Home

 

BlockPlanet.com
Bitcoin and Alt Coins – Cryptocurrency News

  • Daily Discussion - May 28, 2020 (GMT+0)
    by /u/AutoModerator on May 28, 2020 at 12:10 am

    Welcome to the Daily Discussion. Please read the disclaimer, guidelines, and rules before participating. Disclaimer: Though karma rules still apply, moderation is less stringent on this thread than on the rest of the sub. Therefore, consider all information posted here with several liberal heaps of salt, and always cross check any information you may read on this thread with known sources. Any trade information posted in this open thread may be highly misleading, and could be an attempt to manipulate new readers by known "pump and dump (PnD) groups" for their own profit. BEWARE of such practices and exercise utmost caution before acting on any trade tip mentioned here. Rules: All sub rules apply in this thread. The prior exemption for karma and age requirements is no longer in effect. Discussion topics must be related to cryptocurrency. Comments will be sorted by newest first. To see prior Skeptics Discussions, click here. submitted by /u/AutoModerator [link] [comments […]

  • Algorand Founder Shares New Details on Algorand's Smart Contract Architecture
    by /u/Zambito1 on May 28, 2020 at 12:05 am

    submitted by /u/Zambito1 [link] [comments […]

  • Timeline of Major Crypto Currency Hacks/Losses and Amount Losses ]by Goldman Sachs]
    by /u/pmayall on May 27, 2020 at 11:29 pm

    submitted by /u/pmayall [link] [comments […]

  • Small and Mid Cap Altcoins are overperforming big projects
    by /u/monethical on May 27, 2020 at 9:30 pm

    submitted by /u/monethical [link] [comments […]

  • Coinbase Buys Tagomi as ‘Foundation’ of Institutional Trading Arm
    by /u/riqelme on May 27, 2020 at 9:26 pm

    submitted by /u/riqelme [link] [comments […]

  • The events of a SIM swap attack (and defense tips)
    by /u/etheregg on May 27, 2020 at 8:55 pm

    Posted this on r/Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom. The full story: We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email. While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying: "We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device. This 24 hour review period is designed to protect your Coinbase account." This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized. It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA. They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances. The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information. This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase. From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts. Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along). Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line. In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeover/ with phone carrier employees swapping SIMs for $80s a swap. Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker. Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays. For some some security recommendations: AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs. Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem. Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency. As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts. TLDR on the process: Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by (1) not resetting your email password so as to raise suspicion, (2) immediately delete any password reset emails you may receive from financial accounts to hide them from you, (3) attempt to forward all emails sent to your address to a burner email, and (4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox. TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible: (1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately (2) change your email password, (3) force a logout of all sessions from your email (at this point you have locked them out), then (4) check your mail forwarding settings for forwards to burner addresses, (5) check your mail rules for rerouting of emails from accounts such as Coinbase, and (6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen. We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best! submitted by /u/etheregg [link] [comments […]

  • Important information on the upcoming cryptocurrency legislation in the European Union (European Commission)
    by /u/BelgianPolitics on May 27, 2020 at 8:44 pm

    I have seen a European Commission internal document, discussing upcoming EU regulations on "crypto-assets". I will not cite anything directly because I am not too sure if this information is public and I do not want these crypto-journalists to write 100 articles about a draft because the document I saw was not a final document (but still important and probably similar to the final document). There is some complicated stuff in there and some vague statements but I did my best to understand the most important sections. It is totally possible that this is a future public document but I am just not sure at this point. It is a document within the Q3 2020 framework. These are some of my observations. They are discussing something very interesting: an EU market-infrastructure to trade and settle security tokens. In general, they are heavily balancing the gradations of regulation against innovation. This means that in the document they are actively stating that they need to watch out with strict regulation as they do not want to damage early innovation in the blockchain and cryptocurrency space. This is good news. The EU is taking stablecoins very seriously. They are currently in favor of tailor-made new EU-legislation on stablecoins. This legislation will have clear rules on the reserves behind stablecoins: they mention disclosure rules AND auditing! The EU emphasizes clearly the possible risks of stablecoins on EU financial stability. They are actively discussing creation an EU-wide framework for exchanges, projects and wallet providers that must protect EU consumers. This means that White Papers of projects/ICOs need to have transparent information that is not misleading. This also means that exchanges must follow rules such as no manipulation, no misleading marketing, sufficient customer support, conflict of interest rules and have mechanisms to prevent market manipulation. Generally, no negative narrative about cryptocurrencies. They even mention some advantages of cryptocurrencies. A negative narrative about stablecoins nonetheless. In sum, I do not expect heavy regulation on cryptocurrencies. I do expect serious regulation on stablecoins and medium regulation on exchanges and wallet providers. Please do not use this information for speculative investment purposes. Thank you. ​ submitted by /u/BelgianPolitics [link] [comments […]

  • Goldman does not make revenue when clients buy bitcoin.
    by /u/Trident1000 on May 27, 2020 at 8:09 pm

    submitted by /u/Trident1000 [link] [comments […]

  • Google joins THETA Network as Validator Node, offers click and go cloud nodes, and more
    by /u/tokyo_on_rails on May 27, 2020 at 7:08 pm

    Google will become the protocol’s fifth external validator node, staking 5 million THETA tokens (worth about $2.4 million at a press-time price of $0.48 apiece) on the network. Theta also plans to further collaborate with Google’s artificial intelligence, machine-learning and big-data initiatives. Google also owns YouTube, a key target for Theta’s partnership aspirations. “YouTube is particularly interesting because they utilize mostly internally-developed technology for video delivery and streaming, which makes experimentation a lot easier without having to rely on external platforms like Akamai or AWS,” Liu said. https://www.coindesk.com/google-signs-on-as-network-validator-for-blockchain-video-network-theta To spin up a Guardian Node in a few clicks on Theta using Google Cloud: https://console.cloud.google.com/marketplace/details/theta-marketplace-public/theta-guardian-node submitted by /u/tokyo_on_rails [link] [comments […]

  • What if I Told You this Cryptocurrency is Used by Elementary School Kids? 😮
    by /u/howtobanano on May 27, 2020 at 6:55 pm

    submitted by /u/howtobanano [link] [comments […]

  • How to Swap BTC for renBTC on Ethereum
    by /u/gremlin0x on May 27, 2020 at 6:03 pm

    submitted by /u/gremlin0x [link] [comments […]

  • Banned from r/capitalism-in-decay for talking about cryptocurrency.
    by /u/AveaLove on May 27, 2020 at 6:01 pm

    I made the argument that the decentralized nature of cryptocurrency poses a significant threat to the central banks, the ones using USD as a weapon against certain classes of people, of common topic on that subreddit. I argued that cryptocurrencies transparency would help us weed out corruption and help power transition out of the hands of the central banks and into the hands of the people. They pushed back saying they wanted the power to transfer to them, followed by a 180 day ban. This is why centralization can't work. Groups of people (capitalists and communists alike) want power for themselves, not equal footing with their peers. And neither side is interested in hearing an opinion that doesn't exactly align with their own. Even if that opinion is not of the opposition's belief, they label it as such. Because capitalists believe power must stay in the hands of the central banks, as that's what gives them the power. Call me a cyberocratic syndicalist I guess. Neither right, nor left. I'm of the opinion that computers change everything, government included. Benevolent Monarchies are always more fair to the people than democracies, but monarchs are limited by human lifespan. So lets build an open source, blockchain enabled, decentralized governing AI. Something fast and adaptive so it can update with the changing society, while not being bogged down by bureaucracy, something compeltely transparent and verifiable. submitted by /u/AveaLove [link] [comments […]

  • Goldman Sachs Butts Heads With Bloomberg Over Bitcoin
    by /u/nima_sh on May 27, 2020 at 5:58 pm

    submitted by /u/nima_sh [link] [comments […]

  • Four key metrics suggest Ethereum is hugely undervalued
    by /u/statues_die_too on May 27, 2020 at 4:47 pm

    submitted by /u/statues_die_too [link] [comments […]

  • Enjin Minecraft plug-in is LIVE
    by /u/annoyinglilbrother on May 27, 2020 at 4:25 pm

    submitted by /u/annoyinglilbrother [link] [comments […]

  • Long Bitcoin, short the Banks
    by /u/TheCryptomath on May 27, 2020 at 2:58 pm

    submitted by /u/TheCryptomath [link] [comments […]

  • Countries that don’t tax your cryptocurrency gains
    by /u/JeganGN on May 27, 2020 at 2:55 pm

    submitted by /u/JeganGN [link] [comments […]

  • Wen Goldman cryptocurrency investment products ?
    by /u/j4c0p on May 27, 2020 at 12:58 pm

    submitted by /u/j4c0p [link] [comments […]

  • Bitcoin vs U.S. Dollar: The One Based on Thin Air Is Not the One You Think
    by /u/sylsau on May 27, 2020 at 12:44 pm

    submitted by /u/sylsau [link] [comments […]

  • Binance users storm into the exchange's Shanghai offices in protest
    by /u/digiiital on May 27, 2020 at 12:42 pm

    submitted by /u/digiiital [link] [comments […]

  • The current stickied AMA with Alex Alexandrov (the founder of CoinPayments and Velas) is full of fake accounts.
    by /u/thousands_leave on May 27, 2020 at 11:54 am

    I'm not one to make threads like these..... but this was so obvious that it's appalling and has ruined my trust in the Coinpayments company. I initially thought it was just a coincidence, but look at these accounts that have commented in the thread. Almost ALL of the ones promoting his new coin, are one month old, and posted a link post to farm karma 4 days ago. https://np.reddit.com/user/Sweaty_Youth https://np.reddit.com/user/WideIsland0 https://np.reddit.com/user/tokenwarrior - this one came out of hiding for one year. https://np.reddit.com/user/Thin_Time https://np.reddit.com/user/Wild-Rub https://np.reddit.com/user/FancyEnvironment3 https://np.reddit.com/user/SoftArtist https://np.reddit.com/user/Several-Berry https://np.reddit.com/user/SpecialPlenty I know that some users would make a new account especially for the AMA, this happens often. But for them to all have started posting 4 days ago, this reeks of fake shill activity. I thought that you should all be aware. IMO it really undermines the trust in the community. submitted by /u/thousands_leave [link] [comments […]

  • You can get a blockchain domain with Crypto.com app at a discount
    by /u/CarelessV1rus on May 27, 2020 at 11:40 am

    submitted by /u/CarelessV1rus [link] [comments […]

  • The best crypto debit cards of 2020
    by /u/arryanna on May 27, 2020 at 10:33 am

    submitted by /u/arryanna [link] [comments […]

  • Bitcoin Outperforms Gold and Oil Despite ‘Dying’ 380 Times Since its 2009 Debut
    by /u/RoughRisk on May 27, 2020 at 6:47 am

    submitted by /u/RoughRisk [link] [comments […]

  • Apple and Google just approved my new app, Block Monitor, which scans the blockchain and sends a push notification if your balance ever changes. Please let me know what you think!
    by /u/blankey1337 on May 26, 2020 at 11:50 pm

    submitted by /u/blankey1337 [link] [comments […]

  • I lost $1,200 in 100 seconds
    by /u/tycooperaow on May 26, 2020 at 10:25 pm

    A few days ago, a hacker got my mnemonic and stole $1,200 in ethereum from my Metamask wallet in under 100 seconds. The hackers were using a bot to scan for the mnemonic phrases across GitHub, and I accidentally left it in my code on a GitHub repo while I was sending to a Hack Money hack-at-hon. Although there are some coins and tokens left, the bot will siphon any ethereum I have to prevent me from moving my coins, and/or outmatch my attempts by supplying more gas. I just want you all to be aware to NEVER have a digital copy of your mnemonic or private key . Especially not online. If you are using metamask, randomly generate private keys for new accounts not associated with any mnemonics, and imported onto metamask web3.eth.createAccount() My compromised address: https://etherscan.io/address/0x1b3e1786c3f8524ca0f3175b0b37bcc1bee5a6d5 There is still $600 supposedly that's locked in Compound DeFi protocol and if anyone is interested in helping solve this, here is a suggestion someone made for me who we are seeking ways to solve this: https://ethereum.stackexchange.com/questions/83718/how-to-retrieve-erc20-from-a-hacked-address-monitored-by-a-bot I was foolish and this mistake was costly, but I know how to be extra secure when dealing in crypto. I was very upset and scared at first, but I can't dwell on it and I'll move on. No need to stress over thousands when I can focus on making millions. submitted by /u/tycooperaow [link] [comments […]

  • Monthly Skeptics Discussion - May 2020
    by /u/AutoModerator on May 1, 2020 at 12:16 am

    Welcome to the Monthly Skeptics Discussion thread. The goal of this thread is to promote critical discussion by challenging popular or conventional beliefs. This thread is scheduled to be reposted on the 1st of every month. Due to the 2 post sticky limit, this thread will not be permanently stickied like the Daily Discussion thread. It will often be taken down to make room for important announcements or news. Rules: All sub rules apply here. Discussion topics must be on topic, i.e. only related to skeptical or critical discussion about cryptocurrency. Markets or financial advice discussion, will most likely be removed and is better suited for the daily thread. Promotional top-level comments will be removed. For example, giving the current composition of your portfolio or stating you sold X coin for Y coin(shilling), will promptly be removed. Karma and age requirements are in full effect and may be increased if necessary. Guidelines: Share any uncertainties, shortcomings, concerns, etc you have about crypto related projects. Refer topics such as price, gossip, events, etc to the Daily Discussion. Please report top-level promotional comments and/or shilling. Resources and Tools: Read through the CryptoWikis Library for material to discuss and consider contributing to it if you're interested. r/CryptoWikis is the home subreddit for the CryptoWikis project. Its goal is to give an equal voice to supporting and opposing opinions on all crypto related projects. You can also try reading through the Critical Discussion search listing. Consider changing your comment sorting around to find more critical discussion. Sorting by controversial might be a good choice. Click the RES subscribe button below if you would like to be notified when comments are posted. To see prior Daily Discussions, click here. - Thank you in advance for your participation. submitted by /u/AutoModerator [link] [comments […]