Generating

78 related results were found.   
Subscribe Query
Mbeyaconscious
Mbeyaconscious
followers

🚨🚨 Cryptocurrency Investor Loses $4.2M in Sophisticated Phishing Attack 🚨🚨 In a recent report by CryptoPotato, an undisclosed individual faced a substantial loss of $4.2 million in aEthWETH and aEthUNI, falling victim to a meticulously orchestrated phishing attack. The assailants exploited a forged ERC-20 permission signature, catching the investor off guard. According to Scam Sniffer, a web3 security firm, the victim unknowingly approved multiple transactions by signing permissions with a manipulated ERC-20 authorization. The attackers, utilizing an opcode contract, cleverly evaded security alerts by creating new addresses for each signature, redirecting funds just before the transactions were executed. At the heart of this crypto threat lies opcode malware, a malicious software exploiting operation codes in scripting languages across platforms. This malware adeptly reroutes funds, authorizes unauthorized expenditures, and immobilizes assets within smart contracts. Its ability to elude traditional security measures poses challenges for detection and removal efforts. Security experts warn that opcode malware can seize control of a victim's CPU, memory, and system resources by exploiting vulnerabilities in the operating system or applications. Once infiltrated, the malware executes machine code instructions, enabling malicious activities such as fund diversion, crypto mining, or launching distributed denial-of-service (DDoS) attacks. This incident underscores the escalating sophistication of phishing activities in the crypto space, with scammers adopting advanced tactics. Notably, even crypto whales, individuals with substantial market-influencing holdings, have fallen prey to such fraudulent schemes, resulting in significant financial losses. As the crypto community grapples with evolving threats, vigilance and enhanced security measures become paramount. This unfortunate loss emphasizes the ongoing need to educate and protect investors against malicious activities in the dynamic landscape of digital assets. #Write2Earn

about 1 month ago
Binance News
Binance News
followers

According to CryptoPotato, renowned blockchain developer Antoine Riard has called for urgent updates to Bitcoin's source code in response to critical vulnerabilities within the Lightning Network. Riard's research paper highlights a specific category of transaction-relay jamming attacks known as 'replacement cycling.' The Lightning Network was designed to address Bitcoin's scalability issues, but replacement cycling attacks can effectively steal funds from Lightning channels without requiring extensive computational power or network interference. Riard's research reveals that an attacker can take control of the channel capacity of Lightning routing hops in certain situations, interfering with the transaction relay on the base-layer Bitcoin network and manipulating the fee-bumping mechanism to intentionally delay or prevent other transactions' confirmation. This type of attack is particularly concerning as it can be executed regardless of network congestion and has serious implications for the broader Bitcoin ecosystem, which has at least 50,000 nodes running the BTC protocol as of October 2023. Riard's paper proposes a series of mitigations at both the Lightning Network and Bitcoin base-layer levels, including local mempool monitoring, aggressive rebroadcasting strategies, and transaction-relay and mempool rule changes. However, Riard argues that the existing mitigations implemented by major Lightning implementations are insufficient against advanced adversaries and calls for fundamental changes in Bitcoin's source code to prevent such vulnerabilities. 'This isn't about patchwork fixes anymore. We need foundational changes in the Bitcoin source code to secure the Lightning Network effectively,' Riard stated. The study also introduces a unique transaction-relay jamming attack category that impacts existing and upcoming protocol versions. These practical attacks enable the unauthorized extraction of money from Lightning channels without network mempool congestion, simplifying the conditions required for a sophisticated Lightning attack. The attacks can target all funds up to the permitted in-flight HTLC value, and a modified form of this attack could also compromise future peer-to-peer extension package relays.

4 months ago
CoinDesk
CoinDesk
followers

One of the most controversial proposals to hit Bitcoin in years – a move that would have made it harder to mint NFTs and tokens atop the blockchain – has been abruptly terminated without any action being taken, leading to claims of censorship by the lead proponent for the change. The developer known publicly as Luke Dashjr, who has worked on Bitcoin for over a decade, created the proposal in September. The move came just months after the appearance of Ordinals, a protocol that allowed users to "inscribe" data onto the blockchain, such as NFTs or the specifications for new tokens. The Ordinals project quickly became so popular that it caused congestion on the network. The Bitcoin-based NFTs – previously only available on other blockchains, like Ethereum – have proven valuable in their own right, with a trio of "BitcoinShrooms" recently fetching about $450,000 in a sale at the historic auction house Sotheby's. Dashjr filed his proposal on the open-source developer platform Github under the very mundane and technical-sounding goal of updating the popular Bitcoin Core software "to be effective with newer datacarrying styles." But the discussion quickly turned into an acrimonious debate over whether the 14-year-old blockchain should be preserved as a peer-to-peer payments network or if market forces should determine which transactions get prioritized. Even some experts who supported a more purist vision for the blockchain expressed skepticism that Dashjr's proposal to filter out the Ordinals transactions could win over Bitcoin miners, who play a key role in the network's operations and have benefited handsomely from the fee windfall. Read more: Ordinals Upend Bitcoin Mining, Pushing Transaction Fees Above Mining Reward for First Time in Years A few days ago, Ava Chow, a Bitcoin Core maintainer, abruptly cut off further discussion of Dashjr's proposal – technically known as a "pull request" or PR – without taking any action to incorporate the fresh code. According to the web page for the open-source Bitcoin Core project, maintainers are responsible for adding code changes that "the team agrees should be merged." "It's abundantly clear that this PR is controversial and, in its current state, has no hope of reaching a conclusion that is acceptable to everyone," Chow wrote. "At this point in time, I see no reason to leave this open and to continue to send notifications for the constant back-and-forth stalemate discussion." 'Pretty sophisticated' Another Bitcoin Core maintainer, Gloria Zhao, tweeted out a summary of the debate on Github, including a recap of the technical details. The thrust of Dashjr's proposal was to apply strict data-size limits more broadly to Bitcoin transactions, similar to the hard 80-byte limit applied to a specific data field known as "OP_RETURN." "There's been a lot of talk about adding filters to keep Ordinals TXs out of bitcoin, and this is a pretty sophisticated way to do that," said Lisa Neigut, a Blockstream developer who also teaches courses for Bitcoin developers at Base58. "It would basically make getting Ordinals into blocks very hard to do using the normal TX delivery pipeline." Zhao, in her summary, noted that the effort to "Stop inscriptions" as "spam" had been countered by arguments that "We cannot write code to detect all embedded data." In response, Dashjr tweeted that "you conveniently left out that the objections to the PR have already been refuted/answered," and that Chow had "censored anyone who wants to reply." But you conveniently left out the fact that the objections to the PR have already been refuted/answered.And then @achow101 censored anyone who wants to reply... — Luke Dashjr (@LukeDashjr) January 5, 2024 Read More: 'Bitcoin NFT' Hysteria Comes to Sotheby's as Super-Mario-Style Mushroom Character Tops $200K Dashjr, who has been pushing to purge from Bitcoin what he once described as "data storage schemes" since at least 2014, made headlines recently when his firm Mummolin raised $6.2 million in a seed funding round led by Block Inc.'s head and Twitter founder Jack Dorsey. Notably, leaders of the company's Ocean bitcoin mining pool signaled last month that the new project might filter out many transactions involving the Ordinals inscriptions. CoinDesk reached out to Dashjr for comment, and he responded by sending a link to a fresh post he wrote on Github a few days ago. The proposal to "fix the bug" was "inappropriately closed due to social attacks," Dashjr wrote on Github. "This remains an active issue that needs to be addressed." A slew of comments have already piled up on the new thread, starting a new debate on the topic. Read more: Bitcoin Inscriptions Divide BTC Community Amid Network Congestion, but Are 'Unstoppable'

about 2 months ago
Voice Of Crypto
Voice Of Crypto
followers
  • A hacking incident exploited a rounding error within the platform's code, resulting in the theft of millions in ETH. Consequently, Radiant had to close down its lending markets. - The attack occurred on the Arbitrum protocol, impacting Radiant Capital. During this period, Arbitrum's native cryptocurrency, Arbitrum ( $ARB ), has been consistently surging for over a week. - The hacker utilized a flash loan to manipulate a USDC market parameter, leading to a malfunction in the smart contract. - This incident joins a series of prominent recent hacks, such as those affecting Orbit Chain ($81.5M) and Badger DAO ($120M). - Despite the attack, $ARB has remarkably surged by 70% in the last month. - Radiant Capital has assured its users about the safety of funds and pledges a thorough investigation along with a swift resumption of operations. Certainly! Here's an alternative version for the given text: Last week witnessed a hacker exploiting a coding discrepancy within Radiant Capital's cross-chain lending protocol, resulting in the siphoning of $4.5 million worth of Ethereum (ETH). The breach stemmed from a critical alteration of the index parameter within one of Radiant Capital's new USD Coin (USDC) markets, orchestrated via a flash loan technique, as revealed in a report by the blockchain security platform Beosin. By manipulating the index parameter to an exceptionally large value, the hacker triggered a malfunction in the platform's smart contract. This precision error allowed the attacker to withdraw an amount surpassing their initial deposit, ultimately totaling $4.5 million in Ethereum. As of the current moment, the perpetrator remains at large, and Radiant Capital has promptly ceased its lending markets in response to the breach, confirmed in an official statement on their website. Assurances were given to customers that their funds are secure beyond the stolen amount. Moreover, the incident at Radiant Capital is not an isolated occurrence within the crypto market. Recent months have witnessed a string of cyberattacks, including the $81.5 million hack at Orbit Chain in December 2023 and the $120 million loss by Badger DAO in November due to smart contract vulnerabilities. Flash loan attacks seem to be a recurring trend, with Cream Finance losing $130 million in October and pNetwork succumbing to a $12.7 million hack in September. Interestingly, amid these security concerns, Arbitrum, the native cryptocurrency of the protocol where the Radiant Capital attack took place, has experienced an ongoing surge in value. Currently trading around $1.87, Arbitrum has seen a remarkable 70% increase in the past month. Please note that while Voice of Crypto strives to provide accurate information, it cannot be held accountable for any missing details or inaccuracies. Given the volatile nature of cryptocurrencies, it's advisable to conduct thorough research and exercise caution when making financial decisions. #ARB #Arbitrum #ETH #Ethereum #Crypto2024 $ARB $ETH
about 2 months ago
Cointelegraph
Cointelegraph
How the Ledger Connect hacker tricked users into making malicious approvals
3 months ago
Cointelegraph
Cointelegraph
followers

The alarming statistics indicate shifting dynamics in the cybercrime landscape, suggesting a growing focus on crypto malware. So, what exactly is crypto malware? Crypto malware is a class of malware that is designed to hijack the processing power of computers or devices for the purpose of mining cryptocurrencies. Crypto malware accomplishes this through a process referred to as cryptojacking. Usually, the stolen processing power is used to mine privacy-centric cryptocurrencies such as Monero (XMR), which have advanced obfuscation features that make it difficult for authorities to track. That said, the first publicly available cryptojacking script was released by Coinhive in 2017. The script allowed webmasters to embed mining code on their websites in order to harness the computing power of their visitors’ devices. This marked the beginning of a growing trend, with crypto malware attacks skyrocketing in subsequent years. Why are crypto malware attacks on the rise, and how are they carried out? According to current trends, hackers are moving away from disruptive cybersecurity attacks, such as ransomware, to crypto malware attacks, which are considered more passive. Cybersecurity experts attribute this paradigm shift to several factors. Top among them is that cryptojacking attacks are relatively low-risk compared to tactics such as ransomware attacks that routinely draw the attention of anti-crime agencies. Moreover, the illegality of crypto mining is a gray area, making it easier for malicious groups to avoid scrutiny. The cost-effectiveness of crypto malware attacks is another factor driving hacker groups to focus more on stealing processing power. Stealing processing power costs next to nothing, and the loot can easily be converted into cash with minimal complications. This aspect makes cryptojacking highly convenient for nefarious groups. Additionally, unlike conventional malware, cryptojacking attacks use low-level exploits, such as browser loopholes, which are difficult to detect. The widespread use of Internet-of-Things (IoT) devices is another contributing factor to the surge in crypto malware attacks. Because IoT devices usually have weaker security safeguards compared to computers, they are more vulnerable to exploitation. This makes them prime targets for hackers. This factor inadvertently increases the attack surface for crypto malware attacks. Crypto malware vs. ransomware Crypto malware and ransomware are two distinct types of malware. While crypto malware is malware used to mine cryptocurrencies on computers without users’ consent, ransomware is utilized by hackers to encrypt files on computers and demand ransom payments for their decryption. The following is an overview of their fundamental differences: How do crypto malware attacks spread? Over the years, black hats have devised numerous ways of compromising computing devices in order to carry out crypto malware attacks. The following is a breakdown of some of the key strategies used by hackers: Installing crypto-mining code Injecting crypto-mining malware into a computer is a common tactic used by hackers to exploit the computing resources of compromised devices. In many cases, attackers install the malware on a computer by tricking victims into downloading seemingly innocuous files laden with crypto-mining malware or baiting them into clicking links that lead to malicious websites designed to deliver malware payloads. In some cases, hacker groups spread the malware through compromised routers, further complicating detection and mitigation efforts. Injecting crypto mining scripts into ads and websites Cybercriminals can unleash crypto-mining malware by planting malicious scripts in ads and websites. The scripts typically exploit browser vulnerabilities to force visitors’ computers to mine cryptocurrencies the moment they open the infected pages. This can occur even if the victim refrains from clicking on the infected ads or any trigger elements that are on the website. Exploiting vulnerabilities in software and operating systems Hackers regularly exploit vulnerabilities in software and operating systems to install crypto-mining code on victims’ devices. In many cases, they achieve this by taking advantage of known vulnerabilities or employing zero-day exploits. Some cryptojacking campaigns have also been found to rely on side-loading exploits to install cryptojacking modules that imitate legitimate system processes. Side loading is the injection of code that has not been approved by a developer to run on a device. The technique allows for the deployment of persistent malware, including crypto malware. Exploiting cloud-based infrastructure vulnerabilities Hackers have been known to exploit vulnerabilities in cloud-based infrastructure to pilfer their immense processing power for crypto mining. In some instances, attackers have resorted to using stealthy, fileless payloads to execute crypto malware attacks. The payloads are typically programmed to disappear from memory once cloud workloads are halted, further complicating detection efforts. Malicious browser extensions Cybercriminals sometimes use malicious browser extensions to carry out cryptojacking attacks. The extensions, which are often disguised as plugins for legitimate purposes, force victims’ machines to mine digital assets. The malicious activities of such extensions are typically difficult to detect due to their seemingly legitimate functions. Symptoms of crypto malware infection Crypto malware infections can manifest in a number of ways, ranging from the glaringly obvious to the deceptively subtle. The following is a breakdown of some of the telltale signs of a crypto malware infection: Increased CPU usage Crypto malware typically tends to target the central processing unit (CPU) of a computer. The CPU is the primary processing component responsible for coordinating a machine’s hardware, operating systems and applications. It utilizes complex electronic circuitry to process instructions from various components. As such, computers infected with crypto mining malware often experience an anomalous surge in CPU usage. CPU activity can be monitored using the Task Manager on Windows or Activity Monitor on macOS. A sudden and sustained spike in CPU usage, particularly when the system is idle, could indicate a crypto malware infection. Slow performance Crypto malware’s heavy reliance on CPU resources often leads to a noticeable decline in overall system performance. The performance issues can be attributed to the overburdening of the CPU with cryptocurrency mining operations. In the presence of a crypto malware infection, the decline in performance is usually accompanied by secondary problems such as overheating issues, which sometimes force the computer’s cooling system (fans) to work harder to dissipate the heat. Often, this coincides with increased electricity consumption. Unusual network activity Unusual computer network activity could indicate a crypto malware infection. This is because crypto malware is usually set up to ping external servers to receive updates and instructions. As a result, irregular network patterns, such as frequent outgoing connections, could indicate potential infections. Such activities are usually accompanied by the emergence of unfamiliar processes or applications that usually consume more CPU resources than normal. Protection against crypto malware attacks Crypto malware attacks can be deterred through various methods. The following is a breakdown of some of them. Keeping the operating system and software updated Regularly updating a computer’s operating system ensures that the software has the latest security patches and could deter crypto malware attacks. The rationale behind the precautionary measure is that the updates will prevent cybercriminals from using loopholes in outdated systems to launch attacks. Install and use reputable antivirus and anti-malware software Installing robust anti-malware software is a crucial step in deterring cybersecurity threats, including crypto malware. Top-rated anti-malware programs often scan devices regularly for malicious software and use sophisticated detection methods to identify threats, including crypto miners. Many of the formidable antivirus software also have real-time scanning features that can identify and prevent crypto malware from deploying on a system. Be cautious with email attachments and links Email remains a favored medium for cybercriminals to spread malware, including crypto malware. To avoid falling victim to email malware distribution schemes, one should avoid opening attachments or clicking on links in emails from unknown or suspicious sources. This is because cybercriminals regularly use deceptive emails to trick users into unknowingly downloading crypto malware onto their devices. Therefore, disregarding suspicious emails could help to avert crypto malware attacks. Only download software from trusted sources Downloading software from reputable sources reduces the risk of encountering malicious programs. This is because reputable platforms usually undergo stringent security checks to reduce the chances of distributing compromised software. Untrustworthy websites, on the other hand, usually lack such safeguards and are therefore likely to distribute software that contains malware, including crypto mining malware. Use a firewall A firewall acts as a barrier between a computing device and the internet and is usually set up to block unauthorized access by filtering incoming and outgoing connections. The added security layer makes it more difficult for crypto malware to infect machines. Install an anti-cryptojacking extension Installing specialized anti-cryptojacking browser extensions can help in the detection and blocking of crypto-mining scripts designed to target browser elements. Legitimate anti-cryptojacking extensions are usually available on official browser developer web stores. An alternative, albeit more extreme approach, is to disable JavaScript support on a browser. The mitigation measure will prevent the execution of JavaScript-based cryptojacking scripts. Future crypto malware trends The number of recorded crypto malware attacks is likely to increase in the future, based on current trends. This is partly due to shifting law enforcement priorities toward addressing high-profile cybercrimes like ransomware and data breaches. The reduced attention from authorities is likely to embolden cybercriminals and lead to a rise in cryptojacking attacks. Past trends suggest that cybercriminals will continue to develop new cryptojacking techniques to exploit vulnerabilities in emerging technologies. The evolution is likely to make it challenging for traditional security solutions to detect and prevent these types of attacks, at least in the beginning. Finally, limited user awareness about cryptojacking and its associated risks continues to be a significant obstacle in the fight against crypto malware. The lack of understanding often leads to disregard for preventive measures, leaving more machines vulnerable and contributing to an increase in infection rates.

2 months ago
Cryptopolitan
Cryptopolitan
followers

An unidentified company in Hangzhou, China recently fell victim to a ransomware attack perpetrated using ChatGPT, leading to the first arrests in the country involving the AI chatbot. Chinese authorities revealed that four cybercriminals were detained late last month – two in Beijing and two in Inner Mongolia. The suspects confessed to utilizing ChatGPT to optimize ransomware code, conduct network scans, infiltrate systems, deploy malware, and extort funds. The attack itself saw the company’s networks blocked by ransomware, with the criminals demanding a payment of 20,000 Tether cryptocurrency to restore access. Ransomware usage on the rise Ransomware has fast become one of the most severe cyberthreats facing governments, businesses, and individuals worldwide. The malicious software encrypts files and systems, rendering them inaccessible until a ransom demand is met. Damages from ransomware topped an estimated $20 billion globally in 2021. Attacks increased by 13% that year in China alone, where cybercriminals made off with over $1.6 billion in extorted payments. The arrests mark the first time ChatGPT has been implicated in a Chinese ransomware case. However, the chatbot itself likely did not directly participate in the attack. Instead, the accused admitted to using ChatGPT’s natural language capabilities to optimize their malware code. The AI’s conversational nature makes it straightforward to refine ransomware programs by providing feedback and suggestions. Access to ChatGPT limited in China While immensely popular worldwide, ChatGPT faces restrictions in China. OpenAI, its developer, has blocked mainland Chinese IP addresses from accessing the chatbot. Some users bypass the limitations using VPNs registered outside of China. However, the legal risks for companies providing such services are unclear. Authorities have warned that ChatGPT could potentially “commit crimes and spread rumors” if access becomes widespread. But interest in the AI remains high, with tech firms racing to develop rivals to OpenAI’s breakout product. Generative AI also enables convincing deepfakes, which Chinese police confronted this summer in a loan scam crackdown. With the technology’s hazards evident, regulators globally are assessing how best to respond. Concerns around AI-written malware ChatGPT garnered fame for its conversational tone and eloquent, human-like responses on most topics. But its advanced language skills also make it dangerously effective for malicious uses like optimizing malware. Cybersecurity researchers exposed how straightforward it was for ChatGPT to generate fake phishing pages, malicious computer code, and other threats. With simple prompts, the AI produces sophisticated ransomware tailored to evade detection. And chatbots like ChatGPT never forget what they have learned. The accumulated knowledge further enhances their skills in coding malware, hacking systems, and deceiving targets. AI’s generative nature poses wider risks Beyond software vulnerabilities, AI chatbots also create risks around misinformation. Their convincing human-like writing can flood social networks and websites with false material that appears credible. Generative AI likewise enables creation of deepfake audio/video media and cloned voices for fraud purposes. Impersonation scams and fake celebrity media pose major threats as the technology advances. Plus, legal and ethical issues persist around AI training datasets and ownership. Systems like ChatGPT ingest vast troves of copyrighted books, articles, songs, images, and other content without consent. As generative AI’s capabilities grow exponentially, its potential for harm in the wrong hands continues rising too. But careful regulation and cybersecurity vigilance can help mitigate emerging threats

2 months ago
FinegirlDami
FinegirlDami
followers

The security of your cryptocurrency holdings is an important concern in the digital age, as financial landscapes are undergoing a transformative shift towards decentralisation. The selection of a cryptocurrency wallet and its subsequent security are crucial since they act as the entry point to your decentralised funds. This article explores the world of cryptocurrency wallets, explains what they are, helps you select the best one for your needs, and offers crucial advice on protecting your priceless possessions.What are Cryptocurrency WalletsCryptocurrency wallets are digital tools that enable users to store, manage, and transact with their digital assets. Unlike traditional wallets that hold physical currency, cryptocurrency wallets interact with the blockchain, allowing users to access, send, and receive various cryptocurrencies. These wallets come in diverse forms, each catering to different user preferences and needs.How to choose the Right Cryptocurrency Wallet1. Types of WalletsCryptocurrency wallets can be broadly categorised into software wallets and hardware wallets. Software wallets, connected to the internet, provide convenience but may be more susceptible to hacking. Hardware wallets, on the other hand, store private keys offline, enhancing security but sacrificing some accessibility.2. Considered Cryptocurrencies Before selecting a wallet, consider the cryptocurrencies you intend to manage. Some wallets support a wide range of digital assets, while others are designed for specific cryptocurrencies. Ensure your chosen wallet aligns with your portfolio.3. User-Friendly InterfaceOpt for a wallet with an intuitive and user-friendly interface, especially if you're new to the cryptocurrency space. A smooth user experience reduces the likelihood of errors in transactions.4. Security FeaturesPrioritise wallets with robust security features, such as two-factor authentication (2FA) and biometric verification. Security is paramount in the cryptocurrency realm, and these additional layers of protection can safeguard your assets.5. Backup and Recovery OptionsExplore wallets that offer reliable backup and recovery options. Losing access to your wallet can result in the permanent loss of funds. A wallet with comprehensive backup features ensures you can regain access even if your device is lost or damaged.Types of Crypto WalletsThere are three main types of crypto wallets, each offering varying levels of security and convenience:1. Hardware Wallets: Hardware wallets are physical devices resembling USB drives that store your private keys offline. This offline storage makes them highly resistant to hacking attempts compared to online wallets.Ideal for: Large cryptocurrency holdings, long-term investments, and users seeking maximum security.2. Software Wallets: Software wallets are digital applications installed on your computer or smartphone. They offer user-friendly interfaces and easy access to your crypto assets for everyday transactions.Security Considerations: While convenient, software wallets are more susceptible to hacking compared to hardware wallets, as they are connected to the internet.Ideal for: Users who prioritise convenience and frequently trade or use their crypto assets.3. Paper Wallets: Cold Storage Option: Paper wallets are simply pieces of paper with your private keys printed on them, often in the form of QR codes. They offer the ultimate in offline security, making them virtually immune to hacking.Limited Functionality: Paper wallets offer limited functionality compared to other wallet types. They cannot be used for everyday transactions and require manual entry of keys for sending or receiving cryptocurrency.Ideal for: Long-term storage of large crypto holdings and users seeking offline security as a backup option.Private Keys and Public AddressesUnderstanding the difference between private keys and public addresses is crucial for securing your crypto assets:Private Keys: Your private key is a secret code, like a password, that grants you access to your crypto holdings. It should never be shared with anyone.Public Addresses: Your public address is like your bank account number for cryptocurrency. It can be shared publicly and is used to receive crypto payments.How to Secure Your Cryptocurrency Wallet1. Private Key ManagementTreat your private key with the utmost confidentiality. Your private key is the key to your funds; anyone with access to it can control your assets. Consider cold storage options for an extra layer of protection.2. Regular UpdatesKeep your wallet software up to date. Developers often release updates to patch vulnerabilities and enhance security. Regularly updating your wallet ensures you benefit from the latest security features.3. Use Hardware Wallets for Large HoldingsFor significant cryptocurrency holdings, consider using a hardware wallet. These physical devices provide an additional layer of security by keeping your private keys offline.4. Beware of Phishing AttacksExercise caution when clicking on links or providing information online. Phishing attacks are prevalent in the cryptocurrency space, and malicious actors may attempt to trick you into revealing your wallet details.5. Offline Storage of Backup PhrasesIf your wallet generates a backup phrase (also known as a seed phrase), store it offline in a secure location. This phrase is crucial for wallet recovery, and keeping it offline minimises the risk of unauthorised access.ConclusionThe decisions you make about your wallet will determine how safe your digital assets are in the ever-changing world of cryptocurrencies. You can confidently navigate the cryptocurrency landscape and safeguard your priceless investments by being aware of the different kinds of wallets that are available, taking into account your unique needs, and putting strong security measures in place. Make intelligent decisions, exercise caution when securing, and start your crypto adventure knowing that your digital assets are protected from the highs and lows of the virtual ocean. I hope your investments prosper and that your journey into cryptocurrency is as safe as it seems. #WalletSecurity #Cryptowallets

2 months ago
Cryptopolitan
Cryptopolitan
followers

In a recent turn of events, Charles Hoskinson, the founder of IOG and the Cardano blockchain, engaged in a light-hearted Twitter exchange regarding Arion Kurtaj, an 18-year-old hacker associated with the notorious group Lapsus$. This interaction comes after Kurtaj’s recent high-profile cyber-attacks on major technology companies. Teen hacker’s bold cyberattacks Arion Kurtaj, an Oxford-based teenager diagnosed with severe autism, has gained notoriety as a key member of the international hacker collective, Lapsus$. The group has inflicted significant cyber assaults on tech giants, leading to substantial financial damages. Kurtaj’s skills were particularly highlighted following his attacks on Nvidia and Rockstar Games, resulting in an estimated $10 million in losses for these companies. Despite his arrest and subsequent trial for the Nvidia breach, Kurtaj continued his cybercriminal activities. His most audacious hack involved infiltrating Rockstar Games’ security systems using only an Amazon Firestick and a smartphone. While confined in a Travelodge hotel under police protection, with his laptop seized, he managed to leak around 100 clips from the unreleased Grand Theft Auto 6, threatening to publish the game’s source code. Charles Hoskinson’s light-hearted X response The situation took a humorous turn when a Twitter user suggested Hoskinson recruit Kurtaj, referring to the teenager’s hacking abilities. Hoskinson, known for his contributions to blockchain technology and cryptocurrency, replied in a jesting tone, “We hiring this kid or what?” This exchange showcases Hoskinson’s ability to engage with current tech-related events humorously. Hoskinson recently addressed the growing threat of AI-powered scams in a related development. This statement followed an incident where an AI application created a deepfake video of Hoskinson, falsely announcing an ADA giveaway. The tech entrepreneur anticipates these scams becoming increasingly sophisticated in the coming years, highlighting the need for vigilance in the digital space. Hoskinson’s comments underscore the evolving landscape of cybersecurity and the emerging challenges posed by advanced technologies like artificial intelligence. As AI develops, its potential misuse in scams and other illicit activities becomes a significant concern for industry leaders and consumers. Kurtaj’s actions and subsequent legal repercussions have brought attention to cybersecurity challenges in the tech industry. His ability to breach high-security systems with minimal resources underscores the need for strengthened security measures across the digital domain. Moreover, his case raises questions about the legal system’s capacity to effectively manage and rehabilitate individuals involved in cybercrimes, particularly those with special needs like Kurtaj. The dialogue surrounding Kurtaj’s hacking exploits and Charles Hoskinson’s remarks offer valuable insights into the complexities of managing cyber threats in an increasingly digital world. It also highlights the need for a balanced approach in addressing cybersecurity issues, considering both technological advancements and the human element involved.

2 months ago
Cointelegraph
Cointelegraph
followers

The ‘Ledger hacker’ who siphoned away at least $484,000 from multiple Web3 apps on Dec. 14 did so by tricking Web3 users into making malicious token approvals, according to the team behind blockchain security platform Cyvers. According to public statements made by multiple parties involved, the hack occurred on the morning of Dec. 14. The attacker used a phishing exploit to compromise the computer of a former Ledger employee, gaining access to the employee’s node package manager javascript (NPMJS) account. We have identified and removed a malicious version of the Ledger Connect Kit. A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves. Your Ledger device and… — Ledger (@Ledger) December 14, 2023 Once they gained access, they uploaded a malicious update to Ledger Connect’s GitHub repo. Ledger Connect is a commonly used package for Web3 applications. Some Web3 apps upgraded to the new version, causing their apps to distribute the malicious code to users’ browsers. Web3 apps Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash were infected with the code. As a result, the attacker was able to siphon away at least $484,000 from users of these apps. Other apps may be affected as well, and experts have warned that the vulnerability may affect the entire Ethereum Virtual Machine (EVM) ecosystem. How it could have happened Speaking to Cointelegraph, Cyvers CEO Deddy Lavid, chief technology officer Meir Dolev, and blockchain analyst Hakal Unal shed further light on how the attack may have occurred. According to them, the attacker likely used malicious code to display confusing transaction data in the user’s wallet, leading the user to approve transactions they didn’t intend to. When developers create Web3 apps, they use open-source “connect kits'' to allow their apps to connect with users’ wallets, Dolev stated. These kits are stock pieces of code that can be installed in multiple apps, allowing them to handle the connection process without needing to spend time writing code. Ledger’s connect kit is one of the options available to handle this task. It sounds like today's security incident was the culmination of 3 separate failures at Ledger:1. Blindly loading code without pinning a specific version and checksum.2. Not enforcing "2 man rules" around code review and deployment.3. Not revoking former employee access. — Jameson Lopp (@lopp) December 14, 2023 When a developer first writes their app, they usually install a connect kit through Node Package Manager (NPM). After creating a build and uploading it to their site, their app will contain the connect kit as part of its code, which will then be downloaded into the user’s browser whenever the user visits the site. According to the Cyvers’ team, the malicious code inserted into the Ledger Connect Kit likely allowed the attacker to alter the transactions being pushed to the user’s wallet. For example, as part of the process of using an app, a user often needs to issue approvals to token contracts, allowing the app to spend tokens out of the user’s wallet. The malicious code may have caused the user’s wallet to display a token approval confirmation request but with the attacker’s address listed instead of the app’s address. Or, it may have caused a wallet confirmation to appear that would consist of difficult-to-interpret code, causing the user to confusedly push “confirm” without understanding what they were agreeing to. Example of a Web3 token approval. Source: Metamask. Blockchain data shows that the victims of the attack made very large token approvals to the malicious contract. For example, the attacker drained over $10,000 from the Ethereum address 0xAE49C1ad3cf1654C1B22a6Ee38dD5Bc4ae08fEF7 in one transaction. The log of this transaction shows that the user approved a very large amount of USDC to be spent by the malicious contract. Token approval by exploit victim. Source: Etherscan. This approval was likely performed by the user in error because of the malicious code, said the Cyvers team. They warned that avoiding this kind of attack is extremely difficult, as wallets do not always give users clear information about what they are agreeing to. One security practice that may help is to carefully evaluate each transaction confirmation message that pops up while using an app. However, this may not help if the transaction is displayed in code that is not easily readable or is confusing. Related: ConsenSys exec on MetaMask Snaps security: ‘Consent is king’ Cyvers claimed that their platform allows businesses to check contract addresses and determine if these addresses have been involved in security incidents. For example, the account that created the smart contracts used in this attack was detected by Cyvers as having been involved in 180 security incidents. Cyvers security platform. Source: Cyvers. While Web3 tools in the future could allow attacks like these to be detected and thwarted in advance, the industry still has “a long way to go” in solving this problem, the team told Cointelegraph.

3 months ago
CryptoMatrix
CryptoMatrix
followers

🚨13 YEARS AGO, BITCOIN CREATOR SATOSHI NAKAMOTO DISAPPEARED ✅December 12 is an enigmatic anniversary for Bitcoin! Indeed, on this day in 2010, Satoshi Nakamoto published his 364th and last message on the Bitcoin Forum. He then evaporated, leaving his formidable invention to evolve on its own. No one knows what has happened since to the most famous of anonymous people... 🚨SATOSHI’S LAST PUBLIC MESSAGE ✅Reading Satoshi Nakamoto's message, dated December 12, 2010, and published as usual on the Bitcoin Forum, nothing suggests that it will be the last. Satoshi just talks about the latest fixes made to the Bitcoin source code, following a bug. He also mentions the need to protect the Bitcoin network from DoS (denial of service) attacks. 🚨This concise post specifies and comments on changes to its software. It can be translated as follows: ✅“There is more work to be done on denial of service attacks, but I am doing a quick update to what I have in mind at the moment, in case it is necessary, before venturing into more complex ideas. The version for this is 0.3.19. ✅Added some DoS checks: as Gavin (Editor's note: Andresen) and I said previously, the software is not at all resistant to denial of service attacks. It's an improvement, but there are still more possible attacks than I can count. ✅Removed “safe mode” alerts: “Safe mode” alerts were a temporary measure after the overflow bug in version 0.3.9. We can say all we want that users can simply launch the software with the “-disablesafemode” command, but it's better not to have it for the sake of appearances. This was never intended as a long-term feature. It is still possible to activate safe mode by observing an invalid but longer blockchain chain (presenting more proof of work). » ✅This is therefore a technical message, and only two people responded to it, asking for more details and giving their opinion on this famous “safe mode”. #SATS #BinanceTournament #BTC #SatoshiNakamoto #cz

3 months ago
DE
DeFi Education
CoinDesk
CoinDesk
followers

A French court recently determined that Code Is Law. Essentially. And the decision — somewhat ironically for an industry that usually accepts that exploits happen (and may even be a necessary step towards advancing protocol security) — has put DeFi in a bind. This is an excerpt from The Node newsletter, a daily roundup of the most pivotal crypto news on CoinDesk and beyond. You can subscribe to get the full newsletter here. In February, the Avalanche-based automated market maker Platypus Finance was breached, with the thieves making away with $8.5 million. As is now routine, the attackers were quickly identified and the stolen funds traced down. What happened next is somewhat atypical, with the ultimate results possibly setting a troublesome precedent: Platypus’ operators and community decided to pursue legal action against brothers Mohammed and Benamar M. (last name redacted in court documents). While not the first time blockchain thieves have been brought to court, the situation is something of an enigma considering that crypto, at least as initially conceived, is designed to operate outside the bounds of the law. The Bitcoin blockchain doesn’t need a money transmitter license to function, it just needs to exist. Likewise, since the earliest days of the crypto industry, the goal has usually been to design systems that work for all — open, global, censor-resistant platforms do what they do whether used by a crook or a saint. See also: Calling a Hack an Exploit Minimizes Human Error | The Node Key to this egalitarian standard has been the idea that the code is the code, and that is what matters most. Judges, regulators and politicians may try to set parameters around what types of financial services can be accessed and by whom, but in crypto, such restrictions cannot apply (except to the extent that centralized companies, like Coinbase, must implement KYC/AML procedures). There is some debate whether Mohammed was being sincere when he argued in court that he was a “white hat” hacker, only looking to keep 10% of the proceeds for discovering a vulnerability in the code. He claimed he was an "ethical hacker" who took the "endangered funds" so the protocol would learn a lesson and plug its hole. Likewise, there is an argument to be had whether Platypus acted rightly in seeking justice through the legal system. The victims certainly had a legal right to press charges, as any victim of a theft would. But if the system executes, it executes. And if the code is the law, then all users have to live with the fact that the code contained a vulnerability that was exploited. Curiously, the French judge overseeing the case seemed to take that same view when dismissing the charges against the brothers. According to a Le Monde article, he compared the financial exploit of Platypus, which seemingly had an infinite money bug (accessible through a DeFi-native “flash loan”), to exploiting a vending machine to get extra bags of chips. Many in DeFi are calling for Platypus to appeal the controversial decision by taking the matter to a higher court. Code may be code, but a theft is a theft, they argue, and restitution is justified. This seems to be a piece with the growing sense of maturity across the industry. A decade ago, it may have been OK to say crypto could self-regulate, that bad actors would be dealt with through the free market and that code reigns supreme. “Stealing is bad," Rainbow's Mike Demarais said. Today, after countless DeFi hacks, the proliferation of crypto scams and the implosion of exchange like Mt. Gox, it seems downright irresponsible and naive to say the code is the code and that is that. Personally, I think crypto’s change of heart is for the better: If the industry is to grow, it needs to integrate with the world, and that means integrating with the law. At the same time, I recognize that what makes crypto powerful is that these self–executing platforms are extra-judicial. Bitcoin wouldn’t be Bitcoin if it started sanctioning or KYCing users, for instance. The tech itself, as the code is written, is opinionated. Crypto has a bias towards anti-authoritarianism and equality before the code. But crypto isn’t a monolith, and this is a complicated topic that is foundational to nearly everything that has been built in blockchain so far. CoinDesk reached out to a number of protocol founders and industry expert lawyers to get their take. See also: This Is How Scammers Can Drain Your Crypto Wallet Neeraj Agrawal, head of communications at Coin Center: “We've [Coin Center] always taken the view that cryptocurrency use is regulated by applicable laws” Scott Lewis, creator of DeFiPulse, Slingshot and the Canto Network: “I might be misunderstanding, the exploiting a vending machine is stealing though, right? Is that an example in favor of the code is not law side? Isn’t that the canonical ‘code is not law’ example? Using an error in someone’s code to take people’s money is not OK, and it shouldn’t be legal. Laws and rules around smart contract hacks are unclear and should be clarified, but making them all legal is not the answer" Austen Campbell, Columbia Business School professor and former BUSD portfolio manager at Paxos: “If crypto wants to go mainstream, it needs an environment where regular people can transact with confidence and know the rules of the system, not be at the mercy of exploits and hackers. It can’t be the case that everyone has to be a crypto expert.” David Hoffman, co-founder of Bankless: "Code is Law is a thought experiment, not a prescription." Christine Kim, Galaxy Digital vice president of research: "The idea that ‘code is law’ or that the rules enforced and not enforced by a smart contract have the final say over who owns the assets on a blockchain is untrue because in most cases, especially DeFi hacks, protocol teams like the Kyber development team will rely on law enforcement for the retrieval of user funds. When code fails, which happens with some frequency with DeFi protocols, the law is the law." Gwart, gwart of gwart: “Code being law is increasingly difficult with the complexity of the system. It’s probably naive to say “code is law” in an absolutist way. My more interesting take perhaps is that these types of decisions, and maybe other decisions that lean on law being law, really make us as a crypto community think about the value of these systems if they are ultimately enforced by the state. I’m not sure what the “correct” equilibrium is here but I do sometimes wonder how valuable these tools can be if contracts are ultimately reliant upon common law or state law or whatever to work out these situations.” Jon Rice, former editor in chief of Blockworks, Cointelegraph, Crypto Briefing: “The concept of decentralization is about increased participation in our financial system, not about anarchy. 'Code is Law' is a tenet of DeFi that essentially absolves the deployer of responsibility, and passes it instead to the user. This isn't a recipe for greater participation, it's just another obstacle for the average user - and thus another hurdle for our industry in attracting both capital and users. “It's encouraging to see courts begin to look more closely at guardrails for DeFi, but only if those decisions place the burden of responsibility on those who should know best: The people creating and deploying the code.” Conor Ryder, head of research at Ethena Labs: “On one side I agree that we are lobbying for code to replace the need for trust, interpretations of law etc. Code is law does fit that narrative but I do think it’s too extremist. “It’s a very dangerous precedent to set and at the end of the day it’s still an attack on a security vulnerability — if a Web2 company had a similar vulnerability that was taken advantage of, you can be sure that there would be legal action taken. Encouraging these types of attacks is definitely met with negativity for a still relatively immature space and if he really was an ‘ethical hacker’ there were likely more subtle ways he could have raised the issue and still been compensated.” Cami Russo, co-founder of The Defiant: "I interpret code is law as whatever the outcome is to code that is executed by smart contracts, cannot be interfered with and should be upheld both via social consensus around blockchains and also in actual courts. I think there is more nuance to the concept. "I believe intent matters of both the developer of the code and the user of the code. The purpose of the protocol or dapp and the intention of the user of that dapp should be taken into account. If a user of a protocol is achieving a certain outcome by interacting with the code in a way the developers did not intend, then that should weigh into whether that outcome should be changed or reverted, especially if other users are hurt. "A simplified way of seeing this is, a lock’s intended purpose is to prevent access from say a safe. Someone might know how to pick that lock and access funds inside the safe. They found a “vulnerability” in that lock, but they’re not using it as it was intended and they have produced an outcome that was not desired by the manufacturers of the lock or those keeping money on the safe. In this case, external parties should interfere with the outcome. The same is true for smart contracts." Nelson Rosario, founder of Rosario Tech Law and professor of law at Chicago-Kent College of Law: “There will always be a space for Code is Law interpretations of on-chain activity, but whether that is good or not will likely be a case-by-case determination.” Maria Bustillos, Brick House co-founder: “In general I think it's not a bad idea to refer to the [Bitcoin] white paper; this tech was developed specifically to address significant weaknesses in legacy financial systems.” Michelle Lai, Electric Coin Company board member and senior counsel at Anchorage and Synthetix: “The code is law camp is slowly being coerced into compliance, for the sake of their freedom. I'm not saying i agree fully with code is law, nor with full compliance, but the Overton window shifted towards compliance for many projects that might have been more pro-privacy, due to the heavy handedness and cowboy behavior of some regulators.” Eva Beylin, of the Graph Foundation: "Code is law is not as binary as we're making it seem. Code can be law and also there are other laws that we abide by. In the case of the French decision it's quite frustrating that a precedent is being set that code is law = no other laws apply. For example, if someone enters the right code to break into your house, isn't it still called robbery/breaking and entering? Just because they followed the code (aka entered the pin), doesn't mean the act itself surrounding it was legal. "Same thing with sim swaps and hacking. Just because someone got access to your sim or account because they happened to know your password/pin doesn't mean that it's not illegal (e.g. doesn't mean that it's legal)." Jared Grey, Sushi CEO: “Code is the law until it's exploited in the face of criminality, when the general rule of law supersedes. Tl;dr: I don't think you can excuse criminality through the use of technology. What is criminal is a wider discussion.” Stephen Palley, litigation partner and co-chair of Brown Rudnick's Digital Commerce group: “The catchphrase "Code is Law" comes from a book written by law professor Larry Lessig. His more nuanced discussion of this concept has become shorthand by people working on crypto projects to mean something like ‘anyone who interacts with a blockchain protocol should be bound by anything that results from that interaction -- the code, well or poorly written, determines and is the final boss of outcomes.’ Under this sort of rubric, thus, there are no mistakes and the concept of a hack or exploit isn't recognized. Whether or not U.S. courts will follow the French court's reasoning remains to be seen. You can get pretty far with terms-of-service or a user agreement, that will bind a user to consequences and to accept all results, whether expected or unexpected. It's less certain that a U.S. court will agree to consequences that involve conduct that appears fraudulent or illegal, as the general rule is that you can't consent to a crime. Now, there's a ton of nuance here that I can't unpack in a simple quote but I think we can expect some US Courts in some circumstances to bind users to the results of irreversible code, as long as the consequences of software errors are knowingly and voluntarily waived.” General counsel for Alliance, Mike Wawszczak: “Let's be clear about what "code is law" might mean to people like lawyers and judges. It cannot mean "code trumps law" or "code is on equal footing as law." Instead, it means something like "the law defers to the outputs of code in its normal functioning, whether that code is well-written or not, whether the function was intended by the developer or not, whether other users of the code are affected in some way or not." It's a deference, not a trump card. “The judge in Platypus appears to be saying that there is no reason to overrule the deference here, but that does not mean another judge lacks that power. See also: With Hacks at a Record High, Crypto Needs to Find Ways to Keep Users Safe James McGirk, content lead at Spectral: "It's a shame we're moving away from our original principles," McGirk says, "But it's a sign of maturity. Industry is starting to realize there's more to blockchain than digital rat poison." Jake Brukhman, founder of CoinFund: “In general, I would say that code is law refers to transactional hardness and often lower counterparty risks associated with blockchains. This is a key and central innovation, but I also think it can work in tandem with traditional law. Blockchain primitives are tools in a toolbox. I think the comparison to a vending machine is meaningful, I’m just not sure what conclusion about code-is-law to take from it.” Paul Dylan-Ennis, professor at the University of Dublin and CoinDesk columnist: “The Platypus case brings us into direct contact with a contradiction in DeFi. On one hand, we want hackers to be punished. On the other, we are supposed to be building decentralized protocols that take the state out of the mix. Until we get clear on what Code is Law really means we’ll be confused by decisions from the traditional legal system. The way I see it, this case is another example of how we tend to have these concepts, but they are more like memes than well thought of principles. and we let the contradictions hang around w/o trying to solve them. I agree that the principle is worth keeping, though I'd veer to the side that says the problem is actually that the code is obviously not up to scratch to actually be our law.” Lex Sokolin, partner at Generative Ventures and CoinDesk columnist: “We want to be in a place not just where code is law, but where law is code, and where arbitration and conflict resolution can happen through digital means. Until software can really deal with the many complexities of human behavior — perhaps through LLMs [AI software] — deterministic and narrow software implementations like smart contracts aren’t sufficient to resolve morally complex issues. That’s the precedent set by “the DAO” and it has served Web3 well. Further, law most often is the collective human wisdom codified through exceptions and errors. It is not recorded in a modern way, but it comes from timeless experience. Crypto needs a balance between anarchist caveat emptor and some semblance of communal rejection of immoral actions.” Krystal Scott, artist: “I do agree code is law is kind of the whole reason for everything in the first place. If everyone just started going to court we’re going to eventually just end up back in the exact bureaucratic structure crypto was invented to escape . But it is quite comical that the court just acquitted, perhaps the bureaucracy is also growing and adjusting with the space. Likely it’s all just coming together tbh crypto is becoming less of an outsider thing." Odysseas.eth, of Phylax: I think that code is law is a silly idea because we give value to Ethereum. Ethereum has value and Ethereum's classic doesn't because we, unanimously, agreed that we want to do the fork to roll back the DAO hack. So, it's always the social layer that ends up giving value to things. Thus, it makes sense that if someone makes the code behave in a way that the original designer didn't want, then it's ok to pursue legal means. If someone breaks into my house, they make the door or window behave in a manner that was not intended (e.g. break when locked). that doesn't mean that as a society we accept that and say force is law. “In effect, the community that participates in the network (namely the miners and the users that generate the fees) are the sovereign entities, not the network itself. Because the sovereign is the person that decides the exception. That watches the watchmen sort of speak. It's sovereign value because we, as a community, can decide when something is not ok and do something about it. Fiat is not because it's not the community that decides, but a small clique of people with questionable incentives. Miguel Morel, CEO of Arkham Research: “In the online world of decentralized finance it makes sense that code is law, one expects smart contracts to follow whats been written in the code without exception. However, humans who are the ones using these smart contracts exist in the physical world of jurisdictions and stately governance — this supersedes anything written in code, and therefore I’d expect it to take precedence over anything we believe in crypto.” L0la L33tz, author: “Humans have been trying to regulate our way of life for centuries, but math will always route around our systems. Code is the only law that is always enforceable. This basically means: Even if this case was decided differently, then the next person that writes [bad] code comes along, which will also be exploited, and there's really nothing that can stop them, and you can try to ‘enforce’ your law, but maybe they're smarter and won't get caught (i.e. escape the law). Scott Fitsimones, creator of AirGarage: “If you leave the front door and get robbed, it’s still a crime. Similarly, courts should uphold the intent of smart contract even if there was a programming error that led to an exploit. It’s a win for the whole ecosystem when there is justice and consequences for bad actors. The Platypus case sets a dangerous precedent that the legal system doesn’t apply to smart contracts. The French court is saying cops aren’t coming because the front door was left ajar.” Mike Demarais, co-founder of Rainbow wallet: “Stealing is bad”

3 months ago
Bitcoinworld
Bitcoinworld
followers

NFT Trader has suffered a hack on “old smart contracts,” letting at least one hacker make off with high-value NFTs worth millions of dollars, including several Bored Ape Yacht Club and Mutant Ape Yacht Club NFTs.  NFT Trader has warned users to revoke access to two compromised smart contracts as the main hacker demands ransom payments for the stolen NFTs.  High-value NFTs worth millions of dollars, including rare Bored Ape and Mutant Ape Yacht Club tokens, World of Women NFTs, VeeFriends, Art Blocks, have been stolen in a major hack of peer-to-peer trading platform NFT Trader earlier today.  We've suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:-0xc310e760778ecbca4c65b6c559874757a4c4ece0-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af — NFT Trader (@NftTrader) December 16, 2023 NFT Trader confirmed in an X post that “old smart contracts” had been attacked and urged users to revoke any permissions they had given the smart contracts in the past.  There was a malicious code execution from a third party to our two older smart contracts. However, we've implemented all necessary measures to prevent any such incidents in the future. — NFT Trader (@NftTrader) December 16, 2023 An X user foobar has claimed the attacks have finished after NFT Trader updated its smart contracts to fix a reetrancy vulnerability.  All exploits have now stopped pic.twitter.com/bS2YUl0l7i — foobar (@0xfoobar) December 16, 2023 The apparent main attacker posted a public message to the blockchain, pinning the invention of the NFT exploit on another user and claiming the attack was to “pick up residual garbage.”  The attacker offered to return tokens to victims after being paid a ransom of 3 eth per Bored Ape and 0.6 eth per Mutant Ape.  The attacker has also made a series of confusing moves, refunding one Bored Ape along with 31 eth to one user and returning certain staked Bored Apes to their owners, while keeping the ApeCoin rewards.  NFT Trader exploiter also pulled $165,000 worth of $APE from staked BAYC/MAYC that they drained Looks like they're sending back the apes that were staked and keeping the $APE as the bounty pic.twitter.com/HzA51xeFLB — Cirrus (@CirrusNFT) December 16, 2023 Aside from the main hacker, there have been reports of auxiliary hacks that have drained tokens such as Cool Cats and Squiggles from users’ wallets. Other wallets appear to be stealing assets as well. This one took a CoolCat and a Squiggle. Using what appear to be similar methods. pic.twitter.com/ctfKtX9zhp — NFTstats.eth (@punk9059) December 16, 2023 After the hack, the hacker said,  “I’m a good person, the value of these NFTs is enough for a person to live a free life, but I don’t care about that… My technical skills are limited, I can’t get all the affected NFTs at once, and it’s costing me a lot of energy and time, so.. If you want [your NFTs] back, then you need to pay me a bounty, which is what I deserve.” NFTs Trading Volume Soar In the backdrop of this security breach, the NFT market experienced a surge in activity. Sales soared by 52.81% over the past week, amassing $503.35 million. NFTs on the Bitcoin network emerged as a dominant force, raking in $276.79 million and eclipsing Ethereum’s $99.67 million. “The burgeoning interest and investment in NFTs could be partly attributed to the general sentiment of a bull market in the crypto sphere. Typically, in such market conditions, capital tends to flow towards NFTs,” DappRadar said in a recent report. The week’s most notable sales included Ethereum’s Fidenza #985, fetching $277K, and a Bitcoin-based NFT of a Van Gogh painting, which sold for $263K. The post NFT Trader Hacked, Hacker Stole NFTs Worth Millions Of Dollars appeared first on BitcoinWorld.

2 months ago
Cryptopolitan
Cryptopolitan
followers

The period between 2020 and 2021 was certainly marked by the speculative bubble on Bitcoin, the world’s first and most popular digital currency. The price rose above $60,000 on March 13, 2021, then collapsed abruptly. Even today, we are still witnessing a downward phase that has affected not only Bitcoin but all cryptocurrencies. Bitcoin has become extremely popular and a relatively common topic of discussion. In this article, we will explain the success (at least in terms of popularity) of Bitcoin and everything you need to know about it. Bitcoin: what are they? Bitcoin was launched in 2009 and is considered the first cryptocurrency ever conceived. Originally, Bitcoin was created to eliminate traditional intermediaries and conduct financial transactions without banks and governments. Today, it is used to pay online on many platforms, and it has enormous scope in other ways, some of which we are only just beginning to explore, like its role in video games and casino games. Did you know that you can use it when you’re gaming online with others, or even join crypto casino games that integrate it into their systems? Before you can start using crypto in a casino game, though, you need to know how it works and what its advantages are. The first one is control; we all know that banks organize and control the euro and other currencies with which you pay online. In contrast, cryptocurrencies are not controlled by anyone, and to be a secure method, there are a series of connected computers in which their movements are replicated.  How does Bitcoin work? Bitcoin transactions are based on a computerized accounting system that works between people (P2P) without intermediaries to validate the transactions. The network in which these operations are carried out is protected with cryptography. In addition, the record is distributed simultaneously to all connected computers. This makes the system extremely difficult to breach and much more stable and resistant to computer attacks, forgery and embezzlement. ‍For users, however, operating in Bitcoin is as simple as sending an email: there is a sending address, a receiving address and an amount in bitcoins going back and forth. Both the sender and the receiver of bitcoins operate privately and remain anonymous to the rest of the network. ‍Bitcoins, blockchain, and miners ‍Unlike traditional money, bitcoins are not printed but generated through mining. This is the name given to the use of special computers dedicated to processing the calculations necessary to validate transactions. For each transfer, the system takes note of a series of data in code: amounts and Bitcoin addresses of the sender and the receiver. As this is not required, no private information is collected, nor is information about the devices from which the transactions are made. In exchange for their efforts, the network generates a value in BTC that is credited as payment to the miners. This is called proof of work and is the only way to create bitcoins. Where to invest in bitcoin? If you are starting out now and simply want to execute Bitcoin trades, then you could use trading platforms, usually provided by brokers themselves. Here the investor to trade uses what are called Contracts for Difference, derivative products concerning the cryptocurrency. Are Bitcoin secure? As of today, as a payment method, Bitcoin is secure and private, although they are not yet accepted on most major platforms.  If you want to use them to get rich by buying them cheap and selling them expensive, then no, it is not a safe financial asset. It is not advisable to play the buying and selling game if you do not fully understand how this game works, as their value can plummet without warning at any time, and you can lose almost all your money, or you may have to wait months or years for the selling value to be the same as the buying value. Investing in bitcoin: advantages and disadvantages Bitcoin is designed in such a way that its quantity is limited in time, in fact bitcoins will be mined until the maximum cap of 21 million is reached. The scarcity of the currency according to some analysts ensures that its value in the long run tends to rise. It is hard to believe this in bearish market phases such as we are currently experiencing, but there is no question that it is an asset that has a limited quantity and this is a factor to keep in mind. Another advantage is the fact that Bitcoin is not tied to monetary policy choices, but travels on a parallel and autonomous track from the world of finance governed by central banks. Among the disadvantages we must again mention its volatility and instability, which makes investment difficult for those who are not familiar with this market. In addition, making a mistake during a transaction can cause one to lose capital in full, so care should be taken to type the wallet address correctly, because transactions are irreversible. Not all countries view cryptocurrencies and Bitcoins favorably; in fact, some nations have banned them. This is the case in China, Egypt and Tunisia, for example, but in other states (e.g., the Middle East) the ban is implicit, but such that would-be investors are put off.

3 months ago
CryptoNews
CryptoNews
followers

Play-to-earn (P2E) games give players the chance to earn tokens through in-game achievements. Learn how to make money playing crypto games. Crypto projects in gaming are different because they provide the chance to potentially earn money through various advantages like having complete control over your assets, clear conditions, and safeguards against cyber attacks. This has attracted the attention of traders and an increasing number of regular people who are starting to take an interest in crypto video games, especially when there’s an opportunity to earn. Pros and cons of cryptocurrency games Similar to any other form of digital entertainment, non-fungible token (NFT) leisure comes with its own advantages and drawbacks. Some of the positives include: Decentralization. Smart contracts in crypto-based games contribute to decentralization, giving players more control and generating greater interest. Transparency. Utilizing smart contracts reduces the risk of fraud. Variety. There’s a diverse range of genres available in the crypto gaming industry, including arcades, racing, strategy, etc., catering to diverse preferences. Earning opportunities. Players can convert in-game assets into fiat or cryptocurrency, enabling them to earn money even without initial investments.However, there are also some downsides to consider: No guaranteed profits. Cryptocurrencies are known for their high volatility, offering the potential for significant gains but also the risk of substantial losses. It’s crucial to evaluate risks before investing. Difficulty in cashing out. Due to varying liquidity, some digital currencies might not be supported by popular exchanges, potentially leading to withdrawal complications. For traders new to blockchain games, navigating the vast array of choices can be overwhelming. Below, we provide a detailed analysis of the top six crypto games to make money. These NFT games are compatible with both phones and computers. You might also like: Most expensive NFTs: Highest selling digital gems Most popular games to earn crypto Meme Kombat The Meme Kombat platform emerged in September as a notable addition to the market, drawing attention due to its integrated features. Its popularity stems from the unique ability for users to engage in thrilling virtual battles while also earning cryptocurrency. Notably, the platform’s presale has been impressive, garnering investments exceeding $63,000 in a relatively short time since its launch. Your $MK is worth more!Yes. You read that correctly. You can buy $MK now for $0.235🤩 pic.twitter.com/DAKBpbMqUB — Meme Kombat (@Meme_Kombat) December 7, 2023 The crypto gaming platform operates through two main mechanisms: staking and betting. Through staking, users can deposit their cryptocurrency holdings and earn interest, even during the asset’s presale phase, providing a means to generate long-term income. In the betting aspect, users can place bets on the outcomes of virtual battles against others or the computer. This project boasts transparent tokenomics, with all 12 million coins issued made available to regular investors. Fifty percent of the assets are allocated to presale, 30% are earned as rewards for staking and betting, and the remaining 20% is evenly divided between decentralized exchanges and community rewards. You might also like: Meme Kombat launches public token presale, staking platform Wall Street Memes Every project begins with an idea—a striking image, video, or an impactful event. Inspired by the WallStreetBets group’s challenge to hedge fund Melvin Capital in 2021, which led to increased GameStop shares, Wall Street Memes conceived the WSM token.WSM’s meme coin aims to offer a different perspective on the market, stemming from that significant event. Transparency and honesty during presales are the company’s main focus. The project’s tokenomics supports this ethos. All 2 billion coins issued by WSM are available for purchase. Half of these tokens are presently accessible during the presale, while the remaining assets will be allocated for listings (20%) and rewarding participants (30%). Additionally, Wall Street Memes organized an Airdrop where five individuals among the participants stand a chance to receive $50,000 worth of meme coins. 🚀 50K $WSM AIRDROP ALERT 🚀Buy Now ➡️https://t.co/7wNmO5yIO5Enter Now ➡️https://t.co/ykaumLsjJ4 pic.twitter.com/ENuHb9mMlQ — Wall Street Memes (@wallstmemes) September 28, 2023 You might also like: Wall Street Memes and Chancer presales launched, analysts weigh in Alien Worlds Alien Worlds is a decentralized universe that simulates economic interactions and rivalries among players. The core concept involves sharing specialized knowledge with Earth’s inhabitants. This knowledge allows players to explore diverse planets and engage in mineral mining. The gameplay revolves around competing for Trillium (TLM) required to govern independent planetary organizations known as planets DAOs. Players also unlock additional game features. Within the Alien Worlds platform, players can acquire NFTs for mining TLM, participating in battles, and accomplishing in-game missions. Users can strategize by buying, holding, or spending NFT objects based on their chosen approach. The game universe comprises distinct planets, each governed by its decentralized organization. Planetary plots and individualized NFTs possess unique characteristics like cryptocurrency amounts and mining speeds. Players can utilize these plots in various ways, while in-game tokens are instrumental in acquiring game items and completing tasks. Axie Infinity Currently, the Axie Infinity project boasts one of the largest fan bases and is the most played game. Interestingly, the majority of its fans are located in Asian countries. The objective of the game is to breed NFT animals called Axie. Each Axie possesses its unique genetic code, making them unique. Interestingly, when bred, certain traits—both positive and negative—are inherited by their offspring. These resulting creatures can be directly traded on the in-game market. The more distinct the features an Axie holds, the rarer and more valuable it is considered. Source: DApp Radar To begin playing, players need to purchase a minimum of three Axies. These creatures are used for breeding, player-versus-player battles, completing in-game tasks, and embarking on adventures. Impressively, this option is part of the NFT games available for Android users. Players manage a virtual farm as their “home base,” where they can breed and upgrade their Axies. By enhancing the combat capabilities of their pets, players can breed more impressive offspring, increasing their value for potential sale. You might also like: Axie Infinity unveils NFT monetization solution, official merchandise Gods Unchained The main objective involves collecting cards, which players can obtain by winning battles or purchasing them from other players. In tournaments, players aim to diminish their opponent’s life points to zero for victory. Winning battles earns experience points, which contribute to leveling up. Progressing to higher levels rewards players with new cards to add to their collection. These individual cards can be traded within the game’s internal marketplace, where GODS, the game’s native tokens, are used for transactions. The competition’s ultimate goal is to secure as many victories as possible and gather the entire collection of cards. 🔮PRIMED FOR WAR🔮Gods Unchained is now available on the Amazon Prime Gaming platform!GU players who link their Prime accounts will gain monthly access to exclusive in-game items.New or veteran, it's your time to shine!🃏Boost your deck with 5 Core Rare Packs & 1 Core… pic.twitter.com/paPffo1H1m — Gods Unchained (@GodsUnchained) December 5, 2023 Let’s compare this project to traditional card games. NFTs serve as a safeguard against changes that developers might make, commonly known as nerfs. Utilizing the Ethereum blockchain prevents the devaluation of card parameters. Upon registration, new players receive access to the starter deck, granting them the chance to engage in tournaments right away. It’s important to note that each player is provided with a different set. As players gain experience, they can also acquire virtual collectible items. You might also like: Web3 game Gods Unchained expands to Epic Games Store Sorare Sorare is a football-themed gaming project built on the Ethereum blockchain. Players create unique teams and collectible cards that can be traded among users. All transactions are recorded on the blockchain. In-game rewards are earned based on progress, victories, and completing quests. With over 600,000 registered users, Sorare stands out as one of the most popular NFT games. Time to celebrate with @LaLiga! 🫲🫱Ice cold, iconic, memorable, collect your favorite Celebration Edition cards from December 7 till December 12. Don’t miss the chance to enhance your collection and bring your fantasy football legacy to life. 👉 https://t.co/R716jR1uh6 pic.twitter.com/RwnSm48Rih — Sorare (@Sorare) December 7, 2023 Earning rewards isn’t solely based on scoring goals; the game also encourages referrals. Players receive extra rewards not just for bringing in new users but also for their active participation. Newcomers receive a set of cards, but these cards are notably weaker. Relying solely on these cards for significant game progress is nearly impossible. Consequently, the game subtly encourages users to invest in more powerful cards. Conclusion It’s crucial not only to focus on earning money but also to enjoy the gameplay itself. Games that offer monetary opportunities present various tasks and quests. Completing these tasks may help increase profits. Read more: How to play Axie Infinity: a beginner’s guide FAQs What is a play-to-earn game? Play-to-earn is a gaming concept in which players are rewarded as they play and progress in the game. Game rewards can be exchanged for in-game stores or real cryptocurrency exchanges. Are crypto games legal? Yes. There are numerous crypto games available online that offer opportunities to win or earn money. When selecting a crypto game, it’s important to check the legitimacy and reputation of the provider to ensure the game is trustworthy. Can I earn crypto by playing games? Yes, but the amount can vary, and the process might not necessarily result in substantial earnings. In blockchain-based crypto games, users can earn rewards by engaging with the game. These rewards, often tokens, are obtained by completing tasks and spending time in the game. What is the best NFT game? Defining the best NFT game is subjective, as preferences differ among players. Axie Infinity is one of the most popular NFT games, boasting millions of active players. This play-to-earn game allows players to earn AXS tokens while playing, which can then be utilized in the platform’s governance.

3 months ago
CryptoNewsFarm
CryptoNewsFarm
followers

Cryptocurrencies have gained significant popularity in recent years, with more and more people investing in digital assets. As the value of cryptocurrencies continues to rise, it becomes crucial to prioritize the security of your crypto wallet. In this article, we will discuss some essential tips to help you enhance the security of your crypto wallet and protect your digital assets from potential threats. 1. Choose a Reliable Wallet The first step in ensuring the security of your crypto wallet is to choose a reliable wallet provider. There are various types of wallets available, including hardware wallets, software wallets, and online wallets. Each type has its pros and cons, so it’s important to do thorough research and select a wallet that aligns with your needs and preferences. Look for wallets that have a strong reputation, positive user reviews, and robust security features. 2. Enable Two-Factor Authentication Two-factor authentication (2FA) adds an extra layer of security to your crypto wallet. By enabling 2FA, you will be required to provide a second form of verification, such as a unique code sent to your mobile device, in addition to your password. This makes it significantly harder for hackers to gain unauthorized access to your wallet. Most reputable wallet providers offer 2FA as an option, so be sure to enable this feature to enhance the security of your crypto wallet. 3. Keep Your Wallet Software Updated Regularly updating your wallet software is essential for maintaining the security of your crypto wallet. Wallet providers often release updates that include security patches and bug fixes. By keeping your wallet software up to date, you ensure that you are benefiting from the latest security enhancements and protecting your wallet from potential vulnerabilities. 4. Use Strong and Unique Passwords Creating a strong and unique password is crucial for safeguarding your crypto wallet. Avoid using common passwords or easily guessable combinations. Instead, opt for a password that consists of a mix of uppercase and lowercase letters, numbers, and special characters. Additionally, it is recommended to use a different password for your crypto wallet than for any other online accounts you may have. This way, even if one of your accounts is compromised, your crypto wallet remains secure. 5. Backup Your Wallet Backing up your crypto wallet is vital in case of any unforeseen circumstances, such as a hardware failure or loss of your device. Most wallet providers offer a backup option that allows you to securely store a copy of your wallet’s private keys or recovery phrase. It is recommended to keep multiple copies of your backup in different secure locations, such as encrypted external hard drives or offline storage devices. This way, even if one backup is lost or damaged, you can still recover your wallet and access your funds. 6. Be Cautious of Phishing Attempts Phishing attempts are a common tactic used by hackers to trick users into revealing their sensitive information. Always be cautious of suspicious emails, messages, or websites that ask for your wallet credentials or personal details. Legitimate wallet providers will never ask for your password or recovery phrase through email or other insecure channels. To stay safe, only access your wallet through official websites or trusted applications, and double-check the website’s URL before entering any sensitive information. 7. Use Cold Storage for Long-Term Holdings If you have a significant amount of cryptocurrency that you plan to hold for the long term, consider using cold storage options such as hardware wallets or paper wallets. Cold storage keeps your private keys offline, making it virtually impossible for hackers to access your funds remotely. By storing your crypto assets offline, you significantly reduce the risk of being a target for online attacks. Conclusion Ensuring the security of your crypto wallet is of utmost importance in the world of cryptocurrencies. By following these essential tips, you can significantly enhance the security of your wallet and protect your digital assets from potential threats. Remember to choose a reliable wallet, enable two-factor authentication, keep your software updated, use strong and unique passwords, backup your wallet, stay cautious of phishing attempts, and consider using cold storage for long-term holdings. By implementing these security measures, you can have peace of mind and enjoy the benefits of owning cryptocurrencies.

3 months ago

Loading...