Bitcoin Forum
June 21, 2024, 03:45:56 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 [162] 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 ... 490 »
3221  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 352nd JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 04, 2019, 10:36:10 AM
Goodmorning and goodluck to ye all!!   Cheesy

Remember once you receive your coins...please post a photo and comments in the following thread!

https://bitcointalk.org/index.php?topic=3910520.0;all

That's all I ask! Thanks!!
3222  Economy / Games and rounds / [DAILY FREE RAFFLE] 352nd JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 04, 2019, 10:36:03 AM
Yes...I am still in a good mood so giving out a BITCOIN PHYSICAL coin.  Cheesy 

First come first served. Free shipping anywhere on this planet witht he exception of certain countries>> read here https://bitcointalk.org/index.php?topic=3910520.0

If you live in any country I cannot ship to you can always ship to a friend in other countries that Ic an ship to

Only one spot per person.

If you win you get to choose one coin of your liking.

Please read>>>> https://bitcointalk.org/index.php?topic=3910520.0

ONLY ONE RULE>> PICK A LETTER OR NUMBER NO RANDOMS PLEASE..sorry randoms will be ignored





1 efialtis Shocked
2 -Mackila Grin
3 –freecitizen  Smiley
4 - ONEnergy Grin
5 -JanBajec Cheesy
6 - stelee68 Wink
7 -  cumakoff Grin
8 2stout >Sad
9 -geophphreigh Kiss
0 -TopTort777 Tongue
a -jake zyrus Cheesy
b -zenrol28 Cheesy
c - Mux@ Cool
d Darker45 Kiss
e -lalafell Grin
f -FontSeli Cool

   
This coin will be shipped directly from manufacturer. A random coin will be picked as some of these manufacturers do not send to some countries.

Please provide full address with zipcode. Other than that It will not be shipped properly. If you can also add telephone… if not I will make one up and place instead.


Please no PO boxes as they do not ship to PO BOX addresses.

Goodluck!  Please read https://bitcointalk.org/index.php?topic=3910520.0

I also suggest using  privnote.com top send me your addy via PM once raffle winner get in touch with me.

Its for your privacy.  Wink 

For all newcomers you have to read https://bitcointalk.org/index.php?topic=3910520.0

You have to reach out to me when winning. Coins will be bought and sent from manufacturer.

If coin is stolen or does not arrive because of thievery in the postal system I am not sending a new one.

Also sometimes if they are sold out from a particular coin of your choice, another will be sent instead.

Read all of this and then decide if you want in or not. I am not responsible for any failed deliveries.

You are not buying anything here.

 I am sending out of the goodness of my heart and that's it.   Cheesy

This applied to all auctions in the past and future ones as well as the thread says. Goodluck!

DO NOT SEND ME A PM WITH PRIV NOTE... UNLESS YOU WIN THE RAFFLE.

If you win yes...if not no! And please send within 24hrs so I can keep track on who won what. Thanks   Cheesy

PLEASE PLACE YOUR INFO AS FOLLOWS WHEN PLACING YOUR LETTER OR NUMBER

A KROGOTHMANHATTAN

It makes my life easier to copy and paste

And it keeps me in a good mood too! Cheesy


3223  Economy / Collectibles / Re: "IT'S NOTHING" - A New Comic on Canvas from 1Dq on: September 03, 2019, 07:20:29 PM
Lol...I love it...great job!
3224  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 04:51:59 PM

Thankyou sir! Added to the main thread https://bitcointalk.org/index.php?topic=3910520.0
3225  Economy / Collectibles / Re: Free Daily Raffle Rules. Please read prior to participating! on: September 03, 2019, 04:45:26 PM
3226  Economy / Collectibles / Re: [WTS] MoonBits 2019: Silver Finish Series 0.001 BTC Series T - SALE NOW OPEN on: September 03, 2019, 02:33:31 PM
Love the box!  Cheesy
3227  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 02:25:08 PM
WINNERS WALL OF FAME


1   MIFFMAN   https://bitcointalk.org/index.php?topic=3737641.msg36977192#msg36977192
2   klaas    https://bitcointalk.org/index.php?topic=3739273.msg36981188#msg36981188
3   Anorganix   https://bitcointalk.org/index.php?topic=3827722.msg37346973#msg37346973
4   OGNasty!   https://bitcointalk.org/index.php?topic=3829983.msg37354013#msg37354013
5   Wolten   https://bitcointalk.org/index.php?topic=3831659.msg37362363#msg37362363
6   thundercrystal    https://bitcointalk.org/index.php?topic=3866529.msg37459827#msg37459827
7   Klaaas   https://bitcointalk.org/index.php?topic=3867965.msg37465886#msg37465886
8   STARBUCKS   https://bitcointalk.org/index.php?topic=3869122.msg37470945#msg37470945
9   Iced   https://bitcointalk.org/index.php?topic=3901905.msg37564866#msg37564866
10   KLAAAS   https://bitcointalk.org/index.php?topic=3904647.msg37572983#msg37572983
11   JohnK   https://bitcointalk.org/index.php?topic=3907463.msg37579493#msg37579493
12   Spazzer   https://bitcointalk.org/index.php?topic=3921998.msg37619347#msg37619347
13   Monkey King   https://bitcointalk.org/index.php?topic=3943016.msg37677993#msg37677993
14   Colt8    https://bitcointalk.org/index.php?topic=3946284.msg37681349#msg37681349
15   buckrogers    https://bitcointalk.org/index.php?topic=3954303.msg38083423#msg38083423
16   COLT81   https://bitcointalk.org/index.php?topic=3986081.msg37791315#msg37791315
17   Wheelz   https://bitcointalk.org/index.php?topic=4036201.msg37923127#msg37923127
18   DoDang   https://bitcointalk.org/index.php?topic=4083099.msg38048102#msg38048102
19   99 spot raffle Never completed>  
20   anonymousminer   https://bitcointalk.org/index.php?topic=4129829.msg38189318#msg38189318
21   Nairb360      https://bitcointalk.org/index.php?topic=4131447.msg39003145#msg39003145
22   FATTCATT       https://bitcointalk.org/index.php?topic=4173156.msg38304468#msg38304468
23   BILLGATOR      https://bitcointalk.org/index.php?topic=4215331.msg38397879#msg38397879
24   It looks like this invite-only raffle is not filled yet  
25   Bill gator      https://bitcointalk.org/index.php?topic=4255526.msg38533783#msg38533783
26   iasenko         https://bitcointalk.org/index.php?topic=4301073.msg38633251#msg38633251
27   slasher       https://bitcointalk.org/index.php?topic=4314038.msg38767684#msg38767684
28   Captain squeeze     https://bitcointalk.org/index.php?topic=4342208.msg38895034#msg38895034
29   Ajinomoto      https://bitcointalk.org/index.php?topic=4360505.msg38965291#msg38965291
30   loading         https://bitcointalk.org/index.php?topic=4380366.msg39052594#msg39052594
31   Bill Gator      https://bitcointalk.org/index.php?topic=4392420.msg39158473#msg39158473
32   missyqt29   https://bitcointalk.org/index.php?topic=4416908.msg39383133#msg39383133
33   jake zyrus   https://bitcointalk.org/index.php?topic=4421513.msg39433733#msg39433733
34   cutecute   https://bitcointalk.org/index.php?topic=4426605.msg39521702#msg39521702
35   prediction on bush   https://bitcointalk.org/index.php?topic=4432215.msg39580632#msg39580632
36   tortic25   https://bitcointalk.org/index.php?topic=4456230.msg39913087#msg39913087
37   fishball   https://bitcointalk.org/index.php?topic=4459960.msg39957827#msg39957827
38   no raffle  
39   bytezero   https://bitcointalk.org/index.php?topic=4464511.msg40031678#msg40031678
40   jake zyrus   https://bitcointalk.org/index.php?topic=4469752.msg40107880#msg40107880
41   missyqt29   https://bitcointalk.org/index.php?topic=4474795.msg40170831#msg40170831
42   bitcoinsforall   https://bitcointalk.org/index.php?topic=4489774.msg40385675#msg40385675
43   Dod Ong   https://bitcointalk.org/index.php?topic=4494996.msg40457462#msg40457462
44   Dod Ong   https://bitcointalk.org/index.php?topic=4500954.msg40535126#msg40535126
45   JanEmil   https://bitcointalk.org/index.php?topic=4507183.msg40602188#msg40602188
46   cumakoff   https://bitcointalk.org/index.php?topic=4515168.msg40667049#msg40667049
47   jake zyrus   https://bitcointalk.org/index.php?topic=4542060.msg40896796#msg40896796
48   missyqt29   https://bitcointalk.org/index.php?topic=4547010.msg40953035#msg40953035
49   p0pay1   https://bitcointalk.org/index.php?topic=4553500.msg41011985#msg41011985
50   bill gator   https://bitcointalk.org/index.php?topic=4559527.msg41090855#msg41090855
51   edgycorner   https://bitcointalk.org/index.php?topic=4565296.msg41154167#msg41154167
52   prediction on bush   https://bitcointalk.org/index.php?topic=4583139.msg41370221#msg41370221
53   prediction on bush   https://bitcointalk.org/index.php?topic=4590397.msg41448061#msg41448061
54   JanEmil   https://bitcointalk.org/index.php?topic=4596772.msg41507736#msg41507736
55   cutecute   https://bitcointalk.org/index.php?topic=4603492.msg41574829#msg41574829
56   empoy   https://bitcointalk.org/index.php?topic=4610700.msg41643440#msg41643440
57   ericaltm   https://bitcointalk.org/index.php?topic=4628437.msg41855410#msg41855410
58   vit05   https://bitcointalk.org/index.php?topic=4635562.msg41935934#msg41935934
59   iasenko   https://bitcointalk.org/index.php?topic=4642408.msg41996641#msg41996641
60   kurian   https://bitcointalk.org/index.php?topic=4654340.msg42063269#msg42063269
61   BALIK   https://bitcointalk.org/index.php?topic=4662424.msg42124370#msg42124370
62   p0pay1   https://bitcointalk.org/index.php?topic=4685171.msg42316586#msg42316586
63   mdayonliner   https://bitcointalk.org/index.php?topic=4692191.msg42377218#msg42377218
64   gamerfan   https://bitcointalk.org/index.php?topic=4698049.msg42431183#msg42431183
65   insurgent   https://bitcointalk.org/index.php?topic=4704366.msg42481917#msg42481917
66   iasenko   https://bitcointalk.org/index.php?topic=4710799.msg42537439#msg42537439
67   RushKing   https://bitcointalk.org/index.php?topic=4729797.msg42742463#msg42742463
68   Henry Sy   https://bitcointalk.org/index.php?topic=4736952.msg42794969#msg42794969
69   Oppang Inamo   https://bitcointalk.org/index.php?topic=4744254.msg42852858#msg42852858
70   vd309   https://bitcointalk.org/index.php?topic=4750810.msg42908349#msg42908349
71   JanEmil   https://bitcointalk.org/index.php?topic=4756446.msg42974705#msg42974705
72   no winner this time   https://bitcointalk.org/index.php?topic=4779771.msg43178170#msg43178170
73   Oshiage   https://bitcointalk.org/index.php?topic=4787710.msg43240070#msg43240070
74   Heisenberg_Hunter   https://bitcointalk.org/index.php?topic=4795745.msg43301645#msg43301645
75   p0pay1   https://bitcointalk.org/index.php?topic=4802753.msg43362642#msg43362642
76   Klarks_C   https://bitcointalk.org/index.php?topic=4809901.msg43421519#msg43421519
77   darkdangem   https://bitcointalk.org/index.php?topic=4829075.msg43613379#msg43613379
78   NeuroticFish   https://bitcointalk.org/index.php?topic=4837745.msg43674266#msg43674266
79   iasenko   https://bitcointalk.org/index.php?topic=4845465.msg43732585#msg43732585
80   zuggu-1   https://bitcointalk.org/index.php?topic=4854732.msg43784341#msg43784341
81   franklin9   https://bitcointalk.org/index.php?topic=4862393.msg43830609#msg43830609
82   Klarks_C   https://bitcointalk.org/index.php?topic=4884709.msg44020880#msg44020880
83   zuggu-1   https://bitcointalk.org/index.php?topic=4893630.msg44082543#msg44082543
84   Heisenberg_Hunter   https://bitcointalk.org/index.php?topic=4899188.msg44125504#msg44125504
85   Oshiage   https://bitcointalk.org/index.php?topic=4905415.msg44189035#msg44189035
86   techte7   https://bitcointalk.org/index.php?topic=4911014.msg44247730#msg44247730
87   JanEmil   https://bitcointalk.org/index.php?topic=4927481.msg44423006#msg44423006
88   Hexah   https://bitcointalk.org/index.php?topic=4932587.msg44480374#msg44480374
89   cumakoff   https://bitcointalk.org/index.php?topic=4937309.msg44517331#msg44517331
90   Heisenberg / Cumakoff / Klarks    https://bitcointalk.org/index.php?topic=4943112.msg44567164#msg44567164
91   Real14Hero   https://bitcointalk.org/index.php?topic=4962312.msg44791735#msg44791735
92   JanEmil   https://bitcointalk.org/index.php?topic=4969687.msg44847271#msg44847271
93   no winner this time   https://bitcointalk.org/index.php?topic=4975535.msg44889137#msg44889137
94   Hexah   https://bitcointalk.org/index.php?topic=4979916.msg44934802#msg44934802
95   cumakoff   https://bitcointalk.org/index.php?topic=4984541.msg44997608#msg44997608
96   Klarks_C   https://bitcointalk.org/index.php?topic=4999384.msg45154443#msg45154443
97   JanEmil   https://bitcointalk.org/index.php?topic=5006976.msg45181235#msg45181235
98   micromen   https://bitcointalk.org/index.php?topic=5012075.msg45251225#msg45251225
99   anonymousminer   https://bitcointalk.org/index.php?topic=5018576.msg45298926#msg45298926
100   iasenko / bitmover / iwutitan / stelee68 / Hexah   https://bitcointalk.org/index.php?topic=5023648.msg45345993#msg45345993
101   NightSabre   https://bitcointalk.org/index.php?topic=5025308.msg45509055#msg45509055
102   no winner this time   https://bitcointalk.org/index.php?topic=5026461.msg45554002#msg45554002
103   karitra   https://bitcointalk.org/index.php?topic=5027266.msg45593214#msg45593214
104   JanEmil   https://bitcointalk.org/index.php?topic=5027988.msg45653380#msg45653380
105   no winner this time   https://bitcointalk.org/index.php?topic=5028665.msg45696790#msg45696790
106   avlen   https://bitcointalk.org/index.php?topic=5030684.msg45845330#msg45845330
107   GhostZapper   https://bitcointalk.org/index.php?topic=5031863.msg45888602#msg45888602
108   yogg   https://bitcointalk.org/index.php?topic=5032637.msg45916482#msg45916482
109   avlen   https://bitcointalk.org/index.php?topic=5033520.msg45964058#msg45964058
110   Neelix   https://bitcointalk.org/index.php?topic=5034390.msg46002166#msg46002166
111   mdayonliner   https://bitcointalk.org/index.php?topic=5036656.msg46127258#msg46127258
112   Continuous   https://bitcointalk.org/index.php?topic=5037409.msg46160176#msg46160176
113   Neelix   https://bitcointalk.org/index.php?topic=5038200.msg46203546#msg46203546
114   Heisenberg_Hunter   https://bitcointalk.org/index.php?topic=5038961.msg46245240#msg46245240
115   Parodium   https://bitcointalk.org/index.php?topic=5039664.msg46276014#msg46276014
116   Hexah   https://bitcointalk.org/index.php?topic=5041100.msg46407269#msg46407269
117   no winner this time   https://bitcointalk.org/index.php?topic=5042188.msg46442211#msg46442211
118   zuggu-1   https://bitcointalk.org/index.php?topic=5042691.msg46478017#msg46478017
119   Harkorede   https://bitcointalk.org/index.php?topic=5043596.msg46516804#msg46516804
120   Khaled    https://bitcointalk.org/index.php?topic=5044281.msg46554159#msg46554159
121   merited   https://bitcointalk.org/index.php?topic=5051365.msg46964037#msg46964037
122   merited   https://bitcointalk.org/index.php?topic=5052041.msg46997509#msg46997509
123   bL4nkcode   https://bitcointalk.org/index.php?topic=5052691.msg47027389#msg47027389
124   vit05   https://bitcointalk.org/index.php?topic=5053383.msg47063178#msg47063178
125   vit05   https://bitcointalk.org/index.php?topic=5055148.msg47165591#msg47165591
126   ayuwolle   https://bitcointalk.org/index.php?topic=5055677.msg47190974#msg47190974
127   zuggu-1   https://bitcointalk.org/index.php?topic=5056312.msg47220120#msg47220120
128   cumakoff   https://bitcointalk.org/index.php?topic=5056959.msg47254017#msg47254017
129   onlinedragon   https://bitcointalk.org/index.php?topic=5057582.msg47286667#msg47286667
130   DarkStar_   https://bitcointalk.org/index.php?topic=5059042.msg47383803#msg47383803
131   2stout   https://bitcointalk.org/index.php?topic=5059712.msg47418150#msg47418150
132   Kryptowerk   https://bitcointalk.org/index.php?topic=5060562.msg47454569#msg47454569
133   Harkorede   https://bitcointalk.org/index.php?topic=5061187.msg47495162#msg47495162
134   JanEmil   https://bitcointalk.org/index.php?topic=5061907.msg47517207#msg47517207
135   cumakoff / S_Therapist   https://bitcointalk.org/index.php?topic=5063394.msg47615574#msg47615574
136   Kryptowerk   https://bitcointalk.org/index.php?topic=5064305.msg47642759#msg47642759
137   fcmatt   https://bitcointalk.org/index.php?topic=5064999.msg47675886#msg47675886
138   koelen3   https://bitcointalk.org/index.php?topic=5065535.msg47712679#msg47712679
139   Stulovo   https://bitcointalk.org/index.php?topic=5066255.msg47739013#msg47739013
140   XXXgames   https://bitcointalk.org/index.php?topic=5067886.msg47843954#msg47843954
141   Klarks_C   https://bitcointalk.org/index.php?topic=5068429.msg47870602#msg47870602
142   avlen   https://bitcointalk.org/index.php?topic=5069081.msg47894756#msg47894756
143   JanEmil   https://bitcointalk.org/index.php?topic=5069698.msg47934730#msg47934730
144   Harkorede   https://bitcointalk.org/index.php?topic=5070288.msg47960264#msg47960264
145   "CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#2  winner = comit https://bitcointalk.org/index.php?topic=5071857.msg48143801#msg48143801
146   ayuwolle   https://bitcointalk.org/index.php?topic=5072437.msg48074066#msg48074066
147   yogg   https://bitcointalk.org/index.php?topic=5073111.msg48101314#msg48101314
148   2stout   https://bitcointalk.org/index.php?topic=5073805.msg48136399#msg48136399
149   Trofo   https://bitcointalk.org/index.php?topic=5074325.msg48164793#msg48164793
150   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#3 winner = micromen   https://bitcointalk.org/index.php?topic=5075623.msg48335145#msg48335145
151   an@sha   https://bitcointalk.org/index.php?topic=5076470.msg48270787#msg48270787
152   cumakoff   https://bitcointalk.org/index.php?topic=5077003.msg48296156#msg48296156
153   shasan   https://bitcointalk.org/index.php?topic=5077499.msg48342810#msg48342810
154   cumakoff   https://bitcointalk.org/index.php?topic=5078056.msg48349502#msg48349502
155   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#4 winner = zenrol28   https://bitcointalk.org/index.php?topic=5079211.msg48501167#msg48501167
156   cumakoff   https://bitcointalk.org/index.php?topic=5079925.msg48444094#msg48444094
157   mr captcha   https://bitcointalk.org/index.php?topic=5080424.msg48465465#msg48465465
158   cumakoff   https://bitcointalk.org/index.php?topic=5080952.msg48488932#msg48488932
159   maxreish   https://bitcointalk.org/index.php?topic=5081477.msg48515535#msg48515535
160   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#5 winner = dis93   https://bitcointalk.org/index.php?topic=5082585.msg48652810#msg48652810
161   maxreish   https://bitcointalk.org/index.php?topic=5083272.msg48605576#msg48605576
162   Neelix   https://bitcointalk.org/index.php?topic=5083774.msg48621892#msg48621892
163   an@sha   https://bitcointalk.org/index.php?topic=5084253.msg48644456#msg48644456
164   ayuwolle   https://bitcointalk.org/index.php?topic=5084745.msg48663044#msg48663044
165   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#6 winner = ice-boid   https://bitcointalk.org/index.php?topic=5085787.msg48790930#msg48790930
166   avlen   https://bitcointalk.org/index.php?topic=5086518.msg48741844#msg48741844
167   jacktheking   https://bitcointalk.org/index.php?topic=5086987.msg48761287#msg48761287
168   dis93   https://bitcointalk.org/index.php?topic=5087424.msg48782416#msg48782416
169   Trofo   https://bitcointalk.org/index.php?topic=5087936.msg48802955#msg48802955
170   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#7 winner = frankbitcoin   https://bitcointalk.org/index.php?topic=5088822.msg48920395#msg48920395
171   maxreish   https://bitcointalk.org/index.php?topic=5089311.msg48881533#msg48881533
172   Hexah   https://bitcointalk.org/index.php?topic=5089662.msg48896324#msg48896324
173   niceboy999   https://bitcointalk.org/index.php?topic=5090053.msg48912036#msg48912036
174   dis93   https://bitcointalk.org/index.php?topic=5090428.msg48931647#msg48931647
175   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#8 winner = ezeminer   https://bitcointalk.org/index.php?topic=5091347.msg49035319#msg49035319
176   DireWolfM14   https://bitcointalk.org/index.php?topic=5091759.msg48999858#msg48999858
177   Kingf1sher   https://bitcointalk.org/index.php?topic=5092173.msg49012887#msg49012887
178   Trofo   https://bitcointalk.org/index.php?topic=5092615.msg49029402#msg49029402
179   cumakoff   https://bitcointalk.org/index.php?topic=5093040.msg49047963#msg49047963
180   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#9 winner = wheelz1200   https://bitcointalk.org/index.php?topic=5093950.msg49166376#msg49166376
181   zenrol28   https://bitcointalk.org/index.php?topic=5094530.msg49120551#msg49120551
182   matrix zion   https://bitcointalk.org/index.php?topic=5094980.msg49135984#msg49135984
183   shasan   https://bitcointalk.org/index.php?topic=5095450.msg49156477#msg49156477
184   Xavier59   https://bitcointalk.org/index.php?topic=5095879.msg49178324#msg49178324
185   CLOUDBET & KROGOTH'S LOADED DENARIUM COIN RAFFLE#10 winner = anonymousminer   https://bitcointalk.org/index.php?topic=5096893.msg49288313#msg49288313
186   rkorade   https://bitcointalk.org/index.php?topic=5097587.msg49246532#msg49246532
187   2stout   https://bitcointalk.org/index.php?topic=5097928.msg49260043#msg49260043
188   an@sha   https://bitcointalk.org/index.php?topic=5098625.msg49280963#msg49280963
189   efrenbilantok   https://bitcointalk.org/index.php?topic=5098875.msg49296100#msg49296100
190   yogg   https://bitcointalk.org/index.php?topic=5100074.msg49350199#msg49350199
191   ayuwolle   https://bitcointalk.org/index.php?topic=5100686.msg49366633#msg49366633
192   ayuwolle   https://bitcointalk.org/index.php?topic=5101149.msg49381796#msg49381796
193   dis93   https://bitcointalk.org/index.php?topic=5101608.msg49400233#msg49400233
194   GrosWesh   https://bitcointalk.org/index.php?topic=5101892.msg49415627#msg49415627
195   rkorade   https://bitcointalk.org/index.php?topic=5103012.msg49467795#msg49467795
196   niceboy999   https://bitcointalk.org/index.php?topic=5103640.msg49484182#msg49484182
197   maxreish   https://bitcointalk.org/index.php?topic=5103924.msg49497688#msg49497688
198   cumakoff   https://bitcointalk.org/index.php?topic=5104474.msg49518385#msg49518385
199   Heisenberg_Hunter   https://bitcointalk.org/index.php?topic=5104729.msg49533404#msg49533404
200   freetoshi / Last of the V8s / rdbase / niceboy999 / cumakoff / an@sha / Steele68 / WhiteManWhite / shasan / niceboy999   https://bitcointalk.org/index.php?topic=5105772.msg49582887#msg49582887
201   CAPT.DEADPOOL   https://bitcointalk.org/index.php?topic=5106351.msg49597207#msg49597207
202   an@sha   https://bitcointalk.org/index.php?topic=5106785.msg49613762#msg49613762
203   shasan   https://bitcointalk.org/index.php?topic=5107182.msg49627200#msg49627200
204   shasan   https://bitcointalk.org/index.php?topic=5107634.msg49648964#msg49648964
205   Kriptopsina   https://bitcointalk.org/index.php?topic=5108357.msg49690507#msg49690507
206   Schwarzenberg   https://bitcointalk.org/index.php?topic=5108949.msg49706591#msg49706591
207   rkorade   https://bitcointalk.org/index.php?topic=5109457.msg49721665#msg49721665
208   octomon   https://bitcointalk.org/index.php?topic=5109724.msg49737154#msg49737154
209   Yarex   https://bitcointalk.org/index.php?topic=5110106.msg49752623#msg49752623
210   beLiefs   https://bitcointalk.org/index.php?topic=5111155.msg49804859#msg49804859
211   eugeney   https://bitcointalk.org/index.php?topic=5111796.msg49820235#msg49820235
212   F2b   https://bitcointalk.org/index.php?topic=5112235.msg49833836#msg49833836
213   micgoossens   https://bitcointalk.org/index.php?topic=5112432.msg49843373#msg49843373
214   Last of the V8s   https://bitcointalk.org/index.php?topic=5112894.msg49868021#msg49868021
215   machasm   https://bitcointalk.org/index.php?topic=5113899.msg49913654#msg49913654
216   avlen   https://bitcointalk.org/index.php?topic=5114488.msg49929376#msg49929376
217   cumakoff   https://bitcointalk.org/index.php?topic=5114858.msg49945008#msg49945008
218   Zerbis   https://bitcointalk.org/index.php?topic=5115284.msg49959357#msg49959357
219   avlen   https://bitcointalk.org/index.php?topic=5115510.msg49974579#msg49974579
220   TopTort777   https://bitcointalk.org/index.php?topic=5116465.msg50020676#msg50020676
221   rkorade   https://bitcointalk.org/index.php?topic=5117138.msg50030867#msg50030867
222   kenzawak   https://bitcointalk.org/index.php?topic=5117546.msg50045443#msg50045443
223   rkorade   https://bitcointalk.org/index.php?topic=5117975.msg50061463#msg50061463
224   NeuroticFish   https://bitcointalk.org/index.php?topic=5118277.msg50073416#msg50073416
225   archoco   https://bitcointalk.org/index.php?topic=5118644.msg50115523#msg50115523
226   MakeMoneyBtc   https://bitcointalk.org/index.php?topic=5119662.msg50130382#msg50130382
227   johnjimjack   https://bitcointalk.org/index.php?topic=5120113.msg50144186#msg50144186
228   Trofo   https://bitcointalk.org/index.php?topic=5120495.msg50159381#msg50159381
229   kranga   https://bitcointalk.org/index.php?topic=5120722.msg50176316#msg50176316
230   Danslip   https://bitcointalk.org/index.php?topic=5121580.msg50213787#msg50213787
231   MakeMoneyBtc   https://bitcointalk.org/index.php?topic=5122028.msg50226070#msg50226070
232   owlcatz   https://bitcointalk.org/index.php?topic=5122684.msg50241901#msg50241901
233   cumakoff   https://bitcointalk.org/index.php?topic=5122974.msg50254460#msg50254460
234   Spray.   https://bitcointalk.org/index.php?topic=5123281.msg50268735#msg50268735
235 Kenzawak https://bitcointalk.org/index.php?topic=5123884.0;all
236 Zerbis https://bitcointalk.org/index.php?topic=5124408.0
237 Shasan https://bitcointalk.org/index.php?topic=5124764.0
238 Dis93 https://bitcointalk.org/index.php?topic=5125086.0;all
239 Shasan https://bitcointalk.org/index.php?topic=5125489.0
240 Machasm https://bitcointalk.org/index.php?topic=5125800.0;all
241  F2b https://bitcointalk.org/index.php?topic=5126224.0;all
242 dis93  https://bitcointalk.org/index.php?topic=5127064.0;all
243 TopTort 777  https://bitcointalk.org/index.php?topic=5127492.0;all
244 Zenrol 28 https://bitcointalk.org/index.php?topic=5128037.0;all
245 Ayuwelle https://bitcointalk.org/index.php?topic=5128381.0;all
246 Rkorade https://bitcointalk.org/index.php?topic=5128782.0;all
247 DaveF https://bitcointalk.org/index.php?topic=5129797.0;all
248 DaveF https://bitcointalk.org/index.php?topic=5130205.0
249 Fontseli https://bitcointalk.org/index.php?topic=5130599.0;all
250 2stout https://bitcointalk.org/index.php?topic=5131100.0;all
251 F2b https://bitcointalk.org/index.php?topic=5131983.0;all
252 Rkorade https://bitcointalk.org/index.php?topic=5132429.0;all
253 Cumakoff  https://bitcointalk.org/index.php?topic=5132671.0;all
254 FontSeli https://bitcointalk.org/index.php?topic=5133200.0;all
255 SamDummy https://bitcointalk.org/index.php?topic=5133536.0
256 Cumakoff https://bitcointalk.org/index.php?topic=5134011.0
257 Peashooter https://bitcointalk.org/index.php?topic=5135144.0;all
258 Cumakoff https://bitcointalk.org/index.php?topic=5135551.0;all
259 Stelee68 https://bitcointalk.org/index.php?topic=5135955.0;all
260 Zenrol28 https://bitcointalk.org/index.php?topic=5136301.0
261 Machasm https://bitcointalk.org/index.php?topic=5136594.0;all
262 Mirae https://bitcointalk.org/index.php?topic=5137728.0;all
263 SteamTyme https://bitcointalk.org/index.php?topic=5137901.0;all
264 Cumakoff https://bitcointalk.org/index.php?topic=5138495.0;all
265 NeuroticFish  https://bitcointalk.org/index.php?topic=5138895.msg50878132#msg50878132
266  owlcatz https://bitcointalk.org/index.php?topic=5138994.0
267  Cumakoff  https://bitcointalk.org/index.php?topic=5140274.0;all
268 Toptort77 https://bitcointalk.org/index.php?topic=5140618.0;all
269 Passthepopcorn https://bitcointalk.org/index.php?topic=5140990.0;all
270 Kenzawak https://bitcointalk.org/index.php?topic=5141423.0;all
271 AlexSimion https://bitcointalk.org/index.php?topic=5141794.msg50994507#msg50994507
272 Asu  https://bitcointalk.org/index.php?topic=5142962.0;all
273 rkorade https://bitcointalk.org/index.php?topic=5143414.0;all
274 owlcatz https://bitcointalk.org/index.php?topic=5143886.0;all
275 bisdak40 https://bitcointalk.org/index.php?topic=5144261.0;all
276 Cumakoff https://bitcointalk.org/index.php?topic=5144615.0;all
277 Cabalism13 https://bitcointalk.org/index.php?topic=5145640.0;all
278 Kong Hey Pakboy https://bitcointalk.org/index.php?topic=5146029.0;all
279 Zenrol28 https://bitcointalk.org/index.php?topic=5146396.0;all
280 MrFreeRoMan https://bitcointalk.org/index.php?topic=5146787.0;all
281 Ferriswheel https://bitcointalk.org/index.php?topic=5146844.0;all
282 2stout https://bitcointalk.org/index.php?topic=5147998.0;all
283 Klaaas https://bitcointalk.org/index.php?topic=5148561.0;all
284 FerrisWheel https://bitcointalk.org/index.php?topic=5148824.0;all
285  Groswesh https://bitcointalk.org/index.php?topic=5149388.0;all
286  owlcatz https://bitcointalk.org/index.php?topic=5149707.0
287  FerrisWheel  https://bitcointalk.org/index.php?topic=5150628.0;all
288  Cumakoff https://bitcointalk.org/index.php?topic=5151004.0    
289 Mbitr https://bitcointalk.org/index.php?topic=5151403.0;all
290 klaaas https://bitcointalk.org/index.php?topic=5151797.0;all
291 Greatarkansas  https://bitcointalk.org/index.php?topic=5151846.0;all
292 Johnjimjack https://bitcointalk.org/index.php?topic=5153114.new#new
293 finaleshot2016 https://bitcointalk.org/index.php?topic=5153449.0;all
294 rkorade https://bitcointalk.org/index.php?topic=5153837.0;all
295 Fontseli https://bitcointalk.org/index.php?topic=5154201.0
296 Fontseli https://bitcointalk.org/index.php?topic=5154283.0
297 machasm https://bitcointalk.org/index.php?topic=5155656.0;all
298 ferriswheel https://bitcointalk.org/index.php?topic=5156042.0;all
299 owlcatz https://bitcointalk.org/index.php?topic=5156483.0;all
300 Greatarkansas https://bitcointalk.org/index.php?topic=5156568.0
301 apoorvlathey  https://bitcointalk.org/index.php?topic=5157320.0;all
302  Mux@  https://bitcointalk.org/index.php?topic=5157884.0
303 DaveF https://bitcointalk.org/index.php?topic=5158244.0;all
304 machasm https://bitcointalk.org/index.php?topic=5158691.0
305 alittlebitinfected  https://bitcointalk.org/index.php?topic=5159089.0;all
306 johnjimjack https://bitcointalk.org/index.php?topic=5159466.0
307 Makemoneybtc https://bitcointalk.org/index.php?topic=5159600.0
308 bakermaker123 https://bitcointalk.org/index.php?topic=5160795.0;all
309 cumakoff https://bitcointalk.org/index.php?topic=5161209.0;all
310 2stout https://bitcointalk.org/index.php?topic=5161737.0;all
311 @mux https://bitcointalk.org/index.php?topic=5161737.0;all
312 Fontseli https://bitcointalk.org/index.php?topic=5163747.0;all
313 Onat42 https://bitcointalk.org/index.php?topic=5164113.0;all
314 2stout https://bitcointalk.org/index.php?topic=5164486.0;all
315 bluewaffle https://bitcointalk.org/index.php?topic=5164810.0;all
316 GreatArkansas https://bitcointalk.org/index.php?topic=5165689.0;all
317 Davef https://bitcointalk.org/index.php?topic=5166050.0;all
318  mux@ https://bitcointalk.org/index.php?topic=5166447.0;all
319 Bluewaffle https://bitcointalk.org/index.php?topic=5166794.0;all
320   Periodik https://bitcointalk.org/index.php?topic=5166848.0
321   Mux@ https://bitcointalk.org/index.php?topic=5168000.0;all
322  Polar91 https://bitcointalk.org/index.php?topic=5168376.0
323  Cunicula https://bitcointalk.org/index.php?topic=5168741.0;all
324 Rawdog11 https://bitcointalk.org/index.php?topic=5169069.0;all
325 Onenergy  https://bitcointalk.org/index.php?topic=5169410.0
326 Ferriswheel  https://bitcointalk.org/index.php?topic=5170401.0;all
327   Mux@ https://bitcointalk.org/index.php?topic=5170794.msg52014634#msg52014634
328  Stelee68 https://bitcointalk.org/index.php?topic=5171191.0;all
329  smil3y7  https://bitcointalk.org/index.php?topic=5171539.0;all
330 Mackila https://bitcointalk.org/index.php?topic=5171856.0;all
331 FontSeli https://bitcointalk.org/index.php?topic=5172826.0;all
332 Darker45 https://bitcointalk.org/index.php?topic=5173261.0;all
333 Ferriswheel https://bitcointalk.org/index.php?topic=5173668.0;all
334 lalafell https://bitcointalk.org/index.php?topic=5173980.0
335 peashooter https://bitcointalk.org/index.php?topic=5174266.0;all
336 rkorade https://bitcointalk.org/index.php?topic=5175087.0;all
337 ONEnergy https://bitcointalk.org/index.php?topic=5175446.0;all
338 JanBajec https://bitcointalk.org/index.php?topic=5175775.0;all
339 rawdog11 https://bitcointalk.org/index.php?topic=5176078.0;all
340 ONEnergy https://bitcointalk.org/index.php?topic=5176368.0;all
341 Darker45 https://bitcointalk.org/index.php?topic=5177209.0
342 lalafell https://bitcointalk.org/index.php?topic=5177555.0
343 Darker45 https://bitcointalk.org/index.php?topic=5177867.0;all
344 Darker45 https://bitcointalk.org/index.php?topic=5178203.0;all
345 Mux@ https://bitcointalk.org/index.php?topic=5178466.0;all
346 geophphreigh https://bitcointalk.org/index.php?topic=5179231.0;all
347 Darker45 https://bitcointalk.org/index.php?topic=5179542.0;all
348 Groswesh https://bitcointalk.org/index.php?topic=5179864.0;all
349 ONergy https://bitcointalk.org/index.php?topic=5180136.0;all
350 stelee68 https://bitcointalk.org/index.php?topic=5180429.0;all
351 rawdog11 https://bitcointalk.org/index.php?topic=5181308.0;all
3228  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 02:22:05 PM
c - rawdog11

c wins!! https://live.blockcypher.com/btc/block/0000000000000000000ff600d7b00944e73bd46266e29efaa7664eda2e3da99c/

Congratulations   !!!

Thankyou all for participating and see you again tomorrow for more!  Cheesy
3229  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 02:14:58 PM
Alrighty then lets roll with 593074  Grin
3230  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 12:52:48 PM
One more to go before we roll!
3231  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 11:56:32 AM
Slots updated!
3232  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 10:43:33 AM
Slots updated Cheesy
3233  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 350th JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 10:32:50 AM
I have been trying to enter this for like 2 weeks... judging from my calculations I have to be up and ready to enter around 5:30 CST am.... I just want to win 1 coin... lol all of you regulars. Go hang outside get some sunlight and leave some entries for me lol

Will try and delay one day for late wakers like yourself Wink
3234  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 10:29:44 AM
Goodmorning and goodluck to ye all!!   Cheesy

Remember once you receive your coins...please post a photo and comments in the following thread!

https://bitcointalk.org/index.php?topic=3910520.0;all

That's all I ask! Thanks!!
3235  Economy / Games and rounds / [DAILY FREE RAFFLE] 351st JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: September 03, 2019, 10:29:36 AM
Yes...I am still in a good mood so giving out a BITCOIN PHYSICAL coin.  Cheesy 

First come first served. Free shipping anywhere on this planet witht he exception of certain countries>> read here https://bitcointalk.org/index.php?topic=3910520.0

If you live in any country I cannot ship to you can always ship to a friend in other countries that Ic an ship to

Only one spot per person.

If you win you get to choose one coin of your liking.

Please read>>>> https://bitcointalk.org/index.php?topic=3910520.0

ONLY ONE RULE>> PICK A LETTER OR NUMBER NO RANDOMS PLEASE..sorry randoms will be ignored





1 Mux@ Cheesy
2 -2stout Grin
3 –freecitizen  Cheesy
4 -  ONEnergy Grin
5 - plvbob0070 Cheesy
6 - Lalafell Cry
7 -  JanBajec Wink
8 stelee68 Tongue
9 -geophphreigh Shocked
0 -jake zyrus Grin
a -smil3y7 Grin
b - zenrol28 Cry
c - rawdog11 Cool
d  Darker45 Shocked
e - efialtis Cheesy
f -FontSeli Shocked

   
This coin will be shipped directly from manufacturer. A random coin will be picked as some of these manufacturers do not send to some countries.

Please provide full address with zipcode. Other than that It will not be shipped properly. If you can also add telephone… if not I will make one up and place instead.


Please no PO boxes as they do not ship to PO BOX addresses.

Goodluck!  Please read https://bitcointalk.org/index.php?topic=3910520.0

I also suggest using  privnote.com top send me your addy via PM once raffle winner get in touch with me.

Its for your privacy.  Wink 

For all newcomers you have to read https://bitcointalk.org/index.php?topic=3910520.0

You have to reach out to me when winning. Coins will be bought and sent from manufacturer.

If coin is stolen or does not arrive because of thievery in the postal system I am not sending a new one.

Also sometimes if they are sold out from a particular coin of your choice, another will be sent instead.

Read all of this and then decide if you want in or not. I am not responsible for any failed deliveries.

You are not buying anything here.

 I am sending out of the goodness of my heart and that's it.   Cheesy

This applied to all auctions in the past and future ones as well as the thread says. Goodluck!

DO NOT SEND ME A PM WITH PRIV NOTE... UNLESS YOU WIN THE RAFFLE.

If you win yes...if not no! And please send within 24hrs so I can keep track on who won what. Thanks   Cheesy

PLEASE PLACE YOUR INFO AS FOLLOWS WHEN PLACING YOUR LETTER OR NUMBER

A KROGOTHMANHATTAN

It makes my life easier to copy and paste

And it keeps me in a good mood too! Cheesy

3236  Economy / Collectibles / Re: [INFO]-Crypto Stamps- Collectable Blockchain postage stamps on: August 31, 2019, 11:50:44 PM

Nice mix:

2 yellows
1 blue
1 green
1 black

Overall pleased with the wait

That is insane! Good for ya man!
3237  Economy / Collectibles / Re: [INFO]-Crypto Stamps- Collectable Blockchain postage stamps on: August 31, 2019, 07:43:55 PM
sorry, I did not want to offend you.  I only say that the e-mail had declared to another buyer that there were only 2500 of the first day and 1800straties

Bless

I have to jump in: there are even more variants by the Collectors Society sold within privat groups. I also have some other variants.

There are even small FDCs which look the same like the bigger brothers. But they are limited to 10.

There are also signed versions and even framed posters.

Never officially sold and just for the collectors. The framed versions are even rarer than the 4 digit stamps.

Dam austrian post knows how to milk the Cow eh  Tongue

 Did you ever receive your stamps wheelz?

MAIL CALL!!!!!!

Busy today but did get a chance to see all were 6 digit stamps.  Will scan later tonight


Finally! Goodluck!
3238  Economy / Games and rounds / Re: [DAILY FREE RAFFLE] 350th JUST BECAUSE I AM STILL IN A GOOD MOOD FREE BITCOIN on: August 31, 2019, 05:55:50 PM
Wow. 350 free raffles! That is amazing, keep it up krogothmanhattan.  Shocked

Congrats stelee68!


 Once I hit Legendary status which is hopefully soon will raffle for free a loaded Satori chip.  Cheesy

That "random between 775 and 1030" is the only obstacle it seems. I hope you will not have to cross that 1030 activity. That would be too long a wait it might turn that Satori chip raffle into a Casascius raffle.  Grin



Yes!  I am 854 and the activity increases every 2 weeks IIRC...so let us see what the forum computer decides!
3239  Other / Beginners & Help / Re: MUST READ They're coming for your Crypto, SIM SWAPPING BIBLE on: August 31, 2019, 04:49:39 PM
Securing ALL the Things

You’ve now learned how to secure your accounts, created secure paper backups of important information, and successfully gotten token-based authentication rolling via Google Authenticator.

Here’s the easy, although mildly tedious, next step: You’re going to set up Google Authenticator on every website or service you use that allows it, and remove your phone number / SMS recovery.

Pro-tip: Since you are going to be logging into all these accounts anyways, we recommend you set up a password manager like LastPass or 1Password if you don’t already use one, and create new, secure, unique passwords for each of these accounts. This ensures password reuse doesn’t bite you in the ass, especially with the billions of username / passwords that have been compromised over the years.

While it would be impossible to list every service you may use, here is a prioritized list of what to add your new best friend Mr. 2FA to.

You can also use https://twofactorauth.org/ to view more services and see what 2FA formats they support. The s̶t̶r̶u̶c̶k̶ ̶i̶t̶e̶m̶s̶ don’t offer 2FA at all, or only offer SMS 2FA, so you need to change your phone number to your super-secure Google Voice number.
1.Password managers: LastPass, 1Password, etc.
2.Backup / Sync / Cloud Storage: Apple / iCloud, Google Drive, Dropbox, Microsoft / OneDrive, B̶o̶x̶, etc.
3.Email: Gmail, Apple / iCloud, ProtonMail, Y̶a̶h̶o̶o̶, A̶O̶L̶, etc.
4.Exchanges: Coinbase, Gemini, Circle, Binance, Bittrex, Kraken, Poloniex, Huobi, Okex, Bitfinex, Bitstamp, ShapeShift, etc. Note: You shouldn’t be storing significant assets on these, but they should still absolutely be 2FA'd. This also ensures that your fiat / bank accounts can’t be drained and your exchange account isn’t hijacked and used to launder money in your name. Some exchanges (Kraken 😍) allow separate 2FA codes for withdrawals, trades, and logging in. Poke around and enable any security settings your exchange offers!
5.Dev: Github, Bitbucket, Gitlab, npm, T̶w̶i̶l̶i̶o̶, etc.
6.Web: GoDaddy, Bluehost, Google Cloud, Heroku, Wordpress, Shopify, SquareSpace, AWS, Microsoft Azure, Digital Ocean, CloudFlare, etc.
7.Social media accounts: Facebook, Twitter, Instagram, LinkedIn, Google / Youtube, Medium, Tumblr, Buffer, HootSuite, Snapchat, etc. Note: These are often used to defraud your friends or obtain sensitive / secret information when compromised.
8.Messaging platforms: Apple / iMessage, Google / Hangouts + Fi + Voice, Skype, Slack, Discord, Telegram, W̶h̶a̶t̶s̶A̶p̶p̶, Facebook Messenger, W̶e̶C̶h̶a̶t̶, V̶i̶b̶e̶r̶, L̶i̶n̶e̶, Gitter, R̶i̶o̶t̶, W̶i̶r̶e̶, S̶i̶g̶n̶a̶l̶, etc. Note: These are often used to defraud your friends or obtain sensitive / secret information when compromised.
9.Photo Storage: iCloud, Google Photos, Adobe. Note: Besides screenshots of secrets / backups, SIM-swappers love to utilize, ehrm, certain types of photos to extort people. Consider removing secret / sensitive / sexy photos from your cloud provider entirely.
10.Finances / Money: Chase, Wells Fargo, B̶a̶r̶c̶l̶a̶y̶s̶, HSBC, Charles Schwab, Betterment, E*Trade, T̶D̶ ̶A̶m̶e̶r̶i̶t̶r̶a̶d̶e̶, Vanguard, Fidelity, Mint, Y̶N̶A̶B̶, C̶r̶e̶d̶i̶t̶ ̶K̶a̶r̶m̶a̶, Carta, eBay, Alipay, TurboTax, Quickbooks, Robinhood, C̶a̶s̶h̶ ̶A̶p̶p̶, V̶e̶n̶m̶o̶, TransferWise, Paypal, etc.
11.Forums: Reddit, S̶t̶a̶c̶k̶E̶x̶c̶h̶a̶n̶g̶e̶/̶S̶t̶a̶c̶k̶o̶v̶e̶r̶f̶l̶o̶w̶, Q̶u̶o̶r̶a̶, I̶m̶g̶u̶r̶, random gaming forums, random hobby forums, old shitty forums, etc.
12.Work: A̶s̶a̶n̶a̶, BambooHR, G̶u̶s̶t̶o̶, Jira, Clubhouse, Front, ZenDesk, Zenefits, Groove, Mailchimp, Substack, Salesforce, Slideshare, Trello, SendGrid, Blackboard, Docusign, etc.
13.Notes: Evernote, Notion, Scribd, P̶o̶c̶k̶e̶t̶, T̶o̶d̶o̶i̶s̶t̶, etc.
14.Shopping: Amazon, T̶a̶r̶g̶e̶t̶, W̶a̶l̶m̶a̶r̶t̶, Newegg, etc.
15.Misc: R̶i̶n̶g̶, N̶a̶n̶i̶t̶, B̶l̶i̶n̶k̶, N̶e̶s̶t̶, your car’s app (T̶e̶s̶l̶a̶, M̶e̶r̶c̶e̶d̶e̶s̶ ̶M̶e̶, etc.), S̶p̶o̶t̶i̶f̶y̶, Uber, L̶y̶f̶t̶, A̶i̶r̶b̶n̶b̶, N̶e̶t̶f̶l̶i̶x̶, P̶o̶r̶n̶h̶u̶b̶, S̶a̶m̶s̶u̶n̶g̶, U̶P̶S̶, F̶e̶d̶E̶x̶, D̶H̶L̶, IFTTT, Zapier, G̶r̶u̶b̶H̶u̶b̶, E̶x̶p̶r̶e̶s̶s̶V̶P̶N̶, PIA, ProtonVPN, US IRS, Health Insurance, Utilities, etc.

How to handle sites that only support SMS 2FA?

For whatever bizarre reason (or, depending on who you ask, societal laziness) many websites and services still only offer SMS 2FA. Amazingly, this includes many banks.

Until these laggards catch up, you have two options:
1.Insist on using competitors that offer better security. If this is feasible, we highly encourage you to switch to a competitor service and let it be known that you’ve switched for this reason. Speaking with our money (this applies even to "free" sites) is a great way to encourage change.
2.If there is no suitable replacement for the service and you must continue using it, utilize your new Google Voice number for SMS activation / account reset.

...


Last Step: Prepare Yourself

When you have your SIM swapped, you will no longer have the ability to make calls or send text messages, nor will you be able to connect to the internet unless you are connected via Wi-Fi. While this may seem obvious, many victims report fumbling around trying to figure out how to make a call on a phone that can no longer make calls.

Take the time now to set up and practice making a phone call without your SIM card.

First, select & set up a VOIP service that supports calling landlines
•Google Hangouts / Voice: This is your best choice because it’s actually free and it works from your browser or mobile app. Downside: if your Google account is compromised, you won’t be able to access it. So, make sure you secure your Google accounts or Google Voice is set up on multiple accounts. Hangouts on your Computer, Android, iOS or Voice on your Computer, Android, or iOS.
•FreedomPop: An app that gives you a free 200 minutes / month once you set it up. Make sure you test it first. We didn't particularly like the permissions it requested on Android, but it did work on our test device. iOS and Android only.
•Line: The newest rage in Asia and supposedly allows you to make free calls to landlines if you watch an ad first. You’ll have to confirm it works though as it rejected every number we tried calling. Available for literally every device.
•Skype: Available for every device but costs a bit of money to call a landline (as you will need to do in this case). Loading it up with $10 of credit should be sufficient for your needs and is a good choice if you already use Skype.
•Viber: It costs money to call landlines via Viber Out, but if you already use Viber it would probably still be worth it to throw $10 worth of credit on it now just to have it available. iOS, Android, Mac, Windows, Linux.

Action Items
•Take your SIM out of your phone.
•Using the option you chose above (or a different option you prefer), try calling yourself. Ensure the call connects and you hear your voicemail message playing.
•Find your mobile phone provider’s customer support phone number(s). Some are below. They will have a “customer care” number, but also search for a number specifically for urgent or fraudulent situations. For example, AT&T has their “Global Fraud Management Department @ 877.844.5584.”
•Save these numbers to wherever you normally save numbers AND to where you just called from. Save the actual phone number, not the quick-number that only works on certain devices.
•Call this number and ensure you connect and listen to options play. If you feel up to it, have another chat with them about their security offerings. 😉
•If you did this on your computer, repeat on your phone. If you did this on your phone, repeat on your computer.

Some Mobile Phone Provider’s Numbers
•AT&T Fraud: 1 (877) 844–5584
•AT&T: 1 (800) 331–0500
•Cricket Wireless: 1 (800) 274–2538
•Sprint: 1 (888) 211–4727
•T-Mobile: 1 (877) 453–1304
•US Cellular: 1 (888) 944–9400
•Verizon: 1 (800) 922–0204

Thanks to Chris Robison and his SIM swap guide for grabbing all the numbers!

Total Time
•10-15 minutes

...


Bonus round!

There are a few things that don't strictly fall in the scope of this guide but are good practices. We’re including them as they are actions victims of SIM-swapping wished they had taken.

Watermark Your KYC Documents

This ensures any documents stolen from an ICO or exchange or your own email / computer / cloud storage cannot be reused for nefarious purposes. It doesn’t matter if it’s a scan of your identity cards, a photo of you holding them, or a photo of you holding them with a date, you should still watermark it:


Okay, this may be overkill, but you get the idea. Now if an exchange or ICO company is breached, they can’t use your identification scans or selfies to launder money or bypass KYC requirements.

Use offline-only, secure back-ups of private keys, passwords, seed phrases, and other super important secrets

Super important secrets are things like private keys, paper wallets, your birth certificate, or social security card. They should be stored in a manner that is optimal for security and long-term, infrequent access.

Do not print or download them. Don’t take a screenshot. Don’t take a photo. Don't save them to iCloud or Dropbox or Google Drive. Don't email them to yourself.

Instead, take out a pen and paper and write down the secret as carefully and legibly as possible. Then, take a new piece of paper and write it down again. Note the account they are for and the date. Keep these in two physically distinct, secure locations.

You could store these in a fireproof / waterproof safe, something like a Steely or CryptoSteel, get a fire-resistance bag for <$20, or simply laminate them or put them in a Ziploc bag sealed with tamper evident stickers.

One reason to have two copies is that if your house burns down, you have another copy. Get in the habit of backing up and storing critical account information, high-risk passwords, recovery codes, 2FA seeds, private keys, and seed phrases in this manner.

This way, if you are SIM-swapped, any account of yours is compromised, or your device is stolen, you simply don’t have to think about those accounts or funds. However, if you store backups in Google Drive or in your photos or in iCloud, the compromise of your account could lead to not only your exchange assets being stolen, but also the assets you don’t keep on an exchange.

More Helpful Resources on the Subject
•https://medium.com/changelly/hardware-wallets-101-88442ac385b2
•https://support.mycrypto.com/how-to/backup-restore/how-to-save-back-up-your-wallet
•https://en.bitcoinwiki.org/wiki/Cold_storage.

...



PART 2: What to do if you literally just had your SIM jacked

Panic Correctly



“Be like the duck — calm on the surface, but paddling like hell underneath.”


You are not being like a duck.

Do not let emotions cause you to do irrational and counter-productive things. Your first step is triage and damage control. In order to maximize your own effectiveness, you’re going to need to have the cognitive capacity to multitask effectively. Deep breaths.

Call Your Phone Provider

Remember, your phone no longer has the ability to make phone calls so hopefully you are with someone who is willing to lend you their phone. If you aren't, you can call a landline from Google Hangouts / Voice, FreedomPop, Line, Skype, or Viber. (See the "Prepare Yourself" section above.) However you do it, get on the phone with your mobile service provider.
1.Briefly explain the situation at hand. “I am a high-target individual and my phone number was ported approximately 3 hours ago to a new SIM that I do not control, in order to extort and defraud me. What can we do to get this resolved before more damage is done?”
2.Ask that your phone number be “turned off,” as in removed from the device it was just moved to, as in not pointed to any working SIM, as in not working for the attacker nor working for you. Sometimes representatives are willing to do this even if they refuse to move your number back to your SIM. Cutting off the attacker’s access is more important than you having access right now. “Since this is an active situation, can you please remove my phone number from that SIM immediately, meaning no one can receive phone calls or text messages to my number. Then I can more fully explain or visit a location in person to verify my identity.”
3.Ask for your phone number moved back to your SIM / device. As would be the case, they will likely now decide that you must absolutely, positively be in-store with a government-issued ID. But, it never hurts to ask.
4.Ask for and write down the employee’s name / employee ID number and the date / time of your call(s) for your records and future conversations with law enforcement.
5.Ask for and write down the case ID number and / or support ticket number for your records and future conversations with law enforcement. If they push back at all, ask them how you are supposed to reference your case when filing a report with law enforcement.
6.Request that they (your mobile service provider) retain all logs. Specifically ask for the International Mobile Equipment Identity (IMEI) number, time of call, employees involved in fulfillment of the request, and any other information they have related to your account, the SIM porting, and this situation. Note: they may not disclose certain information to you, but you can ask. Priority should be that it's saved somewhere for law enforcement.

Helpful hints for one of the most frustrating conversations of your life:
•Be direct and focus on getting your phone number “turned off” or back in your control. Be explicit. Repeat yourself. Try to avoid wasting time on what / how / why this happened or who’s at fault.
•Don’t yell. Focus on working with them to accomplish what you need accomplished. This minimum wage, outsourced, call-center employee doesn’t know anything about you, your crypto, or your situation, and you do not have the time to explain it to them. Use phrases like “what can we do to make this happen?” to emphasize that you are a “team.”
•Hang up and try again with a new agent if you get a particularly dense or uncooperative employee. This is likely how your attacker did it, so can you.
•Escalate your call to a person with more experience and power. Try asking specifically for the fraud department, using phrases like “identity theft” and “illegal account creation” and “port out fraud,” which seem to be trigger words. The fraud departments are typically filled with more experienced agents.

...



Lock Down Your Accounts

It’s not a bad idea to refresh your locks every now and then.

As you’re doing this, secure any compromised accounts, assess the damage, and start gathering the most critical information for investigators and law enforcement.

Take notes on everything you do and screenshot excessively. Screenshot when you access something. Right before you change something. Right after you change something. For example, you may kill an attacker's active session, BUT you will want their device type, time accessed, and IP address once the dust settles. Also, being filled with adrenaline while multi-tasking results in terrible, terrible memory and you don't want to repeat work.

Access and change your password for your primary email account(s)

Access the account. Screenshot. Go to your settings and turn on 2FA via Google Authenticator. If it was already enabled, remove it and enable it fresh. Screenshot and then remove any recovery emails or phone numbers to prevent another avenue in. Screenshot and then remove all devices, apps, active sessions, app passwords, “log in with….” sites, connected accounts, etc.

If you cannot access your Google because the attacker has changed the password, follow this guide by Chris Robinson on how start the recovery process for your account. You should do this now.

Check your email for any password reset emails or “you just signed in on a new device” emails
•Be sure to check your spam, archive, and trash folders.
•Screenshot excessively.
•Write down any and all the services you see mentioned in these emails.

Make a prioritized list of accounts to secure
1.Accounts that you know the attacker has accessed or attempted to access (such as those in the password reset emails).
2.Critical accounts that can lead to further compromise of data or financial loss (other email addresses, exchanges, password managers, cloud storage, banks).
3.Accounts that could be accessed with the information found in accounts an attacker has already accessed.
4.Any non-critical accounts that could be damaging if compromised, such as older email addresses, social media, messaging, etc.

Starting at the top of your prioritized list, secure all of your accounts
1.Log in to each account on your list. Screenshot.
2.Change the account password to a strong, unique password.
3.Enable 2FA via Google Authenticator. If it was already enabled, remove it and enable it fresh.
4.Screenshot and remove any insecure recovery or 2FA methods (e.g., email addresses, phone numbers). Note if the attacker updated any of this information (perhaps to their own email address?)
5.Remove the phone number linked to the account and/ or replace it with one the attacker does not control.
6.Enable any and all security features that are offered.
7.Enable any and all notifications that are offered.
8.Screenshot and then remove all devices, apps, active sessions, app passwords, “log in with….” sites, connected accounts, etc.
9.Make notes about any financial loss.
10.Make a note if there are signs the attacker accessed that account or made any changes.

Secure your exchanges and any other services that hold money (Paypal, Banks)

In addition to the list above, you should take additional measures for your financial accounts.
1.If you have any money or crypto currently in these services and you can confidently withdraw to an address or bank account you know you control and could not be compromised, do so now. Initiating the withdrawal will put those funds in a “locked” state for a period of time.
2.If you have any money or crypto in these services but you aren’t confident about moving it, you can email them and request they lock down your account and prevent any withdrawals, deposits, trades, buys, sells, transfers, and/or logins until further notice. Links to top exchanges and an email template can be found in Chris Robison’s guide.
3.Enable any special security features (e.g., Kraken’s GSL).
4.Screenshot and remove any withdrawal addresses, linked bank accounts, credit card numbers or banking information, especially those that could be used to withdraw USD from your bank account (e.g., https://www.coinbase.com/settings/linked-accounts).
5.Screenshot and remove any “confirmed devices” or “active sessions” or “browsers that don’t need a second factor” (e.g., https://www.coinbase.com/settings/account_activity).
6.Screenshot and remove any and all API keys or OAuth applications (e.g., https://www.coinbase.com/settings/api).

Check your Telegram for active sessions

It is extremely common for SIM-swappers to go for Telegram accounts shortly after attempting cryptocurrency exchange account access.
•Navigate to “Settings” -> “Privacy and Security” -> “Active Sessions.”
•You should now see all devices that have access to your Telegram and messages.
•Screenshot this screen.
•Click the “Terminate All Other Sessions” button.
•Then, returning to “Privacy and Security.” enable “Two-Step Verification.” Use an email that is not compromised.
•Change the phone number to one that is not compromised.

Breathe.

Once you’ve put the proverbial tourniquet on the situation and phone number is back in your control, or at least guaranteed to be out of the attacker’s control, you’ve secured all of your accounts, there are no new password reset emails or other weird things happening….



Breathe.

Give yourself five solid minutes to decompress. You deserve it and it will help you as you go forward. The next steps require less adrenaline and more attention to detail.


Just do it.

Access or Return to Any Accounts You Haven’t Pull Logs From

You will want to check this for each cryptocurrency exchange, bank account, or any other breached account. Save anything and everything, even if you don’t think it’s important. Some examples...
•Gmail: https://support.google.com/mail/answer/45938?hl=en & https://myactivity.google.com/item.
•Google Suite (a custom domain but with Gmail/Google): ask your administrator to pull audits and logs. They are very in depth, such as https://support.google.com/a/answer/4580120?hl=en.
•Coinbase: https://www.coinbase.com/settings/account_activity.

Keep your eyes open for anything you missed the first time around. If you see signs of an attacker accessing one of your accounts, what were they doing? What information were they able to access? What information do you know they accessed? What could they do with that information?

Call your phone provider again

See what information you can get from them at this time. Ask them how you can reference your case when filing a report with law enforcement. See if they have any advice for you.

Sometimes they are able to reveal certain information, such as how this occurred, when it occurred, if it was done in-person or over the phone. Sometimes they will even give you the IMEI and other details. Note all of this.

You should also discuss and implement whatever options they have available to secure your account and ensure this can’t happen again. Sometimes, magically, there now is another layer of protection they can offer you that they didn't think to mention before.

File a report with law enforcement

You’re going to want to begin feeding all of this information to the right people. This begins with filing a law enforcement report. In most countries, the local police are not who you want to go to. Tragically, most local police won’t even know the proper place to report it.

Depending on your country, there are different places you need to report to. You can use this handy list for reference. If you’re in the US, then you’ll want to report it via IC3. Please note that IC3s don’t generate report numbers, so be sure to save a copy of your report upon submission!

Ensure your report includes...
1.Your mobile carrier, phone number, time and date of incident, and everything else you’ve recorded regarding your interactions with your mobile carrier (e.g., “they should have the IMEI handy”).
2.Steps you’ve taken to subsequently secure your phone number (e.g.. you’ve added a passphrase).
3.Accounts that have been accessed (e.g., Gmail and Coinbase) with specific timestamps, device information, IP information, and other data as applicable. Be sure to include the obvious - your email address, the account information (username or registered email) for the exchange, etc.
4.Any asset loss, including withdrawal transactions as applicable. If there is a large number of transactions out of a personal wallet or exchange account, note affected personal wallet addresses with a statement like “transactions beginning on X date at Y time were not initiated by me.”
5.Any contact the SIM-swappers have made with you post-breach; this will typically be via Telegram or SMS. Annotate account names, how they contacted you (SMS, Telegram, via a third-party), profile pictures, usernames, and the full content of messages.
6.Any extremely sensitive data that could have been accessed (KYC documents, trade secrets, etc).

Remember: your role is to operate in facts, not theory. Law enforcement has analysts to theorize. Do not provide unnecessary noise with emotional rants about what you think took place. Provide them with the raw data in as sensible of a format in as chronological an order as possible.

...



PART 3: What to do after you’ve been SIM jacked


Inform your network


Regardless of what you are feeling right now (embarrassment, shame, and despair are common), you will need to do the right thing for your personal and professional networks. The data obtained by the SIM-swappers cannot only be used to extort you, but to extort others.

Additionally, sharing your experience and lessons learned may inspire those in your network to take measures to improve their own security.

Here's a sample message you can use as a starter:


“I want to let you know that on [DATE] I was SIM swapped and had some of my accounts hacked. Some information in our messages / emails may have been compromised in the process. [NOTE ANY ESPECIALLY RELEVANT SPECIFICS HERE.] I have notified law enforcement and taken steps to secure my phone number and accounts. It is possible that the SIM swapper(s) may contact you or attempt to extort you. If they attempt to do so, please notify law enforcement and do not pay them. While I find this incident embarrassing, I hope that my transparency in this matter is appreciated and we can continue our professional / personal relationship after my hard lesson learned.”

For those of you that are interacting with the victim of a SIM swap, providing the victim support and understanding during this time, and especially gratitude for their transparency, is extremely important. Inversely, if an individual (and especially) a company experiences a SIM swap or other data breach and conceals it, we highly recommend ceasing any relationship with them due to their disregard for you and your own security. You also have the ability to notify pertinent authorities that this individual or business opted to try to sweep the incident under the rug, which is often illegal. Legalities aside, as an industry, we need to begin expecting individuals (and especially companies) to do the right thing.

...


Fully audit and secure literally all of your accounts

You’ll want to set aside time to go through each and every possible account you can think of: lower-priority accounts you may not have thought of during the “tourniquet phase,” such as old emails, old social media, etc. Any new forensics points you discover (these accounts were accessed) should be annotated.

Additionally, you may want to re-secure and ensure you have secure, offline backups of all of your accounts, passwords, recovery codes, 2FA backups, etc. now that you have more time.

...


Do not engage with the attacker

Do not under any circumstances engage in conversation with the SIM swapper(s) or those claiming to be them, have information on them, etc.

Document but ignore these messages. This cannot be emphasized enough.

You may experience extortion attempts from the SIM swapper(s), but do not give in to these. If you do, the SIM swapper(s) will simply return to you for more money at a later point, possibly on other accounts.

Giving in to extortion not only provides financial support and incentive for continuity of this crime, but encourages the SIM swapper(s) to engage your network and extort them.

...


Decide What Information to Share with People

Do not provide any information about the specifics of your case or raw data dumps to anybody that is not law enforcement, your attorney, or an investigator.

There are very few people who qualify as legitimate investigators for this type of crime and they will not be anonymous. Your friends are not investigators. A random dude on Twitter is not an investigator. Currently, the only known professional service for support on these types of incidents is CipherBlade. Anybody that contacts you claiming to have identifying information on those responsible for your incident, for a fee, is attempting to scam you.

Any details you provide to anyone besides your attorney / law enforcement has a tendency to spread rapidly. It is extremely common for internet fraudsters to social engineer both victims and the networks of victims to further extort money and / or determine what tracks they may need to cover.

...


Decide What Information to Share with the Service Providers of Breached Accounts

It doesn’t hurt to notify exchanges, email providers, or other providers when an account of yours was breached and especially when your assets were stolen. Inform them that your account was breached, you’ve regained access, and you’ve submitted a law enforcement report. If you can, include specific dates, times, transactions, or IP addresses that were not made by you. Include only the information regarding the service you are contacting—don’t give them all your data dumps.

It is highly unlikely these providers will supply you with information you cannot access via your account dashboard, and they especially will not disclose details about another person or account. For example, if you noticed stolen assets ended up transferred to a particular cryptocurrency exchange, that exchange will not provide you with account information due to data privacy laws.

However, giving that exchange a “heads up” that law enforcement may be contacting them soon is still considered to be a good practice.

...


Protect Your KYC & Identity Documents

If you had identity documents (such as scans of driver’s licenses, passports, etc.) that weren’t watermarked, then you’re going to want to notify authorities immediately and obtain new identity documents. Failing to complete this step may result in your identity being used to open new exchange accounts, new credit cards, new loans, or sold on the dark web and further used for nefarious purposes.

As described earlier, it is your responsibility to notify your professional / personal network of this incident, particularly when it comes to identity documents or other personal details being accessed, because SIM swappers will utilize these documents, conversations, and data to pose as you and conduct impersonation scams — most likely on your contacts.

While failing to inform to your network about potentially breached information may not make you an accomplice in the criminal sense, it makes you an accomplice in the moral one.

...

Accept Some Harsh Realities & Work to Move Forward

The process by which you move forward from an attack like this, especially if it includes financial loss, often follows the classic "seven stages of loss": shock / denial, pain / guilt, anger, bargaining, depression / loneliness / reflection, reconstruction, acceptance / hope.

By now, the “tourniquet phase”, “control phase”, “shock phase” are complete and you are likely experiencing pain, guilt, sadness, and perhaps even some anger and bargaining for good measure.

While it is tragic you are the victim of a crime, accepting how it happened, what it currently means, what you must do now, and what to expect is critical in order for you to reach a point of acceptance and move forward.

If at any time during this process things get especially tough and you are feeling hopeless, depressed, or suicidal, we strongly encourage you to talk to someone about it. There are so many amazing resources out there, especially if you aren’t getting the support you need from your own personal network.
•Suicide Hotlines (Worldwide)
•More resources
•Even more resources
•And, if you hate phone calls, you can shoot an email to the Samaritans.

...


You must involve law enforcement

This is non-negotiable. Nobody else is going to legally resolve this matter. No investigator will tell you that your case is legally resolvable without law enforcement and the legal system, and anyone that disputes this is lying to you.

Now is a good time to put aside any personal beliefs, fear, or avoidance of law enforcement. The law enforcement officials you will be in contact with don’t care about your drug preferences or shoddy tax work.

“Hacker for hire” services are almost always scams that capitalize on your desperation and gullibility. At best, you’ll lose (more) money. At worst, you've just implicated yourself in a crime.

...


Own your own shortcomings, use the opportunity to educate others

"Grant me the serenity to accept the things I cannot change, the courage to change the things I can, and the wisdom to know the difference."

Accept:
•There is no single party who is responsible for your loss except, arguably, the attacker.
•Your phone carrier’s service employees failed to do thorough due diligence on the SIM port request and may have ignored your security settings. (Note that this does not mean the phone carrier is liable for consequences of the SIM swapping, such as loss of assets, when those consequences could have been prevented by proper security settings in other places.)
•The system is partially responsible for even deciding that relying on phone numbers was a good idea.
•You are partially responsible due to a lack of your own due diligence surrounding your personal security.
•You will probably not get your money back.
•You cannot go back in time.

You can only change yourself and your own personal security moving forward. While it's incredibly frustrating to rely on third parties without being able to change or control their behavior, that's the way the world works.

Exclusively blaming your phone provider, your exchange, your email provider, or the blockchain itself will result in a longer recovery process for yourself and a lot of angry, sleepless nights. The goal here is to move past this. Please, don’t be this guy.

Additionally, you will experience immense disappointment if you are expecting your email provider, your exchange, or the general public to investigate, change their behavior, or take any specific actions for you, or because of you. It's unlikely they will do much and if they do, they won't share with you.

On a brighter note, some folks find that sharing their experience and educating those around about how to be more secure can be cathartic and rewarding. Be careful not to reveal exact specifics of your case and focus on helping others rather than playing the blame game. Helping others can help yourself.

...

Adjust your expectations of law enforcement

While this is, in fact, law enforcement’s responsibility to investigate and resolve, you’ll need to accept the fact that it may be quite some time before any progress is made on your case. Presuming (and this is a big presumption, since the majority of law enforcement reports don’t contain enough actionable information) your law enforcement report contained adequate data to progress your case, in the US, it may be 2-3 months on average before an FBI Special Agent even contacts you regarding the matter.

In 2018, we saw a large number of arrests of SIM-swappers in the US occur in less than a year from time-of-incident to time-of-arrest. We consider this to be lightning speed. Crypto investigations don’t move at crypto speed.
1.Telling yourself that the assets are lost actually helps your mental health. Constantly thinking about these assets may tempt you to do things fueled by emotion that will push your case backward, such as engaging with the SIM swapper(s), leaking data, or otherwise making needless noise for investigators.
2.Hounding investigators or law enforcement for updates won’t help your cause. To an investigator, “when update?” is equally obnoxious as “when moon?” Investigators and law enforcement may or may not provide you infrequent, pertinent updates. You will not get a play-by-play nor will you get sensitive data. Investigators and law enforcement are extremely busy people with limited amounts of time. Making needless noise for them is pushing rewind, not fast forward.
3.There is no guarantee that your SIM swapper will be caught. While there has been a lot of news lately about SIM swappers being arrested, they were located in the US and had impressively bad operations security (opsec), which made the job of investigators far easier. The investigation of your SIM swapper(s) will likely take longer.
4.You’re probably not getting 100% of your money back, even if your SIM swapper is caught. Sim swappers tend to live lavish lifestyles with their ill-gotten gains and even after the arrest, the process of asset recovery still hasn’t begun and may take a year or more to complete. This means you’ll get a pro-rata asset recovery, presuming there is enough data to identify you as a victim.

...

Consider Hiring Professional Help

This could be to assist you with your own mental health and well-being, the investigation, or mitigating damage potentially done to your business due to data loss or ongoing extortion. As we noted before, be extremely skeptical of people who reach out to you to “help” as these are likely scams. Fully review and collect references before hiring anyone.

Additionally, if you are a high net-worth individual or operate a business, now may be a good time to invest more in your security, your business’s security, and / or your employees’ security. There are a number of reputable firms that can provide security audits, awareness training, and identify single points of failure. This isn’t something you can take shortcuts on. Reputable firms will cost money and will take time. In our opinion, it’s money well spent.

Regardless, you are the best person to determine what help you may need. We encourage you to check in with yourself throughout this process, stay mindful, reflect on your situation, and take measures to improve yourself and your life.


Conclusion

Sim-swapping is a terrifying reality in this day and age and is especially prominent in the cryptocurrency industry. As long as phone numbers remain a single point of failure and protect so much value, SIM swapping attacks will continue and likely increase in frequency and sophistication.

Until we change this aspect of the world, you must take responsibility for your own security. By educating and securing yourself, you are one less victim and one less success story for an attacker. Proper preparation prevents piss poor performance.

...

This article was co-authored by MyCrypto and CipherBlade.

MyCrypto’s experience building one of the most widely-used, “noob-friendly”, Ethereum wallets has taught them the importance of personal security and education within the cryptocurrency space. They’ve experienced these attacks first hand and through their friends and colleagues. MyCrypto is proud to play a role in developing this “anti-sim-swapping bible” and hope it’s contents reduce the amount of loss and successful SIM swaps.

Get in touch with MyCrypto via Twitter, Facebook, or iheartsecurity@mycrypto.com.

...

CipherBlade is currently the only known professional service to provide support and resources for incidents like SIM swapping. Their dedication to the blockchain space and investigative experience has helped recover millions of dollars of stolen funds, prevented ICO scams, and mitigated emergency security incidents, day and night.

Join CipherBlade on Telegram, Twitter, or hq@cipherblade.com.

If there’s anything we failed to include, could be more clearly stated, or is no longer correct, please find us on any of the links above and we’ll update ASAP.



Thanks for reading!

...

Seriously, you made it to the end? And… you want more?
•https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-SIM-port-hack-35de11517124
•https://www.zdnet.com/article/wave-of-SIM-swapping-attacks-hit-us-cryptocurrency-users
•https://nypost.com/2019/04/13/hackers-are-stealing-millions-in-bitcoin-and-living-like-big-shots/
•https://blog.kraken.com/post/219/security-advisory-mobile-phones/
•https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616af
•https://medium.com/mycrypto/mycryptos-security-guide-for-dummies-and-smart-people-too-ab178299c82e
•https://winter.mycrypto.com/
•https://cipherblade.com/cybercrime-reporting/
•https://www.youtube.com/watch?v=WW6myutKBYk
•https://coingeek.com/cipherblade-share-a-lesson-about-crypto-theft/
•https://support.mycrypto.com/staying-safe/how-to-securely-store-and-guard-your-private-key
•https://medium.com/changelly/hardware-wallets-101-88442ac385b2
•https://support.mycrypto.com/staying-safe/protecting-yourself-and-your-funds
•https://github.com/crytic/awesome-ethereum-security
•https://github.com/crytic/blockchain-security-contacts
•https://medium.com/mycrypto/mycryptos-security-incident-response-101-36a57b17038b
•https://support.kraken.com/hc/en-us/articles/360000444963-Setting-up-the-Global-Settings-Lock-GSL-
•Titan
•YubiKey
•Ledger
•Trezor

3240  Other / Beginners & Help / Re: MUST READ They're coming for your Crypto, SIM SWAPPING BIBLE on: August 31, 2019, 04:49:28 PM
Thanks FattCatt!!  In case they remove it...this will be here forever!   Cheesy


The SIM Swapping Bible: What To Do When SIM-Swapping Happens To You


How to protect yourself from a SIM hijack, deal with an attack as it happens, and recover afterwards.

CipherBlade

CipherBlade
Follow

Jun 5 · 51 min read

MyCrypto and CipherBlade have collaborated on this article to help you understand the dangers of a SIM-jacking attack, and how best to defend yourself against and attack, and how to recover from such an event. This article aims to be a “one-stop” article to read, reference, and share with your friends and colleagues. It's not short, but it's thorough.

We encourage you to ask questions and leave comments as you read. Whether you are a newcomer to this space or a long-time security expert, your commentary helps make this guide more comprehensive and keep it up-to-date. If you have more in-depth feedback, start a conversation with us.

Note: SIM jacking is also commonly referred to as "SIM-swapping," "SIM porting," "port out fraud," "phone porting," and "SIM hijacking." We use these phrases interchangeably in this article.

Of course, SIM-swapping isn’t the only risk that exists in this digital world. It’s a good idea to audit your online security overall, and we recommend referencing MyCrypto’s Security Guide For Dummies And Smart People Too.

Table of Contents

INTRO: What is SIM jacking?
•How do they get your SIM / phone number?
•How do you know if you’ve been SIM swapped?
•What happens once they get your SIM?

PART 1: What to do before you get SIM jacked
•Reduce the chances of an attacker successfully swapping your SIM
•Separating Concerns
•Securing your Google Accounts
•Securing your Apple / iCloud Accounts
•Securing your Password Manager
•Securing your Authy
•Securing your Telegram
•Securing ALL The Things
•Last Step: Prepare Yourself
•Bonus Round!

PART 2: What to do if you literally just had your SIM jacked
•Panic Correctly
•Call Your Phone Provider
•Lock Down Your Accounts
•Access or Return to Any Accounts You Haven’t Pull Logs From
•Call your phone provider again
•File a report with law enforcement

PART 3: What to do after you’ve been SIM jacked
•Inform your network
•Fully audit & secure literally all of your accounts
•Do not engage with the attacker
•Decide What Information to Share with People
•Decide What Information to Share with the Service Providers of Breached Accounts
•Protect Your KYC & Identity Documents
•Accept Some Harsh Realities & Work to Move Forward
•Consider Hiring Professional Help

CONCLUSION

...



INTRO: What is SIM-jacking?

Sim-jacking is an attack in which your phone number is migrated away from your SIM card / phone to a different SIM card / phone that an attacker controls. The attacker then uses this access to your phone number, usually via text message, to gain access to your other internet accounts. They do this by “recovering” access to an account (e.g., Google) or in conjunction with other information or access they have (e.g., using a previously leaked password + SMS 2FA).

“But I'm not famous / wealthy enough to have this happen to me!”

If you are reading this article, we guarantee that you are a potential victim of this attack. It doesn't matter how "famous" you are or how well-known or little-known you are. While there are certain actions that may make you a bigger target, we have seen far more people with increasingly smaller profiles falling victim to these attacks lately.

Why? The ROI for attackers getting their hands on your crypto is huge. Crypto is very unique — it's decentralized, it can be easily anonymized, and it has real monetary value. This attack is relatively easy, requires no code, and is becoming increasingly reported upon, inspiring more and more attackers to give it a shot.







Basically you right now.

In addition, your cryptocurrency isn’t the only thing that can be stolen. 2019 saw a transition from stealing crypto to stealing sensitive data, such as business documents, personal information, or other data. The SIM swappers no longer need to rely on directly stealing funds—they can also succeed via extortion.

Lastly, all the information an attacker needs in order to socially engineer a mobile phone provider's support representative is readily available via social media or sites like TruthFinder. Because most people (including possibly you) don’t realize the consequences of gaining unauthorized access to one’s phone number, it’s an area that is not secured in the same way other things can be secured.

All of the above results in more people attempting more attacks with more success. In turn, it's not just famous people, the "top 100 influencers," or high-profile traders who are under attack. It's anyone and everyone who is involved in crypto.

You are at risk. Accept this. Take action now before it is too late.

How do they get your SIM / phone number?

One of the reasons SIM-swap attacks have been so successful is that many mobile phone carrier representatives are extremely easy to socially engineer. An attacker can call up your phone provider’s support line, pretend to be you or another authorized party, and spin some story to get the support agent to transfer your number to the attacker's SIM. If they run into any friction, the attacker hangs up and immediately tries again with the next support agent.

While this shouldn’t be possible, especially if you have a PIN number or other protection enabled, it still is. Unfortunately, there is no fool-proof way to prevent your phone number from being ported.

Support agents aren’t trained on this type of attack and are able to migrate your phone number, regardless of the information “you” provide or don’t provide. 99% of their calls are from people who legitimately broke their phone or got a new phone and need this action taken. Support agents are typically paid next to nothing and their performance is judged by computers. There is little incentive for them to protect you from an attack they know nothing about, and a high incentive for them to help "you," keep "you" happy, and keep their average call times down. To make matters worse, any notes on your account are not prominently displayed to support agents and are completely inaccessible to them if you have an additional PIN / password on your account.





Yup, that’ll solve it.

How do you know if you’ve been SIM-swapped?
•You may receive a call or text from your phone carrier’s support agent if the attacker disconnects in order to try again. Typically they’ll say something like, “Sorry we got disconnected...” Don’t ignore this! They were just talking to someone who was pretending to be you.
•You will suddenly and unexpectedly have NO cell reception. None whatsoever. Restarting your phone doesn’t resolve.
•You may have notifications that came through before your phone lost service or if you still are connected via Wi-Fi, like emails from your phone carrier or password reset emails from various services.
•You may have a system notification stating that you can no longer access a phone-level account (like your Apple ID or Google account) and need to re-enter your password.
•On Android, you may have a “this account was added to a new device” notification.
•On iOS or your Mac computer, you may have a "are you attempting to log in from Los Angeles, California?" pop-up.
•If you use any non-SMS 2FA mechanisms that have push notifications (e.g., Microsoft Authenticator, Apple), you may have a “here’s the code you requested” or “are you trying to log in?" notification.

What happens once they get your SIM?

They start “recovering” access to your accounts one-by-one, gathering data, personal information, passwords, and a list of products and services you use as they go. Let’s look at one SIMple example. Keep in mind, this is not a comprehensive look at what an attacker could do to you.
1.An attacker successfully gets your phone number on their device, allowing them to receive all your incoming text messages and phone calls.
2.The attacker attempts to log in to your primary Google account and clicks “Forgot password?”
3.The attacker clicks “Try another way” until they get to the “Get a verification code sent to (XXX) XXX-XXXX” screen.
4.The attacker receives the SMS sent to your phone number that they now control and successfully resets your password and gains access to your Google account.
5.The attacker changes your phone number and recovery email to ones that only they control, ensuring you cannot easily regain access to your account.
6.The attacker looks through your email and sees emails from Coinbase and Kraken.
7.The attacker goes to these exchanges, clicks “Forgot Password?,” and enters your email address (that they now control).
8.The attacker withdraws all your crypto from your exchange account to their own crypto addresses (approving all trades and withdraws because they have access to your email and text messages).
9.The attacker buys more crypto with any USD holdings you have, linked credit/debit cards, or linked bank accounts. If these transactions are processed before you regain access to your Google or exchange accounts, your bank account will be emptied, sold for crypto, and in the attacker’s sole control.

Note: because the attacker has access to your email and SMS, they are able to intercept and then delete any emails or texts regarding your new password or withdrawals. This means you may not realize which accounts have been accessed or emptied until much, much later.

Needless to say, it is incredibly damaging, especially if a bad actor is able to take over a critical account—think Google, Apple, or your password manager—that allows them to gain access to other accounts.

...



PART 1: What to do before you get SIM-jacked



There is no guaranteed way to prevent your SIM from being swapped. Therefore, we must approach this from two angles.


1.Reduce the chances of an attacker successfully swapping your SIM.
2.Reduce the consequences if your SIM is indeed swapped.

The actionable items described below should take you three or four hours to complete. Please, take the time to secure yourself and your cryptocurrency. If you don't, perhaps consider that these decentralized, irreversible assets may not be a good fit for you right now.

We applaud you for making it this far. You’ve invested more time into educating yourself about personal security than most. This is essential in a space where there is no centralized party, government, or bank to fix things if they go wrong.

Reduce the chance of an attacker successfully swapping your SIM

Depending on your phone carrier, you will typically have the following options for authorizing the transfer of a phone number to a new device:
1.A numerical passcode, like 1234. Except, please don’t use 1234, nor the last four of your social, nor your birth date.
2.A passphrase, like “password1234.” Except, please don’t use “password1234,” nor your pet’s name, nor a password you use elsewhere.
3.Requiring in-person presence at a store with government issued ID.

Obviously, #3 is the best option. We've worked with dozens of people who have been SIM-swapped and we have yet to see an attacker successfully swap a SIM in-store, with ID (although we do know of one case where it was attempted). This makes sense as it requires a lot of risk and effort on the part of the criminal.

The downside is that mobile carriers have not established a sterling reputation for adhering to any of these security measures and, even if they do “put a note on your account,” it does not mean that the support agent who handles a call regarding your account will heed the request.

Nonetheless, these steps are still worth taking, as it reduces the likelihood of a successful attack, makes it harder and more time-consuming for the attacker, and gives you the ability to prove you took these steps, which can allow you to pursue a civil case against your phone carrier, such as the one Michael Terpin has filed against AT&T.

Action Items
•Log into your mobile phone carrier account and change your password to a strong, unique password.
•Enable 2FA or an additional PIN or passphrase if you can.
•In any unused fields, like middle name or address #2, add your own notes. Like: “DO NOT SWAP SIM” or “REQUIRE IN-STORE VISIT FOR ACCT CHANGES!!” or “DON’T YOU DARE PUT MY # ON A NEW PHONE!”
•If you have multiple people on the account, see if you can remove yourself as a person with authorized access to make account changes. Imagine you are an irresponsible 12-year-old teenager and the other person on the account is your mom 😉. Do that. You may need to call or be in-person.
•Visit your phone carrier’s nearest location in-person.
•Document everything: date & time of visit, location visited, names and employee IDs of those you talked to. Ask for them to send you a text, give you a print-out, or send you an email confirming what you discussed and any changes that were made to secure your account.
•Instruct the representative that any request regarding your SIM, device, phone number, or account administration only be done in-store, after you present your government-issued ID.
•Request that a PIN or passphrase or both is added to your account when any actions regarding your account are requested.
•Share what you learn and what your experience was like with us and others, especially if there was something specific you said or did that worked especially well.

Helpful Hints for Success
•Be nice and courteous. It's unlikely that the minimum wage store employee knows about these attacks and certainly doesn't have the authority to implement and enforce proper security procedures on a corporate level.
•Inform them that you are a high-risk individual (even if you don’t think you are!) and you need to understand what they are doing to protect you from this style of attack. See what they offer before listing your demands.
•Have some links prepared on your phone to educate the person you are talking to about the style of attack and magnitude of loss. (One. Two. Three. Four.)
•If you aren’t getting helpful service, politely ask if they have a manager or colleague who is more experienced with high-risk individuals. Or, try again at a different time / location.
•Rumor has it that some phone carriers have special services for “high-risk individuals or celebrities.” Ask about that.
•Rumor has it that AT&T provides a super-secure option that locks down everything. The downside is you no longer have online access and even have to go into the store to pay your bill, like the dark ages. The upside is it’s much harder to be attacked. Ask about this, even if you aren't on AT&T.

Total Time Required
•Two hours on the absolute high end.

...



Reduce the consequences if your SIM is swapped

Separating Concerns

As a general rule of thumb, you should “separate concerns” when it comes to your phone numbers. While you probably only have one number at the moment, it’s time to upgrade your life.

Don’t use your primary cell phone number for business — the one everyone knows and is easily discoverable via your social profiles, open-source intelligence (OSINT) tools, or free online services. Don’t use your personal or business number for securing or logging into accounts.

A Google Voice number is free to sign up for. You can use a Google Voice number for SMS verification for websites and services that insist on using SMS 2FA or otherwise require a phone number. As long as the Google account you have associated with this Google Voice number is secure, you will be more secure.

Ideally, you will have a dedicated Google Voice number that you use solely for securing accounts. It should not be known by anyone nor should it be tied to a Google account you currently use / is known. Don’t share this number or email with people, and don’t enter it into a form when you make a random online purchase.

Action Items
•Create a new Google account.
•Choose a username that is not associated with you. Pick some random name. Have some fun—this is your new alter ego.
•Create a new Google Voice number with this account.
•Secure this account. Detailed instructions are found under “Securing your Google” section.
•As you are updating your existing accounts or creating new accounts, use this number whenever you are forced to provide a phone number for recovery or security reasons.

Total Time Required
•Less than 5 minutes

...



Securing your Google Accounts

Once an attacker gains access to your phone number they typically go directly to your Google account. It is here that the real damage begins.


Once an attacker is in your email account, they can initiate a password reset for any account that uses that email address to log in to or as a recovery method. This grants them an endless array of financial accounts and data, personal information, files, photos, messaging platforms, and who knows what else. Think about everything that is linked to your primary email. 😱

While the above cannot be understated, it’s also worth noting that emails are not necessarily the highest-value asset in your Google account:
•They can see all your saved passwords via chrome://settings/passwords.
•They can see all your bookmarks (like which exchanges you use) via chrome://bookmarks/.
•They can see your payment methods via chrome://settings/payments.
•They can see all your home, work, and old addresses via chrome://settings/addresses.
•They can grab your mnemonic phrase, along with some sexy photos, via Google Photos.
•They can steal your paper wallet backup stored in Google Drive.
•They can make a clone of your phone using your backups that are stored in Google Drive.
•They can see where you are currently, physically located and everywhere you’ve been in the past via your Timeline.
•Your calendar tells them where you will be and if you are traveling soon so they can time future attacks while you’re on a plane.
•If it’s not in your calendar, they can just Google “my upcoming flights.”
•They can access all your Google Hangouts messages, as well as your Google Voice messages and voicemails, as well as intercept incoming ones.
•They can access all your past Google Fi messages and voicemails and intercept incoming ones.
•They can see all your notes in Google Keep, like the passwords you save there.
•They can grab all your contacts, including your social security number and your secret key that you store under “Me.” They now have the names and phone numbers of your crypto-colleagues.
•They can view all the emails you sent to yourself with sensitive information in them.
•And all the rest of your emails.
•And now know every service they should visit and initiate a password reset for.
•And see all the apps you have installed and uninstalled, like which exchanges or wallets you prefer on your Android device.
•Not to mention all the sites you frequent and stuff you do.
•They can log into and “sync” their Chrome browser to your Google account, giving them access to all Chrome extensions you have installed.
•Access to and ability to edit, migrate, transfer, or redirect your domains.
•Access to and ability to edit, migrate, transfer, or redirect your websites and steal any data stored there.
•Access to and ability to edit and deploy any chrome extensions you manage.
•Access to and ability to edit any Android apps you manage.
•Access to all your data and your user’s data that is in Firebase.
•Access to any sites you use the "Log in with Google" button to log in to.

Needless to say, it is insanely important that you thoroughly secure every single one of your Google accounts. Not just your personal one. Not just your crypto one. Not just your business one. All. Of. Them. Please. 🙏

Action Items
1.Go to your Google Account dashboard and then click “Security.”
2.Under “Signing in to Google,” click “2-Step Verification.”
3.Depending on what you have set up, what come next will vary.
4.If you are prompted to “Use your phone as your second sign-in step” (aka “Google Prompt”), do that. Approve it on your phone. Then continue to #7.
5.If you are prompted to use your phone number, do that, and continue to #7. (We’ll remove the phone number later.)
6.If you go directly to a page called “2-Step Verification” with a list of options, skip to #11.
7.Once you add one type of 2FA, Google will ask you to add a “backup option.” You want to use “Backup Codes" as your backup option, which are simply a set of single-use codes that you can use if you break your phone or otherwise lose access to your primary 2FA method of account. These are super important secrets and should be backed up and secured as such.
8.Super important secrets are things like private keys, paper wallets, your birth certificate, or social security card and should be stored in a manner that optimizes for security and long-term, infrequent access. Do not print or download them. Don’t take a screenshot. Don’t take a photo. Instead, take out a pen and paper and write down the secret as carefully and legibly as possible. Then, take a new piece of paper and write it down again. Note the account they are for and the date. Keep these in two physically distinct, secure locations. You could store these in a fireproof / waterproof safe, something like a Steely or CryptoSteel, get a fire-resistance bag for <$20, or simply laminate them or put them in a Ziploc bag sealed with tamper evident stickers. One reason to have two copies is that if your house burns down, you have another copy. Get in the habit of backing up and storing critical account information, high-risk passwords, recovery codes, 2FA seeds, private keys, and seed phrases in this manner.
9.Once this is done, click next.
10.Finalize your 2FA set up by clicking “Turn On.”
11.You should now be on a page called “2-Step Verification” with a list of all the available 2FA options. Regardless of what you have previously set up or just set up, let’s quickly audit all of it.
12.Security Key: YES! This is the most secure option, but requires you to purchase a separate device like a Titan, YubiKey, Ledger, or Trezor. If you choose this option, I recommend also using the Authenticator app or Google Prompt just in case you leave your device at home. If you have good luck using only the security key for a couple months, you can remove Authenticator / Prompt at any point.
13.Authenticator App: YES. We strongly recommend Google Authenticator, which you can download on any mobile device. (For reasons why we recommend Google Authenticator over Authy, see the section on Authy below). Click “Set Up” and then scan the QR code with your Google Authenticator app. If you want a backup of this code in case you break your phone, click “Can’t Scan It?” Follow the procedure outlined in step #8 and write down the string of numbers / letters displayed. If your phone breaks, you can re-add this to your new phone’s Google Authenticator app via this code. Confirm the 6-digit number displayed in your app. Click “Verify.”
14.Backup Codes: YES. Always have backup codes and never store them on a digital device. See step #8 above for how to securely store your backup codes. If you didn’t just generate these codes, click “Show Codes,” then click “Get New Codes,” then back them up in the manner described in step #8.
15.Google Prompt: YES or NO (your choice). The jury is out on how secure this is because it’s so new, but it seems fine as it’s tied to a device rather than a phone number. This may or may not be available depending on your mobile device. You can use it if you like it, or turn it off if you don’t like it.
16.Voice or text message: NO! If this is already set up, remove it.
17.Devices you trust: Click “Revoke All.” Let’s start fresh.
18.Next, return to https://myaccount.google.com/security. Let’s audit these settings.
19.Signing in to Google - Password: Make sure you are using a strong, unique password. If you haven’t changed this in a while, change it now. If you use this password elsewhere, change it now.
20.Signing in to Google - App Passwords: Remove any if you have them set up. These were sometimes needed back in the day but now it’s just an attack vector waiting to be exploited as these bypass 2FA. You can always set up a new app password if you need to in the future.
21.Ways we can verify it’s you - Recovery Phone: Remove your recovery phone! You can use methods from your 2-Step Verification to recover access if you need to. Click the “Recovery Phone” row and then the little delete / trash icon next to your number.
22.Ways we can verify it’s you - Recovery Email: Remove your recovery email! Click the “Recovery Email” row. There is no "delete" icon, so click the edit button. Delete all the text in that line. Click “Done.” It will let you save the empty field, removing your email as a recovery option.
23.Ways we can verify it's you - Security Question: This only appears if you have a very old Google account and previously set it up. If you see it, remove it immediately. Security questions are the worst of the worst when it comes to security.
24.Rationale for removing recovery phone & email: 1) It is vulnerable to SIM-swapping! This is the first place attackers hit when they gain access to your number! 2) This Google account can be compromised if your old Google account is compromised. 3) Your business account can be compromised if your personal account is compromised. 4) It completely removes the “2nd-Factor” from the mix. 5) It leads to chains of attacks where access to a super-old Gmail account that you never secured can grant access to your “super-secure” Gmail account that you use for all your exchanges. 6) We see this attack vector utilized all the time and the damage is immense. Kill it with fire.
25.Google apps with account access: Remove / revoke anything that you aren’t 100% actively using. You can always add it back super easily if you need to!
26.Signing in with Google: Remove / revoke anything that you aren’t 100% actively using. You can always add it back super easily if you need to!
27.Chrome / Google Password Manager: If you don't have a dedicated password manager like LastPass or 1Password, set one up now. (See the section on password managers below.) Migrate all your passwords that are saved in Google / Chrome currently, and then remove all stored passwords from Google / Chrome. This prevents an attacker who gets access to your Google account from getting instant access to all of your other accounts. Uncheck “Offer to Save Passwords” to ensure you don’t accidentally save something later. Use your LastPass or 1Password moving forward.
28.If you want to go even further, check out Google’s Advanced Protection Program. It’s pretty hefty but may be something that makes you even more secure.

Total Time
•15 minutes per Google account + 10 minutes if you need to set up a LastPass or 1Password.

...


Securing your Apple / iCloud Accounts

Gaining access to your Apple / iCloud can give an attacker access to your history, bookmarks, passwords stored in iCloud Keychain, iMessages, photos (which may contain screenshots or photos of backups, private keys, etc.), files (which may contain backups of passwords or private keys), iCloud backups of your phones, computers, files, photos, and more.

If you use an iCloud email address, an attacker can access any account linked to that email address. They can also access, edit, and deploy any iOS or Mac applications you manage with that Apple account.

If you are uncertain if your account is secure or need assistance, we recommend hiring a Certified Apple Specialist that can walk you through the process and help you audit your Apple security. While writing this, we consulted with Alex from iHelp to clarify some things.

Apple’s Unique Recovery Process

Let’s look at the recovery process of an AppleID after completing the action items below. Unfortunately, your phone number cannot be removed and can be used as part of the recovery process of your AppleID.


There are two ways to proceed with the recovery process: via your phone number or using a stolen “trusted device” of yours that isn’t protected with a secure, unique password.

When you have 2FA enabled, you need to authorize a password reset from a trusted device. This is why using a secure, unique password is so important.


However, someone can also recover your account by clicking “I don’t have access to the trusted device.”

Most of these next methods involve using “Find my iPhone” with the aid of an authorized retailer and one of their devices.

Or, if a bad actor has collected personal information about you, they can attempt to reset your password without a device, though this can take days and cannot be expedited. At the start of the process, you are sent a confirmation code via SMS, so the attacker can intercept this and begin the procedure.


Some of the personal information include things like your long card number, expiry date, and card security code of a payment method attached to your AppleID. These types of requests are sent to Apple and communication is delayed until they can verify the request and will email your AppleID later with a follow-up.

If your device is stolen, you can report it to Apple to get the serial number blacklisted and put it into “Lost Mode.” This means when the device connects to WiFi, the location is pinged to iCloud so you can see where it is.

Apple has very strict security policies and even authorized retailers do not have special powers to recover an account—they are required to verify your government-issued ID and some (if they don’t have ID scanners) ask for a debit or credit card for the account holder. Some retailers verify that the requester has access to the email account linked to the AppleID before they assist.

Key Takeaways
•Ensure any email address(es) associated with your AppleID are secure as these are instrumental for account recovery.
•Ensure you limit the number of “trusted devices” you link to your Apple account to only devices you are actively using.
•Use secure, unique passwords for all your devices.
•Be on the lookout for unexpected emails from Apple and Apple 2FA / recovery prompts on your devices. Get in contact with Apple, an Apple authorized retailer, or someone like Alex from iHelp if you are confused or concerned.

Action Items

Please note: Apple has two different “Two-step” things. You want “Two-factor authentication,” not just “Two-step verification.” Yes, it’s mind-numbing.
•Log into your Apple account and then navigate to https://appleid.apple.com/account/manage.
•Under Security -> Two-Factor Authentication, turn on 2FA.
•If you see Two-step Verification, you need to migrate to “Two-factor Authentication.” Use this guide.
•Check to see if you have any alias emails. Log into appleid.apple.com and check the “Reachable At” section of your account. If you have any alias emails attached to your AppleID, ensure they are secured.
•Remove any app-specific passwords.
•Ensure your phone number is your super-secure Google Voice number, as it can’t be removed and can be used to gain access to your Apple account.
•Remove any devices attached to your AppleID that you are not 100% actively using. You can always add them back in the future.
•Audit devices that are trusted by your AppleID. Remove those not in your possession anymore or ones you don’t use.
•For each device listed, ensure you have enabled and use a secure, unique password. This means that computer #1 has a different password than computer #2 which has a different password than your iPhone.
•(Advised) Take a look at what is being stored on iCloud. Remove sensitive or secret information, or consider limiting what files you store there. Change your iCloud settings to not auto upload your PC images to your iCloud account. While you are in iCloud, audit the “Look Me Up” list.

Total Time
•15 minutes per Apple account.

...



Securing your Password Manager

Gaining access to your password manager, like 1Password, LastPass, or another service, means an attacker now has access to any and all passwords, notes, card information, address information, private keys, SSH information, or other secure information you put in the password manager. Most obviously, an attacker can now use this information to access your accounts. Less obviously, they have a list of all the passwords you have used or historically have used.

The two most recommended and accessible solutions are LastPass and 1Password. These are “cloud-based,” although all your secret data is protected and encrypted by a “Master Password” that never leaves your computer / device. This means that there is no “forgot password” button and no way to access your account if you forget your master password.

Action Items

Note: not all of these may be available for your specific password manager.
1.Update your master password to ensure it is really, really, really strong, unique, secure, and unforgettable. Don't store the password anywhere except written down on your trusty pieces of paper.
2.If you use LastPass, 1Password, or another solution that supports 2FA, enable 2FA via Google Authenticator and / or a hardware device like Yubico.
3.Remove any email or SMS Account Recovery.
4.See if there is a “security email” or “secondary email” that can set up to receive notifications about new logins and security alerts. This is helpful in preventing an attacker from intercepting and deleting these emails if they gain access to your primary email.
5.Enable auto logouts after a certain period of time to ensure there aren’t any random open sessions floating around.
6.Remove any trusted devices that you aren’t actively using.
7.Remove any mobile devices that you aren’t actively using.
8.Once you have passwords in your password manager, check out their “security challenge” or “watchtower.” This will help you update duplicate and weak passwords and highlight your weak spots. Repeat periodically.

If your password manager is a local solution, ensure that your backups are in offline storage and your local devices are encrypted.

Total Time
•10-20 minutes

...



Securing your Authy

Each time we recommend against using Authy we get piles of questions and outrage. Here’s our rationale: that super awesome feature that you love so much—the one that allows you to recover your 2FA codes stored in Authy when you get a new phone — it’s a security nightmare! If you can recover your codes, so can an attacker.

To make matters worse, the only thing an attacker needs in order to recover all your Authy codes is a verification number that is sent to you via SMS.

you get SIM-swapped and they recover your Authy codes on their device, they will have access to all your SMS 2FA codes AND your token-based 2FA codes!

If you absolutely insist on using Authy, you must ensure it's secure.

Action Items
•Use Google Authenticator instead and back codes up on paper.
•That's it!
•Fine….
•Open Authy.
•Open the menu and then select "Settings."
•Change your phone number to the secure-secret Google Voice number from earlier.
•Change your email to that super-secret email you set up earlier.
•Navigate to "accounts" and make sure backups are off. This prevents an attacker from recovering all your codes via email + password.
•Navigate to "Devices" and turn OFF "Allow multi-device." This prevents an attacker from recovering all your codes via a single SMS.
•Select any other devices and click "Remove." This ensures you don't have an old phone laying around with all your codes.

Now, when you get a new phone, you can turn on multi-device support momentarily, set up Authy on your new device, and then turn off multi-device support immediately after. This will migrate your codes. However, this assumes you have your previous phone — you didn't lose it or break it.

If you do lose or break your current phone, you won't be able to recover these codes. So, again, just use Google Authenticator and back up manually via paper. It's not that hard and much more secure.

Total Time
•2 minutes

...



Securing your Telegram

If you’re in the blockchain industry, odds are you have Telegram. If you haven’t set up Telegram but plan on doing so in the future, use your Google Voice number.

You may not recall, but you never created a username, provided an email address, or created a password when you set up Telegram. Unless you've adjusted your Telegram settings, the only thing you need to log in is a code provided via Telegram message on a trusted device or a code sent via SMS.

You can make your Telegram a bit more secure by enabling both the "local passcode" and "two-step verification" settings:
Too often, people entirely overlook these Telegram settings (let alone all of the other steps) and while they may not experience financial loss if their Telegram is compromised, their colleagues do when the SIM-swapper hijacks their Telegram account and asks all their contacts for money.

Action Items
•Enable Local Passcode: Navigate to "Settings" > "Privacy and Security." Add a PIN under "passcode lock."
•Prevent others from discovering your phone number: Navigate to “Settings” > “Privacy and Security” > “Phone Number” and select “Nobody.”
•Deactivate phone calls: Choose “Nobody” under “Settings” > “Privacy and Security” > “Phone Calls.” Add exceptions for people you trust and do want to be able to call you. Telegram used to suffer from a vulnerability through which your IP address could leak through phone calls. We’re hopeful it has been — but better safe than sorry.
•Enable 2-Step Verification: Create a strong, unique password and don't use your primary email as the recovery email.
•Bonus points! Under "Active Sessions," remove any that you don't recognize, are on old phones, or are not actively using.

Total Time
•2 minutes

...



Pages: « 1 ... 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 [162] 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 ... 490 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!