“Limited” Edition NFT’s Stolen; Only Accounts with No 2FA Affected, says Nifty Gateway

“Limited” Edition NFT’s Stolen; Only Accounts with No 2FA Affected, says Nifty Gateway

With so much money flowing in the crypto space, hackers have locked onto their new target – Non-Fungible Tokens (NFT).

As we saw with DeFi, now NFTs are becoming popular, going mainstream with millions of funds flow into space; hackers have started taking notice. Several people reported their NFTs being stolen.

Early on Monday, Michael J. Miraflor of Publicis Groupe took to Twitter to share that someone has stolen his NFT on the Nifty Gateway marketplace. Miraflor said,

“I got an alert that I sold something on the @niftygateway Marketplace. When I checked to confirm the transaction, I noticed that my entire collection was empty.”

He then received multiple fraud alerts from his financial services provider American Express. He added,

“During today’s drop, I got multiple fraud alerts from AMEX. I have been using fiat/cc exclusively on NG.”

Miraflor got legal advice and has reported the matter to the local police and contacted his insurance company, which covers his physical art. His digital assets, NFTs, however, are lost and may never be recovered.

Other people also shared similar accounts of their NFTs stored on the platform being stolen, on Twitter.

In response to the security concerns on the platform, crypto exchange Gemini owned Nifty Gateway said the platform wasn’t at fault. The platform tweeted,

“We have seen no indication of compromise of the Nifty Gateway platform. The Nifty Gateway team is communicating with a small number of users who appear to have been impacted by an account takeover.”

According to the marketplace, the impact was “limited” and only those accounts were impacted which didn’t have any 2 two-factor authentications (2FA) enabled.

The attacker obtained access through valid account credentials. Some of the NFTs involved in these account takeovers were reportedly sold in transactions negotiated over Discord or Twitter. It said,

“We encourage our users to enable 2FA that we provide on the platform and never reuse passwords…We strongly encourage all Nifty Gateway customers to purchase their NFTs on the official Nifty Gateway marketplace.”

Read Original/a>
Author: AnTy

Ledger Reveals 3 Month Policy for Keeping Buyer Info; 2k New Users Affected in Data Breach

Ledger Reveals 3 Month Policy for Keeping Buyer Info; 2,000 New Users Affected in Data Breach

This time the information was leaked by the hardware wallet’s e-commerce provider Shopify’s rogue employees. But “these attacks have only strengthened our resolve to build and release products that keep you and your crypto safe,” says Ledger.

Hardware wallet Ledger, which is meant to “provide security to critical digital assets for consumers & institutional investors,” keeps leaking information about its customers.

After the last data breach affected 272,000 customers, yet another one has leaked the customer records of additional 20,000 Ledger customers.

On Wednesday, Ledger informed the crypto community that in an incident in the first half of 2020 (April and June), its e-commerce provider Shopify’s team members illegally exported merchants’ customer databases.

Shopify alerted Ledger about this incident on December 23rd, in which 93% of the information obtained was similar to the previous data dump, 7% of the customer records breached were new.

Reportedly, this incident affected over 200 merchants of Shopify, but the e-commerce giant didn’t discover that Ledger was also targeted in this attack until Dec. 21st, 2020.

As for why Ledger would keep the information, the company says, “our goal is to completely delete your personal data (such as your name, address, and phone number) as soon as possible.”

However, the company stores e-commerce information for “accounting and legal obligations,” in a segregated environment — “separate, dedicated, and encrypted storage inaccessible from the internet or external devices, with limited access rights” — for “as short a period of time as necessary” which is 3 months after the order is shipped.

The company has already contacted the concerned users directly to inform them about this incident.

“We are dedicated to taking action against this incident,” wrote Ledger while advising users to never share a 24-word recovery phrase.

If a user purchased a Ledger product after the end of June 2020 or outside of the Ledger.com site, their data is not exposed.

“We are deeply sorry that these incidents occurred and for any pain or stress they’ve caused our customers,” reads the official announcement in which the company says it will

“soon release a technical solution that will remove the 24 words as the single pillar of the security of our hardware wallets and will open the door to funds insurance for individual customers.”

Read Original/a>
Author: AnTy

Binance US, Genesis, & Abra Suspends XRP Support; Bittrex & Uphold Clarifies No Plan to Delist

Much like all the XRP trading and deposit suspension that has happened so far, only the US users are affected. Exchanges clarify that Spark (FLR) Token Distribution in 2021 is unaffected.

Binance’s US-based crypto exchange Binance.US has announced the delisting of XRP on Jan. 13, 2021, at 10 am EST. Binance.US users won’t be able to deposit XRP but withdrawals will be unaffected.

Much like all the trading and deposit suspension that has happened so far, only the US users are affected.

The exchange further clarified that delisting will not affect users from claiming their Spark (FLR) Token Distribution in 2021.

Another one to join this list is Genesis which sent an email to its users, informing them of the XRP trading and lending suspension, as of Dec. 29. The users are not allowed to make new purchases while those who hold XRP have until Jan. 15 to sell it.

The company no longer supports loans in XRP either and both open-term loans and fixed-term loans will also be called. Meanwhile, the “team is actively monitoring the evolving regulatory situation with XRP.”

Abra has also joined the list of companies ending XRP support for US users, despite it being a peer-to-peer transaction network.

According to the firm’s message, Abra plans to suspend trading in XRP for US customers at 3 PM PST on Jan. 15th.

“Abra is registered in most states as an MSB and has had previous legal battles with the SEC that led to them delisting their stock ETF offering,” noted Adam Cochran, partner at Cinneamhain Ventures.

No plans to delist XRP

Amidst all the suspensions, cryptocurrency exchange Bittrex, which no longer allows its US customers to trade XRP clarified that they are not going to delist the digital asset and will maintain all XRP markets: BTC-XRP, USD-XRP, USDT-XRP, ETH-XRP, and EUR-XRP.

“Uphold will continue to list XRP until and unless the Complaint is adjudicated against Ripple – specifically citing that XRP is, today, a security, or trading volume dissipates to a point where we can no longer support,” came the tweet from JP Thieriot, CEO of crypto trading platform Uphold.

Australia-based BTC Markets also took to Twitter to share that they are monitoring events in the US regarding the SEC but have “no plans to delist XRP at this time.”

The price of XRP meanwhile lost a considerable amount of its value in the last two weeks. After falling under $0.17, the crypto asset is currently trading around $0.22.

“XRP’s market cap has fallen by 93% from $137B to under $10B. That makes the value of the XRP collapse bigger than Enron and Worldcom,” said Joshua Frank, CEO of The TIE. “While not a bankruptcy, XRP is effectively the third-largest collapse of all-time behind Lehman Brothers and Washington Mutual,” he added.

Coinbase Under Hot Water Too

A class-action lawsuit has been filed against US-based crypto exchange Coinbase alleging that it knew XRP was a security and still sold it “illegally”.

Just this week, Coinbase, which recently filed to go public, said it suspended support for XRP trading and deposits.

The case is filed by Thomas Sandoval in the U.S. District Court, Northern District of California (San Francisco) and he is seeking damages for the commission paid by him and other users to Coinbase for XRP tokens.

“Until late this month Coinbase sold the XRP token, the value of which was entirely linked to the success or failure of Ripple Co. and the managerial efforts of its executives,” Sandoval said in the complaint. “Indeed, Ripple Co.’s survival as a corporate entity depended on its sale of unlicensed XRP securities to the public to fund its business operations.”

Read Original/a>
Author: AnTy

Republican House Candidate Praises Bitcoin’s SOV And The Speed of XRP, DGB & NANO

  • Amid the current crisis that has affected the stock market greatly, U.S congressional candidate David Gokhshtein recently revealed to his Twitter followers that he will be hodling his Bitcoin.

David Gokhshtein has taken to his twitter account to discuss cryptocurrencies including Bitcoin (BTC), Ripple (XRP), NANO, and Digibyte (DGB) with much emphasis on Bitcoin. Despite the recent improvement in the stock market situation, he was stern on his decision of not planning to sell his Bitcoin and gave his followers reasons why.

David Gokhshtein once compared Bitcoin to gold. He explained that we might not incorporate it into our daily lives for carrying out our ordinary day-to-day activities. However, he added that we will probably see it attaining the same status as gold today which is a store-of-value (SOV).

Means of quick payment

In the thread, he mentioned Ripple (XRP), NANO, and Digibyte (DGB). He went ahead to praise XRP which is currently the third-largest cryptocurrency all over the world. He said that in his view XRP was faster than NANO. This wasn’t received well on the NANO end and he said that the NANO community was well mad at him after that.

He, however, clarified himself on that point saying that he didn’t label NANO as not good but only meant that XRP is faster. His followers related to XRP praised his positive comments over the currency. He also suggested that LTC and DGB be used as a means of quick payment.

Nothing is for certain yet

Crypto enthusiast and CEO of Galaxy Digital Michael Novogratz during a recent interview by CNBC showed his discontent on Bitcoin. He stated that he might as well give up on Bitcoin unless it hits $20,000 this year. The future of Bitcoin seems to be uncertain despite all the praises coming from people after the recent increase in price. From the most recent statistics, it has been recorded that Bitcoin has hit a three months low volume.

Read Original/a>
Author: Lujan Odera

Kraken Security Labs Discovers ShapeShift’s KeepKey Crypto Wallet Can Be Hacked Easily For $75

KeepKey hardware wallets are affected by a flaw that would make them vulnerable to attacks if a hacker has access to the device for around 15 minutes. This is according to a recent report released by Kraken Security Labs and published in a blog post on December 10.

KeepKey Crypto Hardware Wallet Affected By Flaw

As per the report released by Kraken, an attacker would rely on voltage glitching to extract the encrypted key of the user from KeepKey wallets. After this, the encrypted seed can be cracked and the PIN can be easily hacked with brute force. The researchers claim that it is possible to perform this attack with a consumer-friendly glitching device for just $75.

In addition to it, the report explains that it would not be possible to stop these attacks from happening with a software update from the company. In order to solve this issue, a needed  complete hardware redesign, which is certainly expensive to perform and very costly for users.

The company claims that they are already aware of these attacks but their goal is to protect users against remote attacks that could happen to online, desktop or mobile wallets, among others.

It is very important for users to be sure that if they lose their cryptocurrency wallet, the funds could be potentially accessed by attackers and the funds could be at risk of being stolen. The cryptocurrency market has many times been affected by hacks that were pointed at exchanges and other large holders of digital assets.

The report has also advised users to enable the BIP39 Passphrase with the KeepKey client in order to protect the crypto funds in the wallet. The passphrase is generally not user-friendly in practice but it is also not stored on the device, meaning it would not be vulnerable to this attack.

Read Original/a>
Author: Carl T

Coinbase’s Password Vulnerability May Have Affected 3,500 Customers

Coinbase has recently reported that the company found a vulnerability in its system that affected the passwords of some users. According to the company, some passwords were stored in a plain text file on the company’s servers.

The information was not accessed by any outside source at any time, but around 3,500 customers had their passwords stored in a less than secure way up until recently. The glitch may have affected only 0.1% of the clients but was relevant enough to be disclosed.

How has this happened, in the first place? According to the company, due to a very specific error in the procedure. The registration form would simply not be loaded correctly and the attempt to create the account would fail. However, the log of the failure would be sent to the company.

According to Coinbase, the error would happen when JavaScript was not properly loaded during the inscription.

This meant that the name, information, and password of the person would be still in an unprotected place after the person succeeded in creating the account. Over 90% of the time, the customers retried and used the same password again, which caused the vulnerability.

After discovering this possible vulnerability, Coinbase looked at the other files present on the company’s database to see if another one could be problematic. Fortunately, no others were found at the time of this report.

According to a recent post, the company completely fixed the problem and excluded the file with sensitive information. All accounts that may have possibly be affected also were prompted to create new passwords in order to protect their assets.

Read Original/a>
Author: Gabriel Machado

Glassnode Reveals Litecoin Dusting Attack on Binance Affected Nearly 300,000 Wallets

A recent dusting attack that was made against the Litecoin network affected almost 300,000 wallets on Binance. The attack affected exactly 294,582 addresses, despite reports that only a few were affected.

This was revealed by Glassnode, a metrics company that used its technology to map out the attack. According to the company, the attack was similar to another one that happened in April.

Initially, Coinbase affirmed that only 50 wallets were affected. The company did it as soon a the attack happened on August 9. This, the company affirmed, affected only 0.00000546 LTC, almost nothing. The truth, however, seems to be quite different.

Curiously, some people affirm that the dusting attack was actually not a real attack after all. Jan Happel, the founder of Glassnode, told the crypto media that the “attacker” was not actually trying to harm anybody.

His address was identified and he claimed that he was only trying to advertise his exchange, which is based in Russia. The goal was to “reach out” to several wallets to advertise their mining pool services, which were focused on the Litecoin community.

Despite being a very weird reason, nobody was actually harmed by the so-called dusting attack, so there may be some truth to his statements.

At the moment, there is also not a real explanation as to why Binance believed that only a few addresses were affected at first. James Jager, from the Binance Academy, however, posted that they managed to identify the person and that it was a wide attack sometime after the event happened.

Read Original/a>
Author: Daniel W

Dash Warns About Security Vulnerability In MyDashWallet, Suggesting Not To Use It

Dash-Warns-About-Security-Vulnerability-In-MyDashWallet-Suggesting-Not-To-Use-It
  • Dash warns about a vulnerability that affected My Dash Wallet users
  • The wallet informed that the issue has been solved

The team behind Dash, one of the most popular digital currencies in the market, is warning about a vulnerability they found at My Dash Wallet. According to a recent Tweet released by Dash, they found a vulnerability and urge the community not to use the wallet until further notice.

Dash Warns About My Dash Wallet Vulnerability

According to Dash, the third party wallet My Dash Wallet is affected by a vulnerability that could be harmful for users. Apparently, an externally loaded script was sending users private keys to a server. At the same time, the official Twitter account of Dash mentioned that other wallets such as Coinomi and Jaxx are safe.

My Dash Wallet informed that the external library has been already removed and the external site fixed itself back on May 13th. In addition to it, they explained that there was no browser getting the hacked script. Nevertheless, they recommended creating  a new HD Wallet and move funds there.

As mentioned before, Dash is one of the most popular digital currencies in the market. Indeed, it is currently the 15th largest and it has a market capitalization of $1.28 billion. In addition to it, each Dash coin can be purchased for $145.

Wallets and crypto exchanges have had many different vulnerabilities that have affected their credibility and ended up with users losing their funds. This is why there are many investors that do not trust the whole crypto space and prefer to remain on the sidelines until these services become more mature.

A few months ago, the cryptocurrency exchange Binance was affected by a hack in which they lost around 7,000 BTC.

[Author Alert] The author’s opinions above are solely based on their own self-conducted research. Assume any and all authors are using, holding, trading and/or buying cryptoassets mentioned as a portion of his or her financial portfolio. Use information at your own risk, do you own research, never invest more than you are willing to lose.

Read Original/a>
Author: Carl T