Seed phrases, a random combination of words from the Bitcoin Improvement Protocol (BIP) 39 list of 2048 words, act as one of the primary layers of security against unauthorized access to a user’s crypto holdings. But, what happens when your “smart” phone’s predictive typing remembers and suggests the words next time you try to access your digital wallet?Andre, a 33-year-old IT professional from Germany, recently posted on the r/CryptoCurrency subreddit after discovering his mobile phone’s ability to predict the entire recovery seed phrase as soon as he typed down the first word. As a fair warning to fellow Redditors and crypto enthusiasts, Andre’s post highlighted the ease with which hackers can use the feature to drain a user’s funds just by being able to type the first word out of the BIP 39 list:“This makes it easy to attack, get your hands on a phone, start any chat app, and start typing any words off the BIP39 list, and see what the phone suggests.”Speaking to Cointelegraph, Andre, otherwise known as u/Divinux on Reddit, shared his shock when he first experienced his phone literally guessing the 12-24 word seed phrase. “First, I was stunned. The first couple words could be a coincidence, right?”As a tech-savvy individual, the German crypto investor was able to reproduce the scenario wherein his mobile phone could accurately predict the seed phrases. After realizing the possible impact of this information if it went out to the wrong hands, “I thought I should tell people about it. I’m sure there are others who also have typed seeds into their phone.”Andre’s experiments confirmed that Google’s GBoard was the least vulnerable as the software did not predict every word in the correct order. However, Microsoft’s Swiftkey keyboard was able to predict the seed phrase right out of the box. The Samsung keyboard, too, can predict the words if “Auto replace” and “Suggest text corrections” have been manually turned on. Andre’s initial stint with crypto dates back to 2015 when he momentarily lost interest until he realized he could buy goods and services using Bitcoin (BTC) and other cryptocurrencies. His investment strategy involves purchasing and staking BTC and altcoins such as Terra (LUNA), Algorand (ALGO) and Tezos (XTZ) and “then dollar-cost averaging out into BTC when/if they moon.” The IT professional also develops his own coins and tokens as a hobby.A safety measure against possible hacks, according to Andre, is to store significant and long-term holdings in a hardware wallet. To Redditors across the world, OP’s advises “not your keys not your coins, do your own research, don’t FOMO, never invest more than you are willing to lose, always double-check the address you are sending to, always send a small amount beforehand and disable your PMs in settings,” concluding:“Do yourself a solid and prevent that from happening by clearing your predictive type cache.”Related: STEPN impersonators stealing users’ seed phrases, warn security expertsBlockchain security firm PeckShield warned the crypto community about a large number of phishing websites targeting users of the Web3 lifestyle app STEPN.#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN— PeckShieldAlert (@PeckShieldAlert) April 25, 2022As Cointelegraph recently reported, based on PechShield’s findings, hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users.Access to seed phrase guarantees complete control over the user’s crypto funds via the STEPN dashboard.Čítaj viac
Cryptocurrency custody solutions have become a big business over the last few years. Independent storage and security systems meant to hold large quantities of crypto on behalf of clients can bring in institutional capital and retail investors waiting on the sidelines simply because they remove a major fear: losing access to funds that become unrecoverable.Because of the decentralized nature of major blockchains like that of Bitcoin or Ethereum, whenever a user loses access to their wallet and doesn’t have a backup of their private keys, the funds within it cannot be recovered. There’s no central entity to turn to, and no one can control the blockchain to give anyone access back to their funds.Storing a private key can be challenging, as it needs to be kept away from bad actors, yet close enough for the user to access it when necessary. Dealing with the challenges associated with managing cryptocurrency has seen many simply leave their funds on cryptocurrency exchanges, creating a massive demand for crypto custody services, to the point where America’s fifth-largest bank is offering a solution.While keeping cryptocurrencies with a third party is often seen as a security risk because that third party can itself get hacked, experts told Cointelegraph that custody services are the best option out there when it comes to lost coins.Early cryptocurrency adopters have lost cryptocurrency in numerous ways, including exchange hacks. These security breaches have seen Bitcoin academic Andreas Antonopoulos popularize the famous slogan “not your keys, not your coins.”How much crypto has been lost?Cryptocurrencies can be lost in a number of ways, although unless someone admits that they have lost access to their funds, it’s impossible to tell from data on the blockchain. More often than not, users lose access to a wallet’s private key, which allows them to access the funds within it.There have also been cases in which users send cryptocurrency to the wrong address. Once again, because of the decentralized nature of the blockchain, there’s no remedial action to retrieve these tokens. Finally, users can pass away without leaving anyone else access to their funds.Speaking to Cointelegraph, Kim Grauer, director of research at blockchain forensics firm Chainalysis, noted that an estimated 3.7 million Bitcoin (BTC) (today worth over $140 billion) has been lost. Grauer said the estimate is a “bit old” and is set to be updated with further research later this year.Crypto assets are often considered lost after remaining dormant for a specific number of years. While this method does point to coins that are effectively not currently in circulation, it is flawed. In 2020, for example, a wallet with 50 BTC first mined in February 2009 moved its funds to two addresses.Michael Fasanello, director of training and regulatory affairs at the Blockchain Intelligence Group — which helps government agencies, cryptocurrency businesses and financial institutions address fraud — told Cointelegraph it may be difficult to approximate the monetary value of lost coins because “those who suffered losses would not always be interested in sharing such information.”The figure of 3.7 million represents close to 20% of Bitcoin’s circulating supply, which, to Grauer, likely has an “economic impact that will affect the long-term price” of the cryptocurrency. Grauer added:“There is also a more psychological impact. It’s possible people will be more hesitant to invest in Bitcoin out of a fear of losing it, at which point it is not recoverable.”The Chainalysis executive added that this quality isn’t unique to the cryptocurrency ecosystem and “should not be prohibitive to further adoption,” as there are “many ways to custody your cryptocurrency safely either in your own possession or on an exchange.”Speaking to Cointelegraph, Chris Brooks, founder of cryptocurrency recovery business Crypto Asset Recovery, noted that in his experience, people should be more worried about leaving their seed phrase or private keys in paper wallets that can be mistakenly thrown out, rather than about hackers or scammers. Brooks said:“You have a far greater chance of moving to a new apartment and losing your crypto password in the process than you do of getting hacked.”In March 2011, a user on the Bitcointalk forum started a thread, trying to add up the known lost BTC. While the thread derailed with time, it did show just how many users have lost access to cryptocurrency over the years.These losses, as Chainalysis’ Grauer said, can have a significant economic impact on the cryptocurrency ecosystem.Should lost crypto be considered a donation?Bitcoin creator Satoshi Nakamoto has famously said that lost coins “only make everyone else’s coins worth slightly more” and that they should be thought of as a “donation to everyone.” The Blockchain Intelligence Group’s Fasanello said that when it comes to coins with a limited supply, Satoshi may be right, but those with an infinite supply could see the reverse be true.Fasanello said that just as fiat currency loses value with inflation, so do cryptocurrencies. If a cryptocurrency doesn’t have a finite supply, the value of the lost coins is simply going to erode over time.Speaking to Cointelegraph, Yuriy Kovalev, CEO of crypto trading platform Zenfuse, said that lost coins represent a hidden cost of security in the cryptocurrency space that benefits everyone else:“The amount of lost crypto only shows that decentralized networks like Bitcoin are extremely secure, so much so that trivial mistakes can cost millions. Wallet hunters are seldom only able to help in cases of lost passwords, further proving the blockchain is immutable.”Indeed, most cases in which lost tokens are recovered involve lost passwords used to unlock wallets and not the private keys used to recover them. A recent case saw a computer engineer and hardware hacker crack a Trezor One hardware wallet that was locked because its owner had forgotten its security PIN.Asaf Naim, founder and CEO of blockchain application developer Kirobo, told Cointelegraph that Satoshi’s words may be true for “minor and occasional instances of losing crypto,” but Naim added that the “law of scarcity only holds if people have confidence in the underlying system. If too much cryptocurrency is lost, people will stop believing in its use and its intrinsic value.”Lost crypto and mass adoptionEarly stories from the cryptocurrency space about lost crypto have made headlines over the years, pointing to how hard it may be to recover lost funds. One such example is that of James Howells, who threw away a hard drive containing 7,500 BTC (almost $285 million today) while cleaning his house in 2013.Wallet recovery services have gained popularity over the last few years but often charge large percentages of the funds they recover. Grauer said that there are industry solutions meant to reduce the chances of accidental losses, which include “storing your cryptocurrency on a known and trusted exchange, or hot wallet, similar to what you do with a bank.”The approach contrasts those who argue that if a user does not control the private keys to their wallet, they do not actually own the coins within it. Speaking to Cointelegraph, Crypto Asset Recovery’s Brooks seemed to agree with Grauer, adding, however, that “crypto can be extremely complicated,” and as such, he believes “new investors are better off with custodial wallets.”To Brooks, if a user suddenly passes away or suffers a serious accident, it’s easy for loved ones to claim their crypto from a custodial wallet, but it’s hard to do so through the use of a private key. Kirobo’s Naim believes the cryptocurrency recovery industry may be important but is part of a backward approach: “The main effect of so much crypto being lost is that it stands in the way of mass adoption. If people don’t feel safe using crypto, they just won’t use it. It’s not acceptable that forgetting access credentials is irreversible.”He added that credit cards wouldn’t be as popular as they are if “there was a high chance of irreversibly losing money every time you used one.” The solution could be related to cryptocurrency platforms and their user experience, which could, for example, implement whitelists the same way online banking platforms do to prevent common errors.To the executive, it’s “amazing that writing down words on a piece of paper or memorizing them is the best practice for security in 2022,” as it shows “crypto has lacked a safety net for human error.”The free market has attempted to come up with better solutions over time, which include the creation of titanium sheets where users can write down their seed phrases or private keys. These sheets are harder to throw away by accident and can often survive natural disasters. Some wallets, including Coinbase Wallet, allow users to back up their private keys on Google Drive or iCloud.While cryptocurrency custody services may offer institutional investors the security they need to enter the market, for users looking for an uncensorable form of money, lost crypto may continue to be a problem for the foreseeable future.Čítaj viac
- Terra crash not a risk to the broader crypto ecosystem, says Huobi Global CEO
- Môže byť model Stock to Flow pre Bitcoin stále užitočný?
- DeFi-ing exploits: New Chainalysis tool tracks stolen crypto across multiple chains
- What is Sorare and how to play it?
- Bitcoin analýza – korekcia pokračuje, opäť sa pozrieme na 27 000 $