CommunitySubmission-Author:WhoTookMyCrypto.com
2017wasaremarkableyearforthecryptocurrencyindustryastheirrapidincreaseinvaluationspropelledthemintomainstreammedia.Unsurprisingly,thisgarneredthemimmenseinterestfromboththegeneralpublicaswellascybercriminals.Therelativeanonymityofferedbycryptocurrencieshasmadethemafavouriteamongstcriminalswhooftenusethemtobypasstraditionalbankingsystemsandavoidfinancialsurveillancefromregulators.
Giventhatpeoplearespendingmoretimeontheirsmartphonesthandesktops,itisthusnotsurprisingthatcybercriminalshavealsoturnedtheirattentiontothem.Thefollowingdiscussionhighlightshowscammershavebeentargetingcryptocurrencyusersthroughtheirmobiledevices,alongwithafewstepsthatuserscantaketoprotectthemselves.
Fakecryptocurrencyapps
Fakecryptocurrencyexchangeapps
Themostwell-knownexampleofafakecryptocurrencyexchangeappisprobablytheoneofPoloniex.PriortothelaunchoftheirofficialmobiletradingappinJuly2018,GooglePlaywasalreadylistingseveralfakePoloniexexchangeapps,whichwereintentionallydesignedtobefunctional.ManyusersthatdownloadedthosefraudulentappshadtheirPoloniexlogincredentialscompromised,andtheircryptocurrencieswerestolen.SomeappsevenwentastepfurtherrequestingthelogincredentialsofusersGmailaccounts.Itisimportanttohighlightthatonlyaccountswithouttwo-factorauthentication(2FA)werecompromised.
COMP突破810美元關口 日內漲幅為1.4%:歐易OKEx數據顯示,COMP短線上漲,突破810美元關口,現報810.24美元,日內漲幅達到1.4%,行情波動較大,請做好風險控制。[2021/5/11 21:48:19]
Thefollowingstepscanhelpprotectyouagainstsuchscams.
Checktheexchange’sofficialwebsitetoverifyiftheyindeedofferamobiletradingapp.Ifso,usethelinkprovidedontheirwebsite.Readthereviewsandratings.Fraudulentappsoftenhavemanybadreviewswithpeoplecomplainingaboutgettingscammed,somakesuretocheckthembeforeyoudownload.However,youshouldalsobescepticalofappsthatpresentperfectratingsandcomments.Anylegitimateapphasitsfairshareofnegativereviews.Checktheappdeveloperinformation.Lookforwhetheralegitimatecompany,emailaddress,andwebsiteareprovided.Youshouldalsoperformanonlinesearchontheinformationprovidedtoseeiftheyarereallyrelatedtotheofficialexchange.Checkthenumberofdownloads.Thedownloadcountshouldalsobeconsidered.Itisunlikelythatahighlypopularcryptocurrencyexchangewouldhaveasmallnumberofdownloads.Activate2FAonyouraccounts.Althoughnot100%secure,2FAismuchhardertobypassandcanmakeahugedifferenceinprotectingyourfunds,evenifyourlogincredentialsarephished.Fakecryptocurrencywalletapps
Therearemanydifferenttypesoffakeapps.Onevariationseekstoobtainpersonalinformationfromuserssuchastheirwalletpasswordsandprivatekeys.
Compound公布第一份社區治理提議 將在Compound上使用USDT:根據社區成員的投票,Defi借貸協議Compound公布了第一份社區治理提議,即在Compound上使用USDT,正式開啟了Compound社區治理系統的公測。(ETH中文網)[2020/4/27]
Insomecases,fakeappsprovidepreviouslygeneratedpublicaddressestousers.Sotheyassumefundsaretobedepositedintotheseaddresses.However,theydonotgainaccesstotheprivatekeysandthusdonothaveaccesstoanyfundsthataresenttothem.
SuchfakewalletshavebeencreatedforpopularcryptocurrenciessuchasEthereumandNeoand,unfortunately,manyuserslosttheirfunds.Herearesomepreventivestepsthatcanbetakentoavoidbecomingavictim:
Theprecautionshighlightedintheexchangeappsegmentaboveareequallyapplicable.However,anadditionalprecautionyoucantakewhendealingwithwalletappsistomakesurebrandnewaddressesaregeneratedwhenyoufirstopentheapp,andthatyouareinpossessionoftheprivatekeys(ormnemonicseeds).Alegitimatewalletappallowsyoutoexporttheprivatekeys,butitisalsoimportanttoensurethegenerationofnewkeypairsisnotcompromised.Soyoushoulduseareputablesoftware(preferablyopensource).Eveniftheappprovidesyouaprivatekey(orseed),youshouldverifywhetherthepublicaddressescanbederivedandaccessedfromthem.Forexample,someBitcoinwalletsallowuserstoimporttheirprivatekeysorseedstovisualizetheaddressesandaccessthefunds.Tominimizetherisksofkeysandseedsbeingcompromised,youmayperformthisonanair-gappedcomputer(disconnectedfromtheinternet).Cryptojackingapps
動態 | Crypto.com與Xfers合作,用戶將能夠使用新加坡元交易加密貨幣:在新加坡金融科技節上,Crypto.com宣布與新加坡金融科技公司Xfers合作,將為其用戶提供用新加坡元(SGD)買賣加密貨幣的能力。Crypto.com用戶將能夠快速購買和出售主流加密貨幣,包括BTC、ETH、LTC、XRP及其自己的MCO和CRO代幣。另一項合作將是Crypto為Xfers的試點穩定幣計劃StraitsX和XSGD穩定幣提供支持。與新加坡元掛鉤的穩定幣將被引入Crypto.com Pay,這是一種用于客戶和商家之間結算的移動支付解決方案。(CryptoBriefing)[2019/11/13]
Cryptojackinghasbeenahotfavoriteamongstcybercriminalsduetothelowbarrierstoentryandlowoverheadsrequired.Furthermore,itoffersthemthepotentialforlong-termrecurringincome.DespitetheirlowerprocessingpowerwhencomparedtoPCs,mobiledevicesareincreasinglybecomingatargetofcryptojacking.
Apartfromweb-browsercryptojacking,cybercriminalsarealsodevelopingprogramsthatappeartobelegitimategaming,utilityoreducationalapps.However,manyoftheseappsaredesignedtosecretlyruncrypto-miningscriptsinthebackground.
Therearealsocryptojackingappsthatareadvertisedaslegitimatethird-partyminers,buttherewardsaredeliveredtotheappdeveloperinsteadoftheusers.
Tomakethingsworse,cybercriminalshavebecomeincreasinglysophisticated,deployinglightweightminingalgorithmstoavoiddetection.
Cryptojackingisincrediblyharmfultoyourmobiledevicesastheydegradeperformanceandaccelerateswearandtear.Evenworse,theycouldpotentiallyactasTrojanhorsesformorenefariousmalware.
動態 | 數據顯示:近一周礦池算力份額 BTC.com居首位:據BTC.com數據顯示,截至2018年9月22日,近一周時間里,礦池份額(根據出塊數據計算)前五位的礦池分別為: 1.BTC.com,算力占比為16.8%,算力為8.60EH/s; 2.ViaBTC,算力占比為13.87%,算力為7.10EH/s; 3. SlushPool,算力占比為11.72%,算力為6.00EH/s; 4.AntPool,算力占比為10.94%,算力為5.60EH/s; 5.BTC.TOP,算力占比為9.77%,算力為5.00EH/s。[2018/9/22]
Thefollowingstepscanbetakentoguardagainstthem.
Onlydownloadappsfromofficialstores,suchasGooglePlay.Piratedappsarenotpre-scannedandaremorelikelytocontaincryptojackingscripts.Monitoryourphoneforexcessivebatterydrainingoroverheating.Oncedetected,terminateappsthatarecausingthis.Keepyourdeviceandappsupdatedsothatsecurityvulnerabilitiesgetpatched.Useawebbrowserthatguardsagainstcryptojackingorinstallreputablebrowserplug-ins,suchasMinerBlock,NoCoin,andAdblock.Ifpossible,installmobileantivirussoftwareandkeepitupdated.Freegiveawayandfakecrypto-minerapps
Theseareappsthatpretendtominecryptocurrenciesfortheirusersbutdon’tactuallydoanythingapartfromdisplayingads.Theyincentivizeuserstokeeptheappsopenbyreflectinganincreaseintheuser’srewardsovertime.Someappsevenincentivizeuserstoleave5-starratingsinordertogetrewards.Ofcourse,noneoftheseappswereactuallymining,andtheirusersneverreceivedanyrewards.
Roger Ver遭Bitcoin.com用戶起訴:據BTCManager、Bitcoinist消息,600多名Bitcoin.com用戶已對比特幣耶穌Roger Ver提起訴訟,因其誘導新用戶購買BCH,進行虛假宣傳甚至有詐騙行為。其誘導詐騙跡象有以下六點:1.Roger Ver在其社交媒體大肆宣傳不知名的比特幣交易平臺Bitxoxo是印度最大交易所,并稱其將會推出BCH;2.Roger Ver創建的Bitcoin.com網站中顯示著Bitcoin是BCH,Bitcoin Core是BTC;3.Roger擁有@Bitcoin的推特賬戶,并用其推廣BCH并批評BTC;4.Reddit的BCH的社區將Roger作為社區ICO顧問,即Roger推廣其ICO以換取社區促進BCH交易;5.在Google輸入購買比特幣并點開bitcoin.com的網站,可以看到“購買BCH”的選項在“購買BTC”之上,并且徽標非常相似;6.Bitcoin.com的“BTC課程”,故意模糊BTC和BCH的區別。[2018/4/28]
Toguardagainstthisscam,understandthatforthemajorityofcryptocurrencies,miningrequireshighlyspecializedhardware(ASICs),meaningitisnotfeasibletomineonamobiledevice.Whateveramountsyouminewouldbetrivialatbest.Stayawayfromanysuchapps.
ClipperappsSuchappsalterthecryptocurrencyaddressesyoucopyandreplacethemwiththoseoftheattacker.Thus,whileavictimmaycopythecorrectrecipientaddress,theonetheypastetoprocessthetransactionisreplacedbythoseoftheattacker.
Toavoidfallingvictimtosuchapps,herearesomeprecautionsyoucantakewhenprocessingtransactions.
Alwaysdoubleandtriplechecktheaddressyouarepastingintotherecipientfield.Blockchaintransactionsareirreversiblesoyoushouldalwaysbecareful.Itisbesttoverifytheentireaddressinsteadofjustportionsofit.Someappsareintelligentenoughtopasteaddressesthatlooksimilartoyourintendedaddress.SIMswappingInaSIMswappingscam,acybercriminalgainsaccesstothephonenumberofauser.TheydothisbyemployingsocialengineeringtechniquestotrickmobilephoneoperatorsintoissuinganewSIMcardtothem.Themostwell-knownSIMswappingscaminvolvedcryptocurrencyentrepreneurMichaelTerpin.HeallegedthatAT&Twasnegligentintheirhandlingofhismobilephonecredentialsresultinginhimlosingtokensvaluedatmorethan20millionUSdollars.
Oncecybercriminalshavegainedaccesstoyourphonenumber,theycanuseittobypassany2FAthatreliesonthat.Fromthere,theycanworktheirwayintoyourcryptocurrencywalletsandexchanges.
AnothermethodcybercriminalscanemployistomonitoryourSMScommunications.Flawsincommunicationsnetworkscanallowcriminalstointerceptyourmessageswhichcanincludethesecond-factorpinmessagedtoyou.
Whatmakesthisattackparticularlyconcerningisthatusersarenotrequiredtoundertakeanyaction,suchasdownloadingafakesoftwareorclickingamaliciouslink.
Topreventfallingpreytosuchscams,herearesomestepstoconsider.
DonotuseyourmobilephonenumberforSMS2FA.Instead,useappslikeGoogleAuthenticatororAuthytosecureyouraccounts.Cybercriminalsareunabletogainaccesstotheseappseveniftheypossessyourphonenumber.Alternatively,youmayusehardware2FAsuchasYubiKeyorGoogle'sTitanSecurityKey.Donotrevealpersonalidentifyinginformationonsocialmedia,suchasyourmobilephonenumber.Cybercriminalscanpickupsuchinformationandusethemtoimpersonateyouelsewhere.Youshouldneverannounceonsocialmediathatyouowncryptocurrenciesasthiswouldmakeyouatarget.Orifyouareinapositionwhereeveryonealreadyknowsyouownthem,thenavoiddisclosingpersonalinformationincludingtheexchangesorwalletsyouuse.Makearrangementswithyourmobilephoneproviderstoprotectyouraccount.Thiscouldmeanattachingapinorpasswordtoyouraccountanddictatingthatonlyuserswithknowledgeofthepincanmakechangestotheaccount.Alternatively,youcanrequiresuchchangestobemadeinpersonanddisallowthemoverthephone.WiFiCybercriminalsareconstantlyseekingentrypointsintomobiledevices,especiallytheonesofcryptocurrencyusers.OnesuchentrypointisthatofWiFiaccess.PublicWiFiisinsecureandusersshouldtakeprecautionsbeforeconnectingtothem.Ifnot,theyriskcybercriminalsgainingaccesstothedataontheirmobiledevices.TheseprecautionshavebeencoveredinthearticleonpublicWiFi.
ClosingthoughtsMobilephoneshavebecomeanessentialpartofourlives.Infact,theyaresointertwinedwithyourdigitalidentitythattheycanbecomeyourgreatestvulnerability.Cybercriminalsareawareofthisandwillcontinuetofindwaystoexploitthis.Securingyourmobiledevicesisnolongeroptional.Ithasbecomeanecessity.Staysafe.
1.一文讀懂和玩轉GraphGraph是Web3堆棧的中間件。它允許應用程序有效地查詢區塊鏈數據而無需依賴中心化服務提供商,從而有助于使完全去中心化的應用程序成為現實.
1900/1/1 0:00:001月15日消息,萊特幣基金會發推表示,用戶可以用借記卡使用LTC,可以通過該卡將LTC變現并進行購物.
1900/1/1 0:00:00下面老李跟大家分享下1.14日晚間給出的全網公開單和實倉客戶的操作情況:1.14日晚間21:12時老李給出BTC38000-38200附近多單目標39200附近的策略.
1900/1/1 0:00:00尊敬的客戶: 經平臺評估,ETF幣對ALGO3S將于2021年1月19日00:00---02:00(UTC8)期間進行份額合并。原有100份ALGO3S份額會變為1份新的ALGO3S.
1900/1/1 0:00:00人生,就要活得漂亮,走得鏗鏘。自己不奮斗,終歸是擺設。無論你是誰,寧可做拼搏的失敗者,也不要做安于現狀的平凡人.
1900/1/1 0:00:00一直以來,數字人民幣試點受到廣泛關注。繼蘇州數字人民幣試點后,又有諸多測試消息披露,其中既有如蘇州一樣的大規模紅包試點,也有小場景的專項測試.
1900/1/1 0:00:00