Nice guide, you even mention risks of exposed xpub and private key generated from the xpub  You might want to mention Ledger/Trezor user also can use any software besides "official" software to make watch-only wallet. Thanks for the comments @ETFbitcoin. Yes, that part wasn't clear and would try to find where best to incorporate that. Thanks. You can use Electrum in your Android phone as well, which is more reliable than sentinel (in my opinion)
Nice guide.
Thanks for highlighting that @bitmover. Hadn't realized Electrum was on Android too! |
|
|
|
Hey all, we wrote a guide on how to create watch only wallets on Desktops, Android phones, and iPhones. https://whotookmycrypto.com/watch-only-wallets/In summary, if you are a Ledger wallet user, you are in luck as they offer options on all platforms (mobile phones and desktops) for creating watch only wallets. If you use other wallets, you may need to consider other options: 1) Desktop -> Electrum 2) iPhone -> bitWallet 3) Android -> Sentinel Any feedback is appreciated. Thanks! |
|
|
|
It is going to be difficult to believe you for someone who got involved with bitcoin in 2010 but you just registered in this forum in May 2019. This looks scammy.
Well you never know right? He could be an active member on here but doesn't want to use his main account to avoid people tracing who he is. Message to OP, I know this is a bitcoin forum but why don't u try funding other promising projects too like Monero? https://forum.getmonero.org/ |
|
|
|
I can see people fall for this kind of thing. The same type of people who google Bitcoin Foundation support because they want to speak to the manager of Bitcoin Ltd so he can revert their bitcoin transaction. It is a good thing it has been removed already by google.
Already happened many times before man. Example: https://www.reddit.com/r/Bitcoin/comments/blgv46/scammed_for_5k/If you are interested in other Ledger wallet scams, we have done an article on it ( link). Summary of what we discussed to save you a click: - Fake recovery seeds - Fake apps and software - Fake customer support (like what the OP posted) - Fake websites Stay safe |
|
|
|
And just to add on to what @bob123 said above, if you use Ledger then you are in luck. You can easily set up watch only wallets on desktop and mobile phones (using their apps). Other options available to you together with links to guides on setting up watch only wallets ( link): - Electrum on desktop - Samourai on Android - bitWallet on iPhone Also, if you are going to drop your xpub, ypub etc into a block explorer service. https://www.blockonomics.co/ (as mentioned by BitMaxz above) is good as it supports them. Hope this helps. |
|
|
|
All in your list looks the same as what I see on google a little while ago.
Would you mind sharing this website you are referring to? Yes, thanks for highlighting. We added it in our other article on Ledger wallet scams but forgot to include it here. |
|
|
|
Maybe you can try to add their official trezor (FAKE amazon shops) since there is still large number of people using their official amazon shop to buy trezor wallets and be aware such shops.
Thanks for the input. Would update for that. |
|
|
|
We recently did an article on scams targeting Trezor wallet users. Since most readers here are experienced users, we have listed the scams covered by the article below to save you a click if you are already aware of them. 1. Fake Trezor wallets 2. Fake Trezor bridge software and apps 3. Fake advertisements and websites 4. Fake Trezor customer support 5. Fake Trezor jobs (not a typo) 6. Scams targeting other wallet users (eg. Ledger) Link: https://whotookmycrypto.com/fake-trezor-wallet/Also, happy to get any feedback / new scams to be added to it. Thanks |
|
|
|
I have some questions:
1. Is there any carrier provider that allowed you to change your sim card or port to another device via phone call only?
2. If this case happens, can we blame our carrier provider on this or take some legal actions?
and what more tips or advice you can give to avoid this kind of attack.
Not sure about 1. On 2, yes there have been cases where this has been successful. Example: https://www.coindesk.com/crypto-investor-awarded-over-75-million-in-sim-swapping-hack-caseTips to avoid this
> Avoid storing your coins or funds for long term in a centralized exchange.
> Avoid using centralized cryptocurrency wallet.
> User hardware wallet or cold wallet.
Also, we wrote an article for Binance that does touch on some other ways to protect yourself ( https://www.binance.vision/security/common-scams-on-mobile-devices) > Do not use your mobile phone number for SMS 2FA. Instead, use apps like Google Authenticator or Authy to secure your accounts. Cybercriminals are unable to gain access to these apps even if they possess your phone number. Alternatively, you may use hardware 2FA such as YubiKey or Google's Titan Security Key.
> Do not reveal personal identifying information on social media, such as your mobile phone number. Cybercriminals can pick up such information and use them to impersonate you elsewhere.
> You should never announce on social media that you own cryptocurrencies as this would make you a target. Or if you are in a position where everyone already knows you own them, then avoid disclosing personal information including the exchanges or wallets you use.
> Make arrangements with your mobile phone providers to protect your account. This could mean attaching a pin or password to your account and dictating that only users with knowledge of the pin can make changes to the account. Alternatively, you can require such changes to be made in person and disallow them over the phone. |
|
|
|
1. Convert BTC to XMR (using your own Monero wallet, not a hosted wallet).
Any guides on how to do this? |
|
|
|
Got you. But human greed and social engineering do not follow mathematical models.
If you create one, it will have big sum and human greed will always like to take chance to get access on it.
But if you create 100 than the greed will be 100 time less and people will not like to risk their jobs/career for that small amount.
Yes, thought so too. If all funds are aggregated into a single wallet, then it makes it a very attractive target. Andreas had this video where he discussed why hackers go after exchanges. Couldn't locate it but would share if found. Basically, he said that hackers approach this in terms of reward / effort ratio. The key thing he mentioned is that security is not scalable. So if random user X holds $900 in his wallet and uses moderate security that requires an effort of 2 to crack, then the ratio is 50. On the other hand in exchanges, they hold say $900 million. But the security that an exchange offers cannot be a million times stronger. Consequently, the reward / effort ratio for hackers is actually higher. Which goes back to the original question, why don't exchanges split up their funds into wallets then? Somehow I believe in most of hacking it is always inside job.
Popped it into Google. Poof! You are right. https://www.benzinga.com/pressreleases/17/11/p10792005/most-cyber-attacks-are-inside-jobs |
|
|
|
So after Binance recovers from their recent hack, CZ goes around disclosing information such as the below.   Can someone explain the following: 1) Why are they making such disclosures? Wouldn't they make it easier for hackers to get to them? For example, just for the sake of argument (know it's a bad argument because of math, large numbers, publicly visible to begin with but just put that aside) - if you provide the address hackers can begin trying to brute force it. But if you don't disclose it, a hacker would not even know where to start. It's like a robbery victim pointing hackers where to attack next. Think the question here is: why are they comfortable with hackers knowing such information. 2) Why do they appear to use only ONE address for BNB cold wallet? Isn't this like putting all your eggs in one basket? 3) Likewise, how many hot wallets addresses do they use? Any way to find out such information? Clearly know nuts about this. Thanks. |
|
|
|
|
Show Posts
