Connect with us

Bitcoin News

Three ways to prevent exchange hacks—how 3FA can foil cryptocurrency exchange robberies

Published

on

Guest post by Dave Jevans from CipherTrace

Dave is the CEO of CipherTrace.

The recent hack of the world’s biggest cryptocurrency exchange, Binance, highlights the need for heightened security in the crypto space.

In what Wired reported as “a ‘large-scale security breach,’ hackers stole not only 7,000 bitcoin—equivalent to over $40 million ($56 million at the time of this writing, just one week later)—but also some user two-factor authentication codes and API tokens.”

This is just one of the many cryptocurrency heists totaling 100s of millions of dollars that CipherTrace has reported on in the last year.

Why are sophisticated hackers targeting the crypto space? Because, obviously, that’s where the money is. The huge hot wallet stash looted from Binance represented only about 2 percent of the exchange’s reserves. And, if this is the rumored ‘Crypto Spring’ to the recent winter, then as valuations begin to rise dramatically expect things to get worse.

The good thing for the industry is that Binance did the right thing—they were transparent and didn’t delay in reporting the theft, announcing it the same day it was discovered. “The hackers used a variety of techniques, including phishing, viruses and other attacks,” according to Binance CEO Changpeng Zhao in a May 7 blog post.

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.”

Moreover, Zhao announced that no customer funds would be used to cover losses, as Binance had set up a self-insurance fund in 2018 that accrues 10 percent of all trading fees in a separate cold wallet.

How did the theft occur? We are currently researching the attack, but from what we know Binance had the current state of the cybersecurity art in place. The attacker(s) probably used a password stolen in a phishing attack, or they exploited a combination of vulnerabilities.

As Chairman of the Anti-Phishing Working Group, an organization that has been fighting eCrime and phishing for more than 16 years, I can tell you it’s highly likely that phishing was an attack vector.

Spear phishing (targeted attacks on high-value individuals) and business email compromise (BEC) are getting a lot worse. And phishers are casting their nets—and spears—at crypto companies in particular. The Binance hack could have been an employee being duped into giving a password by a clever email ruse. It could have been phishing plus fileless malware or an APT. It could have stemmed from any number of vulnerabilities typically present in the attack surface of such a large, global IT network.

Time to triple-down on security

Two-factor authentication (2FA) is no longer strong enough, and SMS is a weak second factor. As was detailed in the CipherTrace Q4 2018 Crypto AML report, attackers often “port” phone numbers in order to receive SMS text messages that are used in a number of 2FA systems. Which obviously means this approach is not secure. But, by having an authentication app on the phone, instead of relying on SMS text message codes, companies are protected even if an employee’s phone is hijacked or SIM-swapped.

So what can and should exchanges do to prevent thefts? In our opinion, given the ever-increasing sophistication and persistence of the bad guys, there’s only one viable solution at the moment. Well, there’s three, actually.

The answer is three-factor authentication (3FA)—two things they have, and one thing they know. To access the network, exchange employees should be required to use an authentication app on their phone, a certificate on their computer to access the corporate VPN, and a password. That way, if criminals phish an exchange worker’s password or break it with brute force they’re still not getting in. Plus, unlike passwords, certificates can be revoked.

The attacker can gain the password and even compromise one of the user’s devices but that won’t get all three factors. And without compromising all three factors, they’re not getting in. Three-factor is the new strong auth. It may sound like this proposal puts an onerous burden on employees, but having a certificate on the computer takes no day-to-day effort.

Guest post by Dave Jevans from CipherTrace

Founded by experienced Silicon Valley entrepreneurs, CipherTrace was created to develop cryptocurrency and blockchain tracing and security capabilities.

Learn more

Filed Under: Crypto Exchanges, Guest Post, Hacks

Dave Jevans

Dave Jevans is a founder and CEO of CipherTrace. Mr. Jevans has 20 years of experience in the security and payments markets. He is the holder of 17 US patents in cybersecurity, and has founded and sold three cybersecurity startups. In 2015, Mr. Jevans sold mobile security pioneer Marble Security to Proofpoint (NASDAQ: PFPT). Before Marble, he founded IronKey, which was acquired by iMation (NASDAQ: IMN).

View author profile

Disclaimer: Our writers’ opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Like what you read? Give us one like or share it to your friends
original post…

Bitcoin News

Game Changer for Bitcoin? VanEck ETF Decision Tomorrow –  All You Need to Know

Published

on

One of the events the entire cryptocurrency community has its sights turned to is the VanEck/SolidX Bitcoin ETF proposal. It was published in the Federal Register back on February 20th, giving the SEC a legal timeframe of 90 days to make a further decision. This means that the Commission must come up with a decision tomorrow, May 21st.

May 21st – An Important Date for Bitcoin

The saga around VanEck/SolidX Bitcoin ETF proposal has been going on for quite a while now. Last year, their application was withdrawn after being delayed on multiple occasions by the US Securities and Exchange Commission (SEC). However, shortly after that, the application was submitted again, reigniting hope among those who believe that a Bitcoin ETF would catalyze a further increase in the price of the cryptocurrency, as well as further adoption.

The new application was filed with the Federal Register on February 20th, giving the SEC a binding term of 90 days to come up with a decision to approve, deny, or delay it. Interestingly enough, another Bitcoin ETF application was also filed with the Register on February 15th – that of Bitwise. The SEC delayed its decision on the latter, while even deciding to use the full 90 days term to make up its mind on the application of VanEck and SolidX. This is why May 21st is an important date to expect.

According to famous legal expert among the cryptocurrency community, Jake Chervinsky, however, the chances of a delay or denial are much higher than the chances of approval.

He bases his merit on the fact that the SEC is unlikely to approve the first-ever Bitcoin ETF without taking the full 240 days period that it legally can. Moreover, he also finds it rather unusual that the Commission didn’t delay the VanEck Bitcoin ETF together with that of Bitwise.

The lawyer also cited some of the reasons for the delay of the application of Bitwise, which include:

  • The nature of the market for Bitcoin
  • The efficiency of that market
  • The susceptibility of that market to manipulation
  • How the market is similar to markets for other commodities
  • Reports that a large percentage of reported volume is fake

Chervinsky pointed out that if VanEck has any chance of approval, then the SEC “would need to delay & aks all these same questions to them as well.”

What Does This Mean For Bitcoin?

While it’s anyone’s guess how a potential approval of a Bitcoin ETF would impact Bitcoin’s price and whether it would surge, the majority of the cryptocurrency community is undoubtedly sure of it.

According to Josh Roger, a well-known cryptocurrency trader and investor, the different scenarios will have different impacts on the price.

The upcoming VanEck ETF decision could certainly have a serious impact on BTC price.

Denial = Pull back the current price regardless of how good it looked this weekend.

Approval = push the price to new yearly high and create mass FOMO buying.

Delay = Expected & likely little change.

Be the first to know about our price analysis, crypto news and trading tips: Follow us on Telegram or subscribe to our weekly newsletter.


CryptoPotato Video Channel



More news for you:

Like what you read? Give us one like or share it to your friends
original post…

Continue Reading

Bitcoin News

PSA: Bitconnect ‘2.0’ Triggers Countdown to Resurrect Greatest Crypto Ponzi Ever

Published

on

By

By CCN: In 2016 a cryptocurrency project named BitConnect came along offering 1% daily compounded interest for those who purchased and staked its token.

When the BitConnect (BCC) bubble inevitably burst, the owners, as expected, made off everyone’s money. The BCC token price sunk by 99.9%, and a previously $2.5 billion valued project became worthless.

Now, the greatest scam ever sold is back. Enter BitConnect 2.0.

Hey, Hey, Hey: BitConnect 2.0 Arrives for a Second Bite at the Cherry

A website and Twitter profile advertising the arrival of BitConnect 2.0 appeared in the last few days. The website shows a countdown to the rebirth of one of the worst cryptocurrency scams of all time.

Bitconnect countdown

The Twitter profile contains just two posts – one is a link to the new website; and the other is a Binance referral link with the directive ‘Buy Now’.

Of course, there are no BitConnect tokens (either 1.0 or 2.0) hosted on Binance. If we take a look at the domain registrar details for the new website – BitConnect.io – we see some strange peculiarities.

Despite the Twitter post promising a July 1st launch, the website’s domain name is set to expire two weeks before that date. The domain, which differs slightly from the original BitConnect.co website, was registered in 2017.

bitconnect domain

Scamception: A Scam Inside a Scam

All of this adds up to what looks like a scam inside a scam. Assuming the site domain isn’t renewed before the expiration on June 19th, then perhaps what we have here isn’t BitConnect 2.0 at all.

Rather, it appears someone with an old domain name is attempting to squeeze as much money out of their Binance referral link as possible before the site expires. The Twitter profile shows almost 1,000 followers already, despite the first post not appearing until one day ago. However, the new website is also registered in the same geographic location as the original – Panama.

One person who was able to see the funny side of the BitConnect revival was former BCC front-man, Carlos Matos. Famous for his exuberant and dramatic on-stage sale pitch, Matos continues to post memes about the BitConnect saga. Recently he revived his infamous ‘Hey, Hey, Hey…’ slogan to comment on BitConnect 2.0; which he apparently has no part in.

[embedded content] [embedded content]

Matos even posted this meme expressing a skeptical take on the project’s revival.

bitconnect grand theft auto meme

Too Late for Skepticism

Ultimately, the same skepticism would have been useful several years ago, before gullible investors were taken for all they had. From the ICO price of $0.17, the value of BCC tokens shot up to $509.99 in one year – marking ridiculous gains of 299,894%.

bitconnect charts

Of course, those gains were never cashed out. When the exit scam hit in January 2018, the value of BCC dropped like a stone. Data for the token price continued to be tracked up until August 2018, when it held a value of just $0.263786, before being removed from all exchanges.

Like what you read? Give us one like or share it to your friends
original post…

Continue Reading

Bitcoin News

EOS Price Prediction Today: Daily (EOS) Value Forecast – May 20

Published

on

34-Million-EOS-Officially-Burned

34-Million-EOS-Officially-Burned

  • On the upside, if the price is sustained above the EMAs, the bulls are likely to retest or break the $6.60 and $6.80 resistance levels.
  • However, if the bulls fail to break the resistance levels, the crypto’s price is likely to fall back to the range bound zone.

EOS/USD Medium-term Trend: Ranging

  • Resistance levels: $ 6.80, $7.0, $7.20.
  • Support levels: $6.20, $6, $5.80.

Last week the price of EOS was in a bullish trend. On May 16, the crypto’s price tested a high of $6.80 and was resisted. The market fell and was in a downward correction to the support level at $5.80 price level. On May 19, the crypto’s price was in a bullish move but was resisted at the $6.60 price level. The crypto’s price is above the 12-day EMA and the 26-day EMA which indicates that price is likely to rise.

On the upside, if the price is sustained above the EMAs, the bulls are likely to retest or break the $6.50 and $6.80 resistance levels. However, if the bulls fail to break the resistance levels, the crypto’s price is likely to fall back to the range bound zone. Meanwhile, the market is at the overbought region of the daily stochastic but below the 80% which indicates that price is in a bearish momentum and a sell signal.

EOS/USD Short-term Trend: Ranging

On the 1-hour chart, the price of EOS is in a bearish trend zone. On May 19, the crypto’s price reached a high of $6.52 but was resisted. The crypto’s price fell and was in a downward correction. The bears have broken the 0.236, 0382 and the 0.50 Fib. retracement levels.

The price is in a downtrend zone but the 0.618 retracement level is likely to hold. In other words, the price may fall to the $6.19 price level. Meanwhile, the market has reached the oversold region of the daily stochastic but below the 40% range. This indicates that the price of EOS is in a bearish momentum and sell signal.

The views and opinions expressed here do not reflect that of BitcoinExchangeGuide.com and do not constitute financial advice. Always do your own research.

Like what you read? Give us one like or share it to your friends
original post…

Continue Reading

Bitcoin News

Bitcoin Has Soared Above Intrinsic Value During Latest Rally, JPM Strategists Claim

Published

on

Strategists from United States banking giant JPMorgan Chase (JPM) have argued that bitcoin (BTC)’s recent rally has ostensibly soared past what they calculate to be its intrinsic value. Their analysis was reported by Bloomberg on May 20.

The strategists — who reportedly include JPMorgan global market strategist Nikolaos Panigirtzoglou —  judge that the top coin has recently been trading in a way that mirrors its late 2017 rally, which preceded a protracted price slump.

To ascertain the coin’s intrinsic value, the strategists reportedly analyzed bitcoin as a commodity and calculated its cost of production based on parameters such as estimated computational power, electricity costs and hardware energy efficiency, Bloomberg notes. They reportedly stated:

“Over the past few days, the actual price has moved sharply over marginal cost. This divergence between actual and intrinsic values carries some echoes of the spike higher in late 2017, and at the time this divergence was resolved mostly by a reduction in actual prices.”

Bitcoin — which has seen a renewed lease of life since April — has traded as high as almost $8,300 within the last week — having traded sideways below $5,000 throughout February and March. In mid-December 2018, the top coin had traded below the $3,300 mark — with its current price point thus representing a roughly 150% gain over its bear market lows.

Bitcoin’s 3-month chart, Feb. 20 — May 20 2019

Bitcoin’s 3-month chart, Feb. 20 — May 20 2019. Source: CoinMarketCap

In an apparent qualification of their analysis, JPMorgan’s strategist are cited by Bloomberg as having noted that:

“Defining an intrinsic or fair value for any cryptocurrency is clearly challenging. Indeed, views range from some researchers arguing that it has no fundamental value, to others estimating fair values well in excess of current prices.”

As reported, JPMorgan CEO Jamie Dimon has long adopted a sceptical stance toward decentralized cryptocurrencies such as bitcoin, even as he steers the megabank toward launching its own blockchain-powered native settlement digital asset, JPM Coin.

Like what you read? Give us one like or share it to your friends
original post…

Continue Reading

Bitcoin News

Ethereum-Based Stock Exchange Plans First Company Listing in June

Published

on

SprinkleXchange, a stock exchange built on ethereum, is reportedly listing its first company next month.

Sprinkle Group CEO Alexander Wallin told Bloomberg in an interview published Friday, “We have the luxury of being first with this, but we’re aware that it will become a crowded market.”

The Bahrain-based platform, operating within a regulatory sandbox created by the country’s central bank, uses a decentralized clearing and settlement system that uses automation in order to reduce time and cost. Prices will be set using the Dutch auction method, with SprinkleXchange taking a 1 percent fee.

Wallin told the news source that the cost of listing would be similar to on a Swedish stock exchange, but “you get global access and we can show that you also get better liquidity.”

SprinkleXchange is aiming to attract companies with a market capitalization of $20-$200 million. It expects to list 35 companies over the next 12 months and as many as 1,000 over the next few years. As well as listed stocks, the firm will offer trading in cryptocurrencies and also plans to add exchange-traded funds in the future.

A number of traditional stock exchanges are currently moving to integrate blockchain tech in their platforms. Switzerland’s top stock exchange, SIX, for instance, is expected to roll out a blockchain platform to speed up trading later this year. While the Gibraltar Stock Exchange recently started allowing the listing of tokenized securities.

The Australian Securities Exchange is notably rebuilding its ageing CHESS settlement platform using blockchain tech provided by Digital Asset. And other stock exchanges, including in Jamaica, Thailand and Spain, have also announced initiatives around blockchain and crypto assets.

Bahrain image via Shutterstock 

Like what you read? Give us one like or share it to your friends
original post…

Continue Reading
Advertisement

Recent Posts

Copyright © 2019 The Crypto Report