Bitcoin Forum

Even though it is not a stretch to say that security for cryptocurrencies and the overall security of cryptocurrency wallets has increased since they became popular in 2017 following the cryptocurrency boom, there are still a large number of instances where customer’s accounts and crypto wallets have been compromised, leading to losses for both businesses and consumers. Let’s review some of the biggest crypto wallet scandals of 2019:

Algorand

Algo Capital, the venture capital arm of the American blockchain firm Algorand suffered losses of $1-2M in Tether Stablecoins and Algorand Tokens after the mobile phone of CTO Pablo Yabo was compromised. This information was initially released to Coindesk on the 5th of October. The hackers were able to gain access to Yabo’s managed Algorand hot wallet. According to an anonymous report, CEO David Garcia has stated that the company is aware of the breach and is taking all responsibility for the incident, adding that they aim to refund the full amount lost within the next 20 months.

Full article (https://cryptodaily.co.uk/2019/10/the-biggest-crypto-wallet-scandals-of-2019)

I don't think that hacking will be a problem right now or in the future.
For individuals: if you have enough experience, you can easily store your cryptocurrencies securely without having to worry about hacking.
For companies: protection is one of the reasons for the choice of the platform *because it is a business activity* they must make efforts to protect the funds of customers and countries can help to recover the money when allocated to the crisis legislation.

Here's the problem that we are facing right now. When people got their money stolen or hacked or got defrauded in the internet they will get mad at the government that they aren't doing their jobs on retrieving the stolen money. But when the government strive for enforcement, rules, and regulations like KYC and AML procedures they still get mad that their privacy shouldn't be touch. They would like the idea that somehow they still hold crypto and remain anonymous while the government is ready to guard them every time. This is one of the most impossible things they are asking if they really want to prevent these illicit activities from happening in crypto industry. They need to learn that they need to sacrifice anonymity in order for a much better security we have from threats like this.

To keep your money safe, don’t store it on the exchanges, because they are often hacked and stolen at massive amounts that are not returned to you. Now there are already a huge number of safe and trusted crypto wallets. A complete list of them can be found at this link https://neironix.io/wallets

$1-2M in Tether? This is just a dust on the amount on  Gatehub wallet: https://www.tripwire.com/state-of-security/featured/cryptocurrency-wallet-gatehub-hacked/

As said on the article "That report claims 23.2 million Ripple coins (estimated to be worth nearly US $9.7 million) had been stolen from 80-90 GateHub accounts"

Therefore the conclusion is that we should not put all of our assets or coins on a wallet that we dont possess its keys.

It is true that if an individual has even the a slight knowledge about computers he can secure his coins in a way in which it will be very difficult for hackers to get to his coins, however despite how computers have become so common in our lives very few people know how to use them, they install all kind of stuff on their computers and their smart phones without even thinking about it since they have never taken their security with any seriousness.

This makes me think that if in the future cryptocurrencies are adopted by a substantial amount of people then we're going to see hackers stealing many of those coins and this could create a backlash against cryptocurrencies.

I'm glad that they're refunding their users but their given timeframe is a complete bummer especially for ppl who have huge amounts there. In the end, the users still have to shoulder the mistake the company did. I know it says "within" but the fact that they've given a long one means they're not confident in giving the refunds early.

I'm curious if the phone they're talking about is for daily use like you carry them around everywhere you go. and why such important info can be found on a phone.

Exactly, I thought that they will immediately refund their customers, but it was not the case. I was once locked my funds of .004 BTC on a certain wallet because of 2FA. But I was furious back then, imagine those account members who have thousand of dollars?


I would under the impression that it is daily smart phone being used the CTO. But what concerns me is that it is always online so why he saved sensitive data in there?

I thought it was another case of an uninformed person relying on SMS-based 2FA but that does not seem to have been the case:

https://medium.com/@pipaman/algo-capital-security-breach-aedccf9e33c2

He didn't go into anymore details. Either he's embarrassed, or he doesn't know, but he must not have been careful enough with his phone (ie. used it for anything else except accessing the coins) if it got compromised.

Its always a thing of concern anytime I read about compromise that are so cheap in services that relates to crypto especially when fault is linked either the CEO, the founder or co-founder. It shows that this crypto entrepreneurs have not learned to separate the business from themselves. I have not seen a bank gets compromised because of an individual even the MD or founder reports to the board and can even be removed should he decides to want to harness more powers. The solution is for self regulations be put in place that would be complied by everyone to forestall situations like this

Security hasn't improved for cryptocurrencies since 2017 -- rather, security for centralised services have improved (but since most were generally shite in the first place, saying they have improved really doesn't necessarily say much!). You only need to see Mt Gox to know what I mean.

And yes, of course a large number of wallets are still compromised. A lot of exchanges are too. Because no matter how much you upgrade security, if basic negligence persists, you end up with the same vulnerabilities.

Maybe we can add Bitmex issues as well? Although it is not a wallet but the email address of their users have been exposed breached, it just shows how centralises services hasn't improved and exploits had continued.

Although those hackers are really organise and intelligent, but I guess centralised exchanges number one duty here is to secure their and everyone's wallet, and that should be their priority.

I agree, although centralized services claim that their security has improved, that to me was a overstatement.


Cyber criminals are always on the offensive here, if exchanges are not really to handle them, specially if the supposedly people monitoring them are not that well educated, those hackers will be having a field day breaching their systems easy and stealing other peoples money.

It depends on how you look at the situation. I do believe that the security of services can improve significantly, but even that may not be enough to prevent future hacks and cases of theft.

You are secure until hackers find a weak point in your system and then you have to start from scratch again when it comes to patching the weak points, and that will continue for ever because there is no hacker proof service.

Hackers can be seen as bounty hunters in the sense that managing to get into a service yields them x amount of coins.... the larger the service the bigger the bounty in case of a successful hack.

The blockchain /cryptocurrency business is no longer for newbies. One shouldn't remain a newbie forever. Upgrade your knowledge by reading. One should have a little technical know how on how to secure their wallets. People need to realise what private keys and passphrase symbolises. That no one else aside them should have access to it. There are lots of airdrop phishing sites that look so  appealing at first, but on a single click, once wallet can be compromised. I fell victim once and lost all my tokens until I had to do my own reading on how to safeguard my Wallet. Stopped visiting insecure sites where my security can be compromised. Ignorance is no longer an excuse, as hackers prey on the ignorant and capitalize on any loophole they find.

Sorry to hear that you have been a victim once. Most of time I think though that newbies should go and experience this growing pains before you will learn everything here in crypto. I myself was a victim in the past, and with that I learn how to safeguard and protect my crypto wallet. I even separate everything, I have a desktop for my crypto activity only and other machines for other used.

Thanks for the link, yeah, he didn't go into details and it seems he doesn't have a clue as to how the hackers where able to steal from him.

Good thing is that he takes responsibility for it and I'm sure he learn a valuable lessons here. I guess everyone should, I mean hackers are everywhere so it's a good idea to not used mobile phones to store our sensitive data specially pertaining to cryptos.

When we use the wallets (not hot wallets) then no way of getting hacked,we maybe phished or stolen but we are not going to lose wallet just because of the mistake or issue with an website so we have to learn what is the wallet first when we enters into crypto wallet.

I actually don’t see scandals in any form ever stopping. Especially not the internet kind. As technology progresses, so does scandals. Securing crypto isn’t just about technological security but also about humans’ awareness.
For example, it is not advisable to keep cryptos in exchanges because it increases the chance of your crypto been stolen.
It also not advisable to keep cryptos in devices you are not assured of very high security. It is best cryptos are kept offline (cold wallet) than online.

You are right. Just too many people are not aware of all this. They don't read (enough). They don't understand that if the coins are gone, they're gone and nobody will reimburse them.
And most start shouting (instead of reading) when they get into troubles because they didn't read.

Right, self-awareness, knowledge is the key here to at least prevent this kind of things to happen to us. That's why the advise you have give should not be taken lightly even by crypto enthusiast who have been in the game for so long.

That's why services like hardware wallet is advisable if you have a lot of coins to hold long term as not to exposed it online. This is part of being a coiner, you really have to learn how to protect and secure it.