Hardware cryptocurrency wallet provider Trezor has warned its users about a new phishing attack targeting their crypto investments by trying to steal their private keys. Trezor took to Twitter on Feb. 28 to caution users about an active phishing attack designed to steal investors’ money by making them enter the wallet’s recovery phrase on a fake Trezor website. The phishing campaign involves attackers posing as Trezor and contacting victims via phone calls, texts or emails claiming that there has been a security breach or suspicious activity on their Trezor account. “Trezor Suite has recently endured a security breach, assume all …
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
Forget about tracking DAO votes, DeFi transactions or data breaches across many channels and platforms. Your Web3 mailbox will handle it for you without requiring your phone number or legacy email address. Instead, your wallet address will receive and organize all this information. At least, these are some of the promises made by Web3 communications companies attempting to build the first generation of blockchain-based messaging platforms: Web2 experience with Web3 privacy and security, and, most importantly, focusing on Web3 problems. Wallet's monthly statements, transaction notifications and hack updates, for example, are some of the contents users could receive in their …
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, Mar. 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and …
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within …
Twitter users reacted negatively to an OpenSea email sent to users who still had inactive listings on their accounts. In the email, OpenSea explained that old NFTs listings are still fulfillable, and should be canceled by the user because OpenSea is unable to cancel them on their behalf. They claimed this would “prevent any of your items from being sold at the inactive listing price,” due to Ethereum’s (ETH) dropping price. According to the NFT collector @dingalingts and other users, this warning had the opposite effect and canceling the listing ended up recreating the order. @Dingalingts tweeted a thread urging …
A new report shared by Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube creators, typically resulting in the compromise and sale of channels for broadcasting cryptocurrency scams. The TAG attributes the attacks to a group of hackers recruited in a Russian-speaking forum that hacks the creator’s channel by offering fake collaboration opportunities. Once hijacked, the YouTube channels are either sold to the highest bidder or used to broadcast cryptocurrency scams: “A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on …
CoinMarketCap, a price-tracking website for cryptocurrencies, has reportedly fallen victim to a hack that leaked 3.1 million (3,117,548) user email addresses. The information came into light after the hacked email addresses were found to be traded and sold online on various hacking forums, and revealed by Have I Been Pwned, a website dedicated to tracking hacks and compromised online accounts. CoinMarketCap, a subsidiary of Binance cryptocurrency exchange, confirmed that the list of leaked user accounts matched its userbase: “CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the …
Customers of leading United States crypto exchange Coinbase have spent the weekend panicking after the exchange mistakenly sent emails to users stating that their two-factor authentication (2FA) settings had been changed. On Friday, Coinbase accidentally sent the email to 125,000 of its customers, resulting in widespread public backlash. Coinbase took to Twitter on Sunday to apologize for the mishap, stating, “We’re laser-focused on building trust and security into the crypto community so that the open financial system we all want is a reality. We recognize that issues like this can hurt that trust.” I got the reply and panicked someone …
The global COVID-19 pandemic has definitely created a clear delineation of remote work: The reliability of a company lies in its email service provider for all forms of communication. Let’s start with the origin of email. Email has been around for more than 50 years and is a formal channel of communication across the world. With more than 3 billion users, it is the most widely used and instantaneous form of communication. The first example of email can be found on computers at MIT in a program called “MAILBOX,” dating all the way back to the 1960s. However, it was …
Just like you might think twice about eating chicken nuggets once you see how they are made, you’d likely hesitate about volunteering your personal information once you see how it is used and monetized. Freedom has become one of the world’s most commoditized assets — and over the years, the internet has eroded it. We live in a world where we’re confronted with 5,000 words of terms and conditions when buying sneakers. Crucial details about what companies do with our data is buried in masses of legalese — prompting most of us to click “I agree” without thinking of the …
Unstoppable Domains has introduced a new feature — Unstoppable email. Now anyone who owns a domain with a .crypto extension can send email signed by the Ethereum (ETH) private key that controls it. This is reminiscent of how the old cypherpunks used to sign their emails with PGP keys. In the 1990s, an early Bitcoin (BTC) adopter Hal Finney helped develop Pretty Good Privacy or PGP, which allowed users to encrypt various digital mediums, including emails. Unstoppable Domains co-founder Bradley Kam told Cointelegraph that the email service is not decentralized and is provided through ETHMail Webmail. For now, the service …