Feb 2, 2022 | Episodes
Hacking the World with Mohsan Farid
Are you secure in your cryptos? How do you know? The world is a crazy place full of hackers and ne’er do wells just looming in the shadows trying to take your cryptos and take all your crypto treasure, while trying to avoid jail.
Sometimes, the black hat hackers turn into good white hat hackers who help look for vulnerabilities in various systems… and they get paid a bounty of treasure AND they don’t go to jail.
In episode 584, we talk with Mohsan Farid, a senior penetration specialist, and founder of LedgerOps, a blockchain cybersecurity service provider.
We discuss all things cybersecurity, Cyber Polygon, NSA’s creation of Bitcoin, and the latest threat to crypto users.
Ways to Connect with Bad Crypto
SHOW SPONSORS
Brave Wallet is the first secure crypto wallet built natively in a web3 crypto browser. No extension required. Store, manage, and grow your portfolio, get NFT & multi-chain support, and more. Download the Brave privacy browser at brave.com/badcrypto and click the wallet icon to get started.
What’s a crypto wallet?
Learn the basics of crypto wallets: How to use them to buy cryptocurrency on a trading platform or exchange, and send, receive, and store other crypto assets.
Brought to you by:
Brave and Brave Wallet are built by a team of privacy-focused, performance-oriented pioneers of the web. Brave was co-founded by Brendan Eich & Brian Bondy. Brendan Eich is the creator of Javascript and was a co-founder of Mozilla Firefox.
FEATURED GUEST
Mohsan has over 12 years of experience in cybersecurity. He’s run the gamut in the penetration testing space – a consultant for Rapid7, tester for numerous federal agencies, mobile applications pentester for HP, and pentester at numerous Fortune 500 companies. He’s also provided exploits to the Metasploit framework as well as contributed to several open-source projects.
CONNECT:
Disclaimer
Sep 8, 2020 | Blog
Why You Should Understand the Challenges of Storing Your Cryptocurrency
Guest Blog By: Andrew Rossow, Esq.
Even more than a decade into the evolution of blockchain, cybersecurity remains one of the most pressing concerns as we continue to twiddle our thumbs amidst the COVID-19 pandemic.
Across the entire blockchain sector, cryptocurrency users have lost a combined total of over $13 billion in over 290 separate hacks, according to Slowmist, a security firm which tracks similar attacks and associated losses across the entire blockchain sector.
While smart contract vulnerabilities and 51% attacks account for some of these losses, the biggest targets by far are exchanges and wallets. Malicious parties have made off with no less than $11 billion worth of crypto over the years.
Exchanges are a well-known point of weakness for the cryptocurrency community. Since the now-infamous Mt. Gox attack in 2014, exchange hacks have become an almost regular occurrence, as hackers grow ever-more sophisticated in their attempts to wrest control of exchange wallets.
Earlier this year, security firm Chainalysis outlined how Lazarus Group, a cybercrime syndicate with links to the North Korean government, had staged an elaborate phishing attack on Singaporean exchange DragonEx.
The group went as far as creating a website and social media profiles for a fake company purporting to sell trading bots. Representatives managed to convince a DragonEx employee to install the “bot,” which was actually malware, on a company computer. From there, it was easy enough for them to steal the private keys for the exchange’s wallet.
The all-too-common nature of exchange attacks is one reason that most crypto users advocate keeping funds on your own wallet. However, as the stats from Slowmist show, this isn’t necessarily any more secure. In fact, over half of all stolen crypto came from attacks on wallets.
Vulnerabilities with Hot and Cold Wallets
Online hot wallets generally offer a superior user experience to cold storage, and for frequent transactions, they’re far less cumbersome than cold hardware wallets. For a full explanation between the two, you can read my 2018 Forbes article “What Dr. Seuss Can Teach Us About Bringing Cybersecurity onto the Blockchain.”
At that time, MyEtherWallet users found that their connections to the MyEtherWallet website were intercepted and redirected to another URL–only to discover the cause resulted from a domain name server attack, according to a previous CoinTelegraph report. As soon as users logged into what they believed to be the legitimate website, the funds in their wallet accounts were immediately hijacked and sent to an unknown address (obviously not theirs and without their consent).
Point being, the very nature of hot wallets, as an online means of storage, makes them more vulnerable to attacks, which is why (and despite their inconvenience) most experienced crypto users advocate the use of cold wallets. Common wisdom dictates that if the wallet isn’t connected to the internet, it’s more secure against attackers.
Nevertheless, hardware wallets are not infallible. In 2018, a 15-year old researcher managed to find a critical security vulnerability in Ledger’s Nano S wallet, an extremely popular device. The researcher found that it would be possible for a bad actor to interfere with the wallet’s firmware while it’s still moving through the supply chain, before it even arrives with the customer.
The vulnerability means that someone could change the recovery seed, meaning they could access any digital assets stored on the device.
Trezor wallets, the biggest rival to Ledger’s consumer hardware wallets, have also been exposed as insecure. As the coronavirus began to reveal itself back in January of this year, security researchers at Kraken around the same time, found a way to extract recovery seeds from two of Trezor’s devices.
Is There Any Hope for Crypto Security?
Exchanges are starting to realize that perhaps the same wallets used by everyday crypto enthusiasts aren’t necessarily as robust as what’s needed for storing millions of dollars worth of digital assets.
Advances in secure multi-party computation mean that exchanges now have access to superior technology for safeguarding digital assets. Private keys can be split into separate portions, encrypted, and distributed among different parties or servers to remove the single point of weakness. A service such as Curv offers institutional-grade sMPC wallets, meaning signed when all parties come together with their respective encrypted portion of the key.
However, individual users are mostly still left out in the cold from these developments. It’s a gap that Ruben Merre, CEO and co-founder of NGRAVE, is addressing. Merre came to the blockchain space from the traditional fintech space after realizing that most crypto users get a raw deal from the security and usability perspective.
After all, many still depend on writing down their private keys with a pen and paper. Merre and his fellow co-founders have been developing a three-layered wallet solution that can claim to be both completely secure, and yet still improve the user experience.
The NGRAVE offering comprises a hardware wallet device called ZERO that never needs to go online or connect to any other online machine. The seed key for the device is stored on a two-part stainless steel sheet, of which both parts are needed to read the key. Finally, an app uses one-way QR codes to enable wallet transactions to or from the wallet device. According to Merre, “offline is the new online,” with the NGRAVE suite of products dubbed “the coldest of cold storage.”
Don’t Get Caught Out
Any cybersecurity specialist will tell you that it’s a game of cat and mouse. No sooner has the technology caught up with the hackers, than they will attempt to find new ways to breach the defenses.
However, the best advice for exchanges and individual users is to keep up with advances in digital asset security as much as possible. Using outdated hardware or software is only making life easier for attackers. By ensuring that you’re using the most up-to-date security methods, you stand the best chance of remaining one step ahead of the hackers.
GUEST BLOGGER:
Andrew L. Rossow is a millennial attorney, law professor, entrepreneur, writer, and speaker on privacy, cybersecurity, A.I., AR/VR, blockchain, and digital monies. He has written for many outlets, most notably Forbes and HuffPost
Connect with Andrew on LinkedIn
Aug 30, 2020 | Episodes
Crypto Securities and Taxes with Del Wright
There may be a lot wrong with the world. But there’s also a lot that’s right. For example, there’s Travis Wright. And there’s also Del Wright.
A professor of Law at the UMKC School of Law, Del teaches in the areas of finance, business, securities, crypto, and tax. His current research focus is crypto and the regulation of blockchain technologies. He’s also the author of a book titled “A short and happy guide to Bitcoin, Blockchain and Crypto”
Ways to Connect with Bad Crypto
SHOW SPONSOR
This Episode is Sponsored by: DIVI
Divi is a cryptocurrency app that makes it easy to earn, transact, and store cryptocurrency. Divi is the first cryptocurrency ecosystem powered by masternodes that can be installed in one click. With Divi's MOCCI (Masternode One-Click Cloud Installer), users can begin earning cryptocurrency at the click of a button, without the arduous setup process. The network's Smart Wallet enables users to easily store and transact their earned cryptocurrency with the luxury of a simple, intuitive interface. Divi was created by The Divi Project: a team committed to reducing the friction tax of cryptocurrency through UX and UI.
FEATURE
Prof. Del Wright, Associate Professor of Law, UMKC School of Law
Professor Wright joined the UMKC School of Law faculty in 2017, and teaches in the areas of finance, business, securities, crypto, and tax. His current research focus is crypto and the regulation of blockchain technologies. His scholarship has explored the intersection of governance, tax and finance, and he has had articles published in the Virginia Tax Journal, The UMKC Law Review, The Akron Law Review, The Arizona State Law Journal and BNA. In addition to scholarly articles, he is the author of A Short & Happy Guide to Bitcoin, Blockchain, and Crypto, available spring 2020 from West Academic, and is currently working on Blockchain and Crypto in a Nutshell, which should be available spring 2021, also from West Academic.
Before becoming an academic, Prof. Wright: enjoyed prosecuting white-collar and organized crime cases with the U.S. Department of Justice; opined and helped manage complicated transactions with Skadden Arps; created and structured complicated derivatives and other financial weapons of mass destruction with Bank of America, and managed and sometimes litigated a bunch of tax cases.
Before starting his career, Prof. Wright earned a Master in Public Policy degree from Harvard’s Kennedy School of Government, focusing on financial policy and regulation, and a Juris Doctor from The Law School at the University of Chicago (the capital “T” is their idea). Before graduate schools, he completed his undergraduate degree at the University of Maryland (Go Terps!).
In addition to his scholarly activities, Prof. Wright has also served on the Indiana Supreme Court Committee on Rules of Practice and Procedure and as Assistant General Counsel to the National Bar Association, the nation’s oldest and largest national association of predominantly African American lawyers and judges. In his free time, he consults with entrepreneurs, referees basketball, football, and sometimes soccer, and, when time permits, trains for triathlons and other events to slow the aging clock. Prof. Wright is also an ardent supporter of the best fútbol team on the planet, F.C. Barçelona.
A short and happy guide to Bitcoin, Blockchain and Crypto
NFT Day replay
Disclaimer
Aug 23, 2020 | Episodes
Security Token Offerings with Alex Nascimento
First, we had ICOs. Then we had IEOs. Now we have STOs. And some of you may need to see a doctor about that STD. The method for bringing cryptocurrencies to investors has changed throughout the years, and it’s important to keep up.
That’s why we’ve invited Alex Nascimento, faculty member & Co-founder of Blockchain at UCLA, to join us for a discussion on blockchain business applications and security token offerings. It doesn’t sound sexy but come with us, along for the ride you can consider this interview foreplay.
Which brings us back to those STDs. Seriously. See a doctor. And don’t forget to practice safe listening for this episode #438 of The Bad Crypto Podcast.
Ways to Connect with Bad Crypto
EPISODE SPONSORS:
This Episode is Sponsored by: DIVI
Divi is a cryptocurrency app that makes it easy to earn, transact, and store cryptocurrency. Divi is the first cryptocurrency ecosystem powered by masternodes that can be installed in one click. With Divi's MOCCI (Masternode One-Click Cloud Installer), users can begin earning cryptocurrency at the click of a button, without the arduous setup process. The network's Smart Wallet enables users to easily store and transact their earned cryptocurrency with the luxury of a simple, intuitive interface. Divi was created by The Divi Project: a team committed to reducing the friction tax of cryptocurrency through UX and UI.
FEATURE:
Alex Nascimento
Alex Nascimento, MA, MBA is an author and faculty member & Co-founder of Blockchain at UCLA where he lectures on Blockchain Business Applications and Security Tokens in addition to his role of Managing Director of 7CC – Blockchain Investments, a company focused on supporting & fostering the Blockchain industry. Alex got his MBA from UCLA Anderson School of Management and has developed training, marketing & blockchain strategies for companies in the United States, Latin America, and Asia. Alex can be found lecturing at UCLA and speaking at main Global Blockchain conferences and Corporate events demystifying securities issuance and investments on the blockchain for business leaders and entrepreneurs.
Download the ebook here ➡️ www.TheSTOfinancialRevolution.com – use FREE code: STOBOOK-BAD (all caps) and feel free to share this with anyone you feel would benefit.
Disclaimer
Aug 16, 2020 | Episodes
Avoiding Crypto Scams with Julia Baranovskaya, NDAX
Fraud. Scam. Sham. Flim-flam. There’s no shortage of bad people seeking to cause harm to unsuspecting consumers and businesses by stealing their identity and their finances. Of course, that includes avoiding crypto scams.
In episode 436, we focused on how to avoid various types of scams and we’ve got an expert on board to help us navigate it all. Julia Baranovskaya of NDAX has the 411 on this space and you don’t want to miss any of it. This information may save you or a loved one from experiencing great loss.
We’re also pleased to announce that we will be hosting an emceeing a live virtual event focused exclusively on the digital collectible world. We’ll be joined by our friend and business partner Jeremy Born of Coingenius to discuss the upcoming NFT Day 2020.
Ways to Connect with Bad Crypto
SHOW SPONSOR
This Episode is Sponsored by: DIVI
Divi is a cryptocurrency app that makes it easy to earn, transact, and store cryptocurrency. Divi is the first cryptocurrency ecosystem powered by masternodes that can be installed in one click. With Divi's MOCCI (Masternode One-Click Cloud Installer), users can begin earning cryptocurrency at the click of a button, without the arduous setup process. The network's Smart Wallet enables users to easily store and transact their earned cryptocurrency with the luxury of a simple, intuitive interface. Divi was created by The Divi Project: a team committed to reducing the friction tax of cryptocurrency through UX and UI.
FEATURE: Julia Baranovskaya, Chief Compliance Officer NDAX.io
Julia Baranovskaya is the Chief Compliance Officer at the National Digital Asset Exchange (NDAX) in Calgary Alberta. Julia is a co-founding team member of NDAX and has worked alongside talented individuals for the last 3 years to build the company from concept to creation.
Julia is deeply involved in daily operations at NDAX and is responsible for implementing a robust compliance program and ensures adherence to all applicable rules. Her mission is to work closely with regulators to bring appropriate regulations for virtual currency markets, prevent the use of cryptocurrencies in money laundering, and combat fraud.
Before joining NDAX, Julia worked in several IIROC-registered firms including CIBC Wood Gundy and Altacorp Capital where she held positions including Compliance Officer. The combination of her legal and compliance background, sparked by her entrepreneurial spirit (she found a small agricultural operation in Kursk, Russia at the age of 17) drew her to blockchain and the digital asset class.
Julia is a member of the Association of Certified Fraud Examiners and anticipates certification by the end of 2020. She has completed many Canadian Securities Institute courses including Branch Manager, as well as Partners, directors, and officers Courses among others, and received a Certificate in Investment Dealer Compliance. Julia attended the Faculty of Law at the Institute of Economics and Law in Kursk Russia and is currently enrolled in the Bachelor of Economics program at the University of Calgary.
Julia is active in the community and has been volunteering at the Foothills Hospital Auxiliary since 2003, where she holds the position of Treasurer. In her spare time, Julia participates in multiple fundraising efforts for numerous causes, travels, and spends time with her family.
FEATURE: CoinGenius
Jeremy Born is a digital strategist and avid Blockchain enthusiast focused on disruption. I have a specific interest in leveraging AI and machine learning to help solve complex business problems and for predicting outcomes of various alternative assets including Bitcoin.
CoinGenius is an advanced intelligence and analytics platform specifically intended for cryptocurrency traders. Our sophisticated artificial intelligence and machine learning algorithms will empower crypto traders with the most vital information needed to make sound investment decisions in real-time.
Bringing transparency to the cryptocurrency community through advanced market intelligence
A one of a kind event all about the history, creation, and implementation of Non-Fungible Tokens (NFT’s) & Digital Collectibles. Completely virtual, open to the world. Learn more here.
Disclaimer
Recent Comments