Millions in Bitcoin Locked Away
Michael, a European cryptocurrency owner, found himself in a predicament two years ago. Back in 2013, he had stored 43.6 BTC, worth around €4,000 or $5,300 at the time, in a password-protected digital wallet.
By the time he contacted Joe Grand for help in 2022, the value of those bitcoins had skyrocketed to a staggering $2 million.
The problem?
Michael had forgotten the password to his wallet. He had used RoboForm, a password manager, to generate a strong 20-character password.
However, instead of storing the password within RoboForm, he mistakenly encrypted it with a separate tool called TrueCrypt. Unfortunately, that encryption file became corrupted, leaving Michael with no way to access his valuable bitcoins.
Seeking Help from a Hardware Hacker
Michael wasn't alone in his struggle. Many people have lost access to cryptocurrency due to forgotten passwords.
He reached out to Joe Grand, a renowned hardware hacker known for his expertise in recovering lost digital assets.
Grand, however, initially declined to help. His specialty lied in cracking hardware wallets, and Michael's situation involved a software wallet. Brute-forcing the password, which involved trying millions of combinations automatically, also seemed impractical.
A Flaw in Randomness
Undeterred, Michael approached Grand again in June 2022. This time, Grand, along with his collaborator Bruno, decided to take a different approach. They suspected a potential vulnerability in RoboForm's password generation process used in 2013.
Back then, the program might have relied on a flawed "pseudo-random number generator" that wasn't truly random. This meant passwords might be predictable if they knew the date and time of generation along with other parameters used by RoboForm.
There was a catch: Michael couldn't recall the exact date he created the password.
Narrowing Down the Possibilities
Working with limited information, Grand and Bruno made some educated guesses. They knew Michael's first Bitcoin transaction occurred on 14 April 2013.
Based on this, they configured RoboForm to generate passwords with the same parameters Michael likely used (character length, special characters, etc.) within a timeframe of 1 March to 20 April 2013.
Unfortunately, none of these attempts yielded the correct password.
They continued to refine their search, expanding the timeframe and adjusting parameters based on Michael's memory of other passwords generated around that time.
The process was frustrating for both sides, with Michael unsure of the exact details and Grand and Bruno needing more information to pinpoint the correct password.
A Stroke of Luck and a Recovered Fortune
Finally, in November 2022, after months of searching, Grand and Bruno struck gold. They cracked the code!
The password, generated on 15 May 2013, at 4:10:40 pm GMT, contained no special characters. This lucky break allowed Michael to regain access to his long-lost bitcoins.
By the time Michael recovered his wallet, the value of Bitcoin had climbed significantly. Each Bitcoin was worth around $38,000.
After Grand and Bruno took a portion of the bitcoins as payment for their hard work, Michael held onto the rest until their value increased to $62,000 per coin, at which point he decided to sell some of them.
As of now, he holds 30 bitcoins, valued at just over $2 million at the time of writing, and he expects their worth to climb even higher to $100,000 per coin.
Michael reflects that losing the password in the past was fortuitous, as it prevented him from selling the bitcoins when they were valued at $40,000 per coin, potentially missing out on a more substantial profit.
However, this also reflects the safety vulnerabilities inherent in crypto wallets. If white hat hackers can adeptly access and restore an account, it implies that malicious hackers with similar or even superior capabilities can exploit these weaknesses just as easily.
Malicious Chrome Extension Steals Login Credentials
Cryptocurrency users became victims of a deceptive attack involving a fake Chrome extension disguised as the legitimate "Aggr" app.
This malicious software stole users' cookie data, compromising their accounts, particularly on the Binance exchange. The incident highlights the dangers of downloading extensions without proper research.
The scam first came to light in February 2024, when a Binance trader named "doomxbt" reported a suspicious loss of $70,000 from their account. The stolen funds were initially deposited on the crypto exchange SideShift.
Deception Through Social Media Influence
Investigations revealed the culprit to be a fake Aggr app available on the Chrome Store. This imposter offered seemingly valuable trading tools but functioned as a Trojan horse. Unlike the genuine Aggr, the malicious version contained code designed to steal all website cookies from unsuspecting users.
Hackers then exploited this stolen data to potentially reconstruct passwords and user keys, specifically targeting Binance accounts for unauthorised access and theft.
Spreading the Trap with Shilling
The attack wasn't limited to creating the fake extension. The perpetrators launched a social media campaign to promote downloads. This tactic, known as "shilling," involved hiring influencers to spread positive word-of-mouth.
Social media accounts associated with these influencers flooded timelines with trading jargon, painting the fake Aggr as a must-have tool. The strategy likely convinced unsuspecting users to download the malicious software, compromising their financial security.
Always Do Your Own Research (DYOR)
The involvement of influencers in this scam raises questions about their due diligence. It's unclear whether these promoters were aware of the fake Aggr's malicious nature or simply neglected the importance of verifying software before endorsing it.
As mentioned in Aler Auriega’s X post above,
There is only one real extension, which is on their GitHub, verified and safe.
This incident serves as a stark reminder for all users to conduct their own research (DYOR) before downloading any application, especially browser extensions. Verifying the legitimacy of software is crucial to protecting your online accounts and digital assets.
Crypto Wallets: Security Breakdown
For safeguarding your digital assets, it's crucial to comprehend the various types of crypto wallets available for storage.
There are three main types of crypto wallets: hardware wallets, software wallets, and paper wallets. Each offers varying levels of security.
Cold Wallets vs. Hot Wallets
- Cold wallets are not connected to the internet and are thus much more secure than hot wallets. Hardware wallets are the most popular type of cold wallet. They store your private key on a secure device that resembles a USB drive. You can connect the hardware wallet to your computer when you need to make a transaction, but otherwise it remains offline, significantly reducing the risk of hacking.
- Hot wallets are always connected to the internet, making them more susceptible to hacks. Software wallets are the most common type of hot wallet. They come in various forms, including mobile wallets, browser extension wallets, and desktop wallets. While convenient for easy transactions, they are less secure than cold wallets because they are constantly online.
Types of Hot Wallets and Security Considerations
- Mobile wallets are downloaded as apps and function similarly to other apps on your phone. While convenient, they can be vulnerable to malware and hacking if your phone is compromised.
- Browser extension wallets are downloadable extensions that work alongside your web browser. They offer quick access to your crypto, but pose a high risk of hacking because they rely on the security of your browser.
- Desktop wallets are similar to mobile wallets but are stored on your computer. They are generally less convenient than mobile wallets but may offer slightly better security since your computer can have additional security measures in place.
Paper Wallets: Security Through Physical Safeguarding
Paper wallets are not technically wallets, but rather a piece of paper containing your private key printed on it. They offer high security if stored properly, but this can be a challenge. Paper is susceptible to damage from water, fire, and other elements. Additionally, if you lose your paper wallet, you lose your crypto.
Choosing the Most Secure Crypto Wallet
Hardware wallets are considered the most secure type of crypto wallet because they store your private key offline on a dedicated device.
However, they are not foolproof.
If someone gains physical access to your hardware wallet and your PIN, they could steal your crypto. It's important to choose a reputable hardware wallet with strong security features and to keep your PIN and recovery phrase secret.
Challenges and Threats to Crypto Wallet Security
While crypto wallets offer strong security features, they are not invincible. Users must be aware of potential risks to effectively protect their digital assets:
- Scams and Phishing: Phishing attempts are prevalent in the cryptocurrency industry. Malicious actors impersonate legitimate wallet providers to steal private keys or recovery phrases. Users should be cautious and verify the legitimacy of wallet websites before interacting with them.
- Loss of Private Keys or Recovery Phrases: Forgetting or losing private keys or recovery phrases can result in permanent financial loss. Backups must be stored securely and never shared with anyone.
- Hardware Failures: Hardware wallets, although robust, are not immune to physical damage or malfunction. Users should handle them with care and maintain multiple backup copies of their recovery phrases.
- Regulatory Risks: Regulatory changes in different countries can impact the use of crypto wallets. Staying informed about local regulations and compliance requirements is essential for users.
- Third-Party Risks: When using online wallets or exchanges, users essentially entrust their private keys to third-party providers. These service providers can be vulnerable to hacking or other security breaches.
The Importance of User Responsibility in Crypto Wallet Security
The famous adage in the cryptocurrency world, "not your keys, not your coins," emphasises user responsibility for security. Regardless of the wallet type, users play a significant role in safeguarding their crypto assets. Here are some essential practices to enhance crypto wallet security:
- Choosing Reputable Providers: Select wallets from well-established and trusted providers. Conduct thorough research and read reviews before entrusting your valuables to a wallet service.
- Protecting Private Keys: Exercise extreme caution when handling your private keys. Keep them offline and never share them with anyone. Consider using hardware wallets for an extra layer of security.
- Enabling Security Features: If your wallet supports 2FA, multi-signature, or encryption, enable them to bolster security.
- Regular Software Updates: Maintaining up-to-date wallet software ensures you benefit from the latest security patches and improvements.
- Phishing Awareness:Be wary of clicking on suspicious links or providing personal information online. Always verify the legitimacy of wallet websites before interacting with them.
Additional Tips for Keeping Your Crypto Safe
Here are some additional measures you can take to improve the security of your crypto assets:
- Avoid using public Wi-Fi when accessing your crypto wallet. Public Wi-Fi networks are often unsecure and can be infiltrated by hackers.
- Use a VPN (Virtual Private Network) to encrypt your internet traffic and hide your IP address. This can help to protect you from hackers who might try to steal your login information.
- Diversify your investments. Don't store all of your crypto in a single wallet. Consider using a combination of hot and cold wallets to spread out your risk.
- Keep a secure backup of your private key. If you lose your hardware wallet or forget your PIN, you will need your private key to recover your crypto. However, it's important to store your private key securely and never share it with anyone.
Kroo Joins U.K. Challenger Banks in Banning Crypto Transactions Due to Security Concerns
The U.K. digital bank Kroo is taking a strong stance against cryptocurrencies, citing a rise in online fraud and scams as the primary reason. This decision, effective 30 May 2024, prohibits Kroo customers from using their accounts for any cryptocurrency-related transactions.
Kroo's Restrictions on Crypto Activity
Kroo's updated terms and conditions outline a zero-tolerance policy for crypto activity. If the bank detects a customer using their account to buy, sell, or receive funds related to cryptocurrency, they will take action.
This action could include blocking the transaction, freezing the account, or even permanent closure in cases of persistent attempts to engage in crypto activity.
The bank specifically mentions they will no longer process bank transfers or card payments associated with cryptocurrencies. This effectively cuts off any avenue for customers to use their Kroo accounts for crypto transactions.
Following the Trend of U.K. Challenger Banks
Kroo's decision aligns with a growing trend among U.K. challenger banks. Other institutions like Starling Bank and Chase UK have already implemented similar bans on crypto transactions. These banks, aiming to compete with established financial giants, are prioritising security measures to protect their customer base.
Concerns Over Crypto-Related Fraud
The rise in online fraud involving cryptocurrencies is a major concern for Kroo and other banks. Crypto's perceived anonymity can attract individuals with malicious intent. Scammers might utilise crypto transactions to launder money or defraud unsuspecting victims.
According to the Central Bank of Russia, nearly half of their financial fraud cases in 2023 involved cryptocurrencies. This highlights the potential risk traditional financial institutions face when dealing with the unregulated crypto market.
Global Banks Urging Caution with Crypto
Kroo's decision reflects broader security concerns within the global banking sector. Even in countries like the United States, authorities like the Federal Reserve have expressed reservations about banks embracing crypto.
Potential fraud and scams associated with cryptocurrencies and Central Bank Digital Currencies (CBDCs) are major areas of concern.
While the world of crypto continues to evolve, traditional banks like Kroo are prioritising security by distancing themselves from the perceived risks associated with cryptocurrency transactions.
Cryptocurrency can be a risky investment with security concerns. Here's a breakdown of the key points:
Is cryptocurrency safe as an investment?
Cryptocurrency is a volatile investment, meaning its price can fluctuate significantly. Unlike established asset classes, cryptocurrencies are also largely unregulated, which can increase risk.
This lack of regulation means there's no guarantee you'll get your money back if a crypto exchange goes bankrupt or suffers a hack.
Security risks of cryptocurrency
- Scams: Crypto scams are prevalent, with criminals using fake apps, wallets, and emails to steal your private keys and access your crypto. Be wary of unsolicited offers and always research before investing in a new cryptocurrency.
- Limited legal protections: Unlike traditional debit and credit card purchases, there are fewer legal protections for cryptocurrency transactions. If you lose money to a scam, there's little chance of getting it back.
- Irreversible transactions: Cryptocurrency transactions are generally irreversible due to blockchain technology. This means you can't get a refund if something goes wrong.
Safeguarding Investments in an Uncertain Market
Overall, cryptocurrency can be a risky investment with security concerns. No matter how secure others claim it to be, nothing is entirely safe.
It's crucial to understand these risks and take steps to protect your investment before diving in. The security of digital assets relies heavily on user responsibility and awareness.
For now, opting for an offline hardware cold wallet is regarded as the preferable choice, avoiding frequent operations in complex network environments. However, ensuring the security of the entire network ecosystem is a systematic endeavour.
Arguably the safest approach is to refrain from gambling and abstain from holding any crypto products.
Brian
Sanya
Edmund
Huang Bo
Aaron
YouQuan
JinseFinance
Cheng Yuan
Clement
Beincrypto
cryptopotato
Cdixon
Ftftx