Connect with us
[crypto-donation-box]

Blockchain

Crypto OPSEC [2020]: Accounts, Cell Phones, 2FA & Security

Staying up to date with security best practices is vital as a cryptocurrency investor, trader or user. This guide will help you learn how to minimize the risk associated with using cryptocurrency websites, exchanges, and services. If you are a public figure involved in cryptocurrency, the importance of following proper security practices is even more critical. […]

Crypto OPSEC [2020]: Accounts, Cell Phones, 2FA & Security was originally found on Blokt – Privacy, Tech, Bitcoin, Blockchain & Cryptocurrency.

Republished by Plato

Published

on

Staying up to date with security best practices is vital as a cryptocurrency investor, trader or user. This guide will help you learn how to minimize the risk associated with using cryptocurrency websites, exchanges, and services.

If you are a public figure involved in cryptocurrency, the importance of following proper security practices is even more critical. You should consider yourself an active target for hackers. Many vloggers, bloggers, hedge fund managers and other individuals who have spoken or written publicly about cryptocurrency have had funds stolen, or at the very least, thefts have been attempted. This, however, is not a reason to slack if you’re not a public figure, there are numerous ways bad actors can find crypto holders and choose a mark, it’s not exclusive to those in the spotlight.

1 Accounts

AccountsThe accounts you set up and use for cryptocurrency related matters are a potential security concern. Bad actors can use information found via these accounts to home in on the identity of the person behind them.

For example, let’s imagine you always use the username “crazy_crypto_fiend.” Even if your e-mail address is not visible on a target website, an attacker can search for your username on other sites, which might publicly display their users’ e-mail addresses, and locate yours. Once they have your e-mail from this third party website (perhaps with lower security standards), they can use it as a starting point to get into your accounts on crypto exchanges.

Let’s look at the options for remaining as anonymous as possible when creating accounts on any website or platform:

Unique Usernames

Noone cares how much you love it, drop it. Start using random usernames for accounts on websites, social media and in particular, crypto-related sites. As mentioned above, your username can be used as an attack vector if it’s plastered all over the internet so make sure you are using unique usernames for every website or service.

Random Passwords

This should go without saying. Do not re-use passwords across multiple websites. There are regular database dumps of usernames, e-mails, passwords and personal data made available to hackers, sometimes from prominent sites such as Yahoo. Use a long password which contains numbers, uppercase letters, lower case letters, and punctuation. The length is extremely important, so use passwords that are as long as possible. It would take considerably longer for a hacker to brute force a thirty letter password than a five letter password. Your password manager should have an option to generate and store these passwords for you, more on password managers further down.

Crypto-Specific E-Mail Address

Use an e-mail address specific to your crypto dealings. This way, it is harder for attackers to locate your e-mail address from social accounts, database dumps and through other means. Don’t include your name in your crypto e-mail address, something generic would be much more secure.

Stay Informed to Hacks & Dumps

Knowing when your e-mail, username, password, or personal data has been compromised is useful when trying to keep your online identity secure. Sign up with have i been pwned to receive notifications when your information is contained within a dump. It’s advisable to sign up with your personal e-mail and your crypto-specific e-mail.

2 Password Managers

Password ManagersWondering how on earth you are going to remember multiple random, long, and unique passwords? Have no fear; password managers are here. A password manager allows you to sign with a single password and then automatically fill passwords on other sites from an encrypted database. You can view some of the available password managers here. The issue here is that you have one single password as a point of failure. If your password manger’s password is compromised, everything is compromised. To further secure your password manager you must set up 2-factor authentication on it.

3 Two-Factor Authentication

Two-Factor AuthenticationIn today’s climate, two-factor authentication, or 2FA, is essential to keeping your accounts safe from hackers. There are two main options when considering which software to use for your 2FA needs:

The Options

  1. Google Authenticator
  2. Authy

The 2FA software runs on a mobile device and can be downloaded from the Google Play Store or the Apple Store depending on your handset. Never download apps from a third-party website. Avoid using SMS as 2FA at all costs. Your telco could unknowingly port your phone number to a hackers SIM which would allow them to take over your accounts. More on this later.

There are pros and cons for each of these 2FA options. Google Authenticator is more secure out of the box, but Authy can be backed up to multiple devices which means you are not locked out of accounts should you lose your primary handset. I’ll explain how to secure Authy so that you have the benefit of multi-device backup, without the security flaws that can be present in some configurations. You will need a backup device to install Authy on too.

  1. Install the Authy app on your main handset
  2. Add 2FA to your chosen websites using the Authy app
  3. In the settings on your main handset, allow multi-device
  4. Install the Authy app on your backup device
  5. Check that your accounts have synced across both devices
  6. In the settings on your main handset, turn off multi-device
  7. Setup a PIN number for the Authy app on both devices

Now both devices will sync, but further devices cannot be added to sync. This means that if an attacker was to compromise your mobile number, (it happens much more than you might think) they will not be able to add Authy to their device and sync your accounts.

If you choose to use Google Authenticator, you will be required to print and store backup codes for each website you decide to add.

Secure Your Accounts

Now that you have 2FA setup, you need secure your accounts. It’s best practice to secure everything that allows it. Most decent websites support 2FA these days, so get it enabled. Here’s a list to get you started, securing all of the below is extremely IMPORTANT:

  • Add 2FA to your password manager
  • Add 2FA to your Google account(s)
  • Add 2FA to your e-mail accounts
  • Add 2FA to your crypto exchange accounts
  • Add 2FA everywhere else you can

4 Mobile Phones

Mobile PhonesYour mobile phone is a weakness in your security armor. Hackers regularly trick telcos into porting their victims’ numbers to their SIM cards by simply calling up, and playing it dumb. They could have also obtained personal details about you from a dump, hack, social network or some other means which will give them extra sway with your telco when they’re trying to pass themselves off as you. This is the main reason it is a bad idea to use SMS as a 2FA option.

There are some steps you can take to secure your mobile account, but sometimes these options may not be available, it depends on your telco. It’s advisable to do as many of the below as possible to secure your account:

  • Set up an account PIN number
  • Ensure this PIN number must be used to talk to a representative or make any changes at all on your account
  • Memorize your PIN
  • Ask your telco what would happen if you forget your PIN and ensure it is secure
  • Use a telco specific e-mail address for your account (similar method as using a crypto-specific e-mail)

5 Think Like a Nasty Hacker

HackerIf you were a career hacker, whose income revolved around finding and exploiting information relating to a person, e-mail account, or phone number, what lengths would you go to? The answer is probably “any,” and this is why you need to put yourselves in a hackers shoes to make sure you are secure.

Being security aware is more of a mindset than a method, but the following steps should get your started to thinking like a hacker:

  • Dox yourself – use Google, social media and other resources to try to find your personal information online.
  • Do the above for names, addresses, e-mails, phone numbers and any other personal information you can think of.

There are many ways a hacker can infiltrate your online identity, and it’s important to stay in the mindset that it could, and might, happen to you.

I’ll leave you with the eeriest example:

The photos on your mobile phone may contain EXIF data. This data includes the make and model of your phone, the software version (hacker jackpot), the date and time you took the photo and the GPS coordinates of where you took the photo (amongst other things). Yes, you heard me right, your uploaded photos could give a hacker or thief pinpoint directions to your house, bedroom or office. Scary right?

Luckily, most major social networks strip this data away from uploaded images, but there are plenty of smaller sites, blogs, and services that don’t. Something as simple as uploading a photo could lead a hacker to your address. If this doesn’t drive the importance of OPSEC and good security practices home, then I don’t know what will.

If you want to learn more about to secure your crypto holdings, then grab yourself a hardware wallet and read our in-depth guide.

Feel free to debate the methods discussed in this article below. If I’ve missed anything, please let me know.

Blokt is a leading independent privacy resource that maintains the highest possible professional and ethical journalistic standards.

Source: https://blokt.com/guides/opsec

Blockchain

Opimas estimates that over US$190 billion worth of Bitcoin is currently at risk due to subpar safekeeping

Republished by Plato

Published

on

May 2021. Safekeeping of cryptocurrencies presents a challenge for institutions holding cryptocurrencies on their clients’ behalf. Cryptocurrency transactions are irreversible and anyone with full access to a wallet’s private key controls the cryptocurrencies that reside within it. Frighteningly, a number of institutional participants and even some large cryptocurrency exchanges rely on subpar custody approaches, leading Opimas to estimate that over US$190 billion worth of Bitcoin is currently at risk due to subpar safekeeping.

Luckily, a number of companies have emerged to address this problem. A new research report from Opimas—Crypto Custody: No More Excuses, authored by analysts Suzannah Balluffi and Anne-Laure Foubert—looks at the landscape of cryptocurrency custody-enabling technology providers and institutional-grade cryptocurrency custodians as well as the size of the market for cryptocurrency custody and brokerage services.

Some key findings in the report include:

Many of even the largest holders of Bitcoin and other digital assets continue to rely on storage devices meant for individual investors. Although some of these self-custody devices and wallets are secure and reputable, the operational risk posed by this approach is significant for institutional investors. Furthermore, a chunk of institutionals’ cryptocurrency holdings sit in hot wallets on exchanges. In total, about 22% of institutional cryptocurrency holdings are safeguarded in these relatively risky manners (Figure 1).

Figure 1. CUSTODY METHODS UTILIZED BY INSTITUTIONAL INVESTORS 

 

Source: Opimas analysis.

There are no more excuses for lackadaisical safekeeping – institutions can now choose from several reputable cryptocurrency custody-enabling technology providers and institutional-grade cryptocurrency custodians. Yet no custody solution is equal – there is still no best practice when it comes to security and governance relating to private keys. For example, some providers may rely on time-tested Hardware Security Modules (HSMs), while others use a newer technology known as Multi-Party Computation (MPC) – see Figure 2.

Figure 2. A COMPARISON OF HSM AND MPC TECHNOLOGY PROVIDERS

Source: Ledger, Fireblocks, Opimas analysis.

Some cryptocurrency custodians have followed in the footsteps of traditional capital markets by adding prime brokerage services to their offerings, including trading and settlement, lending, margin finance, staking, reporting, and capital introduction services. Opimas estimates that the current annual revenues generated by the institutional crypto brokerage and custody market are roughly US$2 billion and will grow to nearly US$8 billion by 2026 – a sizeable portion of this coming from brokerage services (Figure 3).

FIGURE 3. THE MARKET FOR CRYPTO CUSTODY & PRIME BROKERAGE SERVICES IS GROWING 

Source:  Opimas analysis. 

  • Regulations surrounding institutions’ ability to store cryptocurrency have become clearer (and in some cases more favorable) in numerous jurisdictions. Notably, the Office of the Comptroller of the Currency (OCC) ruling in the US has allowed banks to store cryptocurrencies for their customers. This regulatory clarity has led a number of financial institutions around the world to provide trading and custody for digital assets. With the advances in brokerage and custody solutions, Opimas expects institutional cryptocurrency holdings to grow from 20% of the cryptocurrency market cap to over 50% by 2026 (Figure 4).

FIGURE 4. INstitutional cryptocurrency holdings over time 

Source:  Opimas analysis.

Source: PlatoData Intelligence

Continue Reading

Blockchain

Bitcoin (BTC) Price Prediction: BTC/USD Faces Rejection Thrice at the $60,000 Resistance Zone, Resumes Downward Correction

Republished by Plato

Published

on

Bitcoin (BTC) Price Prediction – May 9, 2021
Bitcoin bulls have broken above the $58,000 resistance but the bullish momentum could not be sustained. Today, BTC/USD traded as price reached the high of $59,450. The king coin is likely to retrace to $57,000 low if the bulls fail to break the $60,000 psychological price level.

Resistance Levels: $65,000, $70,000, $75,000
Support Levels: $50,000, $45,000, $40,000

BTC/USD – Daily Chart

Bitcoin price was rejected thrice at the $60,000 resistance level. Buyers made frantic efforts to sustain the bullish momentum above the recent high but were repelled by overwhelming selling pressure. Consequently, Bitcoin has resumed a downward move as a result of a strong rejection at the resistance of $59,200. The current retracement will extend to the low of $57,000. Nevertheless, if price breaks below the $57,000 support, the market will continue the downward move. That is, the selling pressure will extend to the low of $53,000. On the upside, if price retraces and finds support above $58,000, the upside momentum will resume.

Bank of England Governor Warns on Crypto Investment
Andrew Bailey is the governor of the Bank of England who has warned crypto investors of the inherent dangers of cryptocurrency investment. The governor argued that cryptocurrencies lacked intrinsic value. According to him, “I would only emphasize what I’ve said quite a few times in recent years, [and] I’m afraid they have no intrinsic value. I’m sorry; I’m going to say this very bluntly again: Buy them only if you’re prepared to lose all your money.” Bailey’s comments are coming at a time when crypto markets are characterized by a huge spike in crypto prices. Major altcoins such as Polkadot, Chainlink, and XRP have also seen vertical price actions.

BTC/USD – 4 Hour Chart

Bitcoin risks another downward correction as the king coin faces stiff rejection at the $59,450 resistance. The Fibonacci tool has already indicated a marginal upward move of Bitcoin and a possible reversal. On May 1 uptrend; a retraced candle body tested the 78.6% Fibonacci retracement level. The retracement indicates that Bitcoin will rise to level 1. 272 Fibonacci extension or the high of $59,819.90. From the price action, BTC price has reached a high of $59,450 and has commenced a downward move.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://insidebitcoins.com/news/bitcoin-btc-price-prediction-btc-usd-faces-rejection-thrice-at-the-60000-resistance-zone-resumes-downward-correction

Continue Reading

Blockchain

Dogecoin dumps following mention from Elon Musk on Saturday Night Live

Republished by Plato

Published

on

Meme cryptocurrency Dogecoin finally got its long-awaited shoutout on Saturday Night Live — but despite hodler hopes, the immediate result has been a violent dump.

First teased by entrepreneur and DOGE cheerleader Elon Musk in late April, the Tesla CEO finally mentioned the digital asset on live television tonight in his opening monologue of the sketch comedy show. The reference was a throwaway line from Musk’s mother, who joined him onstage and asked if her Mother’s Day gift would be Dogecoin; Musk replied that it would be. 

In the minutes afterwards, $DOGE dumped upwards of 25%, falling as low as $.50 from $.66 highs at the start of the show. It has since partially recovered, trading at $.52 at the time of publication.

An hour before the episode began, the price of DOGE sat at $.66, down from an all-time high of $.72. A pair of bearish headwinds may have shared responsibility for the pullback: Musk himself seemed to try and get ahead of the hype, urging followers in a Tweet to “invest with caution,” and a host of new data indicates that many investors may be rolling their DOGE profits into other, largecap digital assets

Additionally, Barry Silbert — the founder and CEO of Digital Currency Group, the parent company of crypto investment vehicle company Grayscale — announced a public short on DOGE via the FTX exchange. In a series of follow-up Tweets, he revealed that the position was $1 million in size, and that any proceeds or remaining funds after closing the short would be donated to charity. 

(It’s unclear if Silbert was is using “we” in reference to Digital Currency Group, one of its portfolio companies, or is simply and bizarrely using a plural pronoun in reference to himself). 

Many DOGE investors were nonetheless holding out hope for a high-profile shoutout on what looked to be a major pop culture event. NBC, the studio behind SNL, chose for the first time ever to live-stream the episode on Youtube, per the Wall Street Journal.

Even a mention could have significant impact on the price of DOGE as well: the meme currency has proven to be susceptible to price movements based on positive social media volume, and multiple studies have shown that Tweets from Musk often lead to price appreciation. A mention on an even bigger platform was thought to potentially lead to even greater gains. 

Leading into the premier of the episode, Alameda Research trader Sam Trabucco (who said in a previous Tweet that he was “studying the typical SNL episode structure to try and understand when a DOGE mention would be the most natural”) speculated that if a joke or mention didn’t come in Musk’s opening monologue, it would be “all over.”

Despite arriving during the monologue, traders nonetheless responded negatively. It remains to be seen if a DOGE-centric skit later in the show can perhaps turn the speculative asset’s fortunes around.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cointelegraph.com/news/dogecoin-dumps-following-mention-from-elon-musk-on-saturday-night-live

Continue Reading
Blockchain4 days ago

Major Law Firm CMS Adds Stratis (STRAX) to its Legal Accelerator Program

Blockchain5 days ago

eBay could add a crypto payment option, says CEO

Blockchain5 days ago

Starcoll To Issue Limited Edition Star Wars Collectibles as NFTs

Blockchain4 days ago

Pro traders buy the Bitcoin price dip while retail investors chase altcoins

Blockchain5 days ago

Singapore’s largest bank posts tenfold crypto volume growth in Q1 2021

Blockchain5 days ago

‘This ain’t no game’ as DOGE briefly flippens Nintendo and takes #4 spot from XRP

Blockchain4 days ago

China’s Central Bank to Partner With Alibaba’s Ant Group on Digital Yuan

Blockchain5 days ago

S&P launches cryptocurrency indexes, debuting with Bitcoin and Ether

Blockchain5 days ago

Bybit Launches Ether (ETH) Cloud Mining Service as Demand Booms

Blockchain5 days ago

WallStreetBets launches blockchain-powered app to decentralize indices

Blockchain4 days ago

Bitcoin Miners Moving Away from China, F2Pool Observes

Blockchain5 days ago

Bitcoin and Ethereum Indices Debut on S&P Dow Jones

Blockchain4 days ago

40% intend to use crypto for payments in the next year: Mastercard survey

Blockchain4 days ago

Here Is Why XRP Volume Has Recover Across Payment Corridors

Blockchain5 days ago

eBay is Considering Adding Crypto Payments & NFT Sales

Blockchain4 days ago

Another XRP lawsuit update: SEC accuses XRP Holders of ‘reciting’ Ripple’s litigation position

Blockchain5 days ago

Bank of England Used as Bitcoin Advertising Board Stoking Inflationary Fears

Blockchain4 days ago

‘DeFi may lead to a paradigm shift’ says Federal Reserve Bank paper

Blockchain5 days ago

The Reason for Ethereum’s Recent Rally to ATH According to Changpeng Zhao

Blockchain5 days ago

Bybit to Launch Cloud Mining to Democratize Ethereum Mining

Trending