Robbery is rampant; learn to protect yourself

Folks:

One of our investors, Bo Shen, has been robbed of ETH and REP tokens:

Thefts like this have been rampant in the cryptocurrency world for multiple years now. (They’ve also been rampant in the legacy banking world — Exclusive: SWIFT discloses more cyber thefts, pressures banks on security | Reuters .)

Please take some time to learn how best to protect yourself when you own crypto tokens. The most powerful attack vector that has been used to rob people in the last year or so has been hijacking the victim’s phone number.

The bottom line is this:

Anything you can do using control of your phone number (such as recovering your forgotten password for a web site) a thief can also do!

Maybe someone could create a community wiki page to maintain a “best practices” guide for how to manage these risks!

Would really like to see these exchanges support stronger two factor authentication methods such as U2F with a Yubikey rather than a phone number.

I use hardware wallet (ledger) and I feel pretty safe with that. The 24 word seed is not on any digital media and never touched a PC… only pen and paper and kept in fireproof safe.

@zooko Here’s your guide: Security Advisory: Mobile Phones - Kraken Blog

When I joined Kraken it was a pleasant surprise to find they allow users to associate their PGP / GPG public key with their account - following that, any account specific email is encrypted. It’s just too bad that Kraken is the exception rather than the rule in that way.

Thank you. Very very important reminder folks. Be vigilant because someone else is always hustling to get coins

What do you guys think about using protonmail? It stores your messages encrypted and besides your password you have to enter your private key too when logging in. Without the private key your mailbox cannot be decrypted so nobody is able to read its content. There’s of course no recovery in case you lose your private key.

This looks like an interesting project! A lot of work, though. Suitable for its stated goal of storing ≥ $100,000 worth of cryptocurrency, but maybe overkill for other uses:

why is my comment hidden? it was hidden right after I wrote it

us normal users are also investors

when someone like him makes such bad decisions it effects us all

he might be invested in ZCash, but ZCash and all of us who mine, buy and/or hold ZCash are effected by him. what if he makes such bad decisions in the future and crashes ZCash markets

he is a risk

for a currency that does not want to get censored, via its anonymous z-addr transactions… this forum sure does censor alot.

I hid your comment because it was insulting and rude to Bo Shen. Someone else also flagged it as inappropriate. Please see FAQ - Zcash Community Forum for what sorts of posts can stay visible on this forum.

alright, so how do you recommend i fix it and say how it is without being “rude” to your funder

people talk way worse in the toomin bros thread and it doesn’t get censored… i dont know what I said that was not 100% true… i was not racist… i was not deregatory… i was saying how it is

he lost money - so he is a “loser” in that sense
he was not exactly competent in how he handled his security, thats pretty much posted all over the internet.

so can you please tell me how I can fix it so it can be visible again? what words should I remove?
and if this comment is also not acceptable to you, can you please fix it and set an example for me?

i notice its been removed, but I still have it in screen shots so I can repost it, how should I fix it? I take records of when I get censored for future reference (for myself)
Thanks

I also agree that it is not sensible to keep more than a certain percentage of your holdings online, however that percentage is necessarily higher if you’re day trading.

It may very will be the case that for a crypto investor at his level, 500K is an appropriate percentage.

500K would change my life, but for some people it is just a sting in the ass.

well yes, im sure he is a millionaire and its just pocket change to him

but on here you are supposed to cry for him and say how sad it is and ask the hacker to return the funds

he should have known better, and I guess now he does. lesson learned.

but we should be able to talk about it on this forum without being censored

they want to create a currency that can not be censored… yet they want to censor any comment that don’t like - lie and truth - good and bad.

what is bad for them, might be good for us, who is to judge

what is for certain, we should be able to talk about the future ramifications of what this kind of holder could do to the rest of our holdings

for him it could be nothing big… but for us, if his ignorance ruiins markets, we might be loosing our house or our car etc
we might not have banks to back us… we might not have the millions extra to protect us

he should be treated like the rest of us, each coin created equally, each investor treated equally - and we should be able to talk about it!!!

@cryptomined Since you asked, here is your original post with all problem areas highlighted. Emphasis mine.

shows how competent your investors are LOL (sweeping generalization about all investors)

if he keeps that much sitting online - he is asking for it one way or the other

its either he gets hacked or the exchange gets hacked, its only a matter of time.

I hope there are no hard forks to return his funds

as if I or anyone else get robbed no blockchain is going to hardfork for us

lets keep it fair for everyone. each coin created equally - each “investor” treated equally too

anyone who holds eth, rep or zcash is an investor - not just the whales

for the most of us something like the ledger nano s or blue is a wise investment to store our crypto safely… for someone investing 100,000’s$ they should really know better … if not, maybe they dont deserve those 100,000’s of $ anyway

survival of the fittest

BoShen is one of those losers (attacking the character of a person rather than the issue of theft) who, hopefully, lets the rest of us learn a lesson without being taught it the hard way.

We are all lucky that his ignorant incompetent security decisioins did not totally crash crypto markets. We are lucky they recovered quickly after. People like him can screw everything up for the rest of us. Best he die out (again attacking the person) and someone more competent take his place. everyone has their time. no one runs from the reaper! no one.

when you leave your car keys in your car, expect your car to get stolen.

Those are the key areas your post violated the Code of Conduct. If you had stuck to the issue of theft and security (which was the topic of this thread) rather than engaging in a personal attack of the person who was stolen from your post wouldn’t have been flagged in the first place.

is this better? i guess if i repost it there is no telling if zooko will still be upset over it? EDIT: ok i thought you PMed me looks like its already public LOL… I think he honestly hates me…

shows how competent your investor is LOL

now I do not condone the hack… but if he keeps that much sitting online - he is asking for it one way or the other

its either he gets hacked or the exchange gets hacked, its only a matter of time.

I hope there are no hard forks to return his funds

as if I or anyone else get robbed no blockchain is going to hardfork for us

lets keep it fair for everyone. each coin created equally - each “investor” treated equally too

anyone who holds eth, rep or zcash is an investor - not just the whales

for the most of us something like the ledger nano s or blue is a wise
investment to store our crypto safely… for someone investing
100,000’s$ they should really know better … if not, maybe they dont
deserve those 100,000’s of $ anyway

survival of the fittest

BoShen lost money, hopefully this event allows the rest of us to learn a lesson without being taught it the hard way.

We are all lucky that his ignorant incompetent security decisioins
did not totally crash crypto markets. We are lucky they recovered
quickly after. People like him can screw everything up for the rest of
us.

when you leave your car keys in your car, expect your car to get stolen.

I don’t hate you! We don’t allow personal attacks on this forum against any person, regardless of who they are or how they are related to Zcash or to me personally.

ok thanks
i dont mean to attack him personally, im sorry if it seemed that I did. if you allow me to fix it up then im a happy camper

i know its not the most “positive” post, but its not really a “positive” topic

More than two years passed from the creation of this topic, but it’s still relevant. People really forget to be more careful while trading on the internet.

I think we need to look at it differently, we are expecting crypto to be adopted by everyone, there is still a generation out there which has barely started to get a hang of the web and the smartphone. May be someone should come up with a solution that makes crypto robbery proof, OR we can wait for everyone to be high grade tech literate before these incidents are minimised, which means waiting for a couple generations. Also, crypto critics will be throwing this security argument and getting brownie points in every debate. Tech should make things more secure period.

Just saw by accident this list … just a reminder that people should be cautious…