Personal security

Security

Tips

  • 2FA
  • Cold storage & Hardware wallets
  • Paper wallet & Paper key phrases
  • Separate devices for crypto
  • ...?

But what if...

the online exchange f**** up?

Quadriga

Quadriga CX

Quadriga

  • CEO and founder Gerald Cotten died
  • Unable to access its cold or offline crypto wallets
  • Declared bankrupt
  • $21 million in assets, but owes creditors $160 million
Spicy detail:
"Ernst & Young* was unable to locate any cryptocurrencies in the cold wallet addresses listed by Quadriga, however, aside from 103 bitcoin accidentally transferred from a hot wallet*."

*Provides advisory, assurance, tax and transaction services *A hot wallet refers to a Bitcoin wallet that is online and connected in some way to the Internet

Troll

Cryptopia

Cryptopia

Cryptopia

  • Exchange from New Zealand
  • 300,000 accounts worldwide
  • Established as a hobby in 2014

Cryptopia

  • $16 million down the drain
  • Went back online after hack
  • ...
  • After more issues, they decided to call it quits

Cryptopia

"Recently, analysts found that hackers have moved a portion of Cryptopoa’s stolen crypto assets to another crypto exchange."

Source: https://cointelegraph.com/news/liquidators-of-hacked-cryptopia-exchange-release-report-note-42m-owed-to-creditors

Binance

Binance

Binance

  • May 7 2019
  • Hackers steal $40 million worth of Bitcoin
  • 7,000 BTC from hot wallet
  • Variety of techniques: phishing, viruses

Binance’s API and phishing

  • Phishing by tricking users into divulging sensitive information
  • Often the stolen information are users API keys*

*Give the attacker the ability to programmatically interact with the exchange as if they were the user themselves

3 levels of API permissions

  • Read — ability to read data
  • Trade — ability to execute trades
  • Withdrawal — ability to withdraw funds

3 levels of API permissions

  • Default, read & trade permissions are enabled
  • Attackers mostly got their hands on API keys with trade-only access
  • ... which means they first had to relocate the funds

The robbery transaction

Hackers were able to withdraw ~7000 BTC in this one transaction

Current State of the Stolen Funds

  • No transactions beyond depth=4
  • Bitcoin is being shuffled and parked in stationary addresses

Current State of the Stolen Funds

Depth=4

The grand scheme of things

Exchange hacks https://www.hodlbot.io/blog/binance-hack

The grand scheme of things

BTC price

Binance SAFU

= Secure Asset Fund for Users

  • Emergency insurance fund (since 3rd of July, 2018)
  • Allocates 10% of all trading fees
  • Stored in a separate cold wallet

Source: https://www.binance.vision/glossary/secure-asset-fund-for-users

malicious mobile apps

Apps

malicious mobile apps

  • BTC popularity and malicious apps go hand in hand
  • A few tips:
    • Only install if the official website lists it on its website
    • Keep your OS software up to date
    • Android only: never install APKs downloaded from a random website
    • Use a separate device for crypto and crypto only
    • Mobile anti-virus (wtf?)

Metamask (Phishing)

Metamask

Fake wallets

Fake wallets Source: https://lukasstefanko.com/2018/11/fake-cryptocurrency-wallets-found-on-play-store.html

51% Hacks / Attacks

51% Hacks

51% Hacks what?

  • Attack on a blockchain
  • Group of miners
  • Control more than 50% of the network's mining hashrate (computing power)

51% Hacks consequences

  • Prevent new transactions from gaining confirmations
  • Halt payments between some or all users
  • Reverse transactions that were completed (*double-spend coins)
*Digital equivalent of a perfect counterfeit

51% Hacks impossibilities

  • Not able to create new coins
  • Alter old blocks

Real life examples

  • Ghash.io (Mining pool)
  • Krypton and Shift (Blockchains based on ETH)
  • Bitcoin Gold*

*The attackers were able to double-spend for several days, eventually stealing more than $18 million worth of Bitcoin Gold

Source: https://www.investopedia.com/terms/1/51-attack.asp