Seed phrases, a random combination of words from the Bitcoin Improvement Protocol (BIP) 39 list of 2048 words, act as one of the primary layers of security against unauthorized access to a user’s crypto holdings. But, what happens when your “smart” phone’s predictive typing remembers and suggests the words next time you try to access your digital wallet?
Andre, a 33-year-old IT professional from Germany, recently posted on the r/CryptoCurrency subreddit after discovering his mobile phone’s ability to predict the entire recovery seed phrase as soon as he typed down the first word.
As a fair warning to fellow Redditors and crypto enthusiasts, Andre’s post highlighted the ease with which hackers can use the feature to drain a user’s funds just by being able to type the first word out of the BIP 39 list:
“This makes it easy to attack, get your hands on a phone, start any chat app, and start typing any words off the BIP39 list, and see what the phone suggests.”
Speaking to Cointelegraph, Andre, otherwise known as u/Divinux on Reddit, shared his shock when he first experienced his phone literally guessing the 12-24 word seed phrase. “First, I was stunned. The first couple words could be a coincidence, right?”
As a tech-savvy individual, the German crypto investor was able to reproduce the scenario wherein his mobile phone could accurately predict the seed phrases. After realizing the possible impact of this information if it went out to the wrong hands, “I thought I should tell people about it. I’m sure there are others who also have typed seeds into their phone.”
Andre’s experiments confirmed that Google’s GBoard was the least vulnerable as the software did not predict every word in the correct order. However, Microsoft’s Swiftkey keyboard was able to predict the seed phrase right out of the box. The Samsung keyboard, too, can predict the words if “Auto replace” and “Suggest text corrections” have been manually turned on.
Andre’s initial stint with crypto dates back to 2015 when he momentarily lost interest until he realized he could buy goods and services using Bitcoin (BTC) and other cryptocurrencies. His investment strategy involves purchasing and staking BTC and altcoins such as Terra (LUNA), Algorand (ALGO) and Tezos (XTZ) and “then dollar-cost averaging out into BTC when/if they moon.” The IT professional also develops his own coins and tokens as a hobby.
A safety measure against possible hacks, according to Andre, is to store significant and long-term holdings in a hardware wallet. To Redditors across the world, he advises “not your keys not your coins, do your own research, don’t FOMO, never invest more than you are willing to lose, always double-check the address you are sending to, always send a small amount beforehand and disable your PMs in settings,” concluding:
“Do yourself a solid and prevent that from happening by clearing your predictive type cache.”
Blockchain security firm PeckShield warned the crypto community about a large number of phishing websites targeting users of the Web3 lifestyle app STEPN.
As Cointelegraph recently reported, based on PechShield’s findings, hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users.
Access to seed phrase guarantees complete control over the user’s crypto funds via the STEPN dashboard.
Now his head coach Steve Kerr says the same thing — Payton II is built for the playoffs. He will be faced with a huge task in the second round of the playoffs as he will have to guard Memphis young superstar Ja Morant.
“Gary, I think, is a player built for the playoffs,” Kerr said, per Kendra Andrews.
Gary Payton II will see plenty of Ja Morant, as well as others, Kerr says.
“Gary, I think, is a player built for the playoffs.”
The Phoenix Suns will have to pay a fine of $25,000 for violating NBA injury reporting rules. Specifically, the number one seed in the Western Conference, failed to disclose Devin Booker’s participation status in an accurate and timely manner prior to Game 6 of the first round series against the Pelicans.
Before this game Booker had missed three games of the series due to a sprain in his right hamstring. He did make a return in Game 6 and played 32 minutes during which he scored 13 points.
The Suns won the game and eliminated New Orleans. They will now face the Mavericks in the second round series.
Dr. Anthony S. Fauci, the government’s top infectious disease expert, opted against going to the dinner because of the obvious danger. Organizers required all guests to be vaccinated, boosted and test negative before attending, although few wore masks besides the serving staff. As a concession to the potential peril, Mr. Biden, who at 79 is in a high-risk age group, skipped the dinner and came only for the speaking portion of the evening.
But his presence was meant to represent a return to normalcy after Mr. Trump’s war on the news media. While Mr. Biden, like other presidents, has complained about his coverage, sometimes snapping at reporters who ask questions he does not care for, aides said he intended his decision to attend to be a reaffirmation of his support for a free press.
“The free press is not the enemy of the people,” Mr. Biden said. “Far from it. At your best, you’re guardians of the truth.” He cited in particular those who have given their lives reporting from the battlefields of Ukraine, a reminder, he said, of the importance of journalism.
Still, the president gently chided journalists, urging them to avoid sensationalism and trivialization. “The First Amendment grants a free press extraordinary protection,” he said, “but with it comes, as many of you know, a very heavy obligation to seek the truth as best you can, not to inflame or entertain but to illuminate and educate.”
“There’s incredible pressure on you all to deliver heat instead of shed light,” he said, adding, “American democracy is not a reality show.”
The correspondents’ association made a point of adding a serious note to the evening’s festivities by honoring two Black female pioneers of the White House press corps, Alice Dunnigan and Ethel Payne, who were two of only three African American journalists regularly reporting on the White House in the 1950s. It also paid tribute to journalists killed in Ukraine and singled out the family of Austin Tice, a reporter who was abducted in Syria in 2012.
But the event otherwise resumed its status as Washington’s premier exercise in excess, bracketed by days of fancy, expensive, alcohol-filled parties held across the city late into the night, bringing members of the political class together with the journalists who cover them and the occasional fixtures of Hollywood, Wall Street and other American institutions.
The recent European Union proposal requiring centralized crypto exchanges and custodial wallet providers to collect and verify personal information about self-custodial wallet holders shows the dangers of recycling traditional finance (TradFi) rules and applying them to crypto without appreciating the conceptual differences. We can expect to see more of this as countries look to implement the Financial Action Task Force (FATF) Travel Rule, initially designed for wire transfers, to transfers of crypto assets.
The (missing) link between self-custody, control and identity
The aim of the proposed EU rules is “to ensure crypto-assets can be traced in the same way as traditional money transfers.” This assumes that each self-custodial wallet can be linked to someone’s verifiable identity and that this person necessarily controls the wallet. This assumption is wrong.
In TradFi, a bank account is linked to the verified identity of its holder, giving them control over that account. For example, sharing your online banking details with your partner doesn’t make them the account holder. Even if your partner changes the login details, you can regain control by proving your identity to the bank and having it reset the details. Your identity gives you ultimate control which cannot be permanently lost or stolen. Of course, in exchange for the bank’s custody protections, you lose self-sovereignty over your assets.
Self-custody of crypto assets is different. Control (i.e., the ability to transact) over the self-custodial wallet is held by whoever has the private keys to that wallet. Control is not linked to anyone’s identity and there is no one to prove your identity to. All you need is to download a piece of software and safely store your private keys. In exchange for this responsibility, you maintain self-sovereign ownership.
Implementing the proposed rules
Let’s look at how a custodial wallet provider would go about complying with the EU proposal. Assume that Alice wants to send 0.3 Ether (ETH) from her custodial wallet account to Bob’s self-custodial wallet to pay for Bob’s consulting services. Before the transfer goes through, the custodial wallet provider would have to 1) collect Bob’s name, wallet address, residential address, personal identification number, and date and place of birth; and 2) verify the accuracy of these details. Broadly the same details would be required for a transfer from Bob’s wallet to Alice’s custodial wallet account. Alice would likely need to ask Bob to send her his details, and Alice would then provide them to the custodial wallet provider — as recently recommended by a custodial wallet provider in a similar context.
The rules would apply even to the smallest transactions — there is no minimum threshold. Custodial wallet providers would conceivably also need to withhold incoming transfers (creating greater custody risks) and return them to the self-custodial wallet if the verification is unsuccessful.
Identity does not equal control, making compliance impossible
While collecting data and potentially withholding incoming transfers is operationally cumbersome, the verification obligation risks are potentially outright impossible to comply with. In TradFi, the point of identity verification is to ensure that the person controlling a bank account and claiming to do so is the same one. But how could the custodial wallet provider fulfill the verification obligation if control over Bob’s self-custodial wallet does not depend on his identity?
Even if the custodial wallet provider managed to confirm that Bob is the person he purports to be, this doesn’t mean that he controls the wallet. It could be controlled by a decentralized autonomous organization that redistributes payments to members like Bob or a criminal group, with Bob merely being their money mule. There is no third party to prove Bob’s identity to in order to transact — whoever controls the private keys is the “bank.”
Exposing legitimate users to disproportionate security risks
Let’s assume that custodial wallet providers manage to comply with the proposed rules, or a less stringent version of them that does not require verification. Custodial wallet providers would need to keep large databases of self-custodial wallet users, exposing users to the risk of data breaches. For legitimate users, i.e., those who declare their true identity and also actually control the related self-custodial wallet, this risk has far greater consequences than TradFi data collection (e.g., FATF’s Travel Rule for wire transfers).
In TradFi, if a criminal compromises someone’s bank account or card, they wouldn’t get very far because the bank can block the account. By definition, self-custodial wallets lack this feature. Self-sovereign ownership, secured through cryptography and the user’s own vigilance, is seen as an advantage by tens of millions of users worldwide, including those who are excluded from the banking system. However, self-sovereignty presumes personal privacy.
Once privacy is compromised — for example, by hacking the custodial wallet provider’s database of self-custodial wallet users — users are left exposed to an unfair level of risk compared to TradFi. Knowing someone’s name, address, date of birth and ID number, together with their on-chain activity, would make it easier for criminals to launch highly personalized phishing attacks, targeting users’ devices to retrieve private keys, or blackmailing them, including threats to physical safety. Once private keys are compromised, the user irreversibly loses control over their wallet.
Since criminals will find ways around the rules — for example, by running their own nodes to interact with the blockchain without ever having to rely on custodial wallet providers or self-custodial wallet software — it will only be the legitimate users who will have to bear these security risks.
Inconsistencies with EU’s own policy framework
Security aside, the proposal raises broader privacy concerns. The reporting obligation would clash with General Data Protection Regulation (GDPR) principles such as data minimization, which requires that collected data are adequate, relevant and limited to what is necessary for the purpose of collecting them. Ignoring for a moment the argument that data collection serves little purpose, given the missing link between self-custodial control and identity, it’s hard to see — even by TradFi’s standards — how someone’s residential address, date of birth and ID number is relevant or necessary for making a transfer. While banks regularly keep such data about their account holders, you as the account holder don’t need to ask (and know!) these details when sending money or paying for a service.
It is also unclear for how long custodial wallet providers would need to store the data — under GDPR, personal data should be kept only for as long as necessary to fulfil the purpose of collection. Nor is it clear how users’ individual rights under GDPR such as the “right to be forgotten” and the “right to rectification” could be respected if their personal details are linked to their on-chain history, which cannot be altered.
The lack of any risk-based assessment or a minimum threshold (unlike the 1,000 euro threshold for fiat transfers) is also out of line with EU policy principles. The proposal seems to treat all crypto transfers with suspicion just because they involve crypto assets.
Now is the time to engage with policymakers
Faced with the prospect of developing costly compliance processes that would likely fail to effectively implement the rules, and risking penalties for non-compliance and potential data breaches, EU-based custodial wallet providers may decide to restrict transfers from and to self-custodial wallets altogether. They may also start servicing EU users from outside the EU. This sends bad signals to the crypto industry and risks discouraging tech talent and capital from the EU, similar to the recent departure of some crypto operators from the United Kingdom.
More users may also switch to peer-to-peer transactions and decentralized players to avoid the burdensome rules. While this could be beneficial for some users, the EU should encourage smooth interconnectivity between centralized and decentralized players and promote users’ freedom to choose how they want to transact.
The proposal has now moved to negotiations between the EU legislative bodies starting April 28, with the final text expected by the end of June. If the rule passes in its current form, there will still be a chance to review it within 12 months after its coming into force. However, we can’t rely on this — now is the time for the European crypto industry to coordinate and engage with policymakers. Instead of forcibly applying TradFi rules to a developing technology, we should promote outcome-based policies that allow the emergence of novel compliance solutions that respect how crypto works.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Natalie Linhart is a legal counsel at ConsenSys, where she advises on products including MetaMask, NFT experiences and institutional staking. She also focuses on European regulatory issues affecting the crypto industry. She previously worked as a financial regulatory and derivatives lawyer at Clifford Chance London, advising clients on launching financial products, accessing new markets and mitigating regulatory risks. She also worked on derivatives and debt capital markets transactions including at a global investment bank.
Still, the interest rates on the loans reflect the risk that they might not get paid back. The banks don’t hold on to the loans but sell them to other investors in the market, so if Twitter can’t pay its debts, Mr. Musk will either have to pay those investors, perhaps by selling more Tesla stock, or he could cede some part of his ownership of Twitter, diluting his stake.
Tesla had a market value of $902 billion as of Friday, but its shares have fallen by nearly 20 percent since Mr. Musk first revealed, in early April, that he had bought a big stake in Twitter. If Twitter’s finances go south, forcing Mr. Musk to sell more Tesla stock to pay Twitter’s debts or pledge more shares as collateral for his personal loans, it could put further pressure on Tesla’s stock price. Mr. Musk doesn’t take a salary from Tesla but is paid in stock that is released based on performance milestones that include the company’s share price.
Since Mr. Musk first disclosed his stake, the tech-heavy Nasdaq index has fallen more than 10 percent, making his offer appear even more generous. “It’s a high price and your shareholders will love it,” Mr. Musk said in a letter to Twitter’s board. Although the social media company’s stock had traded higher than Mr. Musk’s offer just six months ago, it slumped far below that price early this year and looked unlikely to return to those highs any time soon.
Mr. Musk has considered teaming up with investment firms in his bid to buy Twitter, which would reduce the amount of money he would personally have to invest. He could still partner with a firm or other investors like family offices to help raise cash, according to two people with knowledge of the discussions.
Thoma Bravo, a technology-focused buyout firm, has expressed willingness to provide some financing, but nothing has been decided yet. Apollo, an alternative asset manager, also looked at a possible deal where it would extend a loan on preferred terms.
If the deal math becomes unpalatable for Mr. Musk, he has an out: a breakup fee of $1 billion. For a man with an estimated fortune well over $200 billion, that’s a small price to pay.
“For what purpose, no one knows,” he said. “But thanks to these people and the operational work carried out, residents of the city of Melitopol — and not only Melitopol — will be able to observe again a large collection of Scythian gold.” He did not say when or where the artifacts would be displayed.
Ms. Ibrahimova, who spoke by phone, sounded despondent as she spoke about the Russian invaders.
“Maybe culture is the enemy for them,” she said. “They said that Ukraine has no state, no history. They just want to destroy our country. I hope they will not succeed.”
Scythian gold has enormous symbolic value in Ukraine. Other collections of the artifacts had been stored in vaults in the capital, Kyiv, before the war broke out. But Ms. Ibrahimova said events unfolded too fast for her museum to spirit out their collection.
For years now, Ukraine has been locked in a complicated dispute with Russia over collections of Scythian gold that several museums in Crimea had lent to a museum in Amsterdam. After Russia seized Crimea in 2014, Ukraine pleaded with the Amsterdam museum not to return the gold. Russia demanded the museum do just that. A court has ruled in Ukraine’s favor and the gold remains in Amsterdam.
But historians said the looting of the artifacts in Melitopol is an even more egregious attempt to appropriate, and perhaps destroy, Ukraine’s cultural heritage.
“The Russians are making a war without rules,” said Oleksandr Symonenko, a fellow of Ukraine’s Archaeology Institute and a Scythian specialist. “This is not a war. It is destroying our life, our nature, our culture, our industry, everything. This is a crime.”
The caretaker who refused to help the Russians was released on Wednesday after the gold was stolen. But on Friday she was taken away from her house at gunpoint again, Ms. Ibrahimova said, shortly after the mayor, who is also in exile, announced the theft.
Get those boots that are made for walking because Stagecoach 2022 is here.
The biggest country music festival of the year has arrived in Indio, Calif., and thousands of fans are experiencing three days of nonstop music, dancing and fun in the sun.
“There are so many pinnacles that as a country artist you dream of as a kid and headlining Stagecoach is truly a milestone moment for me,” Thomas Rhett told E! News as he kicked off the weekend at Camp Dos Primos. “I do believe that your dreams can come true. And I know that’s cliche, but I truly believe it.”
And for the record: His show ended up featuring his biggest hits and surprise guests including Ashton Kutcher, Jon Pardi and Hardy.
While fans can watch many of the performances on the official live-stream, E! News is keeping track of all the star sightings.
A piece of history that is associated with the legendary Black Mamba will be up for a much-anticipated bidding.
A game-worn rookie year jersey of the late great Kobe Bryant is set to hit an online auction from May 8 to June 4.
The said No. 8 Los Angeles Lakers apparel was suited up by Bryant in back-to-back home occasions from the 1996-1997 regular season – a game against the Utah Jazz way back April 13, 1997, and on April 17, 1997 versus the Sacramento Kings.
The basketball icon also donned the jersey in two postseason series games against the Jazz.
According to David Kohler of SCP Auctions, the gold gear of the hall of famer can range between $3 million and $5 million in the bidding war.
“We feel this could bring a record for any basketball jersey,” Kohler said, via Associated Press.
Kohler also noted that the anonymous seller of the jersey has kept the precious memorabilia for 25 years. He was approached by the said person after seeing an autographed rookie jersey of Bryant being sold for $3.69 million last year – the highest price that was ever recorded for a basketball jersey.
Kohler further provided that the item’s authenticity was verified by independent authenticators through photo-matching and comparing it to a 1997 trading card featuring Bryant wearing the jersey.
Bryant and eight other people including his daughter, Gianna, was announced dead in a tragic helicopter crash in Calabasas, California last Jan. 26, 2020. The five-time champion was recently named as a member of the NBA’s 75th Anniversary team.
The Golden State Warriors star guard Stephen Curry shared some of his thoughts on the Los Angeles Lakers forward LeBron James and the Brooklyn Nets forward Kevin Durant not being at this early stage of the playoffs:
“You’re still going to see those guys back, Bron, KD, all those guys you mentioned. It ain’t like they’re just going to ride off into the sunset either.”
Stephen Curry on LeBron James and Kevin Durant not being in this stage of the playoffs:
“You’re still going to see those guys back, Bron, KD, all those guys you mentioned. It ain’t like they’re just going to ride off into the sunset either.” pic.twitter.com/yNSW2XR6Yt
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
