the impact of the incident that happened to some users,” the firm said in the announcement.

Atomic Wallet didn’t immediately respond to Cointelegraph’s request to share further details about the issue.

Related: FTX hacker moves $120M amid Sam Bankman-Fried trial: Report

The news comes months after Atomic Wallet suffered a major hack in June 2023, with the platform reportedly losing millions in stolen crypto assets. Atomic Wallet didn’t clarify what conditions exactly led to the exploit.

In August, a group of affected Atomic Wallet users reportedly launched a class action against the firm, which suffered a major breach and $100 million in losses.

Magazine: Ethereum restaking: Blockchain innovation or dangerous house of cards?

Russia Cautious on Tokenizing Real-World Assets

Apple briefly pulls MetaMask from App Store

MetaMask was removed from Apple’s App Store for a few hours on Oct. 14, reviving concerns about legal challenges with Big Techs.

Ethereum wallet MetaMask went offline on Oct. 14 for several hours on Apple's App Store, raising concerns about its removal. MetaMask claims to have over 30 million users. The wallet is connected to a range of Web3 decentralized applications (DApps)

On Oct. 14, reports surfaced that the MetaMask app no longer appeared in the App Store. Apple users were also unable to download the application from the MetaMask website.

According to a spokesperson for MetaMask, the issue isn't related to any security incident or malicious activity:

"We're aware that MetaMask isn't currently available for download on the App Store. This issue is unrelated to any malicious activity. Our dedicated team is working diligently to resolve it as quickly as possible. Importantly, this is not a security concern, and there is no compromise or action required on users’ part. Additionally, it's not related to the app's functionality."

Apple's service policies are likely behind the app's disappearance. According to the marketplace's guidelines, it doesn't allow apps to run "unrelated background processes", such as cryptocurrency mining.

According to MetaMask, the removal of its app was only temporary. "We anticipate that MetaMask will be back on the App Store shortly," a spokesperson said minutes before app turned back on, adding that any fake MetaMask apps on the App Store should be reported immediately.

MetaMask faces challenges from Big Tech marketplaces for the second time. In December 2019, the company was suspended from Google Play's app store for allegedly violating the company's financial services guidelines. Google cited its policy prohibiting cryptocurrency mining on mobile devices and promptly rejected a MetaMask appeal to reverse the ban.

Apple's guidelines also require app developers to share 30% of transaction revenues. For crypto firms, including those that want iOS users to be able to purchase nonfungible tokens (NFT), the 30% Apple tax has also been a barrier.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis

Russia Cautious on Tokenizing Real-World Assets

Ordswap urges users to recover keys after losing control of website

Before it was taken down, Ordswap users said the compromised website directed users to a phishing link.

Ordswap, a marketplace that allows users to inscribe, auction, and trade Bitcoin Ordinals, has devised a method for users to retrieve their private keys as it scrambles to regain control of its website domain.

In an Oct. 10 X (Twitter) post, the Ordswap X account shared an online tool that purports to help users who logged into the site through MetaMask to recover their Ordswap private keys, allowing them to move to other providers.

Hours earlier, on Oct. 9, Ordswap posted a stark warning to users not to connect to its domain as it was not in control of it. It pinned the issue on Netlify — a website development and hosting firm.

On the project’s Discord server, a member of Ordswap’s team and users reported that for a time, the website featured a button prompting users to connect their crypto wallet in an apparent attempt to phish users.

One X user reported the button was a wallet drainer — an increasingly popular tool deployed by crypto scammers. At the time of writing, Ordswap’s website automatically redirected to a competing marketplace RelayX.

An Ordswap team member on Discord claimed the project had not seen an impact on user private keys or assets due to the breach but added users could be compromised if they interacted with the site.

Ordswap support team member “Bitkorn” claims the project hasn’t seen user assets impacted by the wesbite breach. Source: Discord

Related: FTX hacker could be using SBF trial as a smokescreen: CertiK

In late September, the website for the Ethereum-based automated market maker Balancer was compromised in a seemingly similar attack, with attackers making off with around $240,000 worth of funds.

Balancer later said it believed the exploiters undertook a social engineering attack on its DNS service provider EuroDNS which allowed attackers to input a prompt to trick users into approving a malicious contract that drains their wallet.

Magazine: NFT Collector: Giant Swan’s gothic VR dreamscapes… royalty nightmare on OpenSea

Russia Cautious on Tokenizing Real-World Assets

CoinDCX exchange expands self-custody wallet to support 155 countries

With Transak’s integration, CoinDCX’s Okto wallet has increased the number of supported jurisdictions from 60 to more than 150.

Major Indian cryptocurrency exchange CoinDCX is expanding its self-custody wallet, Okto, by integrating major on-ramp platform Transak.

Okto, a multichain cryptocurrency wallet launched by CoinDCX in August 2022, has integrated the Transak platform to scale the wallet’s global support, the firm announced to Cointelegraph on Oct. 5. The integration is immediately available on Okto, the company said.

With the new integration, the Okto wallet has increased the number of previously supported 60 countries to 155 jurisdictions, CoinDCX and Okto co-founder Neeraj Khandelwal said.

By integrating Transak, Okto now specifically allows users to buy cryptocurrencies like Bitcoin (BTC) directly on Okto, using a large number of fiat currencies, including the U.S. dollar, the euro, the Hong Kong dollar and others.

Transak is the first and currently the only on-ramp solution introduced on Okto, Khandelwal noted. Prior to this integration, the only way of sending crypto to Okto was by sending the digital currency from an external wallet like MetaMask, Khandelwal added, stating:

“The integration of Transak now allows users to seamlessly convert fiat to crypto right within the app. Prior to this integration, users had to transfer funds from another decentralized wallet, such as MetaMask.”

While Transak supports around 160 tokens, Okto allows users to store more than 1,000 tokens across multiple chains, including Polygon, Fantom, Avalanche and others, according to the app’s description on the App Store. However, according to Okto’s spokesperson, the wallet allows users to have up to 3,000 tokens in the wallet.

Related: India working on 5-point crypto legislation as ban is ruled out

While Okto announced the news about Transak support on Oct. 5, the process of rolling out the on-ramp solution started a few months ago. Some online users in India reported having issues with Transak as early as August 2023 as Okto was testing the on-ramp solution. “The process of integrating began in April 2023,” a spokesperson for the firm told Cointelegraph, adding that the official rollout to all customers occurred in mid-September.

Okto reporting working with Transak in August 2023. Source: X

Transak is a global Web3 payment and onboarding infrastructure provider aiming to connect traditional finance and digital assets. It is a popular on-ramp solution in the cryptocurrency industry, with platforms like MetaMask, Coinbase and PancakeSwap utilizing its services.

Earlier this week, Transak announced an integration with The Open Network’s (TON) wallet known as Tonkeeper. The event marked Transak’s entry into the TON ecosystem, enabling the wallet to buy Toncoin (TON) directly with fiat from more than 150 countries.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Russia Cautious on Tokenizing Real-World Assets

US Treasury sanctions crypto wallets as authorities crack down on fentanyl

According to Deputy Treasury Secretary Wally Adeyemo, the sanctioned wallets "received millions of USD funds over hundreds of deposits" used for illicit drugs.

The Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury has sanctioned crypto wallets allegedly connected to individuals and companies involved in the production of fentanyl.

In an Oct. 3 notice, the U.S. Justice Department announced indictments against several China-based chemical manufacturers as well as many of their employees, who allegedly used crypto transactions as part of an illegal fentanyl precursor distribution scheme. According to the U.S. authorities, the companies “tend to use cryptocurrency transactions to conceal their identities and the location and movement of their funds”, identifying at least 3 individuals who held crypto wallets for payments.

OFAC added wallets for Bitcoin (BTC), Ether (ETH), USD Coin (USDC), Tether (USDT) and Tron (TRX) connected to Chinese nationals and Valerian Labs to its list of Specially Designated Nationals along with companies including Hanhong Pharmaceutical Technology and Hebei Crovell Biotech. According to Deputy Treasury Secretary Wally Adeyemo, the enforcement action was aimed at disrupting an illicit drug network.

‘[W]e have identified and blocked over a dozen virtual currency wallets associated with these actors,” said Adeyemo. “The blocked wallets, which received millions of USD funds over hundreds of deposits, illustrate the scope and scale of the operation targeted today.”

Related: Crypto and psychedelics: Clarifying regulations could help industries grow

Many lawmakers have urged action on cracking down on the distribution of fentanyl in the United States, where the drug was estimated to be responsible for more than 67,000 deaths in 2021. Massachusetts Sen. Elizabeth Warren — an outspoken critic of digital assets — called out potential links between crypto payments and drug trafficking in a May hearing.

The first week in October also marked the 10th year in prison for Ross Ulbricht, the founder of the online marketplace Silk Road. Many criticized the platform for facilitating the drug trade by allowing payments with digital assets, but Ulbricht still has his supporters in the crypto space.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Russia Cautious on Tokenizing Real-World Assets

ETF filings changed the Bitcoin narrative overnight — Ledger CEO

Ledger’s CEO says that, while it may take a few years, big money is getting into crypto.

Over the past 12 months, some investors learned the hard way why they needed to move their crypto offline. Those who kept Bitcoin (BTC) and altcoins on crypto exchanges like FTX lost control of their assets, sometimes forever. Events drew a red line under the storied crypto adage: “Not your keys, not your coins.” 

FTX’s loss was hardware wallet manufacturer Ledger’s gain, however. The Bahamas-based exchange’s November 2022 bankruptcy filing delivered to Ledger “our biggest sales day ever,” the firm’s chief experience officer, Ian Rogers, told Cointelegraph, and “November turned out to be our biggest sales month on record.”

Paris-based Ledger has been on a strong growth curve recently, though the past year has not been without controversy. In May, for instance, the firm drew industry ire when it launched a new secret recovery phrase storage service called Ledger Recover. Still, it remains one of the best-known and most-used crypto wallet makers in the world.

Cointelegraph recently caught up with Rogers and Ledger CEO Pascal Gauthier in New York City to discuss the new crypto climate in the United States, the latest trends in crypto storage and differences in doing business in the U.S. and Europe, among other topics.

Cointelegraph: Many think that the crypto/blockchain sector is still in the doldrums or moving sideways at best, but you see reasons to be cheerful even here in the U.S.?

Pascal Gauthier: What happened in 2023 — and went virtually unnoticed — is a change of tone regarding Bitcoin. When the SEC [Securities and Exchange Commission] implied that Bitcoin was a utility and/or commodity — and not a security [like other altcoins] — this triggered two things: large companies like BlackRock began their ETF [exchange-traded fund] application process, and then the media narrative around Bitcoin changed almost overnight.

As 2023 began, Bitcoin was for drug dealers, terrorists, bad for the planet, etc. — and suddenly it became completely kosher. The biggest financial institutions in the U.S. are suddenly doing Bitcoin.

CT: The BlackRock application for a spot-market Bitcoin ETF was a turning point?

PG: Big money is coming into crypto; it’s been announced. It may take a few years to really finally arrive, but if you look at Fidelity, BlackRock, Vanguard…

CT: What about U.S. regulations? Aren’t they still a barrier?

PG: The next administration will decide the fate of crypto in the United States. If Biden stays in power, this administration could continue to be aggressive toward crypto. If it’s someone else, we’ll see what happens.

CT: Let’s talk about offline storage devices. Mark Cuban said in 2022 that crypto wallets were “awful.” Did he have a point?

PG: A lot of our early customers used our [cold wallet] product to “buy and hold.” You would purchase a Ledger [device], you put your Bitcoin in it, and then you put it someplace and forget about it. But that’s not what we recommend now.

Recent: AI a powerful tool for devs to change gaming, says former Google gaming head

Today, you can connect your wallet to Web3 and use your private keys to do many things, including buying, selling, swapping and staking crypto, as well as engaging with DApps [decentralized applications] and even declaring your taxes.

CT: On a 1 to 10 scale, where would you put cold wallets today in terms of user experience (UX)?

PG: For the industry, it’s a three. For Ledger, maybe a four — and we’re striving to be a 10. The industry has a lot to do in terms of UX and UI [user interface].

Ian Rogers: Your hardware-software combo today is not just about hardware and software. It’s an end-to-end experience.

When you’re buying an Apple iPhone, for instance, you’re not buying a piece of hardware; you’re buying into the Apple experience. We would ultimately like that to be the same thing with Ledger. Our approach is to do the absolute best user experience possible without compromising on security or self-custody.

CT: Still, there’s these UX issues like the 24 seed words you need to recover your private key if you lose your Ledger device. Some users go to great lengths to safeguard those words, even engraving them in steel just in case their house burns down. Doesn’t that sound sort of extreme?

PG: It is a little backwards to have something like a metal plate in your home. It’s not very 21st century. But we came up with a solution for this.

Gauthier (center) speaking at the Viva Technology conference. Source: X

When you use a Ledger product, you end up with your Ledger device and a PIN code. And you will also have those 24 words that become your master password, basically. You need to keep those 24 words safe, and this is a major barrier to entry for a lot of people. They don’t trust themselves with those 24 words. They don’t trust themselves not to lose them.

So, we came up with a service called Ledger Recover [i.e., an optional paid subscription service provided by Coincover that is expected to launch in October] to deal with that. It allows you to shard your private key into three encrypted shards and then send them to three different custodians. They cannot do anything with the [single] encrypted shard. Only you can bring your 24 words together again if necessary.

CT: Don’t we already have something like that with “social recovery,” where you entrust your cold wallet recovery to several friends or “guardians?”

PG: Social recovery doesn’t really work. We’ve done something that resembles social recovery — but with businesses [i.e., Ledger, Coincover and EscrowTech]. You will have to present your ID if you want to initiate the shard recovery.

CT: You were criticized when you first announced the Ledger Recover service in May. Then, the launch was postponed amid the “backlash.” There were security concerns. People said these three shard-holding companies could reconstruct your private key.

PG: There is still a lot of education to be done for people to understand really how security works. People said [at that time] that it might be a good product if it were more transparent and easier to adopt. So we didn’t go live in May, as planned, in order to make the product ‘open source,’ which adds something in terms of transparency though not security,

CT: But couldn’t three sub-custodial companies, at least in theory, collaborate and reconstruct your privacy key?

PG: It’s not possible. They don’t have the necessary tools necessary to decrypt and reconstruct.

CT: Moving on to Ledger’s business model, do you sometimes worry that as big institutions like Fidelity Investments or banks like BNY Mellon enter the crypto space that users may simply park their crypto with them? If they get hacked, those giant custodial institutions will then make them whole again. Or at least that is sometimes the thinking.

PG: We’re a pure technology company. So when Fidelity decides to become a [retail] crypto custodian, they’ll probably come to us and buy a part of our technology to build their own technology stack. 

CT: Your business strides several continents. You’re based in France, but you sell many of your devices in the United States. You have first-hand experience of those two business climates — the U.S. and Europe. Are there key differences when it comes to crypto?

PG: Europe has a tendency to over-regulate or regulate too fast, generally speaking. Sometimes people say, well, you know, Europe has clarity because it has MiCA [Markets in Crypto-Assets, the EU’s new crypto legislation], while in the U.S., there is a lack of clarity and lots of lawsuits.

But in the U.S., the way that the law is designed is slow and bumpy. It takes time to change laws in the U.S., but when change finally does come, it’s often for the better.

Magazine: 6 Questions for JW Verret — the blockchain professor who’s tracking the money

If you look at the biggest tech champions in the world, they're mostly American or Chinese. Zero are European.

CT: Are you linking heavy regulation with a lack of innovation?

PG: It’s hard to say if they are directly linked, but Europe has always had a heavy hand in terms of taxation and regulation.

Ian Rogers: To me, there’s no question they are linked. At LVMH [the French luxury goods conglomerate where Rogers served as chief digital officer for five years], we worked with a lot of startups. Every European startup wanted to get to the U.S. or China to “get scale” before they came back to Europe. Europe is not a good market if you’re a startup.

CT: But Ledger remains positive about the future of cryptocurrencies and blockchain technology overall?

PG: Things are not necessarily what they seem to be. It was our [late] French president François Mitterrand, who said: “Give time for time.” There’s something going on now, and only the future will be able to make clear what is happening.

Russia Cautious on Tokenizing Real-World Assets

MoneyGram to launch non-custodial crypto wallets by Q1 2024

The non-custodial wallet will continue MoneyGram’s remittance focus allowing users to easily convert their digital assets to fiat.

Payment processing giant MoneyGram is all set to launch its own non-custodial crypto wallets, the company’s chief executive officer, Alex Holmes, announced during the Stellar Development Foundation annual Meridian conference.

The non-custodial crypto wallet will be built on the Stellar network and hit the market in the first quarter of 2024. The wallet was created in partnership with the Cheesecake Labs, and will make use of the Stellar network and MoneyGram's fiat on and off-ramp services to facilitate instant transactions. There will be no charge to use it until June 2024.

The wallet will allow users to leverage stablecoin technology to move between fiat and digital currencies, and is intended to strengthen the company's focus on its core competence of cross-border remittance and payment settlements. Wallet users will be able to send digital assets to other users within the wallet as well, the company said.

In order to make the digital assets more useful, MoneyGram wallet users will be able to cash out their assets at any partner MoneyGram facility, the company said, adding that all wallet users will have access to its global compliance screening tools to make way for safer and more secure digital assets transactions.

MoneyGram over the years has expanded its services to incorporate the digital asset market and developed its own global fiat on and off-ramp service for digital wallets in 2022. Since the launch of its digital asset-fiat on/off-ramp services the company has expanded the service to eight digital wallets on the Stellar network. The services allow consumers to cash out in 180+ countries and cash in 30+ countries around the world.

Related: Stellar partners with UNHCR to give Ukrainian refugees cash via USDC

Stellar, the MoneyGram partner for its non-custodial wallet is also a stakeholder in the remittance firm. The Stellar Development Foundation acquired a minority stake in MoneyGram in August earlier this year giving the foundation a seat on MoneyGram’s board of directors.

Cointelegraph reached out to MoneyGram for further details, but hasn't yet received a reply.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Journeys: Hervé Larren on Bitcoin, Apes and the psychology of ‘blue-chip’ NFTs

Russia Cautious on Tokenizing Real-World Assets

North Korean Lazarus Group amasses over $40M in Bitcoin, data reveals

The North Korean hacking collective has at least $47 million in cryptocurrency, including Bitcoin, Ether, Binance Coin and various stablecoins, including Binance USD.

North Korean hacking collective Lazarus Group holds a whopping $47 million in cryptocurrency, most of which is in Bitcoin (BTC), new data shows. 

According to data collated on Dune Analytics from 21.co — the parent company of 21Shares — wallets associated with the Lazarus Group currently hold around $47 million worth of digital assets, including $42.5 million in Bitcoin, $1.9 million in Ether (ETH), $1.1 million in Binance Coin (BNB) and an additional $640,000 in stablecoins, primarily BUSD.

However, the amount of crypto held appears to have dropped from the $86 million the group held on Sept. 6, a few days after the Stake.com hack in which Lazarus was implicated.

The Dune dashboard tracks 295 wallets identified by the U.S. Federal Bureau of Investigation (FBI) and Office of Foreign Assets Control (OFAC) as being owned by the hacking group, it noted.

Lazarus Group crypto holdings. Source: Dune Analytics

Surprisingly, the group does not hold any privacy coins such as Monero (XMR), Dash, or Zcash (ZEC) which are arguably much harder to trace.

Meanwhile, Lazarus crypto wallets are still highly active with the most recent transaction being recorded on September 20.

21.co also noted that the group’s holdings are likely to be much higher than what has been reported. “We should note that this is a lower-bound estimation of Lazarus Group’s crypto holdings based on publicly available information,” it stated.

Related: 3 steps crypto investors can take to avoid hacks by the Lazarus Group

On September 13, Cointelegraph reported that the Lazarus group carried out the attack on crypto exchange CoinEx, which lost at least $55 million.

The FBI has also fingered Lazarus for the Alphapo, CoinsPaid, and Atomic Wallet hacks, which collectively added up to more than $200 million that the group stole in 2023.

However, Chainalysis reported that crypto thefts by North Korea-linked hackers are down a whopping 80% from 2022. As of mid-September, North Korea-linked groups had stolen a total of $340.4 million in crypto, down from a record $1.65 billion in pilfered digital assets in 2022.

Late last week, United States federal authorities warned of "significant risk" for potential attacks on U.S. healthcare and public health sector entities by the Lazarus Group.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

Russia Cautious on Tokenizing Real-World Assets

What are address poisoning attacks in crypto and how to avoid them?

Address poisoning attacks involve tracking, misusing or compromising cryptocurrency addresses.

Address poisoning attacks are malicious tactics used by attackers who can reroute traffic, interrupt services, or obtain unauthorized access to sensitive data by inserting bogus data or changing routing tables. The integrity of data and network security are seriously threatened by these assaults, which take advantage of flaws in network protocols.

This article will explain what address poisoning attacks are, their types and consequences, and how to protect oneself against such attacks.

Address poisoning attacks in crypto, explained

In the world of cryptocurrencies, hostile actions where attackers influence or deceive consumers by tampering with cryptocurrency addresses are referred to as address poisoning attacks.

On a blockchain network, these addresses, which are made up of distinct alphanumeric strings, serve as the source or destination of transactions. These attacks use a variety of methods to undermine the integrity and security of cryptographic wallets and transactions.

Address poisoning attacks in the crypto space are mostly used to either illegally acquire digital assets or impair the smooth operation of blockchain networks. These attacks may encompass:

Theft

Attackers may trick users into transmitting their funds to malicious addresses using strategies such as phishing, transaction interception or address manipulation.

Disruption

Address poisoning can be used to disrupt the normal operations of blockchain networks by introducing congestion, delays or interruptions in transactions and smart contracts, reducing the effectiveness of the network.

Deception

Attackers frequently attempt to mislead cryptocurrency users by posing as well-known figures. This undermines community trust in the network and might result in erroneous transactions or confusion among users.

To protect digital assets and the general integrity of blockchain technology, address poisoning attacks highlight the significance of strict security procedures and constant attention within the cryptocurrency ecosystem.

Related: How to mitigate the security risks associated with crypto payments

Types of address poisoning attacks

Address poisoning attacks in crypto include phishing, transaction interception, address reuse exploitation, Sybil attacks, fake QR codes, address spoofing and smart contract vulnerabilities, each posing unique risks to users’ assets and network integrity.

Phishing attacks

In the cryptocurrency realm, phishing attacks are a prevalent type of address poisoning, which involves criminal actors building phony websites, emails or communications that closely resemble reputable companies like cryptocurrency exchanges or wallet providers.

These fraudulent platforms try to trick unsuspecting users into disclosing their login information, private keys or mnemonic phrases (recovery/seed phrases). Once gained, attackers can carry out unlawful transactions and get unauthorized access to victims’ Bitcoin (BTC) assets, for example.

For instance, hackers might build a fake exchange website that looks exactly like the real thing and ask consumers to log in. Once they do so, the attackers can gain access to customer funds on the actual exchange, which would result in substantial financial losses.

Transaction interception

Another method of address poisoning is transaction interception, in which attackers intercept valid cryptocurrency transactions and change the destination address. Funds destined for the genuine receiver are diverted by changing the recipient address to one under the attacker’s control. This kind of attack frequently involves malware compromising a user’s device or network or both.

Address reuse exploitation

Attackers monitor the blockchain for instances of address repetition before using such occurrences to their advantage. Reusing addresses can be risky for security because it might reveal the address’s transaction history and vulnerabilities. These weaknesses are used by malicious actors to access user wallets and steal funds.

For instance, if a user consistently gets funds from the same Ethereum address, an attacker might notice this pattern and take advantage of a flaw in the user’s wallet software to access the user’s funds without authorization.

Sybil attacks

To exert disproportionate control over a cryptocurrency network’s functioning, Sybil attacks entail the creation of several false identities or nodes. With this control, attackers are able to modify data, trick users, and maybe jeopardize the security of the network.

Attackers may use a large number of fraudulent nodes in the context of proof-of-stake (PoS) blockchain networks to significantly affect the consensus mechanism, giving them the ability to modify transactions and potentially double-spend cryptocurrencies.

Fake QR codes or payment addresses

Address poisoning can also happen when fake payment addresses or QR codes are distributed. Attackers often deliver these bogus codes in physical form to unwary users in an effort to trick them into sending cryptocurrency to a location they did not plan.

For example, a hacker might disseminate QR codes for cryptocurrency wallets that look real but actually include minor changes to the encoded address. Users who scan these codes unintentionally send money to the attacker’s address rather than that of the intended receiver, which causes financial losses.

Address spoofing

Attackers who use address spoofing create cryptocurrency addresses that closely resemble real ones. The idea is to trick users into transferring money to the attacker’s address rather than the one belonging to the intended recipient. The visual resemblance between the fake address and the real one is used in this method of address poisoning.

An attacker might, for instance, create a Bitcoin address that closely mimics the donation address of a reputable charity. Unaware donors may unintentionally transfer money to the attacker’s address while sending donations to the organization, diverting the funds from their intended use.

Smart contract vulnerabilities

Attackers take advantage of flaws or vulnerabilities in decentralized applications (DApps) or smart contracts on blockchain systems to carry out address poisoning. Attackers can reroute money or cause the contract to behave inadvertently by fiddling with how transactions are carried out. Users may suffer money losses as a result, and decentralized finance (DeFi) services may experience disruptions.

Consequences of address poisoning attacks

Address poisoning attacks can have devastating effects on both individual users and the stability of blockchain networks. Because attackers may steal crypto holdings or alter transactions to reroute money to their own wallets, these assaults frequently cause large financial losses for their victims.

Beyond monetary losses, these attacks may also result in a decline in confidence among cryptocurrency users. Users’ trust in the security and dependability of blockchain networks and related services may be damaged if they fall for fraudulent schemes or have their valuables stolen.

Additionally, some address poisoning assaults, such as Sybil attacks or the abuse of smart contract flaws, can prevent blockchain networks from operating normally, leading to delays, congestion or unforeseen consequences that have an effect on the entire ecosystem. These effects highlight the need for strong security controls and user awareness in the crypto ecosystem to reduce the risks of address poisoning attacks.

Related: How to put words into a Bitcoin address? Here’s how vanity addresses work

How to avoid address poisoning attacks

To protect users’ digital assets and keep blockchain networks secure, it is crucial to avoid address poisoning assaults in the cryptocurrency world. The following ways may help prevent being a target of such attacks:

Use fresh addresses

By creating a fresh crypto wallet address for each transaction, the chance of attackers connecting an address to a person’s identity or past transactions can be decreased. For instance, address poisoning attacks can be reduced by using hierarchical deterministic (HD) wallets, which create new addresses for each transaction and lessen the predictability of addresses.

Utilizing an HD wallet increases a user’s protection against address poisoning attacks because the wallet’s automatic address rotation makes it more difficult for hackers to redirect funds.

Utilize hardware wallets

When compared to software wallets, hardware wallets are a more secure alternative. They minimize exposure by keeping private keys offline.

Exercise caution when disclosing public addresses

People should exercise caution when disclosing their crypto addresses in the public sphere, especially on social media sites, and should opt for using pseudonyms.

Choose reputable wallets

It is important to use well-known wallet providers that are known for their security features and regular software updates to protect oneself from address poisoning and other attacks.

Regular updates

To stay protected against address poisoning attacks, it is essential to update the wallet software consistently with the newest security fixes.

Implement whitelisting

Use whitelisting to limit transactions to reputable sources. Some wallets or services allow users to whitelist particular addresses that can send funds to their wallets.

Consider multisig wallets

Wallets that require multiple private keys to approve a transaction are known as multisignature (multisig) wallets. These wallets can provide an additional degree of protection by requiring multiple signatures to approve a transaction.

Utilize blockchain analysis tools

To spot potentially harmful conduct, people can track and examine incoming transactions using blockchain analysis tools. Sending seemingly trivial, small quantities of crypto (dust) to numerous addresses is a common practice known as dusting. Analysts can spot potential poisoning efforts by examining these dust trade patterns.

Unspent transaction outputs (UTXOs) with tiny amounts of cryptocurrency are frequently the consequence of dust transactions. Analysts can locate possibly poisoned addresses by locating UTXOs connected to dust transactions.

Report suspected attacks

Individuals should respond right away in the event of a suspected address poisoning attack by getting in touch with the company that provides their crypto wallet through the official support channels and detailing the occurrence.

Additionally, they can report the occurrence to the relevant law enforcement or regulatory authorities for further investigation and potential legal action if the attack involved considerable financial harm or malevolent intent. To reduce possible risks and safeguard both individual and group interests in the cryptocurrency ecosystem, timely reporting is essential.

Russia Cautious on Tokenizing Real-World Assets

Opera browser debuts stablecoin wallet MiniPay in Africa

Opera’s new in-browser, non-custodial wallet runs on the Celo blockchain and targets the platform’s user base in Africa for P2P stablecoin transactions.

The web platform Opera revealed its plans to launch a non-custodial stablecoin wallet integrated into its mobile web browser which will be made available to its user base in Africa. 

On Sept. 13, the web services provider introduced the MiniPay wallet integration, built on the Celo blockchain, that allows users in Africa to send or receive stablecoins by using their already existing mobile numbers.

Opera began its operations in Africa 17 years prior and now has over 100 million users on the continent. The launch of MiniPay will begin in the coming months and first start in Nigeria.

Jørgen Arnesen, the executive vice president for mobile at Opera, commented that:

“Users in Nigeria, Kenya, Ghana, and South Africa have indicated lingering concerns about high fees, unreliable service uptimes, a lack of transparency around transaction progress and a lack of access to mobile data.”

The new MiniPay wallet will operate with sub-cent fees, and onboard and backup wallets through users’ Google credentials. 

It also has integrated with local payment methods including Airtime and MPesa, along with traditional bank transfers to allow its users to add and withdraw stablecoins from the wallet into the local currency.

Arnesen told Cointelegraph that specifically for Africa they developed the Opera Mini browser as a “unique, data-saving technology that allows users to surf the web and gain access to information without having to expend a major part of their monthly income.”

Related: Google Chrome launches built-in user tracking for advertisers

Celo also has a strong user base in Africa and says the integration “opens the door” for more Ethereum-compatible dApps to be built for MiniPay.

Arnesen also mentioned that as the product launches, MiniPay will support Mento stable asset cUSD or Celo Dollar, which tracks the value of USD, on Celo. 

“This way, we are not confusing users with multiple currencies at a time, as would be the case in a regular crypto wallet. “

In April of this year, Opera announced a new generative artificial intelligence (AI) integration into its then-latest browser update. The in-browser AI feature, called AI Prompt, gives users “contextual prompts” for web pages or highlighted text. 

Last December, it launched a suite of security tools with the aim to protect users against “malicious Web3 actors.”

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: How to protect your crypto in a volatile market: Bitcoin OGs and experts weigh in

Russia Cautious on Tokenizing Real-World Assets