Autor Cointelegraph By Zhiyuan Sun

CertiK says SMS is the 'most vulnerable' form of 2FA in use

Using SMS as a form of two-factor authentication has always been popular among crypto enthusiasts. After all, many users are already trading their cryptos or managing social pages on their phones, so why not simply use SMS to verify when accessing sensitive financial content?Unfortunately, con artists have lately caught on to exploiting the wealth buried under this layer of security via SIM-swapping, or the process of rerouting a person’s SIM card to a phone that is in possession of a hacker. In many jurisdictions worldwide, telecom employees won’t ask for government ID, facial identification, or social security numbers to handle a simple porting request.Combined with a quick search for publicly available personal information (quite common for Web 3.0 stakeholders) and easy-to-guess recovery questions, impersonators can quickly port an account’s SMS 2FA to their phone and begin using it for nefarious means. Earlier this year, many crypto Youtubers fell victim to a SIM-swap attack where hackers posted scam videos on their channel with text directing viewers to send money to the hacker’s wallet. In June Solana NFT project Duppies had its official Twitter account breached via a SIM-Swap with hackers tweeting links to a fake stealth mint.With regards to this matter, Cointelegraph spoke with CertiK’s security expert Jesse Leclere. Known as a leader in the blockchain security space, CertiK has helped over 3,600 projects secure $360 billion worth of digital assets and detected over 66,000 vulnerabilities since 2018. Here’s what Leclere had to say:”SMS 2FA is better than nothing, but it is the most vulnerable form of 2FA currently in use. Its appeal comes from its ease of use: most people are either on their phone or have it close at hand when they’re logging in to online platforms. But its vulnerability to SIM card swaps cannot be underestimated.”Leclerc explained that dedicated authenticator apps, such as Google Authenticator, Authy, or Duo, offer nearly all the convenience of SMS 2FA while removing the risk of SIM-swapping. When asked if virtual or eSIM cards can hedge away the risk of SIM-swap-related phishing attacks, for Leclerc, the answer is a clear no:”One has to keep in mind that SIM-swap attacks rely on identity fraud and social engineering. If a bad actor can trick an employee at a telecom firm into thinking that they are the legitimate owner of a number attached to a physical SIM, they can do so for an eSIM as well.Though it is possible to deter such attacks by locking the SIM card to one’s phone (Telecom companies can also unlock phones), Leclere nevertheless points to the gold standard of using physical security keys. “These keys plug into your computer’s USB port, and some are near-field communication (NFC) enabled for easier use with mobile devices,” explains Leclere. “An attacker would need to not only know your password but physically take possession of this key in order to get into your account.”Leclere points out that after mandating the use of security keys for employees in 2017, Google has experienced zero successful phishing attacks. “However, they’re so effective that if you lose the one key that is tied to your account, you will most likely not be able to regain access to it. Keeping multiple keys in safe locations is important,” he added.Finally Leclere sa that in addition to using an authenticator app or a security key, a good password manager makes it easy to create strong passwords without reusing them across multiple sites. “A strong, unique password paired with non-SMS 2FA is the best form of account security,” he stated.

Čítaj viac

Celsius CEO Alex Mashinsky resigns

According to a new press release published on Tuesday, Alex Mashinsky, CEO of troubled crypto lender Celsius Network, has resigned effective immediately. In explaining the decision, Mashinsky wrote: “I regret that my continued role as CEO has become an increasing distraction, and I am very sorry about the difficult financial circumstances members of our community are facing. Since the pause, I have worked tirelessly to help the company and its advisors put forward a viable plan for the Company to return coins to creditors in the fairest and most efficient way.”Founded in 2017, Celsius Network was a rising star in the crypto-lending space, surpassing over 1.7 million customers, $25 billion in assets under management, and $850 million in cumulative interest paid earlier this year. However, its fortunes took a drastic turn when the ongoing crypto winter exposed the firm’s risky, leveraged trading practices.As a result, the company halted all consumer withdrawals in June and was left with a balance sheet gap of nearly $2.85 billion. Prominent stakeholders, such as the Quebec Pension Fund, lost almost the entirety of their investment in the company. Even Celsius’ co-founder Daniel Leon declared that his equity was “worthless” in court. The firm is currently undergoing bankruptcy proceedings. Previously, Mashinsky has tried to revive the company by restructuring it to focus on crypto custody. He also allegedly shared plans to turn its debt into crypto and airdrop them to creditors. After Celsius’ collapse, rumors circulated that Mashinsky tried to flee the United States, which he denied. Mashinsky was voted #63 on Cointelegraph’s Top 100 People in Crypto and Blockchain list last year. 

Čítaj viac

Reddit Avatar NFTs are witnessing volatile price tags

According to a new analysis posted by Reddit user u/Warfared, Reddit Avatar nonfungible tokens, or NFTs, have seen erratic price performance in the past months. The analysis tracked the exchange of NFTs on the popular NFT trading platform Among the top performers were the Fishy Foustling #1 and Mio Armor #1 NFT pieces, boasting a last sale price of 6 Ether (ETH) and 5 ETH, respectively. The NFTs were airdropped to qualified users three months prior who had high amounts of karma points on the namesake social platform. Taken together, items in the aforementioned two collections have surpassed 100 ETH in cumulative trading volume.However, not all individual collectibles or collections are witnessing similar levels of price craze. Four exhibits, Meme Team, Drip Squad, Aww Friends and The Singularity, currently have floor prices less than or equal to 0.01 ETH.Reddit Avatars are created by independent artists and are minted on the Polygon blockchain. OpenSea supports cross-chain operability, allowing them to be bridged onto Ethereum, Klaytn and Solana. Users can purchase such collectibles via Reddit’s cryptocurrency wallet, Vault.Interestingly, some users have reported that Avatar NFTs are far less expensive to purchase via fiat or regular crypto than with xMOON, the native token of the r/Cryptocurrency subreddit. For example, one user, u/aroups, wrote: “If we want Moons to be used for in-app purchases, Reddit should make prices reflect the actual market price and not what they think they’re worth. 500 Reddit coins require 200 Moons to be bought while it costs only 2.49€ to buy with fiat. A 10.99€ NFT would probably cost 1000 xMOON ($110).”Users receive xMOON by acquiring karma points through content generation and upvotes. The token has a maximum supply of 250 million and is released on a monthly basis to their Vault. When users spend their moon, it is taken out of circulation completely. The token has a price of $0.11 a piece at the time of publication.

Čítaj viac

DeFi lending protocol created by ex-QuadrigaCX co-founder surpassed $50M in TVL

According to DeFi Llama, UwU Lend, a decentralized finance, or DeFi, protocol that acts as a money market on the Ethereum blockchain, has surpassed $50 million in total value locked (TVL). The non-custodial protocol was created by Michael Patryn, known by the pseudonym “Sifu,” who was the co-founder of defunct cryptocurrency exchange QuadrigaCX.UwU Lend allows users to earn interest on deposits and pay interest to borrow funds on its platform. Outstanding loans on UwU lend are overcollateralized, with more collateral backing them than debt. A small amount of fees from each transaction goes into the UwU treasury. Borrowers do not have a repayment schedule and there is no limit on loan duration.The protocol also features its native token, UwU. The tokens can be used to participate in revenue share by staking in the liquidity provider pool. The max supply of UwU is 16 million, of which 50% are for community emissions, 25% are for investors and 25% for the team.Michael Patryn was previously known as Omar Dhanani before two name changes in 2003 and 2008. He has been convicted of various financial crimes in the United States. After founding QuadrigaCX with co-founder Gerald Cotten in 2013, Patryn left the firm in 2016, citing a disagreement with its listing processes. Cotten died in 2018 of Crohn’s disease and took the private keys to the firm’s crypto to his grave — leading to the permanent loss of over $145 million of customers’ funds. Earlier this year, DeFi detective zachxbt uncovered that Patryn was running DeFi protocol Wonderland as its co-founder and under the pseudonym Sifu. After heavy community backlash resulting from the dox, the beleaguered DeFi project wound down operations. The price of Wonderland tokens collapsed as a result.— 0xsifu (@0xSifu) September 21, 2022

Čítaj viac

5 years of the ‘Top 10 Cryptos’ experiment and the lessons learned

When Redditor Joe Greene started the Top 10 Cryptos experiment in 2018, he bought $1,000 of Dash, NEM and Iota, among others, only to watch it crash to $150. But five years on, his experiment has paid off big time.The rules: Buy $100 of each of the top 10 cryptocurrencies on Jan. 1, 2018, 2019, 2020 and 2021. Hold only. No selling. No trading. Report monthly.Every January since 2018, Greene has reviewed a list of the top 10 cryptocurrencies by market cap from his tropical office in Bali. He puts $100 of his own money into each, tracks the performance every four months or so, and publishes the findings on his website and on Reddit. When he began, crypto indexes were few and far between, so there wasn’t an easy alternative. Having invested in stocks for years before moving into crypto, Greene predicted that chasing tokens on a hot streak was dangerous — unless done consistently — and this was indeed proven so by his experiment with the Top Ten Crypto Index Funds. Bitcoin 2017Like almost everyone else that year, Greene was mesmerized by the sudden rise of Bitcoin during the 2017 bull market. “I remember looking to buy a rig to do some mining, but it turns out they were all sold out. So, I thought, ‘Whatever, I’ll just go out and buy some coins instead,’” he tells Magazine. A combination of the underlying technology, the financial elements and the future direction of the asset class kept Greene in the sector. He has been blogging with the project ever since. At the beginning, Greene was relatively new to crypto like his audience. He explains:“I came through Reddit and some online articles, and everyone was pretty much shilling sketchy returns, although there were a few diamonds in the rough.” Faced with uncertainty, Greene decided to stick with his normal investing philosophy of holding on to what he purchased and refraining from excessive trading. “Outside of crypto, I’m not a trader, and I’m convinced that very few people are traders. Something like only 0.5% of traders are profitable over the long run,” says Greene. “So, yeah, I ain’t a trader. And I learned my lessons long ago.” Greene’s basic philosophy is that it’s safest to invest in low-cost, super diversified index funds — which is Warren Buffett’s advice for the majority of investors, too. But there simply wasn’t anything like it at the time in late 2017. So, Greene decided to make his own.Greene provides regular updates on his portfolio performance and has been doing so for the past five years.Winner takes all The thinking was that, like stocks, cryptocurrencies have also exhibited signs of “winners take all,” where over a long period of time, the winners keep winning and the losers keep losing in terms of investment gains. After all, the best performing cryptocurrencies attract all the media attention, Google searches, institutional interest, retail euphoria, etc. So, Greene theorized that for individuals who didn’t know much about the crypto space, their best bet was to just stick with the top players and be consistent about doing so. And so, from 2018 onward, Greene compiled a list of the top 10 cryptocurrencies on CoinMarketCap at the beginning of each January and tracked their performance over time. Greene says that the best lesson he has learned during this period is the power of dollar-cost averaging — purchasing an asset on a regular basis without any regard for its market price. This smooths out the volatility in the purchase price and brings it closer to the average price over the period in which it was bought. “What goes up doesn’t always stay up, but the risks can be mitigated with monthly rebalancing,” he said. “My initial portfolio in 2018 consisted of tokens such as Dash, NEM, Iota, etc. Even though there was a bull market from 2020 to late 2021, none of the tokens I spoke of managed to recover their all-time high prices witnessed five years ago. But there were rallies thereafter, and if you stuck with rebalancing, you would have done well.” Top Ten Cryptos bought in 2018 still haven’t recovered to their all-time highs.Crypto winter OG versionIn fact, when Greene placed $1,000 in each of the top 10 cryptocurrencies in January 2018, his portfolio slid to be worth less than $150 just 12 months later.However, patience is rewarded, and for someone who consistently invested $1,000 into the top 10 cryptocurrencies by market cap every January from 2018 onwards, the model portfolio would have returned a cumulative 87%. During the same period, the S&P 500 benchmark would have yielded 24%.Greene’s portfolio performance on a cumulative basis.Greene points out that the strategy of sticking to the big winners — if done consistently — would have worked out in the long run. The 2019, 2020, 2021 and 2022 Top 10 crypto portfolios he tracked have returned +126%, 338%, +177% and -69% (not surprisingly), respectively, to date, essentially offsetting any poor performance made during the bear years. The same experiment, conducted in 2019, yielded good results.“It’s not anything spectacular, like how Twitter shills claim you can get 10,000% in a week by putting your life savings into crypto,” he says. “For any kind of an index, you’re never going to get the best return, but it’s going to protect you from the worst possible outcomes.” Greene elaborates that his method would have worked out better if the index was able to track the entire market, and not just the top crypto. “Over the same period, an all-market crypto index would have yielded 224% growth,” he stated. “That’s the beauty of index investing. I have a normal job and a family to take care of. Because of that, I can’t spend 10 hours a day like on Twitter and Discord and trying to figure out which crypto is going to go up the most. I also suck at NFTs. So, we need an investing method for ordinary people whose lives aren’t devoted to crypto.” Greene’s experiment and methods have attracted a lot of interest among the crypto-curious on social media. When asked about any interesting investment behavior or trading pattern he has observed among his followers over the years, Greene says that there are lots of people who view price movements with the benefit of hindsight: “It’s like saying, ‘Hey, I bought Doge because it went up, you should have gotten it as well.’ I can’t respond to that, and they’re right. But the trick is predicting that beforehand.”Spoiler: The lesson was not to invest in anything in January 2018.There have also been plenty of surprises: “A lot of Bitcoin fans switched to Ethereum over the years, for starters. Then there was BNB Coin, nobody really expected that coin to become big, and I think not even Binance CEO Changpeng Zhao expected that.” On his blog, Greene also has a section dedicated to financial literacy, pointing out that retail investors should track their bills and have their finances in satisfactory condition and never risk more than they can afford to lose. His approach means he became acquainted with folks of a more “conservative mindset.” The best of blockchain, every TuesdaySubscribe for thoughtful explorations and leisurely reads from Magazine. By subscribing you agree to our Terms of Service and Privacy Policy“It’s folks that aren’t day trading crypto,” he explains. “And I tell them, ‘Don’t throw everything you have into crypto — that’s a bad idea.’”A decade of Top 10Greene plans to continue Top Ten Crypto Index Funds until it hits a decade or so. “After all, I have a family… and a full-time job commitment, which can get quite stressful at times.” Greene’s experiment for 2022 has been on a downward spiral.But Greene warns that even though the experiment’s cumulative performance has been good, it’s important to be on the alert for severe drawdowns: “Take this year: There’s now four stablecoins on the top ten list. It’s a bit boring, so I would have to move things around a bit,” he says, adding, “But I should probably stick to what I know best. I also tried this year to get a bonus on DeFi. It was 130 bucks starting with USD Coin, which I swapped for TerraUSD, just for fun, and then I sent it to anchor on LUNA, which crashed magnificently.” 

Čítaj viac

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy