Security is a big issue in cryptocurrency. The space is growing fast - sometimes too fast. Crypto is ripe with opportunities, but unfortunately that includes opportunities to scam, cheat and steal. You must always take care when storing your funds and ensure that you are investing in solid projects. At QUOINE, we uphold the highest security standards we can, but we keep a keen eye on what's happening in the sector so as to continue learning how we can stay one step ahead. Here are some of the security issues that we read about in May.
SEC halts alleged ICO Scam
The SEC froze $21 million in cash and digital assets that had been tied to investment fraud. This money was collected through an ICO for the BAR token. The SEC released a statement saying the money was being raised based on false pretences. The leaders of this ICO created various social media campaigns that outlined false corporate relationships and statements that made the project sound impressive. The project was used the logos of large companies like Apple, ebay, Paypal, IBM, Intel, Microsoft and more in an attempt to feign expertise in the field. Various incentives were advertised for the token sale, encouraging investors to get in quickly to get the best deal possible.
Unfortunately, ICO scams such as these are all too common. This is why we have built ICO Mission Control, so we can eliminate the risk of ICOs and provide our users the best ICO investing experience possible. All of our ICOs are thoroughly vetted by our team to ensure scams such as this one are kept away.
Verge 51% attack
Verge was recently the victim of a 51% attack. When this happens, one user controls the majority of the hash rate, and can effectively print money. Previously, the attack was stopped by the developers, but a miner was once again able to exploit the code.
Before, the attacker was able to use one algorithm continuously, while all other miners were trying to use the different, correct algorithm. This time, the attacker was able to user two algorithms instead, so they could fork the chain and give themselves millions of dollars worth of Verge currency.
EOS
EOS had been approaching the release of their mainnet, and in anticipation the developers started a bug bounty programme. Community members could find and report bugs, and be compensated for this. One such individual was able to make more than $100,000 from this programme in just one week.
Personal fund security
One cryptocurrency investor took to Reddit to post about how they lost more than $100,000 worth of cryptocurrency, which was accessed using the popular MyEtherWallet. The user woke up one morning to realise all of their funds were gone. The funds were being controlled by the web wallet, rather than by a hardware wallet, in order to not lose a node status. The chain had been snapshotted, and moving the funds to a different address would lose the node status and any benefits it gave.
The password used for the wallet was over 30 characters, and the user was always logged out when not using the wallet. However, at one point the user had all the keys stored in a text document on the laptop, which was saved and printed, before being deleted. This could be the potential cause of the breach. If the computer was infected with malware, an attacker may have been able to recover the deleted file and gain access to the victim's wallet.
Always ensure you are doing everything you can to provide the best security for your funds. Storing your funds on a QUOINE exchange is safe as we use 100% cold wallet storage. Another great way is using a hardware wallet. Make sure you back it up properly.
Phishing
Malicious individuals that are attempting to phish often try to mimic popular websites or platforms to get users to enter their details. They can then use these details to drain the accounts of the victims.
One Reddit user reported that they had used an app on the Google Playstore that appeared to be an app for EtherDelta. The app was created by 'ethedelta' - which should have been a warning sign. The app instantly stole the private key of the user when trying to log in. Since this has been reported, the app has been removed from the Playstore. However, apps like this pop up frequently. Be diligent when using an application to control your funds, and make sure that every application you use is official and verified by the real developers.
The cryptocurrency world is developing quickly. We encourage everyone to become a part of this growth, but do so carefully and maintain the best security you can.