CommunitySubmission-Author:WhoTookMyCrypto.com
2017wasaremarkableyearforthecryptocurrencyindustryastheirrapidincreaseinvaluationspropelledthemintomainstreammedia.Unsurprisingly,thisgarneredthemimmenseinterestfromboththegeneralpublicaswellascybercriminals.Therelativeanonymityofferedbycryptocurrencieshasmadethemafavouriteamongstcriminalswhooftenusethemtobypasstraditionalbankingsystemsandavoidfinancialsurveillancefromregulators.
Giventhatpeoplearespendingmoretimeontheirsmartphonesthandesktops,itisthusnotsurprisingthatcybercriminalshavealsoturnedtheirattentiontothem.Thefollowingdiscussionhighlightshowscammershavebeentargetingcryptocurrencyusersthroughtheirmobiledevices,alongwithafewstepsthatuserscantaketoprotectthemselves.
Fakecryptocurrencyapps
Fakecryptocurrencyexchangeapps
Themostwell-knownexampleofafakecryptocurrencyexchangeappisprobablytheoneofPoloniex.PriortothelaunchoftheirofficialmobiletradingappinJuly2018,GooglePlaywasalreadylistingseveralfakePoloniexexchangeapps,whichwereintentionallydesignedtobefunctional.ManyusersthatdownloadedthosefraudulentappshadtheirPoloniexlogincredentialscompromised,andtheircryptocurrencieswerestolen.SomeappsevenwentastepfurtherrequestingthelogincredentialsofusersGmailaccounts.Itisimportanttohighlightthatonlyaccountswithouttwo-factorauthentication(2FA)werecompromised.
Compound社區資助計劃CGP 2.0將于1月16日上線,將為協議創新等方面提供資助:1月12日消息,Compound Grants發推稱,社區資助計劃CGP 2.0將于1月16日上線,并在以下重點領域提供資助:協議創新和DApps、安全分析工具和賞金、開發者工具、多鏈策略。[2023/1/13 11:09:03]
Thefollowingstepscanhelpprotectyouagainstsuchscams.
Checktheexchange’sofficialwebsitetoverifyiftheyindeedofferamobiletradingapp.Ifso,usethelinkprovidedontheirwebsite.Readthereviewsandratings.Fraudulentappsoftenhavemanybadreviewswithpeoplecomplainingaboutgettingscammed,somakesuretocheckthembeforeyoudownload.However,youshouldalsobescepticalofappsthatpresentperfectratingsandcomments.Anylegitimateapphasitsfairshareofnegativereviews.Checktheappdeveloperinformation.Lookforwhetheralegitimatecompany,emailaddress,andwebsiteareprovided.Youshouldalsoperformanonlinesearchontheinformationprovidedtoseeiftheyarereallyrelatedtotheofficialexchange.Checkthenumberofdownloads.Thedownloadcountshouldalsobeconsidered.Itisunlikelythatahighlypopularcryptocurrencyexchangewouldhaveasmallnumberofdownloads.Activate2FAonyouraccounts.Althoughnot100%secure,2FAismuchhardertobypassandcanmakeahugedifferenceinprotectingyourfunds,evenifyourlogincredentialsarephished.Fakecryptocurrencywalletapps
Socios.com將幫助橄欖球聯盟俱樂部Stade Fran?ais和The Sharks推出粉絲代幣:8月4日消息,粉絲代幣平臺Socios.com宣布法國橄欖球聯盟俱樂部Stade Fran?ais和南非職業橄欖球聯合隊 The Sharks 建立合作伙伴關系,將幫助推出粉絲代幣和連接球迷。[2022/8/4 12:02:10]
Therearemanydifferenttypesoffakeapps.Onevariationseekstoobtainpersonalinformationfromuserssuchastheirwalletpasswordsandprivatekeys.
Insomecases,fakeappsprovidepreviouslygeneratedpublicaddressestousers.Sotheyassumefundsaretobedepositedintotheseaddresses.However,theydonotgainaccesstotheprivatekeysandthusdonothaveaccesstoanyfundsthataresenttothem.
SuchfakewalletshavebeencreatedforpopularcryptocurrenciessuchasEthereumandNeoand,unfortunately,manyuserslosttheirfunds.Herearesomepreventivestepsthatcanbetakentoavoidbecomingavictim:
Theprecautionshighlightedintheexchangeappsegmentaboveareequallyapplicable.However,anadditionalprecautionyoucantakewhendealingwithwalletappsistomakesurebrandnewaddressesaregeneratedwhenyoufirstopentheapp,andthatyouareinpossessionoftheprivatekeys(ormnemonicseeds).Alegitimatewalletappallowsyoutoexporttheprivatekeys,butitisalsoimportanttoensurethegenerationofnewkeypairsisnotcompromised.Soyoushoulduseareputablesoftware(preferablyopensource).Eveniftheappprovidesyouaprivatekey(orseed),youshouldverifywhetherthepublicaddressescanbederivedandaccessedfromthem.Forexample,someBitcoinwalletsallowuserstoimporttheirprivatekeysorseedstovisualizetheaddressesandaccessthefunds.Tominimizetherisksofkeysandseedsbeingcompromised,youmayperformthisonanair-gappedcomputer(disconnectedfromtheinternet).Cryptojackingapps
Currency.com在停止俄羅斯運營后遭到網絡攻擊,但攻擊并未成功:4月18日消息,歐洲加密貨幣交易平臺Currency.com證實,該加密貨幣交易平臺上周在俄羅斯暫停運營后遭受了大規模的網絡攻擊。Currency.com表示,該平臺上周二遭受了一次失敗的DDoS網絡攻擊。它還強調,攻擊沒有成功,所有客戶賬戶和數據都是安全的。在DDoS攻擊中,黑客通過對平臺的多個服務請求轟炸平臺,從而使其基礎設施崩潰。此前早些時候,烏克蘭總統澤連斯基還表示,俄羅斯黑客針對該國國防部和財政部發起了DDoS攻擊。(Finance Magnates)[2022/4/18 14:30:55]
Cryptojackinghasbeenahotfavoriteamongstcybercriminalsduetothelowbarrierstoentryandlowoverheadsrequired.Furthermore,itoffersthemthepotentialforlong-termrecurringincome.DespitetheirlowerprocessingpowerwhencomparedtoPCs,mobiledevicesareincreasinglybecomingatargetofcryptojacking.
Apartfromweb-browsercryptojacking,cybercriminalsarealsodevelopingprogramsthatappeartobelegitimategaming,utilityoreducationalapps.However,manyoftheseappsaredesignedtosecretlyruncrypto-miningscriptsinthebackground.
Therearealsocryptojackingappsthatareadvertisedaslegitimatethird-partyminers,buttherewardsaredeliveredtotheappdeveloperinsteadoftheusers.
Tomakethingsworse,cybercriminalshavebecomeincreasinglysophisticated,deployinglightweightminingalgorithmstoavoiddetection.
Cryptojackingisincrediblyharmfultoyourmobiledevicesastheydegradeperformanceandaccelerateswearandtear.Evenworse,theycouldpotentiallyactasTrojanhorsesformorenefariousmalware.
Compound資助計劃已正式開放申請:3月15日,Compound官方宣布,Compound贈款計劃已正式開放申請。
此前3月13日,Compound社區通過建立Compound資助計劃的提案。[2021/3/16 18:48:51]
Thefollowingstepscanbetakentoguardagainstthem.
Onlydownloadappsfromofficialstores,suchasGooglePlay.Piratedappsarenotpre-scannedandaremorelikelytocontaincryptojackingscripts.Monitoryourphoneforexcessivebatterydrainingoroverheating.Oncedetected,terminateappsthatarecausingthis.Keepyourdeviceandappsupdatedsothatsecurityvulnerabilitiesgetpatched.Useawebbrowserthatguardsagainstcryptojackingorinstallreputablebrowserplug-ins,suchasMinerBlock,NoCoin,andAdblock.Ifpossible,installmobileantivirussoftwareandkeepitupdated.Freegiveawayandfakecrypto-minerapps
Theseareappsthatpretendtominecryptocurrenciesfortheirusersbutdon’tactuallydoanythingapartfromdisplayingads.Theyincentivizeuserstokeeptheappsopenbyreflectinganincreaseintheuser’srewardsovertime.Someappsevenincentivizeuserstoleave5-starratingsinordertogetrewards.Ofcourse,noneoftheseappswereactuallymining,andtheirusersneverreceivedanyrewards.
Toguardagainstthisscam,understandthatforthemajorityofcryptocurrencies,miningrequireshighlyspecializedhardware(ASICs),meaningitisnotfeasibletomineonamobiledevice.Whateveramountsyouminewouldbetrivialatbest.Stayawayfromanysuchapps.
CryptoCompare報告:11月交易所交易量較上月激增78.2%:12月9日消息,據CryptoCompare最新報告顯示,隨著比特幣創下歷史新高,交易所交易量上個月增長了78.2%,11月衍生品交易量創下1.32萬億美元的歷史新高,幾乎占整個加密貨幣市場的60%,市場份額比10月增加了7%。
Quantum Economics的穩定幣分析師Lou Kerner表示:“隨著新資產規模的擴大和成為主流,這種良性循環將使比特幣交易和衍生品交易量受益。這為經驗豐富的投資者創造了更多機會,使他們可以采用復雜的交易策略,包括購買或做空資產以及使用衍生品來創造套利機會。”[2020/12/9 14:41:12]
ClipperappsSuchappsalterthecryptocurrencyaddressesyoucopyandreplacethemwiththoseoftheattacker.Thus,whileavictimmaycopythecorrectrecipientaddress,theonetheypastetoprocessthetransactionisreplacedbythoseoftheattacker.
Toavoidfallingvictimtosuchapps,herearesomeprecautionsyoucantakewhenprocessingtransactions.
Alwaysdoubleandtriplechecktheaddressyouarepastingintotherecipientfield.Blockchaintransactionsareirreversiblesoyoushouldalwaysbecareful.Itisbesttoverifytheentireaddressinsteadofjustportionsofit.Someappsareintelligentenoughtopasteaddressesthatlooksimilartoyourintendedaddress.SIMswappingInaSIMswappingscam,acybercriminalgainsaccesstothephonenumberofauser.TheydothisbyemployingsocialengineeringtechniquestotrickmobilephoneoperatorsintoissuinganewSIMcardtothem.Themostwell-knownSIMswappingscaminvolvedcryptocurrencyentrepreneurMichaelTerpin.HeallegedthatAT&Twasnegligentintheirhandlingofhismobilephonecredentialsresultinginhimlosingtokensvaluedatmorethan20millionUSdollars.
Oncecybercriminalshavegainedaccesstoyourphonenumber,theycanuseittobypassany2FAthatreliesonthat.Fromthere,theycanworktheirwayintoyourcryptocurrencywalletsandexchanges.
AnothermethodcybercriminalscanemployistomonitoryourSMScommunications.Flawsincommunicationsnetworkscanallowcriminalstointerceptyourmessageswhichcanincludethesecond-factorpinmessagedtoyou.
Whatmakesthisattackparticularlyconcerningisthatusersarenotrequiredtoundertakeanyaction,suchasdownloadingafakesoftwareorclickingamaliciouslink.
Topreventfallingpreytosuchscams,herearesomestepstoconsider.
DonotuseyourmobilephonenumberforSMS2FA.Instead,useappslikeGoogleAuthenticatororAuthytosecureyouraccounts.Cybercriminalsareunabletogainaccesstotheseappseveniftheypossessyourphonenumber.Alternatively,youmayusehardware2FAsuchasYubiKeyorGoogle'sTitanSecurityKey.Donotrevealpersonalidentifyinginformationonsocialmedia,suchasyourmobilephonenumber.Cybercriminalscanpickupsuchinformationandusethemtoimpersonateyouelsewhere.Youshouldneverannounceonsocialmediathatyouowncryptocurrenciesasthiswouldmakeyouatarget.Orifyouareinapositionwhereeveryonealreadyknowsyouownthem,thenavoiddisclosingpersonalinformationincludingtheexchangesorwalletsyouuse.Makearrangementswithyourmobilephoneproviderstoprotectyouraccount.Thiscouldmeanattachingapinorpasswordtoyouraccountanddictatingthatonlyuserswithknowledgeofthepincanmakechangestotheaccount.Alternatively,youcanrequiresuchchangestobemadeinpersonanddisallowthemoverthephone.WiFiCybercriminalsareconstantlyseekingentrypointsintomobiledevices,especiallytheonesofcryptocurrencyusers.OnesuchentrypointisthatofWiFiaccess.PublicWiFiisinsecureandusersshouldtakeprecautionsbeforeconnectingtothem.Ifnot,theyriskcybercriminalsgainingaccesstothedataontheirmobiledevices.TheseprecautionshavebeencoveredinthearticleonpublicWiFi.
ClosingthoughtsMobilephoneshavebecomeanessentialpartofourlives.Infact,theyaresointertwinedwithyourdigitalidentitythattheycanbecomeyourgreatestvulnerability.Cybercriminalsareawareofthisandwillcontinuetofindwaystoexploitthis.Securingyourmobiledevicesisnolongeroptional.Ithasbecomeanecessity.Staysafe.
Tags:THEINGAPPYOUDiversified Staked Ethereum IndexSHPINGBitpie錢包app正版下載YouSwap
1月10日,SpaceX和特斯拉創始人ElonMusk在評論《比特幣億萬富翁》作者BenMezrich“自己再也不會拒絕接受比特幣支付”的推文時表示,“我也不會拒絕.
1900/1/1 0:00:00全國政協委員梁留科建議進一步明確區塊鏈作為新技術基礎設施建設的目標和定位,分析區塊鏈在信息基礎設施、融合基礎設施、創新基礎設施和在推動其他各產業高質量發展中的重要作用.
1900/1/1 0:00:00尊敬的WBF用戶: 為感謝用戶對WBF的支持,WBF將開展”主流幣交易打卡第四期,瓜分5000USDT“活動.
1900/1/1 0:00:00尊敬的HCoin用戶: 大宗未釋放份額兌換HCoin平臺合約分紅股權,第三十期分紅已經發放完畢.
1900/1/1 0:00:00親愛的用戶: DigiFinex將于2021年1月18日17:00(GMT8)上線LNG并開放LNG/USDT交易服務.
1900/1/1 0:00:00尊敬的用戶: SKT將在WBFDefi區上線SKT/USDT交易對,具體時間安排如下:充幣時間:2021-1-1618:00交易時間:2021-1-1814:00提幣時間:2021-1-1818.
1900/1/1 0:00:00