Users report that their sessions were disconnected when trying to interact with Oasis with allegedly high risk wallets.
13 apps removed after researchers uncover Trojan crypto wallet scheme
The scheme, which has been in operation since May 2021, targeted Chinese users through social media groups and fake websites.
Blockchain forensics firm finds millions in sanctioned crypto wallet
Elliptic has discovered a dubious crypto wallet with “significant crypto-asset holdings” in the millions of dollars.
Infrastructure bill passes US Senate — without clarification on crypto
“This legislation imposes a badly flawed, and in some cases unworkable, cryptocurrency tax reporting mandate that threatens future technological innovation,” said Senator Toomey.
New Bitcoin entities near all-time high as analyst heralds ‘positive whale activity’
Appetite for BTC is real at current levels, data shows, with bears needing to search hard for an on-chain metric that is not positive.
Ledger Scam: Scammers Mail Hacked Ledger Devices To Steal Crypto
Scammers are now mailing hacked ledger devices to Ledger users in a bid to steal crypto from unsuspecting users.
An alarmed user made a post on Reddit that they had gotten a Ledger device that they hadn’t purchased. In the package was a poorly worded letter riddled with grammatical errors that explained that due to a cyberattack, Ledger was replacing all old devices with new ones for the purpose of safety.
Letter explaining the reason the device was sent
In further pictures posted by the accounts was a sealed and authentic looking Ledger device.
Device sent in a sealed box
The user then went on to open the device which contained instructions for connecting the device to a computer and installing the application from the device. Asking to choose seed phrase length and inputting your seed phrase into the device.
Instructions contained in the device asking to input seed phrases
Growing more suspicious, instead of plugging the device to their computer, the user went on to dismantle the Ledger device itself.
Ledger devices look like flash drives with a small screen on them. The screen is to make sure that your seed phrase is yours alone.
This proved to be the right move as upon dismantling the device and looking at the circuit board, there were obvious differences between the new device and the original Ledger device.
Side by side comparison of the device sent and an original Ledger device. Fake device on the left and original device on the right.
The scam is obviously a phishing scam meant to send the attackers the seed phrases once they are entered on the compromised device.
In the Reddit post, they issued a warning to other users. A bold new way of attacking with the poster referring to it as “some next level of scam attempt.”
Ledger Hack
Late last year, Ledger had announced that there had been a data breach and the attackers had gotten access to their databases. The names, phone numbers, and mailing addresses of 272,000 customers were stolen and subsequently posted on Raidforums. Raidforums is a platform where hackers go to post the information of hacked databases.
Related Reading | Why Bitcoin Is Actually “Bad For Crime” Contrary To Belief
Ledger had come forward after the breach to assure customers that there was no need to worry. The hack had no way of affecting the hardware wallets of users. As the private keys to the wallets were only held by users and there was no way for the hackers to actually get their hands on them.
This seemed like it was under control and users could rest easy. Ledger was very clear that the data breach only affected information that had to do with e-commerce purposes. No crypto balances were in jeopardy.
The company further posted on Twitter that they were working with law enforcement to stop any breach-related scams. Stating that they had, with the help of law enforcement, taken down over 170 phishing scam websites since the breach happened.
Crypto and Hacks/Scams
The crypto space isn’t new to hacks and scams. There are countless successful and unsuccessful attempts carried out yearly on investors. Some attackers set their sights on smaller scams, going after individual crypto investors in a bid to trick them out of their coins. Other attackers have their eyes on bigger fish like crypto exchanges and malware attacks on large corporations demanding crypto as ransom.
Total Crypto Market Cap | Source: Crypto Total Market Cap on TradingViews.com
One such case is in the case of Colonial Pipeline being hit with a malware. The corporation had to pay $4.4 million in ransom to get operations back up.
The irreversibility of crypto transactions makes it so that coins sent out of a wallet cannot be reversed. This means that if anyone were to get their hands on your seed phrase, they could take all of your coins. The transactions would be visible on the blockchain for you to see but there is no way to actually tell who is on the other end of the transaction.
Related Reading | Will A Large Spike In Bullish Sentiment Translate To A Bitcoin Rally?
So crypto investors are always advised to never reveal their seed phrase to anyone. Never enter it into any website. Do not store it online.
A good way is to write it down on a piece of paper and place it somewhere only you can get to.
The safety of your coins are of the utmost priority.
Featured image from Crypto Network News, images in article from Reddit, chart from TradingView.com
Simple steps to safeguard your wallet from unlimited ERC-20 allowance risks
The funds in your ERC-20 wallet could be at risk if you continue to grant unlimited approvals to decentralized applications.
Russian Mobile Operators Eye Payments Services, Wallets for Digital Ruble
Some telcos are looking at developing a digital wallet that would link the digital currency to users’ mobile phone numbers.
Elon Musk Bites Back at Freewallet After Dogecoin Tweet
The Tesla CEO said crypto users should avoid wallets that do not give them access to their private keys
Meet the Technician Who Unlocks Your Forgotten Crypto Wallets
It’s a bitcoin bull run and you’ve forgotten the password to your wallet. What’s next?
FinCEN’s Wallet Rule Aims to Close Crypto-Cash Reporting Gap, Official Says
FinCEN Deputy Director Michael Mosier encouraged commenters to provide practical, technical feedback on the rule.
DC Magistrate Judge Calls Unhosted Wallet ‘Horror Story’ a ‘Fiction’
“Indeed, cash poses a greater challenge to law enforcement than cryptocurrency in unhosted wallets,” wrote Magistrate Judge Zia Faruqui in an opinion on a forfeiture case.
Ledger Adds Bitcoin Bounty and New Data Security After Hack
Ledger was also targeted by hackers in Shopify’s data breach.
65K Comments and Counting: Crypto Industry Fights ‘Arbitrary’ Treasury Rule
The crypto industry says a proposed rule to collect personal data from private wallet transactions is being rushed, might be challenged in court and could be difficult to implement.
Democracy Demands a Say in the Future of Money
The U.S. Treasury’s decision to impose know-your-customer rules to private cryptocurrency wallets is flawed in more ways than one.
FinCEN’s Proposed Crypto Wallet Rule Might Hit DeFi
FinCEN’s proposed rule regulating “unhosted” wallet transfers has a number of potential issues, including unintended consequences for decentralized finance.
Over 13% of Bitcoin Crime Proceeds Laundered Through ‘Privacy Wallets’: Elliptic
The number of crypto criminals using so-called privacy wallets to help hide their identities is on the rise, according to analytics firm Elliptic.
Multisignature Wallets Can Keep Your Coins Safer (If You Use Them Right)
Multisignature wallets are cryptocurrency wallets which require two or more private keys to sign and send a transaction.
‘Convincing’ Phishing Attack Targets Ledger Hardware Wallet Users
Ledger confirmed that for the last week some customers have been the target of a phishing attack.
Luno Exchange Launches Interest-Earning Bitcoin Wallet
Users of Luno’s new bitcoin “savings wallet” can earn up to 4% interest per year, the exchange said.