Hey all, we wrote a guide on how to create watch only wallets on Desktops, Android phones, and iPhones.

https://whotookmycrypto.com/watch-only-wallets/

In summary, if you are a Ledger wallet user, you are in luck as they offer options on all platforms (mobile phones and desktops) for creating watch only wallets. If you use other wallets, you may need to consider other options:
1) Desktop -> Electrum
2) iPhone -> bitWallet
3) Android -> Sentinel

Any feedback is appreciated. Thanks!

We recently did an article on scams targeting Trezor wallet users. Since most readers here are experienced users, we have listed the scams covered by the article below to save you a click if you are already aware of them.

1. Fake Trezor wallets
2. Fake Trezor bridge software and apps
3. Fake advertisements and websites
4. Fake Trezor customer support
5. Fake Trezor jobs (not a typo)
6. Scams targeting other wallet users (eg. Ledger)

Link: https://whotookmycrypto.com/fake-trezor-wallet/

Also, happy to get any feedback / new scams to be added to it.

Thanks

So after Binance recovers from their recent hack, CZ goes around disclosing information such as the below.





Can someone explain the following:

1) Why are they making such disclosures? Wouldn't they make it easier for hackers to get to them? For example, just for the sake of argument (know it's a bad argument because of math, large numbers, publicly visible to begin with but just put that aside) - if you provide the address hackers can begin trying to brute force it. But if you don't disclose it, a hacker would not even know where to start. It's like a robbery victim pointing hackers where to attack next.

Think the question here is: why are they comfortable with hackers knowing such information.

2) Why do they appear to use only ONE address for BNB cold wallet? Isn't this like putting all your eggs in one basket?

3) Likewise, how many hot wallets addresses do they use? Any way to find out such information?

Clearly know nuts about this. Thanks.

Any suggestions apart from avoiding using it at all?

Thought of using fake details but this could get you banned.

For those wondering why you should avoid paypal: https://thenextweb.com/hardfork/2019/05/14/bitcoin-cryptocurrency-movie-piracy-homeland/

Just came across this and wanted to share. There is a fake Trezor App on Google Play Store.



This has been confirmed as fake by Trezor and has already been reported. Hopefully, it gets taken offline soon.
https://www.reddit.com/r/TREZOR/comments/bnqhfi/is_the_android_app_trezor_mobile_wallet_fake/

Serves as a good reminder, when in doubt about the authenticity of something, just ask a provider's official channel. Can save alot of subsequent headaches.

Stay safe

Link to scam app: https://play.google.com/store/apps/details?id=com.trezorwalletinc.cryptocurrency

Huge haul by hackers and this once again highlights the wisdom of the "not your keys not your crypto" saying.

Thankfully in this incident, Binance has stated they will cover all losses.

Binance will use the #SAFU fund to cover this incident in full. No user funds will be affected.

Exchanges are vast stores of crypto so are natural targets by hackers. Don't ever leave your funds on there. If an exchange like Binance can be hacked, it speaks volumes about the ability of hackers to penetrate other exchanges.

Stay safe.

For more information on staying safe while using exchanges see: https://whotookmycrypto.com/cryptocurrency-exchange-safety-guide/

Sources:
https://twitter.com/cz_binance/status/1125907214256836608
https://binance.zendesk.com/hc/en-us/articles/360028031711

Happen to come across this site: https://amiunique.org/

Apparently, am unique according to the site. Anyone here knows of ways to ensure you are NOT unique?

Thanks.

Happen to find this on YouTube, pretty interesting stuff.

https://www.youtube.com/watch?v=VV19nAuYC_4

Enjoy!

[Context:]

Posted this in another thread but didn't get a response so creating a separate topic for it.

Context: In response to a Wasabi wallet scam, verifying PGP signatures was pointed out as a solution. However, someone (nc50lc) highlighted that users were too lazy to verify PGP signatures for their wallet downloads. They preferred a download-install-open method.

Went to do some digging and found this.

Source: https://securityboulevard.com/2018/11/10-rules-for-the-secure-use-of-cryptocurrency-hardware-wallets/

Users of cryptocurrency software should demand reproducible builds and code-signed executables to prevent tampering by an attacker post-installation. The advantage of code-signing, relative to manual verification with a tool like GPG, is that code signatures are automatically verified by the operating system on every launch of the application, whereas manual verification is typically only performed once, if at all. Even verifiable software, though, can still be subverted at runtime. Recognize that general-purpose computing devices are exposed to potentially risky data from untrusted sources on a routine basis.

Can someone explain:

(1) Why don't these wallets implement the code-signing mechanism mentioned above? If the OS can automatically verify the program at launch each time, isn't this a solution to having users verifying PGP by themselves?

(2) Is it right to say that if the wasabi wallet had the code-signing mechanism implemented, it would have been easier for users to perform the verification as they can easily view the properties of the file to see who the digital signatures belong to (like in this example: https://www.sslsupportdesk.com/how-to-verify-a-digital-code-signing-signature-in-windows/)

Thanks.

It seems like only yesterday that the Electrum phishing scam happened.

Well another one has emerged and this time in the form of a YouTube ad. The YouTube ad directs users to download a fake Electrum wallet.

YouTube ad shown to user:


What is actually downloaded by user:

Download comes from elecktrum.org, not electrum.org

YouTube has already taken action to remove the malicious ad. If you haven't already blocked YouTube ads, do get uBlock Origin for your browser. Available on Chrome and Firefox. For other nifty tools to protect you as you browse the web, see this.

This certainly wouldn't be the last time an attack happens on Electrum.

Stay safe.

Source: https://www.reddit.com/r/Bitcoin/comments/b5mn17/beware_youtube_is_advertising_a_malware_version/

Would like to share this scam website: https://www.doubly.io/

This website has all the hallmarks of a scam:

> Unrealistic returns / outrageous claims: They claim to offer 4.5% interest daily with their AI trading bot. 100% money back guarantee.

> Fake team: A search on their key team members online leads to nowhere.

> Reviews: Reviews that are way too perfect. Scroll their Facebook page and you would understand this. Believe these guys even submitted their page to fake review websites to appear legit. See this: http://instantscamalert.com/details/lid/775/

> High-pressure sales techniques: While watching the freaking video on their page, annoying popups keep appearing indicating that 5% rewards would be granted for signing up within 3 minutes.

> Fake endorsements on the page: Tries to create legitimacy by placing the logos of many reputable cryptocurrency sites on the website eg. Coin Telegraph. Check out their article on Coin Telegraph here. The article (when translated) does not indicate favorable coverage or endorsement of Doubly.io. It merely was a press release for Doubly.

Have submitted this as a scam to https://etherscamdb.info/

Stay safe.

Haven't seen this shared around here.

Basically, the scam website has one download link pointing Windows users to download the fake wallet. The other download links on the site are, however, legitimate. Comprehensive testing has yet to be conducted on the fake download to find out what it does but "it’s definitely a scam".

As with the recent attack on the Electrum wallet, this incident once again highlights the importance of verifying PGP signatures of your downloads. Good link on this forums on how to go about this: https://bitcointalk.org/index.php?topic=4059348.0

Scanning files for viruses alone isn't sufficient. As scanning it for viruses threw up no detections.

Image credits: https://twitter.com/nopara73/status/1108659418680516608

Stay safe.

Source of news:
https://thenextweb.com/hardfork/2019/03/21/wasabi-wallet-bitcoin-fake/

Grew up watching her cartoons. So excited this is now available on Google Earth. It is something like a Where's Wally. Hope you enjoy!

https://www.theverge.com/2019/3/13/18263754/google-earth-carmen-sandiego-where-in-the-world

Edit 1: Have completed it. It is a pretty short game but fun nevertheless. Haven't returned to using Google Earth in a while and it definitely has improved alot.

Direct links to play here (taken from the article)
Chrome: link
Android: link
Iphone: link

Edit 2: Oh wow, there is a new netflix season on it https://www.netflix.com/sg/title/80167821

[Legend]

Haven't seen this posted here so just wanted to share.

Recently The Tie released their findings of a study on the extent of volume manipulation by cryptocurrency exchanges. To no one's surprise, they found extensive manipulation amongst many cryptocurrency exchanges.

In total we estimated that 87% of exchanges reported trading volume was potentially suspicious and that 75% of exchanges had some form of suspicious activity occurring on them.

Link to Tweet: https://twitter.com/TheTIEIO/status/1107671178423033858
Single thread for ease of viewing: https://threader.app/thread/1107671178423033858

The Blockchain Transparency Institute also publishes a list of exchanges that are suspected of inflating their trading volumes. Since different methodologies and samples were used, different results should be expected. But just for fun, how do their results compare against those of The Tie's? We used The Tie's "Low Potential Fake Volume" exchanges and compared them to Blockchain Transparency Institute's latest reports and this is what resulted.

Our lay man's conclusion: Pretty close match if you ask us.

Legend

The Tie
1. tick = a Low Potential Fake Volume exchange

BTI
1. tick = not on the exchange advisory list ie. not suspected of manipulating volume.
2. cross = on the exchange advisory list ie. suspected of manipulating volume.
3. blacked out = not covered by BTI research.

Is there a way to see a continuous thread of conversations with a single party?

Right now the inbox is separated from outbox. When discussing with several different parties, it's hard to follow what's going on. Think am not using the function correctly so wanted to check.

Basically it looks like this.

When I click Inbox
Message from ABC
Message from EFG
Message from ABC

When I click Outbox
Message to EFG
Message from EFG
Message from ABC

Thank you.

Not sure if posting in the right place. But any to recommend? Thanks.

Haven't seen this posted here but it sounds serious.

According to the article, "we are talking about a full exploitation that escapes the sandbox and leads to remote code execution". This means that it allows the attacker to access someone else's computing device and make changes, no matter where the device is geographically located.

How to update google chrome? See this article.

Cheers.

[Using Google Alerts to avoid getting scammed]

Using Google Alerts to avoid getting scammed

by WhoTookMyCrypto.com

Hi all,

After seeing how users continue to get scammed by fake Electrum wallets despite multiple announcements being made across the crypto community, we decided to share this free and easy method that could potentially help you avoid getting scammed.

Why this matters?

While cryptocurrencies allow you the freedom to be your own bank, this comes with responsibilities for securing your funds. If your credit card gets stolen, you could always call the bank’s customer helpdesk. However, in crypto, once your funds are stolen, they are unlikely to be recovered.

How to set up Google Alerts?

Step 1: Create a Gmail account.

1. Go to https://www.google.com/gmail/about/

2. Select Create an account at the top right-hand corner



3. Fill in the relevant information

Step 2: Create your alerts in Google Alerts.

1. Go to https://www.google.com/alerts

2. Sign into the email account you created in Step 1 by clicking Sign In at the top right-hand corner.



3. Enter the type of alert you want to create. Suggestions for the type of alerts to create are as follows.

[Service / Wallet / Coin] + [Scam / Hack] Eg. Electrum hack, Binance hack

In this instance, we have typed in Electrum hack.



4. Select Show options. Here you can configure the alert settings. For example, you can choose how frequent relevant results are sent to you. If you want to change the email to which alerts are sent to, see the section on changing emails below.



5. Select the Create Alert



6. And you are done, your alert has been created! You may create as many alerts as you please.

What happens next?

When a relevant article matching the alerts you set are found, they would be forwarded to you at the frequency you chose. Thus, articles related to Electrum hacks would be sent to us immediately (based on our setup above) to our email address.

Can I have my alerts sent to an account other than Gmail?

Yes, this can be done. In step 1, you still need to go to the sign-up page. However, you need to select the option “use my current email address instead”.



After that, you should be able to see the following screen allowing you to use your non-Gmail address. All alerts you go on to create as per step 2 above would then be sent to this address.



How effective is this method in helping you prevent losses?

Using the Electrum phishing scam as an example. The announcement by Electrum of the scam was made on Dec 27, 2018. Presumably, the scam would have happened around then. Complaints made by users on this forum also began around then.

Within hours, we had already received a Google Alert notification indicating there was an article by Coin Telegraph describing the attack on Electrum.

Conclusion

BugBasher82 certainly wouldn’t be the last person to lose crypto via the downloading the fake Electrum wallet. But hopefully, by raising awareness about how users can detect cryptocurrency scams, losses to users can be reduced going forward.

What other methods do you have for keeping track of cryptocurrency scams? Leave a comment below and we would update the thread for it.

For more guides on securing your cryptocurrencies, visit us at WhoTookMyCrypto.com.