钱包被盗

Cryptocurrency portfolio management app CoinStats has temporarily shut down its app to address a security breach that affected 1,590 wallets.
According to CoinStats, the number of affected wallets only accounts for 1.3% of all wallets, and the centralized exchanges (CEX) connected to these wallets were not affected.
Emergency security operations launched to address security breaches
Cryptocurrency portfolio management app CoinStats has urgently suspended its services due to a security incident. The incident affected 1,590 user wallets, accounting for 1.3% of the total number of CoinStats wallets. Fortunately, the centralized exchanges connected to these wallets were not affected by the security breach. At the same time, CoinStats is currently investigating scam notifications received by some iOS and Android users.

#钱包被盗
I saw a tweet a few days ago that a player downloaded a fake imtoken wallet and had 30.8 BTC and 328.9 ETH stolen, nearly 3 million US dollars, equivalent to more than 22 million RMB!
Your wallet is stolen and your assets are reduced to zero. This is the fastest way to lose money in the crypto market.

Downloaded a fake wallet and 30.8 BTC was stolen
According to the on-chain track of the stolen wallet address, 30.8 BTC were transferred in on February 12 and transferred out on April 25.
The owner said that he downloaded the imtoken wallet from Baidu search on April 25 and imported the mnemonic phrase. 12 minutes later, 30.8 BTC and 328.9 ETH in the wallet were transferred away.
According to the records, after the BTC was transferred, it was dispersed to 3 different wallet addresses, and they are still on the chain.

🚂Cisco Talos, a cybersecurity company, recently discovered eight vulnerabilities in the Microsoft 365 app for macOS. Hackers can use these vulnerabilities to bypass the macOS permission model and use existing application permissions to perform malicious operations without additional user verification. In short,
Hackers can send emails, record audio, take photos or videos without the user's permission.
Talos reported these vulnerabilities to the Microsoft team, and Microsoft responded that these vulnerabilities are of low risk. Since these Microsoft applications need to allow unsigned libraries to be loaded to support plug-in functionality, these vulnerabilities cannot be fixed. However, Microsoft has fixed the vulnerabilities for the following applications that do not support plug-ins:

According to a recent report from the Financial Review, the Australian Federal Police (AFP) has uncovered a shocking cryptocurrency scam in which the digital wallets of more than 2,000 Australian citizens were illegally hacked by a foreign fraud gang.

Part of a broader effort called Operation Spincaster, which targets cybercrime on a global scale, it marks significant progress in our fight against cryptocurrency crime.
The Australian Federal Police and the Joint Police Cyber ​​Crime Co-ordination Centre (JPC3) were at the heart of this operation, working in partnership with other government law enforcement agencies to tackle the growing prevalence of digital fraud and online scams.

Recently, with the popularity of inscriptions and memes on the chain, more and more virtual currency investors are turning their attention to the chain, and transferring funds from centralized exchanges to decentralized on-chain wallet addresses for on-chain transactions. Interaction. Although on-chain opportunities are fairer and more profitable than the secondary market, they also hide huge risks, the most deadly of which is the theft of invested virtual currency. There have been many cases of coin theft in the past few days. The profits and principal obtained by investors through the investment chain have been stolen by the coin gangs, resulting in huge losses. 1. Common risks of virtual currency theft 1. Private keys and mnemonics are leaked, and it is well known that acquaintances steal coins. If you want to transfer the virtual currency in the wallet address on the chain, you only need to master the private key or mnemonic corresponding to the wallet address. That’s fine, so protecting the private key and mnemonic phrase of your wallet address from being leaked is the key point to ensure the security of assets on the chain. There have been several huge cases of currency theft before because investors trusted their friends too much and inadvertently leaked their private keys and mnemonic phrases, resulting in the theft of virtual currencies in their wallets. In addition, some criminal gangs have recently appeared under the banner of virtual currency investment, taking advantage of the high technical threshold of on-chain wallets and the weak security awareness of novice investors to commit currency theft. First, it lures novice investors under the banner of virtual currency investment, enthusiastically guides them to deposit funds through the exchange OTC, and then allows them to withdraw the purchased virtual currency to an on-chain wallet. When guiding the creation of a wallet address, it helps to record the address. Memorize the words, and then restore the wallet on other devices to transfer and steal virtual currency. Therefore, virtual currency investors must properly keep their address private keys and mnemonic phrases when using on-chain wallets. 2. Fake wallet apps phishing and stealing coins Due to compliance and regulatory reasons, wallet APPs on the virtual currency chain cannot be listed on major domestic app stores, so some investors often encounter fake APP download links when downloading wallet APPs. This There is no difference between the fake APP and the official genuine APP in terms of product functions and usage, except that there is a backdoor to obtain the user's wallet private key and mnemonic phrase. When making some small-amount on-chain transfers, assets will not be stolen, so users will not notice it.However, when a large amount of virtual assets is transferred to the wallet address, the phishing gang will immediately transfer the assets in the address to complete the coin theft. 3. Interactive authorization of high-risk contracts on the chain leads to stolen virtual currencies. Investors often exchange investment experiences and new projects in social software such as TG and WeChat communities, and often encounter project links sent by "enthusiastic" group friends. Sometimes if you are not careful, you will interact with a high-risk contract address on the chain, causing the other party to obtain permission to transfer the tokens in the address, and then the virtual currency in the address will be transferred and stolen. 4. Find someone else to register an exchange account on your behalf. Stolen virtual currency exchanges often launch welfare activities such as launchpad and pledge to earn coins. However, due to risk control of activities, the amount of user participation will be limited. In order to obtain more benefits, some users will Find friends around you to register or even buy some overseas KYC accounts to participate in platform activities. Because centralized exchanges can reset and retrieve accounts by submitting relevant identity authentication materials, account assets registered through others are at greater risk of being stolen. 2. How to recover losses after virtual currency is stolen. The biggest feature of blockchain is traceability. Therefore, when the virtual currency in the wallet address on the chain is stolen, it needs to be tracked and located through a browser or related on-chain data tools as soon as possible. Understand the flow of stolen funds and monitor the addresses where stolen funds are deposited. Secondly, due to the decentralized nature of the blockchain, stolen on-chain assets can only be applied for judicial freezing when they enter centralized exchanges, wallets and other institutions. However, the prerequisite for applying for judicial freezing assistance is that a public security certificate must be issued to these institutions. , the court and other regulatory authorities’ certification freezing procedures. In addition, the USDT involved in the case on the chain can also apply for TEDA's assistance in freezing, but the communication operation cost and difficulty are high. After grasping the initial flow of stolen assets, organize relevant materials as soon as possible and request the public security department to intervene in the investigation. Only in this way can freezing procedures be issued as soon as possible to recover losses when virtual assets flow into centralized institutions. Since it is difficult to investigate cases related to virtual currencies and recover losses, it is recommended to promptly entrust professional lawyers and security companies to assist. 3. Legal characterization of virtual currency theft (1) Jurisprudence on the theft of virtual currency for investment introduced by an acquaintance: In a virtual currency theft case heard by the Taocheng District Court in Hengshui, Hebei Province in 2020, the victim Liu was introduced to him by a friend in August 2019. The defendant, Tian, ​​assisted Liu in depositing money to purchase 35 Bitcoins, and assisted him in downloading a wallet to store the purchased Bitcoins.During the operation, Tian took a photo of the mnemonic phrase and login password of the wallet address. In October of the same year, Tian used the address mnemonic he had to recover his wallet address, stole the Bitcoins stored by the victim Liu, and cashed out 9 Bitcoins, making an illegal profit of RMB 390,000. The defendant Tian was ultimately sentenced to three years in prison and fined RMB 100,000 for illegally obtaining computer information system data. (2) Jurisprudence of inducing downloads of phishing websites to steal virtual currencies: In the case number (2023) Hu 0106 Xingchu No. 112 heard by the Jing'an District Court in Shanghai, the defendant Cai conspired with relevant people he met online in mid-2021 to pass Illegal technical means were used to steal other people’s virtual coins. Among them, Cai was responsible for promoting a pre-built “phishing website” on the Chinese Internet, inducing network users to download and install it, and using the “Telegram” communication software with a hidden Trojan program, thereby secretly obtaining the user’s personal information. Virtual currency account password. On November 3, 2021, the criminal gang used the obtained account password to transfer the victim's more than 30 million USDT, 2.83 Bitcoins and other virtual currencies. In the end, the defendant Cai was sentenced to three years and four months in prison and fined RMB 50,000 for the crime of illegally obtaining computer information system data. (3) Find someone else to register an exchange account on your behalf and have it stolen. Jurisprudence: In a coin theft case heard by the Haikou Intermediate People’s Court in June 2022, the victim Wang Moumou purchased financial products from the exchange with high returns and wanted to make additional investments. However, there is a limit on the purchase limit for each account, so Wang reached a verbal agreement with the defendant Xiang to register an exchange account as Xiang. The right to use these accounts belongs to the victim, and the investment risks are also borne by him. If there is a profit, 4% of the profit will be given to the defendant Xiang in return. Later, the defendant Xiang stole the mobile phone card used by Wang that was registered with Xiang's identity, and stole virtual currency by changing the account password of the exchange, ultimately making an illegal profit of more than 13 million yuan. In the end, the defendant Wang was convicted of theft and sentenced to 15 years in prison and fined RMB 600,000. From the above cases, it can be seen that for the criminal act of stealing virtual currency, in judicial practice, there will be two penalties for the crime of illegally obtaining computer information system data and the crime of theft.The main point of controversy is whether virtual currency is “public or private property” within the meaning of criminal law. The viewpoint of being punished with the crime of theft: Virtual currency is obtained through mining, pledging, etc. by spending a lot of time and money. It has a certain economic value and can be artificially possessed, controlled and transferred through on-chain wallets and transfer operations, and should be regarded as property. protected by criminal law. But the problem with determining the crime of theft is how to determine the amount of theft? According to Article 11 of the Shanghai Municipal Opinions on the Application of the "Interpretations on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Theft" issued by the Supreme People's Court and the Supreme People's Procuratorate, if the stolen property cannot be valued and there is no valid price certificate, it can be sold as stolen property. The price determines the amount of theft. From the perspective of the crime of illegally obtaining computer information system data: Virtual currency is not a physical object, and is significantly different from tangible and intangible property such as property in the criminal law sense. It is essentially data information in a computer system. According to the Supreme Court’s “Research Opinions on How to Qualify the Profits from Illegal Sales of Game Coins Using Computers to Steal Others,” the legal attribute of virtual property is computer information system data and should be protected as electronic data. Those who steal virtual currency from online games should be convicted and sentenced for the crime of illegally obtaining computer information system data. In many cases of currency theft, the private key mnemonic of the address is obtained through various technical means, and then the wallet is restored and theft is carried out. Therefore, some people believe that this kind of theft of virtual currency violates the crime of theft and illegality at the same time. The crime of obtaining computer information system data belongs to imaginary competition and should be dealt with from the first level. The prosecutors of the Third Branch of the Beijing Municipal People's Procuratorate believe that the theft of virtual currencies should consider whether it is recognized by the overall legal order, and the punishment should be based on the means of the theft and the dominant subject. The regulatory policy documents on virtual currencies mainly include the "Notice on Preventing Bitcoin Risks" issued by five ministries and commissions in 2013, the "Announcement on Preventing Financing Risks of Token Issuance" issued by seven ministries and commissions in 2017, and the "Notice on Preventing Financing Risks of Token Issuance" issued by ten ministries and commissions in 2021. Notice on Further Preventing and Dealing with the Risks of Speculation in Virtual Currency Transactions”.These three documents represent the regulatory authorities' attitudes towards virtual currencies at different times, from the recognition in 2013 that they were virtual commodities to the later notices that clarified the relevant civil legal actions of investors investing in virtual currencies. If it violates public order and good customs, the contract will be invalid and the losses will be borne by you. Therefore, the theft of virtual currency should be determined at different time points. Scenario 1: Theft of Bitcoins belonging to the exchange through technical means. This kind of currency theft occurred before September 4, 2017. The regulatory authorities did not explicitly prohibit the business of domestic virtual currency exchanges, so technical means were used to steal the exchange’s Bitcoins. The act of virtual currency simultaneously violates the crime of theft and the crime of illegally obtaining computer information system data. Imagination and cooperation should be treated as a felony. This kind of currency theft that occurred after September 4, 2017, because the 94 Announcement explicitly prohibits the domestic virtual currency trading platform business, so the virtual currency in the exchange cannot be deemed as public or private property in the sense of criminal law, so it should be deemed illegal The crime of obtaining computer information system data. Scenario 2: Theft of personally owned Bitcoins through technical means. This kind of currency theft occurred before September 2021. If it constitutes both the crime of theft and the crime of illegally obtaining computer information system data, Imagination Cooperative should be treated as a felony; in Coin theft that occurred after September 2021 is because the 924 notice issued by the regulatory authorities clarified that any legal person, unincorporated organization, or natural person who invests in virtual currencies and related derivatives that violates public order and good customs will have invalid relevant civil legal actions. The losses shall be borne by him/herself. Therefore, the act of stealing money cannot be regulated as the crime of theft, but should be convicted as the crime of illegally obtaining computer information system data. Scenario 3: Using non-technical means to steal private keys and mnemonic phrases to transfer personally owned Bitcoins. Such currency theft that occurred before September 2021 meets the criteria for criminalization and can constitute the crime of theft; in September 2021 Such currency theft that occurred later cannot be regulated as a crime of infringement of property, because the method cannot be evaluated by other means, such as illegally obtaining computer information system data, so it cannot be determined to constitute a crime. The author believes that the above-mentioned views of the Beijing prosecutors reflect that the intensity of protection of domestic virtual currencies by regulatory authorities has gradually decreased with the introduction of regulatory policies. In practice, cases related to virtual currencies in some areas will also be difficult to file on the grounds that they are not protected. .However, the author does not agree with the view that stealing private keys and mnemonic words through non-technical means to transfer personally owned virtual currency after the 924 notification does not constitute a crime. Bitcoin and Ethereum invested by individual citizens are purchased with equivalent legal currency, which is a high-risk investment target. If the theft of such investment products is not considered a crime, it will inevitably lead to more virtual currencies. of theft crimes. In addition, although you can obtain private keys and mnemonic words through non-technical means to transfer other people's virtual currencies, during this transfer and theft operation, you need to restore the wallet address. This behavior of restoring the address to transfer tokens Can it be considered an intrusion of entering a computer information system through technical means without authorization or consent of others? If the answer is yes, can it still be convicted and treated as the crime of illegally obtaining computer information system data? Summary: Although virtual currencies serve as criminal media and tools in many crimes due to their own characteristics, it is undeniable that they have certain technological innovations and financial attributes. Many developed countries are gradually improving regulatory regulations and allowing blockchain Technological innovation is implemented quickly to better serve the real world. It is hoped that regulatory authorities will not be one-size-fits-all when treating this innovative technology, and while cracking down on illegal crimes, they need to give it room for development. Bitcoin and other virtual currencies invested by citizens with real money should be given the necessary protection when they are illegally misappropriated by criminals. #BTC #钱包被盗 #钱包

In the blockchain world full of opportunities and challenges, security incidents such as coin theft and U theft occur frequently, causing headaches for many investors. Today, we will bring you a detailed blockchain security guide to help you easily prevent risks and protect your digital assets!
First of all, it is very important to choose a safe and reliable operating system. iOS and Mac systems are highly respected for their high security, while Android and Windows systems have become the focus of hacker attacks due to their many vulnerabilities. Therefore, we recommend that you use iOS and Mac systems as much as possible to reduce the risk of being attacked by hackers.