As crypto becomes lucrative daily it is also attracting back eggs and unethical hackers doing everything possible to rob others of their crypto money by all illegal means.

On Bitcointalk, there surfaced a post with link to a suspected fake version of the popular secured Ethereum wallet extention. Thus, we decided to dig deep and research further to confirm the genuinety of the post and its indeed turn out to be a fake version (our screenshots of the app live in Google chrome store explains things better below). That is while this is been published to our MyCDApp users and crypto community at large to stay on alert and check well before downloading or installing any App or Extention that will directly handle your cryptocurrencies and essential information like private key and seed words.

See the link to the detected fake Metamask: https://chrome.google.com/webstore/detail/metamask/ajhghapnjiaimhegcipdpehnihdkljdj?utm_source=chrome-ntp-icon

Screenshots taken by MYCDApp team after thorough examination of the extension below:

Before you check the screenshots, not that we did circled our metamask extenstion already installed which exposed the fake one even more with things like the logo, logo colour, no rating, developer not official metamask account,the overall extention theme colour does not tally with the real Metamask yet it takes careful study and even a bit crypto awareness and observation to spot it and hope Metamask team will read this article and work on bringing that fake extension down to prevent their prospective users from falling victim.

Always download from the official Metalmask website at https://Metamask.io

We also acknowledge that most of our App users are new to crypto and just getting adapted. Thus, we also added screenshot of the real Metamask and you will notice that simply identified that we already installed that extension unlike the fake one claiming we should Add to Chrome even though its already in use.

Real Metamask Extension 1a - Picture By MyCryptoDictionary App
Real Metamask Extension 1a – Picture By MyCryptoDictionary App
Fake Metamask Extension 1a - Picture By MyCryptoDictionary App
Fake Metamask Extension 1a – Picture By MyCryptoDictionary App
Fake Metamask Extension 1a - Picture By MyCryptoDictionary App
Fake Metamask Extension 1a – Picture By MyCryptoDictionary App
Fake Metamask Extension 1a - Picture By MyCryptoDictionary App
Fake Metamask Extension 1a – Picture By MyCryptoDictionary App

Note: To continue to develop MyCDApp to other platform aside Android and also keep user updated with helpful info like this, we look forward to Donation or Sponsorship for MyCryptoDictionary App with some juicy ads bonuses in return to compensate you/your platform. Click here for details!

Kindly share this article using the social media sharetools and safe a friend from falling victim. Also comment below and recommend our MYCDApp to other people in crypto community.

 

Its interesting to note that every coin/token or Blockchain project has a website to host info about them and thus the attacks on crypto based website is increasing daily.

We had came across this article to help with free tools to scan your website for vulnerabilities frequently and but up protective measures before your website finally falls prey to hackers.

Greekflare had written and help guide on this and you should check it out here:
12 Online Free Tools to Scan Website Security Vulnerabilities & Malware

ImportantIf you had an account on BlackWallet do not attempt to login. Instead, please check you’re account balance through the official Stellar Account Viewer, found here,

In a statement sent out today by its founder open source online Stellar wallet Black Wallet has claimed to have been hacked. Posting on Reddit, user orbit84 posted that a hacker gained access to his hosting provider account and changed the DNS settings to his own hosted version of BlackWallet. The attackers’ wallet, which the author posted a link to, appears to have amassed around $400,000 USD worth of cryptocurrency Stellar which has seen its market capitalization apply almost 3 fold over the past month.

Security research Kevin Beaumont was able to identify a piece of code which checked if a user had over 20 lumens and if they did moved them to a hardcoded wallet address. The attack comes after a series of social engineering attacks targeting the ever-growing crypto market.

Exchange EtherDelta suffered from a similar attack late last year caused by a DNS Hijacking. That attack was reported to be smaller with the attacker gaining just $250,000 worth of ether.

Much like the EtherDelta attack, the attacker appears to have been laundering money to a bittrex address which likely exchanged it for other tokens and further obscured the identity of the attacker.

How the Attack Unfolded

The attack appears to have been a phishing attack aimed at the blackwallet.co’s……..

Source: Another Crypto Wallet Hack Sees Theft of $400,000 in Stellar Lumens

This is crucial and should not be ignored and surely it is a necessity for MyCDApp team to research and post this on time to save crypto community and especially NewB.

First lets start this way:

What is Ether?

It is the token used in Ethereum Blockchain and needed to pay for GAS fee when sending out Ether or any Ether ERC20 tokens from one wallet to another. Check the dictionary section of our App for more info on Ethereum.

What is Ether Tokens?

Due to the fact that Ethereum allows the development of smart contract Apps on the Ethereum Blockchain, alot of startups have found this interesting and undoubtably helpful, easier and faster to deploy their projects on Blockchain and reduce the financial burden of building a blockchain from scratch, providing security, upgrades, patches and lot others.

This had help many to kick start their businesses on blockchain with less capital and focus majorly on their product/services and not merge it with the headache of maintaining a Blockchain itself. Check the dictionary section of our App for more info on ERC20 Token.

4 Ways To Secure Your Ether and Ethereum Tokens

Yeah, we aim to run you through four basic tested and proven ways to secure your Ethereum wallet especially if you only hold it in MyEtherWallet (MEW) for now.

As crypto coins/tokens are gaining value, they are also attracting unethical hackers always in look for ways to feed on others wallet unlawfully and sure anyone can easily fall a prey if not vigilant enough.

1) Be On Alert:

Indeed a lot may have told you that cryptocurrency money is easy and cheap to access but most times do remove the fact that you will need to stay at alert or you lose all you gathered in twinkle of eyes to unknown hacker(s) and most time 99% cases are non retrievable considering the fact that crypto is still at infant stage and largely unregulated.

To be on alert means you should not just buy into a coin/token and go to sleep awaiting to return later to catch profit -NO! You need to stick to latest information as regards to the coin/token, the exchange or wallet platform you hold it on and crypto community security updates generally.

For example, the day we plan to sell a token (now worth $1,500) via EtherDelta was the day it was hacked, fake website by hacker fixed up sapping users private keys had replaced the genuine ED and ultimately their funds flying off their account like birds off their nest. We got series of alerts from our alerts channels and that was the what stopped us from using the website that day, if not all our token will graciously be given to those hacker with ease. That’s precisely what it means to stay on alert in crypto community.

2) Bookmark/Crosscheck Every Website:

Yeah, this might sound unrealistic but if your portfolio is less than $1,000 you can do anyhow with it but if more than that you will need to take caution. You simply bookmark the original verified website and always recheck once loaded to make sure you are not on copied version.

For example while this article was been compile, we got alert of a duplicate of Bitconnectx ico website (please we are not advertising bitconnectx ICO here but we need to use live example so you know this article is not just to gather popularity or readership but to protect every crypto community member that will read and implement it). The original website url of the ICO is Bitconnectx.com and the fake is xbitconnect.com, both websites have same design but little things like the ICO timer makes the different but that is only for observers, some may have falling prey even as we are discussing this here.

This does not stop on the website alone, always do same for every addresses you are sending coin/token too. At least try to cross check the first and the last six digits before you click the send button because some software now auto change copied address before you paste it if your device has been infected with their malicious software.

3) Use Double layer confirmation platforms

Do you every wonder why most platforms are now making it mandatory to have Two-Factor Authentication (2FA) on your exchange or wallet account? Yeah, its simple – The more layers placed on your wallets before it could be access, the more secured it becomes and for any to access it means it was a clean, well planed and schemed hacking specifically on your own account not just general hacking if you have all those security layers activated.

For example if you open Binance exchange account, you can deposit but before you withdraw you need at least your 2FA activated. After activation, you try to withdraw and then get the following layers of security.

(1)Login password – (2)enter 2FA code – (3)access to account – (4)request withdrawal – (5)enter 2FA code again – (6)open the verified email for the Binance account to approve the withdrawal – Then withdrawal successfully processed. You need atleast 6 solid layers to have your account wallet compromised and that makes if a bit more secured compared to just entering password and click withdraw and its done.

The same applies to MEW users, see how your Etheruem address on MEW works:

(1) Enter your Private Key on MEW – (2) Access to all features to withdraw Eth and tokens.

Did you noticed that, you only need your Private key and 100% access to your wallet is granted to you or hacker that may also have your key and do anything with your Ether balance and tokens. Yet a lot of newbie uses this platform due to the fact that its very compatible with ERC20 tokens and this article is not to condemn the platform (In fact we use it too) because they had been for long and one of the major platforms that made crypto attractive to newbies and for Airdrops but the security feature should not be ignored too and that posses danger to users.

So, lets now see how you can create some additional layers for yourself with your Ethereum address on MEW using the following;

i) Metamask: this platform gives you extra layer of security to your MEW wallet or you may just open your Ethereum account directly from there – it also supports ERC20 tokens like MEW. Let see how this works.

We are certain that most readers here already have MEW and looking for ways to make it more secured beyond the just one step full access explained above and we have the solution outlined below too.

1) Visit https://Metamask.io and follow their instruction on the website to install and setup your Metamask account via Chrome extension

2) Click the extension to create new account and import your MEW address to give it additional security

3) Henceforth don’t login into MEW or other platforms like EtherDelta, IDEX with your Private key again, instead locate option to login with Metamask and that gives you access to those platform full features without exposing your Private key anymore.

Once the steps above is done, see how the new security later added works

(1) Login with Metamask on MEW,Etherdelta,IDEX etc. – (2) Request withdraw of Eth or tokens – (3) Login To Metamask – (4) Approve the withdrawal request prompt with another opportunity to crosscheck that it is the transaction you initiated on other platforms and click Accept/Approve to complete it if not you press Cancel/Reject and the transaction will automatically fail on the other platforms where transaction was initiated.

Now if you crosscheck, Metamask has helped to add additional 2 extra layers of security to your account, first preventing easy access to your Private key unlike when you enter it directly and secondly giving you the power to control what transaction is allowed on your account.

ii) BLUE: Yeah if you have came across a token called EthereumBlue, you still mean the same. You may also been lucky to have gotten 1,000 to 10,000 of BLUE free via their Airdrop about 3 months ago. They are finally coming out strong and we can say this platform is doing strong has we have been following them since the Airdrop done.

They are really doing their best to keep crypto community safe and fight it hard and openly against coin/token developers with questionable features hidden in their codes and user interface.

Blue finally released their wallet alternative to Metamask (still in public beta with less fatures activated) which also helps to give added security to your existing MEW wallet or you can just open a fresh Ethereum address with them via their Chrome extension as they support ERC20 token too and also translate GAS value to dollar to make it easily readable before you send your Ether or ERC20 tokens..

Visit https://www.etherblue.org/wallet to get started with BLUE.

4) Diversify your portfolio

Its time to round this up before you get bored and lets close it with diversification of crypto portfolio. Following the above keeps you safe but it does not guarantee that hackers can not penetrate via one way or the other new ways yet to be known (remember hacker(s) can even be your close pals offline whom have access to where you store your backup offline and could break all odds above with ease).

Thus, another way to play safe in crypto is diversification, once your portfolio worth $1,000 above, don’t keep everything in one coin/token, spread it to two, three, four, five upto seven coins/tokens and do not have them all in one wallet even if they are all Ethereum based (which is not advisable, spread your investments outside Ethereum coins/token too for more safety).

If eventually one platform, exchange or wallet get hacked and you stand to lose your fund, diversification will safe you from complete wretch from crypto world.

Wahooo, thats a long epistle, but we hope it helps some of our users and you can download our App if you don’t have it yet, use and send feedback and also share with friends and family.

We await your feedbacks and comments

Regards!

MyCryptoDictionary Team

Most exchanges now makes it mandatory to have your 2FA authentication activated for added security and protection of unauthorized access to your fund on their platform but things can equally get out of hands when you lost your device or could no longer remember your secret key to reset the Two-Factor Authentication. This article will be of help to you.

Resetting Two-Factor Authentication

 

We have written a post previously as explained by one of the exchanges Binance and that could help. Thus, Click Here Now To Read It!

Wahooooooooooooooooooooooooooooo its indeed worth saying Happy New Month and Year to all MyCD App community.

We launched just about 3 weeks ago and you are really giving us more reason to push further based on feedbacks and increasing download and install rate of the App.

Once again we wish you the best of New Year 2018

Don’t forget to recommend our App to every of your Crypto friends, they will surely thank you for it.

Also send your feedback for us to incorporate as we plan to release new version in Quarter1 of 2018 and if you want your ads on the dictionary section of the App and our blog Kindly click here

THANK YOU

MyCDApp Team

 

According to researchers at the cyber security firm Trend Micro a malware called Digmine infects Facebook’s instant messenger to harness the CPU’s power to mine Monero. Monero is an altcoin that is based on an anonymous blockchain.

Digmine comes to the victim as a video file sent from someone in their friend’s list, making it appear legitimate. Hacker’s will also be able to gain access to the victim facebook profile and their list of friends in order to spread the malware further. – Crytocoinmastery

Thus beware how to click links from Facebook messenger henceforth

Korean prosecutors have reportedly filed charges against several individuals associated with Mining Max, US-based cryptocurrency mining firm allegedly behind a major cryptocurrency mining scam.

According to a report by Korean publication Yonhap, authorities at the Incheon District Prosecutors’ Office have indicted 21 individuals suspected of being associated with Mining Max LLC, a US-based firm, on charges of fraud and allegedly soliciting 270 billion won (approx. $250 million) from investors across the world for an Ethereum mining operation promising large returns. Three others have been indicted without detention for embezzlement and other charges.

Mining Max presents itself as the developer of “premium cryptocurrency mining” machines headquartered in California. “All of the mining rigs are assembled and maintained in our Internet Data Centers (IDC) in Korea,” the company claims on its website.

The allegedly sweeping scam also entails seven other Korean and foreign nationals, now on Interpol’s wanted list, of being associated with Mining Max and blotching results that purported to mine more Ethereum than the operation actually did.  The scam unraveled when the company was not longer able to make sufficient returns from its ‘mining’ operation, presumably in its dividends to new investors.

Altogether, prosecutors allege that the suspects pocketed a significant portion of the $250 million, amassed from roughly 18,000 investors in 54 countries between September last year and October this year.

Source: $250 Million Ethereum Mining Scam? Korean Prosecutors File Charges

If you haven’t heard the news yet, EtherDelta was subject to a phishing attack on its DNS server yesterday.  A hacker compromised the EtherDelta website, supplanting it with a copycat version of the popular Ethereum exchange.  When the dust settled, the culprit stole away with 305 ETH, valued at over $244,000, and bag-full of ERC20 tokens.

This makes Ether Delta the latest to join an infirmary of exchanges plagued by hacking attacks in 2017. Earlier in the year, Bithumb lost hundreds of millions of won, and after recovering from an attack in April, Youbit had to terminate operations after losing 17% of its funds in a hack earlier this week.

Smart Contracts, Decentralization Ensure Damage Control

Unlike Youbit, EtherDelta managed to scrape by relatively unscathed in its own hacking run-in.  Users have decentralization and smart contracts to thank for that.

Typical exchanges (Bithumb, Bittrex, Binance, and the like) are centralized, trusted, and operate much like a bank.  When you use one of these services, you trust the exchange to manage the private keys of your accounts for you, and assets are purchased and distributed on an IOU basis through the exchange’s reserve.  The exchange holds all funds for its customers until they want to withdraw them from the exchange, at which time the exchange relinquishes the private keys to its users and debits them with the corresponding account balance.

EtherDelta, on the other hand, is trustless.  Everything on the exchange is peer to peer, and EtherDelta itself does not manage user funds–it only provides a platform to facilitate trading.  As a result, users are completely in charge of their own keys.  They import them onto the exchange either by inputting the key manually or syncing EtherDelta with a Ledger Nano S or Meta Mask browser wallet.  Once uploaded, users manage their keys using Ethereum-powered smart contracts.

These smart contracts and EtherDelta’s trustless decentralization are the reason the hacker had to go to the lengths he did to pull off the heist.  If the culprit went after, say, Bittrex, s/he would only need to tap into the exchange’s hot wallet reserve to nab individual keys.  With EtherDelta, there is no reserve, so to access private keys, the hacker had to use a phishing scam to trick users into exposing them.  Once a user input private keys onto the fake website, they handed over what the hacker couldn’t have accessed otherwise.

This is why any funds being held on the exchange’s smart contracts went untouched.  It’s also why funds managed with a Ledger Nano S or Meta Mask wallet, which hold your private keys for you, would have been safe at the time of the attack.  The hacker would have only been able to steal keys that he could key log from manual inputs on the malicious site.  In redirecting website traffic, the hacker only hijacked EtherDelta’s domain name, not the exchange itself or its smart contracts.

EtherDelta can’t chalk this attack up as a win, but had this been a conventional exchange, the losses would have been much more substantial…..

Source: The EtherDelta Hack Hurts, but It Could Have Been Worse

Adds links to strings that look like Ethereum addresses to your favourite blockchain explorer.

It also tries to protect you from being phished by checking a domain blacklist that is constantly being updated.

EAL will also show you a popup container (non-intrusive) detailing the ETH balance of an address, the number of transactions going OUT, and if the address is a smart contract – The RPC node is managed by https://quiknode.io, so mega-thanks to those guys!

Currently in BETA phase.
Push issues to https://github.com/409H/EtherAddressLookup

CLICK HERE TO INSTALL EtherAddressLookup IN CHROME