Baofeng (OP)
Legendary
Offline
Activity: 2590
Merit: 1658
|
|
October 05, 2019, 09:10:08 AM |
|
https://twitter.com/lopp/status/1180165965071474688Also the site has been taken down already, everyone should be really careful accessing very sensitive site like trezor or ledger as there has been a target for hackers. I'm glad that it was taken down in less than 24 hours, but what if no one has reported this and people keeps falling for this kind of trick? So again, bookmark everything here and double check every site that you are going to access.
|
| │ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███▀▀▀█████████████████ ███▄▄▄█████████████████ ███████████████████████ ███████████████████████ ███████████████████████ █████████████████████ ███████████████████ ███████████████ ████████████████████████ | ███████████████████████████ ███████████████████████████ ███████████████████████████ █████████▀▀██▀██▀▀█████████ █████████████▄█████████████ ████████▄█████████▄████████ █████████████▄█████████████ █████████████▄█▄███████████ ██████████▀▀█████████████ ██████████▀█▀██████████ ▀███████████████████▀ ▀███████████████▀ █████████████████████████ | | | O F F I C I A L P A R T N E R S ▬▬▬▬▬▬▬▬▬▬ ASTON VILLA FC BURNLEY FC | | | BK8? | | | . ..PLAY NOW.. |
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
sheenshane
Legendary
Offline
Activity: 2394
Merit: 1215
Cashback 15%
|
|
October 05, 2019, 09:36:41 AM |
|
Thank you for the heads up here, the fact that the hacker now getting smarter and always looking and find ways to fool naive people. But I already aware and read this before 1 year ago here, https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced. Make it sure you are accessing the correct URL( wallet.trezor.io) not only ( trezor.io) Source:
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
chronicsky
Legendary
Offline
Activity: 2786
Merit: 1222
Just looking for peace
|
|
October 05, 2019, 09:54:26 AM |
|
Thank you
Always bookmark your links and just use the official links for bank and wallet sites.
Do look up for https and secure connection (lock sign) to make sure the site is authentic
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18510
|
|
October 05, 2019, 11:12:53 AM |
|
Do look up for https and secure connection (lock sign) to make sure the site is authentic https says nothing about a site's authenticity. What https means is that any data you send to the site is encrypted until it reaches the site, and so can't be intercepted by a third party. Any site can use https. It doesn't matter if the data you send to the scam site is encrypted en route, since there is a scammer receiving and decrypting it on the other end. Using https is essentially, but that alone will not protect you from being scammed. Manually checking for https is also a poor method, because at some point you will forget. Instead install the HTTPS Everywhere browser extension: https://www.eff.org/https-everywhere
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2310
Merit: 10759
There are lies, damned lies and statistics. MTwain
|
|
October 05, 2019, 12:28:15 PM |
|
<…>Do look up for https and secure connection (lock sign) to make sure the site is authentic
Not really. In fact, I’ve seen a couple of surveys stating that at least half of the phishing attempts now use https, knowing well that it was interpreted (incorrectly) as a synonymous to the site being safe. This graphic depicts the surge in 2017 of https used on phishing sites, and how the trend is increasing (nearly) every quarter. source: https://securityboulevard.com/2019/06/more-than-half-of-phishing-sites-now-use-https/
|
|
|
|
chronicsky
Legendary
Offline
Activity: 2786
Merit: 1222
Just looking for peace
|
|
October 05, 2019, 12:46:37 PM |
|
Do look up for https and secure connection (lock sign) to make sure the site is authentic https says nothing about a site's authenticity. What https means is that any data you send to the site is encrypted until it reaches the site, and so can't be intercepted by a third party. Any site can use https. It doesn't matter if the data you send to the scam site is encrypted en route, since there is a scammer receiving and decrypting it on the other end. Using https is essentially, but that alone will not protect you from being scammed. Manually checking for https is also a poor method, because at some point you will forget. Instead install the HTTPS Everywhere browser extension: https://www.eff.org/https-everywhere<…>Do look up for https and secure connection (lock sign) to make sure the site is authentic
Not really. In fact, I’ve seen a couple of surveys stating that at least half of the phishing attempts now use https, knowing well that it was interpreted (incorrectly) as a synonymous to the site being safe. This graphic depicts the surge in 2017 of https used on phishing sites, and how the trend is increasing (nearly) every quarter. source: https://securityboulevard.com/2019/06/more-than-half-of-phishing-sites-now-use-https/My bad on vocab, meant https meant secure. And i always thought phising sites didn't had https but thanks for the information that even https is being used by them now. Haven't really came across a phising site in years, never click on them anymore, so... Thanks for the information guys
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
October 05, 2019, 12:57:26 PM |
|
And i always thought phising sites didn't had https but thanks for the information that even https is being used by them now. Haven't really came across a phising site in years, never click on them anymore, so..
If you make a phishing site, then you want it to look exactly the same as the original, so why do you think that whoever making a phishing site will not add SSL? Perhaps the price was one of the factors limiting this possibility before, but today any site can get SSL for free: https://letsencrypt.org/Are you sure that you did not visit any phishing site for years? Sometimes you can visit such site without doing any harm to you personally, all they want is your data, users' names/passwords.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
chronicsky
Legendary
Offline
Activity: 2786
Merit: 1222
Just looking for peace
|
|
October 05, 2019, 01:29:22 PM |
|
And i always thought phising sites didn't had https but thanks for the information that even https is being used by them now. Haven't really came across a phising site in years, never click on them anymore, so..
If you make a phishing site, then you want it to look exactly the same as the original, so why do you think that whoever making a phishing site will not add SSL? Perhaps the price was one of the factors limiting this possibility before, but today any site can get SSL for free: https://letsencrypt.org/Are you sure that you did not visit any phishing site for years? Sometimes you can visit such site without doing any harm to you personally, all they want is your data, users' names/passwords. makes sense. well ofcourse can't be sure but yeah i haven't put my data anywhere like that. phising sites are pretty easy to avoid imo I have heard so many phising incidents between my friends that i always make sure to not put my data just anywhere. fun to teach them about the same as well So thanks again for the info about HTTPS encryption on phising sites now.
|
|
|
|
smyslov
|
|
October 05, 2019, 01:41:10 PM |
|
Bookmark is our proven tool to land in a phishing site, so if you are not bookmarking and you do not have metacert installed you are in big trouble, make a habit always to bookmark or at least create a spreadsheet to all the sites that you are visiting. I seldom type on the search bar sometimes hackers are cloning the site and advertising it in adwords and make it appear the real one in thesearch results
|
|
|
|
Orange Mango
Member
Offline
Activity: 130
Merit: 10
|
|
October 05, 2019, 08:03:08 PM |
|
Ok this is scary. What is to stop someone buying these fake trezor and then selling them on a local amazon like market? Is there anyway to check if the device you have is real? This is disturbing to me. You have to be so careful just where you buy things from these days. I bought a ledger and I am thinking I have no idea if it could be a hacked ledger or something? This terrifies me.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18510
|
|
October 05, 2019, 09:16:47 PM |
|
Ok this is scary. What is to stop someone buying these fake trezor and then selling them on a local amazon like market? Nothing, and indeed fake Trezor devices have previously been sold: https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7Is there anyway to check if the device you have is real? I bought a ledger and I am thinking I have no idea if it could be a hacked ledger or something? Yes, there are ways to check that your Ledger is genuine. First of all, you should only be buying directly from Ledger themselves, or maybe from one of their approved retailers: https://shop.ledger.com/pages/retailers/ (although I would suggest just going direct to Ledger to minimize any middlemen). Secondly, when your device arrives, you should be following the instructions set out in their set up guide here: https://support.ledger.com/hc/en-us/articles/360002481534Verifying your Ledger device by connecting it to Ledger Live also serves as a check that it is genuine, as does updating it. There is currently no known exploit which would allow a fake or hacked device to verify itself against Ledger's server. Note that if you are planning to update your device, ensure you have your 24 word phrase backed up before you do.
|
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
October 05, 2019, 09:29:41 PM |
|
Always bookmark your links and just use the official links for bank and wallet sites.
Unless malware will replace them with malicious links. I know its very rare occurence but possible. Im not sure it was real reason this person that described it first lost his funds. This is worryfying for trezor owners, is it really secure? I hope so, but security is not about hope.
|
|
|
|
|
notblox1
Legendary
Offline
Activity: 2058
Merit: 1264
Logo Designer ⛨ BSFL Division1
|
|
October 06, 2019, 12:24:24 AM |
|
Good suggestions! Even experienced members should stay updated with latest phishing news. They create malicious websites every day, and even if I don't use Trezor I saw same thing for Ledger and Electrum.
|
|
|
|
nakamura12
|
|
October 06, 2019, 03:23:32 PM |
|
Even if you bookmark the sites that you always use doesn't mean it's 100% safe because bookmarks could also be hacked the same as the clipboard when you copy and paste different that what you have copied. Even if you bookmarked the website you should also check the site if it is the correct one before doing what you want to do in that site.
|
| | | | | | | ███▄▀██▄▄ ░░▄████▄▀████ ▄▄▄ ░░████▄▄▄▄░░█▀▀ ███ ██████▄▄▀█▌ ░▄░░███▀████ ░▐█░░███░██▄▄ ░░▄▀░████▄▄▄▀█ ░█░▄███▀████ ▐█ ▀▄▄███▀▄██▄ ░░▄██▌░░██▀ ░▐█▀████ ▀██ ░░█▌██████ ▀▀██▄ ░░▀███ | | ▄▄██▀▄███ ▄▄▄████▀▄████▄░░ ▀▀█░░▄▄▄▄████░░ ▐█▀▄▄█████████ ████▀███░░▄░ ▄▄██░███░░█▌░ █▀▄▄▄████░▀▄░░ █▌████▀███▄░█░ ▄██▄▀███▄▄▀ ▀██░░▐██▄░░ ██▀████▀█▌░ ▄██▀▀██████▐█░░ ███▀░░ | | | | |
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2184
Merit: 3134
₿uy / $ell
|
|
October 06, 2019, 05:46:18 PM |
|
Damn, thanks for the warning. I always write the url myself to be sure that I'm accessing the real site. I never thought that I might make a typo and log in to a phishing one. Normally I double check what I type. I do not really like the bookmarks even though it's the safest way od browsing, you have to be logged in to have your bookmarks across different devices, which makes it quite unsecure for me.
|
|
|
|
funsponge
|
|
October 06, 2019, 06:06:20 PM |
|
Damn, thanks for the warning. I always write the url myself to be sure that I'm accessing the real site. I never thought that I might make a typo and log in to a phishing one. Normally I double check what I type. I do not really like the bookmarks even though it's the safest way od browsing, you have to be logged in to have your bookmarks across different devices, which makes it quite unsecure for me.
Copy and paste the real link into a text document and keep copy on each device that should prevent most security and privacy issues because you are not logging into anything. You could password protect the document if you had a need to do that but I can't think of any reason you would want too. You could create a dummy account alternatively just for the purpose of sharing bookmarks or you can export bookmarks via your browser and import them into any device.
|
|
|
|
Crytodon
Jr. Member
Offline
Activity: 126
Merit: 1
|
|
October 09, 2019, 05:46:30 AM |
|
Sometimes differentiating between true and fake websites is hard But using plugins like Metacert,Sentinel Protocol and others could alert one when he is about visiting a fake site
|
|
|
|
Rmcdermott927
Legendary
Offline
Activity: 2254
Merit: 1140
|
|
October 10, 2019, 12:14:06 AM |
|
<…>Do look up for https and secure connection (lock sign) to make sure the site is authentic
Not really. In fact, I’ve seen a couple of surveys stating that at least half of the phishing attempts now use https, knowing well that it was interpreted (incorrectly) as a synonymous to the site being safe. This graphic depicts the surge in 2017 of https used on phishing sites, and how the trend is increasing (nearly) every quarter. source: https://securityboulevard.com/2019/06/more-than-half-of-phishing-sites-now-use-https/I think it is partially cloudflare to blame for this. Someone with no knowledge of SSL certificates can easily make their site show a valid https certificate with the click of a button using cloudflare. They made it too easy.
|
|
|
|
vlasrodz
Newbie
Offline
Activity: 44
Merit: 0
|
|
October 10, 2019, 05:45:35 AM |
|
Thank man I see advertise of this website near 1 week ago. Now i see that this is scam. is there any websites where for example i can check all scams?
|
|
|
|
masulum
Legendary
Offline
Activity: 2226
Merit: 1592
hmph..
|
|
October 11, 2019, 08:31:40 AM |
|
Thank man I see advertise of this website near 1 week ago. Now i see that this is scam. is there any websites where for example i can check all scams?
The best to do is you must check their domain name. There are lots of scam websites outside that we can't reported them All. But, if you know the real domain name/website of company, service, or project, etc. It will save you to be a victim of scammers. If that domain/website very strange for you, maybe you can check from google to find any scam website. Copy domain name, then type/paste it on google or other search engine services add your keywords with some words such as "scam, phishing, malware" or anything you want. If it's related to crypto currency project, you can check at this forum section lot of members reported scam project every day.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2828
Merit: 6977
|
|
October 11, 2019, 09:26:02 AM |
|
I think it is partially cloudflare to blame for this. Someone with no knowledge of SSL certificates can easily make their site show a valid https certificate with the click of a button using cloudflare. They made it too easy.
Or Let’s Encrypt. You can literally spin a free SSL in 1 minute and with a single command. But this is something good and not an issue. Every single website in the earth should have it. That’s what puts a protection in the website against MITM attacks and someone sniffing the traffic. SSL never meant “this website is legit”, this was just a false security thing. It was just more expensive to get one, but anyone still could get it if they wanted to.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Zionatin
|
|
October 12, 2019, 05:45:58 PM |
|
Ok this is scary. What is to stop someone buying these fake trezor and then selling them on a local amazon like market? Nothing, and indeed fake Trezor devices have previously been sold: https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7Is there anyway to check if the device you have is real? I bought a ledger and I am thinking I have no idea if it could be a hacked ledger or something? Yes, there are ways to check that your Ledger is genuine. First of all, you should only be buying directly from Ledger themselves, or maybe from one of their approved retailers: https://shop.ledger.com/pages/retailers/ (although I would suggest just going direct to Ledger to minimize any middlemen). Secondly, when your device arrives, you should be following the instructions set out in their set up guide here: https://support.ledger.com/hc/en-us/articles/360002481534Verifying your Ledger device by connecting it to Ledger Live also serves as a check that it is genuine, as does updating it. There is currently no known exploit which would allow a fake or hacked device to verify itself against Ledger's server. Note that if you are planning to update your device, ensure you have your 24 word phrase backed up before you do. Thank you for such a good answer. I have no smerit to send you. I bought my ledger off an online market. It is checked well and you have buyer protection. My ledger was sealed and everything and is real. Noone tampered with it. I have been using it for 2 years now. I was just worried when I heard all this so thanks for clearing this up for me.
|
|
|
|
Wexnident
|
|
October 13, 2019, 03:41:39 AM |
|
Bookmark is our proven tool to land in a phishing site, so if you are not bookmarking and you do not have metacert installed you are in big trouble, make a habit always to bookmark or at least create a spreadsheet to all the sites that you are visiting. I seldom type on the search bar sometimes hackers are cloning the site and advertising it in adwords and make it appear the real one in thesearch results
I'd generally make a list of those sites that are used when accessing my wallet and making transactions through exchanges. I also would generally take note of tweets of the sites I often visit in case of various announcements and sometimes this can lead me to an early warning about scam sites that try to clone theirs. I also tried in the past writing the list of sites I use in my room posted in the wall, so I can make sure that I'm typing the right thing and not just following what the browser recommended site is.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | ██░░░░░░░░░░░░░░░░░░░░░░██ ▀█▄░▄▄░░░░░░░░░░░░▄▄░▄█▀ ▄▄███░░░░░░░░░░░░░░███▄▄ ▀░▀▄▀▄░░░░░▄▄░░░░░▄▀▄▀░▀ ▄▄▄▄▄▀▀▄▄▀▀▄▄▄▄▄ █░▄▄▄██████▄▄▄░█ █░▀▀████████▀▀░█ █░█▀▄▄▄▄▄▄▄▄██░█ █░█▀████████░█ █░█░██████░█ ▀▄▀▄███▀▄▀ ▄▀▄▀▄▄▄▄▀▄▀▄ ██▀░░░░░░░░▀██ | | | | | | | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄██████▀████░███▄▀██▄ ███░█████████▀██░████░███ ███░████░█▄████▀░████░███ ███░████░███▄████████░███ ▀██▄▀███░█████▄█████▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP FAZE CLAN SSC NAPOLI | | |
|
|
|
thefever333
Jr. Member
Offline
Activity: 280
Merit: 1
|
|
October 13, 2019, 01:08:54 PM |
|
You need to immediately remember the site address, well, personally, I immediately remember and never come across a fake.
|
|
|
|
Orange Mango
Member
Offline
Activity: 130
Merit: 10
|
|
October 13, 2019, 06:30:04 PM |
|
Ok this is scary. What is to stop someone buying these fake trezor and then selling them on a local amazon like market? Nothing, and indeed fake Trezor devices have previously been sold: https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7Is there anyway to check if the device you have is real? I bought a ledger and I am thinking I have no idea if it could be a hacked ledger or something? Yes, there are ways to check that your Ledger is genuine. First of all, you should only be buying directly from Ledger themselves, or maybe from one of their approved retailers: https://shop.ledger.com/pages/retailers/ (although I would suggest just going direct to Ledger to minimize any middlemen). Secondly, when your device arrives, you should be following the instructions set out in their set up guide here: https://support.ledger.com/hc/en-us/articles/360002481534Verifying your Ledger device by connecting it to Ledger Live also serves as a check that it is genuine, as does updating it. There is currently no known exploit which would allow a fake or hacked device to verify itself against Ledger's server. Note that if you are planning to update your device, ensure you have your 24 word phrase backed up before you do. Just Quote for others to see ore easily. Thank you for replying to me. Sorry I took so long I was a bit busy this week. What you say makes sense and makes me feel better. I am glad. Once you have verified your ledger does that mean it is 100% safe. A tampered with ledger and cannot be messed with? I know the privatekey stays on the ledger but is there anyway it can be read by anyone? Including the ledger team? Or is it encrypted so well behind its protection that it cannot be?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18510
|
|
October 13, 2019, 07:21:46 PM |
|
Once you have verified your ledger does that mean it is 100% safe. A tampered with ledger and cannot be messed with? There is no set up in the world which is 100% safe. There is an old saying: The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. Once you have verified your Ledger, you can be as sure as possible that it is legit, has not been tampered with, and is safe to use. Thousands of users use Ledger devices, and as far as I am aware, there has never been a successful hack which didn't also involve the user doing something stupid. I know the privatekey stays on the ledger but is there anyway it can be read by anyone? Yes. As I said before, nothing is 100% secure. With a powerful enough electron microscope, the knowledge to use it, and enough time, you could extract the private keys or seed from the secure element. Is this possible? Yes. Is it likely? Absolutely not. Provided you follow the proper steps when using your Ledger, the chances of someone else accessing your private keys are negligible. If you are still worried, then you should also consider using a passphrase which you manually set every time you use your wallet (known as a temporary passphrase, more information here: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security). Because neither the passphrase nor the seed it derives are stored on the device, they can't be extracted.
|
|
|
|
Orange Mango
Member
Offline
Activity: 130
Merit: 10
|
|
October 17, 2019, 10:58:32 PM |
|
Thank you for your answer. You are a very helpful member. I think I will take advantage of the temp passphrase since my ledger is basically a cold wallet and I only deposit into it. Spending I just have a spending wallet which I use an app for since the QR scanning is awesome.
|
|
|
|
Kakmakr
Legendary
Offline
Activity: 3444
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
October 18, 2019, 08:03:15 AM |
|
I am not completely sold on the idea that people should trust their Bookmarks. I have seen hackers changing the Url link in a Bookmark for some sites too. It will create a false sense of security, if you trust your Bookmarks too much. I type all my short Url links and I never trust the "auto complete" feature, because that can be altered too. I even have a sticky note with the most used Url links pasted on my wall and written in my own handwriting to help me to type the correct address. Be careful out there, we are getting attacked from all sites now.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|