How We Got Hacked and What You Can Do to Protect Your Crypto
Welcome to our blog, where we will tell you everything you need to know about the Cryptocurrency Capital (CryptoCap) hack that occurred on April 27th. We are also providing some valuable tips on how to protect your crypto assets in the future.
As an early adopter of cryptocurrencies, CryptoCap was always focused on expanding its crypto portfolio. On April 27th, an unknown hacker attempted a hack into our system. The hacker attempted to steal $1 million in Ether from the CryptoCap wallet. Luckily for us, this hack attempt failed due to our tight security measures and monetary loss was limited to only $500 worth of Ether. Our team is working with law enforcement officials to track down the hacker responsible for this crime.
We are happy to share that we have already recovered most of our lost funds and are working on recovering the remaining funds as well. In addition, we would like to inform you that all other assets belonging to CryptoCap were not compromised during this attack. The only fund that suffered a loss was our Ether fund and all other assets belonging to CryptoCap are safe and secure at this time.
Recently, we were hacked and lost about $150k. We are not alone — hackers have stolen billions of dollars from both exchanges and individual users over the past few years. However, it’s still rare for individuals to get hacked, so we wanted to write a blog explaining what happened to us so that other crypto-holders can learn from our mistakes.
It’s our hope that by sharing our story, we can help others better protect their digital assets. This post is written in two sections: 1) how we got hacked, and 2) how you can protect your crypto.
In February of 2017, one of us was a victim of a phishing attack. The attacker gained access to our email account and learned some secrets about our cryptocurrency accounts that allowed him to make off with a significant amount of our Ether (ETH). While we can’t do anything to recover those funds, we wanted to share our story and help others avoid the same fate.
We initially thought we were careful, but hindsight is 20/20. We took actions that seem obvious in retrospect but didn’t even cross our minds at the time. Since then, we’ve been researching how crypto wallets work and what kinds of security threats are out there. What we’ve learned is shocking: most people don’t realize how vulnerable their crypto assets are, and there’s very little information out there about how to protect them.
With the value of cryptocurrency reaching all-time highs, it’s more important than ever to educate yourself on the risks–and figure out how to minimize them. In this blog post, we’ll share our story and our tips for protecting your crypto.
This is a guest post by the team at cryptopayments.io. The following story details how they were hacked, what they did to protect themselves, and what you can do to protect yourself.
We are a company called Cryptopayments.io that provides cryptocurrency payment processing for websites and merchants. We are based in the UK and have been involved in the cryptocurrency space for a number of years now.
Last week we were hacked – but it wasn’t our servers or our database that was compromised, no, instead it was our domain name registration account that was hacked.
How did it happen?
It all started last Tuesday when we received an email from PayPal telling us that a payment had been made on our behalf for four years’ registration for the domain “cryptocarz[.]com”. The unusual thing about this email was that we didn’t ask for our domain name to be renewed.
At first we thought nothing of it – maybe someone on the team had just made a mistake? But then we looked into our PayPal account and noticed something strange: there were two payments pending to two different companies – one called “Domains By Proxy LLC” (the same as always) and the other called “DOMAIN NAME REGISTRAR SOL
Here at Cryptocap we are in the business of making crypto more accessible to everyone. We do this by educating anyone and everyone about the importance of crypto, what it is and why it matters. However, earlier this month we ourselves were hacked.
While we cannot share all of the details about how it happened, our goal with this post is to share what we experienced. Maybe you are also a victim of a hack and you have no idea how it could have happened, or maybe you are looking for ways to protect your assets, whatever the case may be we hope that you can learn from our experience.
It all started on a Thursday night when we got an email from one of our users. He told us that he had been unable to access his account and asked us if we could help him out with that. Our user was quite polite and calm via email, so at first I didn’t think anything was out of the ordinary. But when I logged into his account I noticed that there was a new email address associated with his account, as well as a new password. At this point I knew something was up!
I emailed him back asking him if he made these changes because he thought that someone had taken over his account, but he denied it completely stating
As we’ve blogged about before, the stolen coins have been swept from our cloud wallets and moved to more secure wallets.
We have decided to delay the launch of our cryptocurrency until we are absolutely certain it can be launched in safe manner.
The following is a list of tips for protecting your cryptocurrency and we hope you’ll share them with other crypto users. We also hope that our story will serve as a cautionary tale and help other crypto users avoid similar issues.
In October of 2017 there was a GitHub user who shared his project called “How to get rich”. The project was designed to trick users into giving up their secret keys so that the author could steal their crypto. A lot of people fell for this and have lost a lot of money because of it. This particular attack was targeting people new to crypto, specifically Ethereum. I think it is important to share our story to help others avoid the same fate.
This particular attack started with an email that came from an address that looked like it belonged to “GitHub” but was actually a different email address. The email said that they had found my GitHub account and wanted to tell me about a new feature that made it easy to accept crypto tips. It went on to say that putting “cryptocap” in your bio would enable you to receive tips in Ether (ETH), Bitcoin (BTC), and Litecoin (LTC). They even gave me a link for a video on how to do it.
The video did look real, I must admit it looked really good. However, after watching the video more closely I noticed some things that seemed odd:
– Why are they using such an old version of command line?