Skip to main content

Featured

Binance joins Neo Council, 2.1 million NEO used to secure two Top 21 positions

Binance Staking has secured two positions on the Neo Council. At the time of press, Binance has voted with approximately 2.1 million NEO to secure its places in the Top 21. Binance is the world's largest custodial exchange with nearly US $9.07 billion in 24-hour volume, according to CoinCap.io. Binance Staking is a service that allows users to earn distributions offered on proof-of-stake or other networks that distribute rewards to participants. The platform provides two types of staking: flexible and locked. Flexible staking offers fewer rewards but allows users to move the underlying assets at any time. Locked staking requires users to deposit a token for a specific time frame but provides higher yields. For example, a minimum of 0.01 NEO locked for 15, 30, 60, or 120 days will earn increasing yields of 5.79%, 7.49%, 8.79%, and 13.56% (made in GAS distributions), respectively. In the announcement post, Neo Global Development said "Binance Staking's new membership in the ...
Post a Comment
Read more

Browser Extensions Can Help Scammers Steal Your Bitcoin: Casa CE



Browser extensions can help scammers steal your crypto Casa CEO Jeremy Welch warned the audience at the Baltic Honeybadger conference in Riga this weekend.
"Browser extensions impose major risks, and these risks haven't been discussed until this point," Welch said.

Extensions can gather a wealth of data, which can be leaked, stolen, and used by scammers. One example is browser history, which can expose users' online habits, including crypto-related site visits.
"Make sure you don't expose your bitcoin addresses anywhere," Welch warned.

Another thing to keep in mind is that some extensions capture users' KYC information and can leak it to scammers. The only major multisig system that requires KYC at the moment is the one supplied by Unchained Capital, Welch said. He warns against commonly-used consumer software that gathers identity data.

As an example, Welch demonstrated how an extension providing wallpapers with inspiring quotes or other content was actually stealing data as you filled in KYC forms. The malware stole graphical data, like a photo of your driver's license, which is captured as a code and then easily decoded, providing an actual picture of your ID document to hackers.

Quiet data thefts
All this is happening on the background, without the user noticing.
"You got a nice background here and you don't realize that your browser is actually dumping data," Welch said.

The same wallpaper extension can alter a receiving address when you're trying to send your crypto to somebody else (or to yourself), sending it to a scammer's wallet instead. The ubiquity and popularity of browser extensions makes the situation quite dangerous, Welch noted:
"It's terrifying, right? We all are using browser extensions all the time."

Even if a user is very careful and selective in what they're using, the software can be upgraded and get new, unsafe features without a consumer noticing, Welch added.

Welch noted that many well-known applications request enough permissions to gather personal data, including password managers, text editing app Grammarly, Joule extension for in-browser Lighting transactions, Casa's own Sats extension and the Lolli bitcoin-earning extension.

The solution? There is no easy one, Welch says. Developers can only keep building better tools that will make users' experience safer and better.
"We all need to be discussing this issues more, because we're not even in the phase yet when real attacks will be taking place."

Welch added that Casa is planning to publish more security research soon and encouraged bitcoin developers and entrepreneurs to approach the company and share their concerns and ideas on how to address security issues.

Comments

Post a Comment