The stories about people getting their private keys hacked or stolen are nothing new, with a number losing their life savings because of these thefts. However, in quite an anti-climax scene, a crypto user managed to save their crypto holdings despite losing their private keys. Harpie, an on-chain security firm, revealed an instance of on-chain crime drama where the good guys eventually won. One of the users in their Discord group reportedly raised concerns about the suspected theft of their private keys. When the firm looked into said customer’s wallet, someone was indeed trying to transfer funds from the victim’s accounts. How did we do this? About a month ago, this user protected their tokens with Harpie. By approving and protecting their tokens with Harpie, this user gave us permis...
Amber Group has reproduced the recent Wintermute hack, the Hong Kong-based crypto finance service provider announced on its blog. The process was fast and simple, and used hardware easily accessible to consumers. Wintermute lost over $160 million in a private key hack on Sept. 20. Reproducing the hack can help “build a better understanding of the attack surface spectrum across Web3,” Amber Group said. It was only hours after the hack of UK-based crypto market maker Wintermute was revealed that researchers were able to pin the blame for it on the Profanity vanity address generator. One analyst suggested that the hack had been an inside job, but that conclusion was rejected by Wintermuteand others. The Profanity vulnerability was already known before the Wintermute hack. classy — wishful cyn...
The crypto winter has pumped new life into the adage “Not your keys, not your coins,” particularly after the collapse of some high-profile enterprises like the Celsius Network, whose funds were frozen in June. Just last week, Ledger CEO Pascal Gauthier hammered home the point further, warning: “Don’t trust your coins and your private keys to anyone because you don’t know what they’re going to do with it.” The basic idea behind the adage, familiar to many crypto veterans, is that if you don’t personally hold your private keys (i.e., passwords) in an offline “cold wallet,” then you don’t really control your digital assets. But, Gauthier was also framing the issue in a larger context as the world moves from Web2 to Web3: “A lot of people are still in Web2 […] because they want to stay i...
Out in the cryptosphere, there’s a vast amount of wealth that’s seemingly out of reach. A long-running statistic suggests four million Bitcoin — almost 20% of the total supply — has been lost forever. Much of it was mined when the network was just beginning, with early adopters tearing their hair out after losing their private keys. One Welshman has endured a nine-year battle as he attempts to receive a hard drive containing 7,500 BTC from landfill. But this isn’t the only treasure trove that’s worth exploring. For example, did you know that over 500 Ethereum presale wallets are yet to be recovered… and collectively, they have a value of several billion dollars? The presale for ETH — which is now the world’s second-largest cryptocurrency — took place bac...
A seed phrase might be confusing and probably you might be wondering how a seed phrase looks and maybe how it is created. The seed phrase is generated by a cryptocurrency wallet and the user has no way of customizing it. The words generated are derived from a list of 2048 words. So, how many words is a seed phrase? A seed phrase is made up of a long string consisting of a group of random words. The words on a seed phrase are simplified so that the user can remember them, unlike if the seed phrase consisted of long numbers or special characters. The recovery phrase consists of 12 to 24 words like energy, road or open. To avoid errors, these randomly generated words do not include pairs like “man” and “men” in the same seed phrase. Bitcoin im...
Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool. On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed: “Much to our disappointment, we learned the attacker was a fellow team member Gabagool.” While many community members came in support of the prominent coder,...
Under the mattress, in the seams of a piece of luggage or even rolled into a cigar, what are the worst and best ways for keeping a seed phrase safe? The key to unlocking and recovering cryptocurrency, a seed phrase, should be secured and safe. Especially now that prices are low and the crypto tourists have checked out, it might be time for a crypto security spring clean. Security starts with a seed phrase, sometimes called a recovery phrase. There’s no denying it: Bitcoin and the crypto space writ large are in the clutches of a bear market. Since Do Kwon’s Terra experiment went up in smoke, a crypto contagion has choked the most reputable of exchanges, causing many self-sovereignty advocates to chant, “not your keys, not your coins.” Indeed, hardly a day goes by that another “trusted...
The core principles of cryptocurrency were based on financial independence, decentralization and anonymity. With regulations being the key to mass adoption, however, the privacy aspect of the crypto market seems to be in jeopardy. In 2022, even though no particular country has come up with a universal regulatory outline that governs the whole crypto market, most countries have introduced some form of legislation to govern a few aspects of the crypto market such as trading and financial services. While different countries have set different rules and regulations in accordance with their existing financial laws, a common theme has been the strict implementation of Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. A majority of crypto exchanges operating with a license obt...
Investing in cryptocurrencies and digital assets is now easier than ever before. Online brokers, centralized exchanges and even decentralized exchanges give investors the flexibility to buy and sell tokens without going through a traditional financial institution and the hefty fees and commissions that come along with them. Cryptocurrencies were designed to operate in a decentralized manner. This means that while they’re an innovative avenue for global peer-to-peer value transfers, there are no trusted authorities involved that can guarantee the security of your assets. Your losses are your responsibility once you take your digital assets into custody. Here we’ll explore some of the more common mistakes that cryptocurrency investors and traders make and how you can protect yourself from un...
Cryptocurrency custody solutions have become a big business over the last few years. Independent storage and security systems meant to hold large quantities of crypto on behalf of clients can bring in institutional capital and retail investors waiting on the sidelines simply because they remove a major fear: losing access to funds that become unrecoverable. Because of the decentralized nature of major blockchains like that of Bitcoin or Ethereum, whenever a user loses access to their wallet and doesn’t have a backup of their private keys, the funds within it cannot be recovered. There’s no central entity to turn to, and no one can control the blockchain to give anyone access back to their funds. Storing a private key can be challenging, as it needs to be kept away from bad actors, yet clos...