What Will Happen When Major Chinese Bitcoin Exchanges Close Down by End of October

n Upon the closure of OKCoin and Huobi later this year, the Chinese Bitcoin exchange market will officially be shut downn

OKCoin and Huobi, the two largest Bitcoin exchanges and trading platforms in the Chinese cryptocurrency market, were given leeway by the Chinese government to operate until the end of October. Upon the closure of OKCoin and Huobi later this year, the Chinese Bitcoin exchange market will officially be terminated.

Duration of suspension is unclear

Whether the nationwide suspension imposed on the Chinese exchanges and cryptocurrency trading platforms is temporary or permanent remains unclear. Several reports from trusted sources including the Wall Street Journal have suggested that the Chinese government is exploring the possibility of restricting the usage of Bitcoin in addition to cryptocurrency trading activities.

Huang Zhen, a researcher for the country’s central bank, the People’s Bank of China (PBoC), recently published a commentary arguing that cryptocurrencies are threats to the central bank and existing banking infrastructures. He went even further, stating that China should issue its own digital currency.

Even worse?

Zhen’s statement, as translated by Zerohedge, read:

“Cryptocurrencies and other virtual currencies attempt to challenge the sovereign state’s right to issue currency, requiring the nationalization of currency issuance. China has a clear understanding of digital forms of money, and is actively engaging in relevant work. The central bank has set up a research group and a digital money research institute to explore the digitization of sovereign money. After this round of virtual money markets supervision, we expect under the auspices of the Chinese central bank to launch our own sovereign digital currency as soon as possible to help maintain China’s leadership in the development of global digital finance.”

Digital fiat?

Zhen, and perhaps others in the Chinese government, has failed to understand that the advantages and merits of cryptocurrencies such as Bitcoin stem from their decentralized nature. Without decentralization, Bitcoin and other cryptocurrencies become vulnerable to manipulation by central entities and thus, the demand for Bitcoin as a digital currency and safe haven asset will decrease.

Still, long-time investors including Jon Creasy remain optimistic in regard to the restoration of the Chinese Bitcoin exchange market. Creasy wrote in his blog that the re-election of Chinese President Xi Jinping, who is an avid advocate of free markets, could lead to the emergence of more efficient and practical regulations for Bitcoin businesses, investors and users. Casey explained:

“Historically speaking, President Xi Jinping has been one of the largest advocates of free markets China has seen in quite some time, and I expect this trend to continue. But for now, Mr. Xi must appeal to the people who keep him in power: the Communist Party.”

Delaware Approves Tracking of Stock Ownership on Blockchain, Major Effects

n Out with the old–Delaware recognizes value of Blockchain for tracking stock ownership, move affects over a million companies.n

When the Delaware Chancery Court ordered David Murdoch to pay the shareholders of Dole Food Co. an extra $2.74 per share after taking the company private, it seemed easy enough. The lawyers for the shareholders posted a claim form, and shareholders submitted claims for over 49 million shares. The only problem? The company only ever issued 36.7 million shares.

The insanity of DTC

The root of this problem is a 1960s system for determining who owns a share of stock. According to Investopedia, the Depository Trust Company (DTC) was created because the New York Stock Exchange couldn’t keep track of who owned what anymore. Trading volume was simply too high. Indeed, in 2012, the DTC settled over 299 million shares with a value of $110 tln.

When you buy a share of stock from your broker, your broker informs the DTC that it represents somebody who owns a share of that stock. When a company wants to find out who owns their stock, they have to ask the DTC to consult its list of brokers, and then the brokers have to be asked who they actual owner is of the shares in the broker’s account.

As Bloomberg puts it:

“So if you own stock, what you really have is an entry in your broker’s database, and your broker in turn has an entry in DTC’s database, and DTC has an entry in the company’s database of shareholders of record.”

Shares, shares, everywhere

If this all sounds unnecessarily complicated, that’s because it is. In Dole’s case, they had to ask the DTC to figure out who owned shares of the company at the time the company was purchased. DTC then consulted the brokers, and they eventually got it sorted. The reason for the extra shares of stock? Short sellers had borrowed shares from their actual owners, causing those shares to be counted twice.

You can imagine that it took some time for the DTC and countless brokers to sort through the mess and figure out who really owned what.

Delaware’s Vice Chancellor Laster commented on the dilemma:

“This problem is an unintended consequence of the top-down federal solution to the paperwork crisis that threatened Wall Street in the 1970s. Through the policy of share immobilization, Congress and the Securities and Exchange Commission addressed the crisis using the 1970s-era technologies of depository institutions, jumbo paper certificates, and a centralized ledger. Distributed ledger technology offers a potential technological solution by maintaining multiple, current copies of a single and comprehensive stock ownership ledger.”

Delaware approves Blockchain

Delaware took note of this problem, and in early August, the state made it legal for corporations to maintain shareholder lists using Blockchain technology rather than the old centralized and inefficient system.

Using a Blockchain to record stock ownership would allow the corporation to quickly and easily figure out all its current shareholders, as well as who owned shares at any point in the company’s history. This can be quite useful when it comes to determining who is owed dividend payments, for instance.

This is particularly noteworthy, because even though Delaware is a small state, the majority of all corporations in the US are based in Delaware. This is because, by strange historical fluke, the state developed a robust and expert court system called the “Court of Chancery” to handle business disputes. Delaware’s judges are some of the nation’s foremost experts in business law, and such cases are tried before them rather than juries. Delaware also has favorable tax laws, easy and quick incorporation paperwork, and other advantages.

Because of this, when Delaware legalized use of the Blockchain to record stock ownership, over a million businesses, including 50% of all publicly traded companies, were immediately allowed to begin tracking stock ownership through a Blockchain.

Bitcoins Are a Girls Best Friend Diamonds for BTC in New York

n Samer Halimeh NY can help you buy diamonds with your Bitcoinn

In another move that signals a more sweeping adoption of Bitcoin, diamond retailer Samer Halimeh New York will begin accepting and trading Bitcoins as payment.

The international luxury diamond brand stated that previously most diamond purchases were completed with USD. However, a recent shift in Asian and Middle Eastern investor sentiment has led to a demand for Bitcoin purchases, and especially in VIP purchases of more than seven figures.

Diamond trading is one the latest industries being revolutionized by Blockchain. The Blockchain is also used in helping combat the trade in blood diamonds and the spreading of counterfeits.

Samer Halimeh, CEO of the diamond retailer, said that Bitcoin provides a special vehicle for purchasing diamonds and other assets. Because of the flexibility of the cryptocurrency, many global clients are calling for BTC transactions both as sellers and buyers.

He said:

“Because trading and retailing via Bitcoins can be done from anywhere in the world, it is especially beneficial for our suppliers in Africa and our clients from developing countries like China, Brazil, South Africa, Nigeria, India and Uzbekistan. We also believe that in the future the currency will revolutionize the luxury goods marketplace and the use of this digital currency will make trading and purchases for our clients and contacts easier, cheaper and much faster.”

The company will use BitPay as its merchant service provider who will also host the firm’s wallet and Bitcoin supply.

Storiqa to Let Anyone Build an Online Marketplace Using Blockchain

n Storiqa to allow anyone to build an online marketplace using smart contracts and cryptocurrencies.n

The way we shop online is going to change by leaps and bounds in the years to come. As the Internet is becoming more widespread, the number of online shoppers and businesses is on the rise.

Whether it be self-employed entrepreneurs, small-scale manufacturers or family businesses – they either already have an online store or want one in order to serve more customers and increase revenues.

Just like many other industries, Blockchain technology will disrupt the e-commerce field. In order to keep up with change, both consumers and businesses will look for effective ways to buy and sell goods.

Storiqa helps businesses streamline their sales processes for the new digital economy by using smart contracts and enabling payments in various cryptocurrencies.

How is it different?

Setting up an online shop is easier said than done. It requires a lot of effort, time and money to put together a team and develop a website from scratch.

While there are plenty of e-marketplace constructor solutions with a ready-to-use interface and cutting edge e-commerce technology, they either require you to have a basic understanding of programming languages, or constant support from them.

There are only a few e-marketplace constructor solutions which offer their clients a full and comprehensive combination of e-commerce services – such as smart contracts, cryptocurrency payments, integration with third-party services and 24/7 support – all at once.

Storiqa’s platform is designed to allow anyone to create an online store of their own in just 10 minutes, and also make good use of the most advanced technologies in the e-commerce industry.

Since Storiqa’s marketplace is translated into six languages, business owners have a unique opportunity to increase their user base by tapping into foreign markets. It also features a selection of tools for direct customer feedback, bookkeeping and sales analysis, as well as advertising and promotion – on top of a convenient and user-friendly interface.

What problems does it solve?

Payments

Currently, payments is one of the biggest problems in this industry because of low transparency, involvement of intermediaries and high fees. It is a hassle for both buyers and sellers.

Storiqa’s platform processes payments directly, without the involvement of middlemen, using any currency of your choice set against the cryptocurrency price determined by the seller. Furthermore, integrated smart contracts make transactions extremely fast and secure.

The smart contract ensures that the money goes to the seller when and only when the buyer confirms the delivery. So, the buyer makes the payment once their order arrives, which makes it convenient for both parties and increases trustworthiness.

Customer analysis tools

Storiqa allows businesses to track customers’ activity in a simple and elegant way. It offers the required mechanisms to constantly gather, analyze and process customer data.

Customer feedback

Storiqa offers an integrated telephony service that allows the store owners to receive feedback calls from their clients with next to no setup needed. Owners can also save and playback recorded calls, and monitor the performance of their call managers. This makes it easy to gather feedback quickly, and implement changes to increase sales.

Marketing tools

Storiqa helps its clients get new customers through integration with the largest partner networks, and by offering a wide variety of tools to track a customer’s experience in order to make every store client-oriented.

To top it off, Storiqa’s legal team is operating out of Switzerland and conforms to the laws of there. It also enjoys the benefits of the friendly legal conditions provided in the country.

Storiqa token sale

Anyone can participate in the token sale and buy STQ tokens. Purchasing the tokens during the early stages of the ICO will make you eligible for more profits and bonuses at the end of the campaign.

The fixed cost of a single STQ token is 0.001 ETH. You can easily make the purchase by transferring ETH into Storiqa’s designated smart contract address. For some reason, tokens can’t be purchased from the US.

The ICO’s date and time is yet to be decided.

For more information on their bonus system and distribution algorithm, please visit https://ico.storiqa.com/ and read the white paper.

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Australia Ends Double Taxation of Bitcoin, Cryptocurrencies

n Bitcoin and other cryptos are no longer double taxed in Australian

The Australian government has finally and conclusively provided a legislative end to the double taxation of Bitcoin and other cryptocurrencies. The bill will retroactively be enforced to July 1 of this year, as had been promised earlier in the year.

The bill ends the practice of taxing the purchase of Bitcoin and other cryptocurrencies, according to the Australian goods and services tax (GST). The release regarding the end of the double taxation standard included the following:

“Currently, consumers who use digital currency can effectively bear GST twice: once on the purchase of the digital currency, and once again on its use in exchange for other goods and services subject to the GST. The bill will ensure that Australians are no longer charged GST on purchases of digital currency, allowing it to be treated the same way as physical money for GST purposes.“

The current Australian government hopes that the bill will open doors for greater levels of Fintech investment into the country.

As the Chinese government moves to crack down on ICOs and cryptocurrencies, the Australian government is seeking to embrace the sea change in the financial world.

Aeron Leverages Blockchain Tech for Safer Flights

n After the successful presale, Aviation safety project launches a crowdsale with a focus on redefining aviation safety and ushering in transparency.n

Humans have been flying since the Wright Brothers took flight on December 17, 1903. Flying is considered to be one of the safest modes of transport that humans use.

However, accidents do and will happen. It is incredibly difficult to arrive at numbers related to accidents with and without fatalities because of poor record keeping in the early days of aviation.

Boeing publishes the “Statistical Summary of Commercial Jet Airplane Accidents between 1959-2016”, which tells us that there have been 623 fatal accidents involving commercial jet fleets and 1948 total accidents in this time period. However, this number just covers commercial aviation and not private planes that meet accidents.

According to the National Transportation Safety Board (NTSB), there were 1,290 air accidents just in 2014 and that too only in the United States. Wouldn’t it be wonderful if we could use new technology to reduce the amount of accidents that happen each year? Aeron is a project that intends to do just that by using Blockchain technology.

Aeron is making aviation transparent and reliable

The key issue to address is the human factor when it comes to aviation safety. Pilot errors, possible corruption in the flight schools all contribute towards unsafe skies. Aeron, by implementing Blockchain technology, can benefit pilots, airlines as well as ordinary consumers.

They are planning to integrate Blockchain in such a way, so that pilot logs become more verifiable and transparent. They are also going to implement solutions that will help verify flight school credentials and help aircraft operators access uncorrupted data.

All of this is possible because the Blockchain itself is immutable and records once stored can’t be changed. Combined with the deployment of smart contracts and a cryptographically secure database, Aeron would be able to eliminate falsification, create verifiable logs and basically deliver an “airline in a pocket” through its deployable applications.

The workings of Aeron are rather simple. All persons involved in the operation of the aircraft will have access to customised apps. As an example, pilots will have the functionality of personal flight logging in their app.

Aviation companies have the ability to collect and verify data from aviation schools, service companies, airlines and aircraft operators. In the wider ambit, if there is any data mismatch between any Aeron data source, it would be possible to quickly detect the problem and take corrective measures.

Aeron will also enable expired pilot licenses to be detected while giving flight school students and consumers the access to a verified global database through aerotrips.com. Aeron has put up a one-pager to explain the workings of the project succinctly.

Aeron Benchmarking

After a successful pre-sale, Aeron launches crowdsale

Aeron has successfully concluded their presale of Aeron (ARN) tokens and has raised over $1 mln. Now, they are launching a crowdsale that will help them build the platform and develop the technology required, as well as follow up with government relations and lobbying with aviation authorities.

In total, 100 mln ARN tokens will be issued. ARN tokens are ERC-20 compliant. Investors have the chance to buy 60 mln of these tokens that are available during the crowdsale.

The end date of the crowdsale is Oct. 23, 2017, and each token costs $0.50. Early investors will receive bonus tokens. Investors can visit the Aeron website to secure their bonus tokens. The ICO has been rated 4.8 by Icobench.

Why hold a token sale at all?

The Aeron token sale is their inclusive attempt to gather funds for the project.  Aeron can this way not only gather investors from different parts of the world but also incentivize investors to promote their products.

The token sale would enable participants to take advantage of liquidity as these tokens can be traded on various exchanges post the sale. After the token sale, the Aeron (ARN) token will be distributed to the buyers.

A maximum of 100 mln ARN would be released and over time the supply will reduce due to lost keys etc. ARN tokens would be used both within and outside of the Aeron ecosystem.

The tokens will be used for a subscription fee and transaction-based fee for log entries, commission on paid services, commission on intermediation and client introductions, as a currency for the purchase of aviation services and for flight school-related services.

Aeron is a project led by experts

Aeron is an ambitious project that will start to transform the aviation sector with the passage of time. The project is led by people who have significant experience in the aviation sector.

The CEO, Artem Orange is a serial entrepreneur in high tech industries like telecom and is himself an aviation enthusiast. Nadezhda Barkanova, the CTO is a qualified air traffic management engineer with 11 years of work experience and is specialized in production of aeronautical databases, flight crew training and flight simulators.

The CDO, Konstantin Gertman has 14 years of experience in consulting and market research as well as financial businesses and is the co-founder of aerotrips.com and is himself an EASA certified pilot since 2013.

With this team at the helm, Aeron has the potential to benefit from years of industry experience not only in aviation but also in other crucial technical fields that the project needs to succeed long term.

What is the future for Aeron?

After the crowdsale is over, Aeron plans to utilize a big chunk of the collected funds, up to 40 percent for research and development. Marketing and promotion will take 30 percent, technology infrastructure 10 percent, lobbying authorities, legal consultancy and administration the remaining.

They have plans to build a multi-stage platform over time in phases. In the future, they will be able to offer services related to aircraft maintenance records and even tracking spare parts that would lead to great improvements in flight safety.

Aeron has released a whitepaper that lays out in detail their token sale and post-sale plans.  

Given that they have plans to work closely with each aspect of the aviation industry, be it spare parts manufacturers, airlines, pilots and flight schools. There is a chance for investors to be able to gain from not only investing in the token sale and profiting from future increases in token price but also from the transactional revenues that the tokens will generate for the owners.

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Brits give thumbs up to in-store biometrics

Nearly two thirds of Brits want to be able to use a biometric scan to authorise payments in-store, a…

Nearly two thirds of Brits want to be able to use a biometric scan to authorise payments in-store, according to a WorldPay survey.

Fingerprints remain the most popular biometric method, with 69% of the 2500 people quizzed by WorldPay saying that they would be open to settling up with a digit.

This week a Costcutter store, at Brunel University in London, made the headlines when it emerged that the outlet was letting customers pay using their unique finger vein pattern to identify themselves.

The firm behind the technology, Sthaler, is expecting several thousand students to sign up to its system at the store and says that it is in discussions with other major UK supermarkets.

But, following the launch of the new iPhone, respondents to the WorldPay survey are also beginning to come around to the idea of using their face (24%), iris (33%), and voice (18%) to identify themselves at the point of sale.

James Frost, UK CMO, Worldpay, says: „As biometric identification increasingly becomes a standard across smartphone devices, the combination of these two technologies is starting to win the battle for hearts and minds when it comes to simplicity, convenience, and seamlessness across all channels.“

The survey also shows that older consumers like to pay a person, but younger people would rather payments were automated to speed things up. When it comes to dining out, 65% say they’d rather pay a robot than waste time flagging down a waiter.

Consumers are receptive to targeted offers on their mobile phone whilst they’re browsing in store but respondents say one message is enough. More than this starts to get irritating.

Op Ed: Lessons From a Cryptocurrency Hack (A Public Service Announcement)

Op Ed: Lessons From a Cryptocurrency Hack (A Public Service Announcement)

Cryptocurrency-related cyber attacks are on the rise. As cryptocurrency continues to explode in value and public awareness, we can only expect this trend to continue. I was recently the target of such an attack. I also personally know of multiple other cases of the same attack being successfully carried out. Even worse, this type of attack is becoming ever more common and is likely to see an even bigger boost thanks to the professional excellence of firms like Equifax, making it an urgent topic as almost everyone is at immediate risk.


This article describes this increasingly common attack vector and provides immediate steps you can take to protect yourself. I will also provide additional tools and best practices to further safeguard yourself and your funds more generally.


As a computer programmer active in the crypto ecosystem since early 2013, I’ve always been too aware of the constant threat of cybersecurity attacks and the possibility that I could be targeted at any time. Cryptocurrency is the perfect hacker pay day. Once it’s transferred away from your control it’s gone forever, and it’s easily liquidated in any number of ways. Black hats are constantly prowling for possible cryptocurrency holders.

As such, I’ve always taken the minimum precaution of keeping my coins off third-party accounts, and have always advised others to do the same. But what I couldn’t prepare for was how unnerving being the target of an attack could be regardless of your level of preparation. The hypothetical can become reality in a matter of seconds, and you never truly understand the personal value of putting proper security in place until it’s too late. For those with enough at stake, it can be ruinous. Ultimately none of my funds were compromised by this attack, but others have not been so lucky.

“But not all accounts are created equal for data thieves  —  and the most valuable online accounts to steal are like the ones belonging to Mr. Burniske, who is a cryptocurrency fan. In the few minutes it took to get control of his phone, the virtual currency investor saw his virtual currency password change and its accounts drained of $150,000.” -PYMNTS

The Attack

It started when I received a text message from my cellular service provider alerting me that my SIM card had been “updated.” Included in the text was a number to call if this “update” wasn’t in fact authorized by me. I read this text several minutes after it had been sent, and by the time I called the number provided a minute or two later, my cell service and data were suddenly cut off by what I began realizing must be an attacker. Almost immediately, I was also logged out of my Facebook messenger window right before my eyes. With control of my phone number, my attacker had managed to quickly reset my Facebook password and gain control of the account.

As the reality of what was happening to me sank in, I felt an initial wave of panic. Suddenly, I didn’t know if the years of precautions I had taken amounted to anything at all. I had no idea how robust the attack was, how deep the attacker had penetrated my numerous online accounts or what my first reaction should even be. I momentarily feared the worst. Could my coins be at risk?

I forced several deep breaths. Thankfully my coins were not at risk via a phone, social media or email hijacking. Reminding myself of this eased my fears and allowed me to focus on going on the defensive and taking back control of my accounts as quickly as I could.

Using FaceTime from my laptop, I was able to get a family member to call the number provided by my cellular provider’s text message and initiate the process to eventually retake control of my phone number. Using an old email strictly used as an emergency recovery email for situations such as these, I was also able to lock down my Facebook account and regain control soon after.

What I discovered once I logged back in confirmed that the attacker had specifically targeted me due to my public cryptocurrency involvement. In the brief span of time they controlled my Facebook account, they had sent the same message to several friends of mine also involved in the ecosystem, many of whom I’ve known for years. The messages claimed I had an emergency and needed to borrow several bitcoins or the equivalent value in alternate coins for a day. The attacker was in the middle of sending out many more such messages to even more of my friends when I regained control.

At the end of the day, the damage done to myself was limited to being spooked. Unfortunately, however, at least one of the recipients of my fake Facebook messages was later the target of the same attack. I’ve decided to learn from these events and share those lessons, and hopefully help some avert the worst. First and foremost is eliminating this specific and trivially easy attack vector completely.

How to Stop It Before It Happens

Text message two-factor authentication (2FA) is the default security precaution for most online accounts today, and cellular service providers are woefully unprepared for this reality. It is almost trivially easy for an attacker to contact your service provider and pretend to be you.

In all the cases I’ve personally observed, it began with the attacker identifying an individual likely to have cryptocurrency and contacting their cell provider. They impersonate their target using personal information like social security numbers and home addresses from any number of possible leaks, Equifax being the most obvious and concerning source.

After successfully convincing your cell provider that they are you, they then port your SIM card to a phone they control. This approach is known as a social engineering attack, and with today’s common security default of using text messages for 2FA, they immediately have the keys to the kingdom. With your phone number they can now reset the password to any account you have with text 2FA enabled, including cryptocurrency wallets and accounts.

The minimal action you should take right now to prevent this: Contact your cellular service provider and request restrictions to be placed on your account so that no changes can be made to it without special verification. This can include setting a password on your account or requiring you to physically visit a store with your ID to make any account changes. Call again once this is in place and attempt to change your own SIM card as a test to ensure the restrictions have indeed been put in place and are being properly enforced by your cellular provider.

This simple step means that no matter what information an attacker may have on you, socially engineering a takeover of your SIM card is no longer a trivially simple endeavor. However, this precaution isn’t ironclad, and there’s also a variety of other attacks you can be the target of.

Taking It a Step Further

Black hat actors tend to focus on the low-hanging fruit, which is why the social engineering SIM attack has become so prevalent. But it is by no means the only way to compromise your accounts, and as the low-hanging fruit become harder to find, attackers will move on to these other methods. I highly recommend everyone implement these precautionary steps to further secure yourselves. The upfront investment needed to set up these measures may seem tedious now, but can pay invaluable dividends in the future.

1. If you hold any significant amounts of cryptocurrency, invest in an offline hardware storage solution.

These devices contain your cryptocurrency private keys and can remain completely disconnected from the internet or any computer until you need to make transactions, so that your funds remain totally safe regardless of any of your other devices or accounts being compromised. These devices include OpenDime, TREZOR and Ledger. Even if you do not opt for any of these solutions, at a bare minimum do not store funds on third-party services such as Coinbase or exchanges, especially on any service or wallet that integrates email or a phone number to authorize access to funds.

2. Ditch text messaging 2FA.

Placing verification restrictions on your cellular service account is a big step up in security, but can still be circumvented by an insider or even just a careless customer service rep who doesn’t do their job properly. Text message authorization is also still too incredibly insecure to be relied on in any way, period. Recent research shows that intercepting text messages is a trivial task for someone with the right tools, and many other exploits are likely to be discovered in the future.

The first item on this list will protect your personal funds from theft, but as I learned the hard way your money isn’t the only thing at risk. With access to your social media accounts and emails, an attacker can trick your friends into giving them funds or exposing themselves in other ways. They’ll also obviously have a clear look into all your messaging and file history on those accounts, which can expose you and your social circle even more. Shoring up your 2FA is a big step in preventing this.

Eliminate all of your text messaging–based 2FA and at a minimum replace it with Google Authenticator. However, like storing cryptocurrency, you can take it a step further with a dedicated hardware solution. I highly recommend YubiKeys.

You can configure many major online accounts (not Coinbase yet) to require you to physically insert and activate your YubiKey as your 2FA authorization, eliminating the risk of a remotely compromised phone.

3. Use multiple emails with interlinked recovery options, and use completely different and robust passwords for those emails and other online accounts alike.

Luckily I did not have text messaging 2FA enabled on the email account associated with my Facebook profile; otherwise my attacker could have seized control of that as well. If they did, I have a chain of recovery emails I could have used to regain control of it, all with different passwords. This practice also means that having your password being captured or leaked for any one of your accounts won’t jeopardize all of them.

4. Stay vigilant, stay paranoid.

To quote the Onion Knight, “Safety is never a permanent state of affairs.” Don’t get lazy and begin recycling passwords or leaving funds on Coinbase or other third-party accounts. Be aware of the technology you are using and the tradeoffs you are making or exposure you are generating by doing so. Stay up to date on the latest breaches, exploits and technology. Opt to use end-to-end encrypted messaging services like Signal, Telegram or WhatsApp. Don’t answer calls from strange phone numbers, and use apps like Hiya to filter out known spam numbers to reduce the risk that you do. Ultimately, however, there is no easy fix for security and no list that can guarantee you won’t get hacked.

Make no mistake, there are individuals out there who want to harm you and are actively working to do so. The time needed to reasonably secure yourself can seem tedious and time-consuming up front, but can easily and quickly become a priceless investment as I and many others have learned firsthand. 

This guest post by Ariel Deschapell was originally published on Medium and is reproduced here under a Creative Commons License. The views expressed do not necessarily reflect those of BTC Media or Bitcoin Magazine.

The post Op Ed: Lessons From a Cryptocurrency Hack (A Public Service Announcement) appeared first on Bitcoin Magazine.

Op Ed: Lessons From a Cryptocurrency Hack (A Public Service Announcement)

Cryptocurrency-related cyber attacks are on the rise. As cryptocurrency continues to explode in value and public awareness, we can only expect this trend to continue. I was recently the target of such an attack. I also personally know of multiple other cases of the same attack being successfully carried out. Even worse, this type of attack is becoming ever more common and is likely to see an even bigger boost thanks to the professional excellence of firms like Equifax, making it an urgent topic as almost everyone is at immediate risk.


This article describes this increasingly common attack vector and provides immediate steps you can take to protect yourself. I will also provide additional tools and best practices to further safeguard yourself and your funds more generally.


As a computer programmer active in the crypto ecosystem since early 2013, I’ve always been too aware of the constant threat of cybersecurity attacks and the possibility that I could be targeted at any time. Cryptocurrency is the perfect hacker pay day. Once it’s transferred away from your control it’s gone forever, and it’s easily liquidated in any number of ways. Black hats are constantly prowling for possible cryptocurrency holders.

As such, I’ve always taken the minimum precaution of keeping my coins off third-party accounts, and have always advised others to do the same. But what I couldn’t prepare for was how unnerving being the target of an attack could be regardless of your level of preparation. The hypothetical can become reality in a matter of seconds, and you never truly understand the personal value of putting proper security in place until it’s too late. For those with enough at stake, it can be ruinous. Ultimately none of my funds were compromised by this attack, but others have not been so lucky.

“But not all accounts are created equal for data thieves  —  and the most valuable online accounts to steal are like the ones belonging to Mr. Burniske, who is a cryptocurrency fan. In the few minutes it took to get control of his phone, the virtual currency investor saw his virtual currency password change and its accounts drained of $150,000.” -PYMNTS

The Attack

It started when I received a text message from my cellular service provider alerting me that my SIM card had been “updated.” Included in the text was a number to call if this “update” wasn’t in fact authorized by me. I read this text several minutes after it had been sent, and by the time I called the number provided a minute or two later, my cell service and data were suddenly cut off by what I began realizing must be an attacker. Almost immediately, I was also logged out of my Facebook messenger window right before my eyes. With control of my phone number, my attacker had managed to quickly reset my Facebook password and gain control of the account.

As the reality of what was happening to me sank in, I felt an initial wave of panic. Suddenly, I didn’t know if the years of precautions I had taken amounted to anything at all. I had no idea how robust the attack was, how deep the attacker had penetrated my numerous online accounts or what my first reaction should even be. I momentarily feared the worst. Could my coins be at risk?

I forced several deep breaths. Thankfully my coins were not at risk via a phone, social media or email hijacking. Reminding myself of this eased my fears and allowed me to focus on going on the defensive and taking back control of my accounts as quickly as I could.

Using FaceTime from my laptop, I was able to get a family member to call the number provided by my cellular provider’s text message and initiate the process to eventually retake control of my phone number. Using an old email strictly used as an emergency recovery email for situations such as these, I was also able to lock down my Facebook account and regain control soon after.

What I discovered once I logged back in confirmed that the attacker had specifically targeted me due to my public cryptocurrency involvement. In the brief span of time they controlled my Facebook account, they had sent the same message to several friends of mine also involved in the ecosystem, many of whom I’ve known for years. The messages claimed I had an emergency and needed to borrow several bitcoins or the equivalent value in alternate coins for a day. The attacker was in the middle of sending out many more such messages to even more of my friends when I regained control.

At the end of the day, the damage done to myself was limited to being spooked. Unfortunately, however, at least one of the recipients of my fake Facebook messages was later the target of the same attack. I’ve decided to learn from these events and share those lessons, and hopefully help some avert the worst. First and foremost is eliminating this specific and trivially easy attack vector completely.

How to Stop It Before It Happens

Text message two-factor authentication (2FA) is the default security precaution for most online accounts today, and cellular service providers are woefully unprepared for this reality. It is almost trivially easy for an attacker to contact your service provider and pretend to be you.

In all the cases I’ve personally observed, it began with the attacker identifying an individual likely to have cryptocurrency and contacting their cell provider. They impersonate their target using personal information like social security numbers and home addresses from any number of possible leaks, Equifax being the most obvious and concerning source.

After successfully convincing your cell provider that they are you, they then port your SIM card to a phone they control. This approach is known as a social engineering attack, and with today’s common security default of using text messages for 2FA, they immediately have the keys to the kingdom. With your phone number they can now reset the password to any account you have with text 2FA enabled, including cryptocurrency wallets and accounts.

The minimal action you should take right now to prevent this: Contact your cellular service provider and request restrictions to be placed on your account so that no changes can be made to it without special verification. This can include setting a password on your account or requiring you to physically visit a store with your ID to make any account changes. Call again once this is in place and attempt to change your own SIM card as a test to ensure the restrictions have indeed been put in place and are being properly enforced by your cellular provider.

This simple step means that no matter what information an attacker may have on you, socially engineering a takeover of your SIM card is no longer a trivially simple endeavor. However, this precaution isn’t ironclad, and there’s also a variety of other attacks you can be the target of.

Taking It a Step Further

Black hat actors tend to focus on the low-hanging fruit, which is why the social engineering SIM attack has become so prevalent. But it is by no means the only way to compromise your accounts, and as the low-hanging fruit become harder to find, attackers will move on to these other methods. I highly recommend everyone implement these precautionary steps to further secure yourselves. The upfront investment needed to set up these measures may seem tedious now, but can pay invaluable dividends in the future.

1. If you hold any significant amounts of cryptocurrency, invest in an offline hardware storage solution.

These devices contain your cryptocurrency private keys and can remain completely disconnected from the internet or any computer until you need to make transactions, so that your funds remain totally safe regardless of any of your other devices or accounts being compromised. These devices include OpenDime, TREZOR and Ledger. Even if you do not opt for any of these solutions, at a bare minimum do not store funds on third-party services such as Coinbase or exchanges, especially on any service or wallet that integrates email or a phone number to authorize access to funds.

2. Ditch text messaging 2FA.

Placing verification restrictions on your cellular service account is a big step up in security, but can still be circumvented by an insider or even just a careless customer service rep who doesn’t do their job properly. Text message authorization is also still too incredibly insecure to be relied on in any way, period. Recent research shows that intercepting text messages is a trivial task for someone with the right tools, and many other exploits are likely to be discovered in the future.

The first item on this list will protect your personal funds from theft, but as I learned the hard way your money isn’t the only thing at risk. With access to your social media accounts and emails, an attacker can trick your friends into giving them funds or exposing themselves in other ways. They’ll also obviously have a clear look into all your messaging and file history on those accounts, which can expose you and your social circle even more. Shoring up your 2FA is a big step in preventing this.

Eliminate all of your text messaging–based 2FA and at a minimum replace it with Google Authenticator. However, like storing cryptocurrency, you can take it a step further with a dedicated hardware solution. I highly recommend YubiKeys.

You can configure many major online accounts (not Coinbase yet) to require you to physically insert and activate your YubiKey as your 2FA authorization, eliminating the risk of a remotely compromised phone.

3. Use multiple emails with interlinked recovery options, and use completely different and robust passwords for those emails and other online accounts alike.

Luckily I did not have text messaging 2FA enabled on the email account associated with my Facebook profile; otherwise my attacker could have seized control of that as well. If they did, I have a chain of recovery emails I could have used to regain control of it, all with different passwords. This practice also means that having your password being captured or leaked for any one of your accounts won’t jeopardize all of them.

4. Stay vigilant, stay paranoid.

To quote the Onion Knight, “Safety is never a permanent state of affairs.” Don’t get lazy and begin recycling passwords or leaving funds on Coinbase or other third-party accounts. Be aware of the technology you are using and the tradeoffs you are making or exposure you are generating by doing so. Stay up to date on the latest breaches, exploits and technology. Opt to use end-to-end encrypted messaging services like Signal, Telegram or WhatsApp. Don’t answer calls from strange phone numbers, and use apps like Hiya to filter out known spam numbers to reduce the risk that you do. Ultimately, however, there is no easy fix for security and no list that can guarantee you won’t get hacked.

Make no mistake, there are individuals out there who want to harm you and are actively working to do so. The time needed to reasonably secure yourself can seem tedious and time-consuming up front, but can easily and quickly become a priceless investment as I and many others have learned firsthand. 

This guest post by Ariel Deschapell was originally published on Medium and is reproduced here under a Creative Commons License. The views expressed do not necessarily reflect those of BTC Media or Bitcoin Magazine.

The post Op Ed: Lessons From a Cryptocurrency Hack (A Public Service Announcement) appeared first on Bitcoin Magazine.