This year is going to be a big one for crypto, but we as a community will face our greatest tests in the area of security. It’s important to stay safe and make wise choices. Together, we can do this by remaining vigilant, keeping informed and passing on knowledge.

Here, we have rounded up some of the biggest security stories that we saw in March in the hopes of educating our community and showing the steps we take to keep QUOINERS away from harm.

ICO data Leak

In January, developers from Dadi announced that part of the mailing list had been compromised due to a third party server issue. Then in March, users who had signed up for the Dadi ICO reportedly began to receive phishing emails from someone impersonating the DADI team.

This is not the first time we have seen ICO email lists compromised and scam emails being sent out. It is becoming increasingly difficult to differentiate between genuine emails and fake ones. As a result, we continue to see people fall victim and send funds to thieves.

ICOs today are a minefield, with potential investors constantly at risk and token issuers having to bear an extra burden. At QUOINE, we are preparing to launch our Self-Service ICO and Listing Platform. Developers will be able to host ICOs on our secure platform, connecting to our ever-growing base of KYC-verified users, who can invest directly through us on QRYPTOS. This removes much of the burden and stress for all parties.

Denaro ICO exit scam

The Denaro ICO claimed to bring to the sector a seamless payment system connecting cryptocurrencies and the mainstream market. Unfortunately, one week before the end of the ICO, the team is alleged to have vanished. They were reportedly absent in the Telegram group, not responding to emails and their social media pages were empty.

It was discovered that some of their team member’s photos were stolen from other websites. The tokens were distributed, but of course, with the disappearance of the team, they are worthless. Their bounty manager confirmed the team had gone missing, referring to them to as “scammers”.

How can traders be certain that the projects they are investing in are legit? With our Self-Service ICO and Listing Platform, we will strictly and thoroughly vet any projects that want to host an ICO with us. This way, you can be assured that you will not be investing in a dud project.

Binance API issues

At the beginning of March, many Binance users reported that their funds were being sold for Bitcoin at market price, and then the Bitcoin was being used to buy one particular altcoin (Via) for a price high above the market price. Binance responded to the situation and declared that the issue was due to third party API access to affected accounts. Before Binance made their announcement they disabled withdrawals across the whole site, preventing hackers having access to stolen funds.

It was discovered that the hackers had gained access to affected users’ details through phishing sites over a long time period, with the phishing beginning as early as January. The resolution of this was the that trades made by the hackers were all reversed, so no users lost money, and it was stated by Binance that the hackers actually managed to lose their own money.

Binance announced a bounty related to this incident, with anyone who supplies information leading to the arrest of the hacker(s) eligible for a share of $250,000 worth of BNB.

Phishing sites and attempts are becoming increasingly common and more difficult to spot. Be sure to bookmark your trusted links.

Ledger Nano S Backdoor

A Ledger Nano S is a cryptocurrency hardware wallet. Hardware wallets are said to be the most secure way to manage your funds (we use 100% cold wallet storage on our exchanges). The Ledger Nano S is trusted by traders around the world, but on the March 20, a 15 year old from the UK allegedly managed to backdoor a Ledger Nano S using a proof-of-concept code.

This code was reported to also work on the Ledger Blue. The backdoor provides the hacker with recovery passwords and pre-determined wallet addresses. The attacker could then use these to restore the accounts on the tampered Ledger Nano S on a new one, with full access to the funds. This backdoor could also be used for other things, such as editing payment amounts and the destination of payments.

The Ledger team stated that this was not a critical issue, especially as you have to have physical access to the device for this to be possible. This backdoor was fixed, according to Ledger, in an update two weeks later.

As always, it pays to remain vigilant and keep informed about security issues in crypto. Passing on knowledge, news and information also helps others stay up to date.

Coincheck

Hackers stole more than $530 million of the altcoin NEM from the Japanese exchange Coincheck in January. The funds were stored in a hot wallet, rather than a more secure cold wallet. The exchange promised to repay the customers that lost their money.

Then in March it was reported that the hackers had started successfully laundering and clearing the funds. That process has now reportedly been completed, leaving the funds to be withdrawn through an exchange that is not strict with KYC rules.

As customers of QUOINE will already know, this kind of case is why we chose to use 100% cold wallet storage and also adhere to strict KYC rules.

Twitter scams

Twitter is plagued with accounts that closely mimic companies or figures involved in the cryptocurrency space. They often have similar twitter handles and reply to tweets claiming to give away cryptocurrency — all you have to do it send an amount of crypto to their provided address and they will send back a multiple of the value you sent.

Of course this is a scam. Further development happened in March, when scammers began taking over and repurposing verified accounts. This is more dangerous as it gives the account and its scam tweets much more authority to readers.

Fortunately, at the start of March it became clear that Twitter had started banning these accounts, including those impersonating the QUOINE Twitter account. Be sure to report every one that you see and help to clean up the feed!