Your Password can NOT protect your money anymore. Welcome to a Post Crypto World.
Welcome to a Crypto Currency world.
Who is everyone? Anyone with an internet connection can purchase stolen databases of emails and passwords. They aren’t stalkers or even hackers, most are script kiddies that just want your bitcoin.
Many of them are from areas of the world where $100 USD is a month’s salary so they will take the time to write a script that brute forces the login pages of each and every major crypto currency exchange and wallet hoping that your email is registered there AND that you used the same password as from the site that first leaked your info. Usually they luck out as people use the same password everywhere, but even if you DID use a different password for the crypto sites then if no 2FA is setup all they have to do is hack your email and reset your password and as the email password is the very last one people secure or change.. they just GOT YOUR MONEY.
Full disclosure: I am the CEO and Co-Founder of Paxful, a P2P OTC cryptocurrency marketplace. Paxful’s main value now is helping unbanked peoples in emerging markets like Western Africa get into crypto by buying bitcoins. On Paxful a bank account is not needed and gift cards are the way most of the unbanked get into the crypto economy. MANY of these users REFUSE to use 2FA security no matter how much we try and educate and inform them. I do support a few times a week as CEO and every-time this happens I cringe. Folks often lose their cool and freak out, and it is understandable as someone has just sent out your funds and in bitcoin world you cannot simply “reverse” transactions. When we try and explain this to them often we are accused of stealing their funds and in angst they leave a bad review. Who is really at fault here?
First lets check something.
Go to https://haveibeenpwned.com and type in your email address.
Go to https://haveibeenpwned.com/Passwords and type in your password.
Have you been “pwned” ? It is tech slang for being “owned” as in your email and password are freely accessible on the internet. Yes there is a whole site devoted to tracking this. It is kind of a big deal and still the dirtiest secret on the internet. Facebook sharing every detail of your life with everyone is bad but at least it’s not giving people total access to post and delete content or even worse access to your funds.
Let’s look at some stats just from the “pwned” website.
277 — pwned websites
4,966,062,037 — pwned accounts
Out of those five billion leaked accounts one could be yours. If you used a leaked email to register an account at any bitcoin wallet then a hacker is only “one password reset request” away from your money. That’s it. Just like that your password doesn’t matter. Welcome to crypto again. We have changed the rules, the most desperate and the veteran hackers are now going for your funds, thanks the magical internet money that is bitcoin. Bitcoin is decentralized which means no one entity can simply “cancel a transaction” or blockade or sanction. This gives an edge to scammers and hackers. Is the an edge it gives honest users?
Yes, Security in crypto world is entirely in your hands!
You can be as secure and decentralized as you wish or as insecure and centralized as you wish. The crypto security spectrum ranges from the first class citizens who run their own Full Bitcoin node to the second class citizens who own their own private keys to the third class citizens who use web wallets. Paxful, for example, is a web wallet and you don’t own your private keys. Paxful doesn’t own them their as BitGo powers their blockchain network. So your private keys are split between three parties, BitGo, Paxful and a third trusted holder. But not you. So what do you have to work with?
Password — MUST BE UNIQUE ( never used before for any other account ) If not then protection is ZERO.
2FA -Mobile — We send you a txt message to your phone to check it is really you. NOT secure as hackers can hack SIM cards via swapping numbers. DO NOT USE SMS AS IT IS EASILY HACKABLE!!! https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
2FA -Google/Authy — App on your phone you check each time for access tokens. SECURE!
Pin Code — Web wallets like Xapo, Coming soon to Paxful APP
REMINDER: Once a hacker gets your bitcoin there is ZERO chance of getting it back even if you know the wallet address. Bitcoin CANNOT BE REVERSED!
So you know what to do now. Will you turn on 2FA ?
-Ray Youssef Paxful CEO Co-Founder