If you’re a Ledger user, you might find that you’re receiving more spam than ever. In this post, we’ll discuss the data dump of Ledger customers’ personal data following the Ledger hack in July 2020. Plus how to prevent yourself from being scammed when the hackers come after you.
In July 2020, Ledger revealed a data breach that exposed over a million customers’ emails. The breach was found during a bug bounty program and even though the Ledger fixed the issue immediately, unfortunately, it was too late.
As during this time, hackers manage to gain access to a database containing the personal contact details of Ledger’s e-commerce clients such as their email addresses, first and last names, home addresses and phone numbers.
At the time, Ledger reported that hackers had only stolen the personal data of 9,500 customers. However, unfortunately, this wasn’t quite correct. As since the breach, hackers have now published the hacked data and exposed phone numbers and home addresses of more than 270,000 Ledger users. Plus, more than a million customer email addresses.
Since the breach, there’s been a host of phishing attempts released to Ledger customers, and even some threats to customers demanding money or physical violence.
Although it’s unlikely that (due to the breach) hackers will be able to siphon tokens from your hardware wallet, you could compromise your own funds by falling for one of their many phishing attempts.
This isn’t just isolated to Ledger, Trezor has recently tweeted that’s there’s a malicious app in Google Play in an attempt to scam their users. Even though it looks legitimate and has 238 reviews this is not the official app.
Plus, Hugh Karp (founder of Nexus Mutual) also recently got hacked with a compromised version of MetaMask that tricked him into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.
In light of all of this, how can you prevent yourself from being scammed?
Well, Ledger has created a handy page and article advising their users on what to look out for and some tips for stopping the scammers.
Stay calm and try not to panic. Panic is what hackers pray on by users making rash decisions. Be aware that your funds are safe as they are stored offline and the data breach under no circumstances affects the security of your device.
Never Share Recovery Phrase/Private Keys
Not just with Ledger, but in crypto anywhere, never share your recovery phrase or private keys, with anyone, ever. With access to this phrase, someone would have full control over your funds.
Strengthen Your Security
If your email has been compromised, change your password and make sure you use strong secure passwords. Also, enable 2-factor authentication wherever possible with products like Google Authenticator.
You can also add an extra layer of protection by adding a second back up like a pass phrase on your device.
Consider splitting up your recovery phrase into 3 sheets, to store in 3 different locations. Then bring these together to form your recovery phrase. Or arrange the recovery so that you can just bring just 2 together to form the recovery, incase 1 gets damaged or lost.
Never Pay Ransoms
As I mentioned there have been threats of violence to users with hackers claiming to have personal addresses etc. However scammers will always try the easiest possible way to steal money . Therefore will send out emails to a high number of customers without risking physical contact.
There also hasn’t been a report (that I’m aware of that anyone has been attacked). So these appear to just be scams. If you have large amounts of crypto on your device it’s advised to keep it away from your home. Just as you would if you had millions in cash instead.
Don’t Validate Transactions Unless You Authored Them
Don’t validate a transaction on your device, unless you are certain it was you. Scammers can get you to download a fake Ledger Live manager that could trigger a transaction on your Nano, which you must reject.
Only Interact with Ledger’s Official Channels
As part of one of the phishing attempts I’ve personally seen, emails were sent out with the domain that contained “Legder” as opposed to “Ledger.” These subtle mistakes are a sure-fire way to detect a scam.
With more spam and phishing emails ahead of Ledger customers, always expect the worse and assume it’s a phishing attempt. Never click on any links, or download and check out Ledger official social media channels such as;
In this review, I take you through the cryptocurrency exchange Kucoin. Kucoin Exchange is one of the most popular crypto exchanges (top 10 exchanges by volume as per CoinMarketCap).
They launched in 2017, and now have over 5 million registered users from 200+ countries and regions. The platform provides crypto to crypto trading with low fees and discounts are available for their KCS token holders.
In this Kucoin review, we take an overlook of the exchange, looking at the fees, safety/security, and supported cryptocurrencies. I have also put together a Kucoin video tutorial, which you can find below.
KuCoin is a cryptocurrency trading platform known as “The People’s Exchange” and operates in the Seychelles. The platform has over 300 trading pairs and you can buy and sell the likes of Bitcoin, Ethereum, DEFI tokens, stable coins, plus their own KCS token.
There are several trading options available to suit different trading levels, including spot trading, instant exchanges and margin trading. Plus you can earn crypto with KuCoin’s crypto lending, staking, soft staking, and KuCoin Shares (KCS) bonus.
KuCoin has its own cryptocurrency an ERC20 token named KuCoin Shares (KCS). KCS holders receive daily cryptocurrency dividends, profit from the success of the exchange, receive trading discounts and lower withdrawal fees and be automatically qualified for exclusive promotions, offers and rewards.
Although KuCoin is crypto to crypto with no FIAT markets, there are still over 300 trading pairs. With markets such as BTC, KCS, ALT, DEFI and USD stablecoins.
If you don’t already have crypto to deposit you can purchase on the KuCoin site via credit with the likes of USD, EUR, GBP, CAD or AUD. Although, I wouldn’t actually recommend this, as it wont be the cheapest way to buy your crypto because you’ll be paying high fees for the convenience.
So you may be better off using a FIAT supported crypto exchange such as the likes of Coinbase Pro for example.
Deposits are free, however, withdrawals are on crypto by crypto basis. An example of this would be BTC where the fee is 0.0005 BTC (roughly $9 at the time of the article) or ETH at 0.005 ETH. There are also minimum withdrawal amounts which are on a crypto by crypto basis.
Trading fees are based on a Maker/Taker model and will depend on your 30 day trading volume. I am not personally a day trader, and therefore fees are 0.1% for maker and taker orders.
The fees then start to differ when trading amounts are greater than 50 BTC in a 30 day period. Similar to the likes of Binance, you can also get reduced fees by holding the KuCoin KCS token.
What are the KuCoin Accounts?
Under the Assets overview screen, you may notice that there are few different accounts you can transfer, lend or deposit from.
“Main Account” is used for cryptocurrency deposits & withdrawals, fiat to crypto purchases via credit card and margin lendings.
“Trading Account” is for cryptocurrency transactions
“Pool-X Account” is for staking and mining with yields up to 20%
“Margins Account” is is for margin borrowing and margin trading
“Futures Account” is used for futures trading such as XBTUSD perpetual futures
If you want to start trading, you’ll first need to deposit your funds into the Main account and then “transfer” to the Trading Account.
Is KuCoin Regulated/Safe?
KuCoin is not regulated under any financial regulatory agency and was hacked in September 2020. $281 million were stolen by hackers obtaining the private keys to the centralized exchange’s hot wallets. However their CEO Johnny Lyu quickly promised that funds would be “covered completely” by an insurance fund.
I always advise to store your crypto in a hardware wallet such as a Ledger or a Trezor (when your not trading your funds) so that they are kept offline and away from any potential harm.
Also, once you’ve signed up, implement 2-factor authentication as an extra level of security, as this will help to secure your account.
With KuCoin you can trade quickly on the go any time, anywhere, 24/7. The exchange is available via the web, plus mobile apps are also available for Android and iOS. You can easily sync up your mobile device by scanning a QR code via the website with your mobile.
Is KuCoin Available in the US?
Unfortunately, KuCoin doesn’t provide a service for US customers. Currently, they are only providing service for countries listed on the KYC page in order to comply with all applicable laws and regulations.
If you want to find out where you can use Kucoin Exchange click here.
KuCoin offers 24×7 customer support via WeChat, phone, email and web chat. As well as having an FAQ page with lots of helpful information.
I have personally used their web chat facility and they were super responsive, replying in under a minute.
KuCoin isn’t an exchange I personally use day-to-day. Although I don’t sell my crypto for FIAT, not having this as an option is a huge negative. I was also disappointed with the cost of withdrawing BTC from the exchange (December 2020).
When checking Kucoin Trust Pilot score they receive an unimpressive poor rate. I believe the majority of these poor reviews, are due to their recent hack in 2020. Even though the CEO Johnny Lyu promised that funds would be “covered completely” by an insurance fund, obviously, this will take time.
I don’t personally believe Kucoin is a scam as many of the reviews mention, but it will be very difficult for Kucoin to build trust again, especially in a competitive crypto market.
Similar to your bank, once you get used to an exchange, it can be difficult to change platforms and I don’t see me moving any time soon. I would personally prefer to use the likes of Binance, Gemini or Coinbase Exchanges.
Decentralized money market Aave, has now rolled out version 2, with new features, making the protocol more flexible and efficient. DeFi protocol, Aave has grown at record speed with a market size of over 1 billion dollars. Enabling users to lend and borrow a diverse range of cryptocurrencies and bringing the likes of flash loans and atokens as a way to unlock capital and provide permissionless savings accounts.
As of December 3rd 2020, the Genesis team has now introduced new features in Aave Protocol V2, to unlock even more value in DeFi and make the overall experience more seamless.
Aave V2 What’s New?
Below is a list of features that are new to Aave version 2. However, these won’t all be beneficial to the average users lending and borrowing, and instead, some of these do require developers to build on top.
Yield & Collateral Swap
Previously, assets used as collateral were tied up, however in v2 they can be traded freely. Meaning that users can trade their deposited assets, across all currencies supported in the Aave Protocol, even when they are being used as collateral. This “collateral swapping” can be particularly helpful when trying to avoid liquidations. Because If the price of your collateral starts to fall, you can simply trade it for a stablecoin so you don’t have to worry about price fluctuations and potential liquidation.
Repayment with Collateral
Previously, when a user wanted to use part of their collateral to repay a loan, they’d have to withdraw the collateral, use it to buy the borrowed asset, and then finally repay the debt and unlock the deposited collateral. This process required at least 4 transactions across, which was neither time nor cost-efficient, However, users can now close their loan by paying with their collateral directly in a single transaction. This is all powered by flash loans, the Ethereum innovation in which a borrower opens and closes a loan within one Ethereum block.
Stable & Variable Rate Borrowing
Users borrowing within Aave can have both a stable borrow position and a variable borrow position at the same time, giving borrowers more options and flexibility for their loan position, and borrowers are still able to switch between the variable and stable rate at any time.
Aave has stated that Aave v2 brings gas optimIsations lowering the cost of transactions up to 50% in some cases. Plus they have also implemented native GasToken Support, to further help users reduce their transaction costs.
Flash Loans & Liquidations
Flash Loans have continued to inspire ideas to make new features possible in Aave V2. They are a great way for everyone to have access to liquidity and take advantage of the financial tools that DeFi offers. With Aave V2, liquidators can utilise Flash Loans to flash borrow the capital from the Aave Protocol itself in order to execute a liquidation.
Batch Flash Loans
Batch Flash loans have now been introduced making Flash Loans even more powerful. Previously, borrowers could only borrow one currency at a time. However Batch Flash Loans let developers execute a Flash Loan with multiple assets inside the same transaction.
Connect to Aave V2
For those of you who use the likes of Argent, Zapper, or Zerion you can access Aave V2 directly. All from inside the wallet or platform, a full list can be found below;
One thing to be aware of is that deposits or liquidity you have in Aave’s V1 do not yet show on the dashboard of V2. But don’t worry, you won’t have to withdraw and re-deposit into V2 as this will be automated.
Recently AIP-3 was passed to make the migration from V1 to V2 more seamless. By using a Flash Loan powered migration tool, users will be able to make the transition without having to close their V1 loan positions. This migration tool will be introduced later, so if you have V1 positions, no need to close them.
Security & Audits
Aave states that security is a top priority and formal verification has been completed by Certora. For those wanting to take a look, you can read the report here.
Aave V2 has been audited by MixBytes, CertiK, ConsenSys Diligence, and PeckShield. This also includes an additional audit in Chinese, making it the first company in the industry to do this.
If you´re new to Aave, and want to get get started, click here to check out my beginner´s guide. Where you´ll learn how to earn interest and borrow on the platform.
Flare Networks, a utility fork of XRP, will be dropping over 45 billion Spark tokens based on a snapshot taken on 12th December 2020. Meaning that those owning Ripple (XRP) tokens and holding them in a supported exchange or wallet will be able to exchange XRP with Spark on a 1:1 ratio. So, how can you claim your free airdrop Flare SPARK tokens?
What is SPARK Tokens and the Flare Network?
The Spark token is a native token of the Flare Network and was created by a utility fork of XRP. Flare Network enables its customers to run smart contract services on XRP and they do this by using a virtual machine powered by Ethereum. The network is scalable and does not base its safety on a native token. Meaning that there is no risk of safety degradation from competing uses of its token. Applications can scale transactions without users incurring costs, meaning lower transaction costs.
The SPARK token will have several purposes which include;
Collateral for the trustless issuance of assets from non-Turing complete chains.
Starting with XRP
Contributes to the Flare time series oracle & network governance.
Spark ownership secures, improves and guides the network.
Created by a utility fork of XRP.
Directly increasing utility of XRP and XRPL. No ICO. No competing interests.
For an in-depth overview of the SPARK Token you can take a look at their White paper.
How to Claim XRP SPARK Airdrop?
There are essentially 2 ways that you can claim your XRP SPARK tokens, this is either holding your XRP on an exchange or in a wallet. The most straight forward approach is to hold or move your XRP onto a supported exchange before the wallet balance snapshot is taken, on 12th December 2020. In fact, I would recommend moving this across a few days prior when the network is not so busy and to allow a bit of extra time.
On 12th December 2020, the XRP balance snapshot will be taken, to check how many XRP a wallet owns and based on that the SPARK tokens will be distributed to XRP holders in Q1, 2021. To claim Spark you must do this by 6 months of the snapshot date.
As I mentioned, it is possible to hold your XRP in a wallet, however, this way is more technical as essentially you’ll need to prove your ownership of an ETH address to get the Spark tokens airdropped to you based on your XRP balance on the XRP Ledger. For those of you who are Atomic or specifically Exodus wallet users, there is good news though as they really simplify this process for you. So it’s worth checking these desktop wallets out. But if your XRP is held on a supported exchange they will handle the claim process and distribution for you.
Exchanges Supporting XRP Fork 2020
If you’re keeping your Ripple XRP on an exchange, your SPARK tokens will be airdropped into your wallet in Q1 of 2020. At present some of the most popular exchanges have announced their support of the XRP airdrop which include;
For a full list and up to date list, please check here.
In support of Binance.US XRP holders, Binance.US will provide XRP balance snapshots for their users. Allowing token holders to then opt-in to the Flare Network distribution of SPARK in 2021. For more information on XRP fork click here.
Exchanges Not Currently Supporting XRP Fork
Since creating this article the big holders of XRP, Coinbase, Huobi and Binance.US have all come out to state that they are now supporting the XRP airdrop.
For the latest list of available exchanges please check here.
How Many Spark Tokens Will I Get?
The number of Sparks tokens you get will depend on the amount of XRP in your wallet on the date of the snapshot on 12th December 2020. This is because the Spark tokens will be distributed at the rate of 1 token for every 1 XRP in your wallet.
How to Claim SPARK Tokens from your Wallet
If you’re wanting to claim from a wallet this is slightly more complicated but the desktop wallets such as the likes of Atomic Wallet and especially the Exodus wallet have tried to simplify this process for you.
Atomic Wallet have provided step by step instructions . Whereas Exodus have gone one step further and automated this for you so that users holding more than 20 XRP simply need to register their address in the wallet and are then eligible.
If you choose to claim from SPARK from another wallet, below are the steps to follow;
1) Take your Ethereum-compatible address of the form 0x415f8315c9948Ad91e2Cce5b8583A36dA431fb610x415f8315c9948Ad91e2Cce5b8583A36dA431fb61, remove 0x0x from the front and upper-case the remaining characters to produce a character set of the form: 415F8315C9948AD91E2CCE5B8583A36DA431FB61415F8315C9948AD91E2CCE5B8583A36DA431FB61. Note: the upper-casing and lower-casing in the original address does not matter.
2) Append 0202 + 24 zeros to the uppercased character set to produce: 02000000000000000000000000415F8315C9948AD91E2CCE5B8583A36DA431FB6102000000000000000000000000415F8315C9948AD91E2CCE5B8583A36DA431FB61.
3) Set this value as the message key on your XRPL account.
And that’s it! Then your XRPL account will be prepared to receive Spark tokens on the Flare Network at your address: 0x415f8315c9948Ad91e2Cce5b8583A36dA431fb610x415f8315c9948Ad91e2Cce5b8583A36dA431fb61.
For XUMM wallet holders and Ledger Nano holders of XRP, you can prepare your account seamlessly today using a tool developed by Wietse Wind, founder of XRPL Labs, at https://flare.wietse.com.
If you’re looking for an extra level of security for your personal accounts and data, YubiKey is a great way of securing your weak points. This small, yet powerful hardware device is like a physical key that, instead of unlocking a door, unlocks your online life.
It can be used as 2-factor authentication for the likes of Google Mail, Facebook, Last Pass, and your Blockchain.com wallet. YubiKey provides an additional element after login with a username and password to verify that it’s you who’s trying to access your online accounts.
18 million login credentials are compromised every day and one of the most important steps to securing your online presence is by enabling a form of 2-factor authentication. Using 2-factor authentication (or 2FA) is when you are asked to enter in your username and password and then another piece of proof that you are who you say you are.
One of the most common is a text that you receive on your mobile phone with a string of numbers, characters, or a combination of both. However, this can come with an element of risk as a hacker could also potentially compromise this system too. So another way is either using a secure app on your phone like Google Authenticator or Authy or by using a hardware device like a YubiKey 5 NFC.
What is a YubiKey 5 NFC?
A YubiKey 5 NFC is a small hardware device made by the company Yubico. These battery-free devices plug into your computer and along with your password provide you with 2 layers of 2 step verification. This type of verification cannot be intercepted by a hacker as they would physically need your device to get access to your accounts, along with your username or email and password.
The devices are also very durable, waterproof and crush resistant and come with a keyhole ring and chain so that you don’t lose it. Using both a USB-A connector to connect to your computer and wireless NFC for your phone. NFC which stands for “Near Field Communication” allows phones, tablets, laptops, and other devices to easily share data with other NFC-equipped devices.
Once you register your YubiKey with services, just tap your YubiKey for easy, strong two-factor authentication, for computers, networks, and online accounts. With no need for text messages or one-time passcodes.
The YubiKey can be purchased individually, as a pack of 2, 10 or 50 which is ideal for teams.
Its recommended that you purchase more than 1 YubiKey to use as a backup in case you were to lose your YubiKey. This spare, should be kept somewhere secure and safe. Also, ensure that you have another way to enter your online accounts incase you do. For example, with Google Mail ensure that you take note of your Back-up Codes or Recovery Seeds or Phrases with the likes of Blockchain.com.
What Applications Support Yubikey?
YubiKey 5 NFC adhere to an industry-standard named Universal 2nd Factor, or U2F. This standard combines hardware-based authentication with public-key cryptography making it very hard to compromise.
The YubiKey works with well-known services that support U2F and FIDO2, like Facebook, Google, Blockchain and Dropbox. There are also computer login options for Macs and Windows PCs. Plus, you can even set up your YubiKey with password management like Dashlane or LastPass, and developer platforms like Github and Bitbucket.
YubiKey for iPhone
For NFC-enabled phones, just tap a YubiKey NFC against the phone to complete authentication.
How to Get Started with YubiKey 5 NFC
When your YubiKey arrives, you’ll want to set it up with each of your associated online accounts. Below are a few ways to set up YubiKey with the likes of Gmail, Blockchain and LastPass. However, there are also quick guides for all supported services available on their website.
How to Setup YubiKey with Gmail
If someone gets hold of this gmail username and password combination they then have the gateway to all of your personal information such as confidential emails and calendar invites. With google you can set up text alerts with 1-time codes but hackers (or bad guys) can also intercept these and gain access.
A great way to secure your account is by holding the key to your account literally on you so that you have to be present to access that account.
Step 1: Security Settings
To connect your YubiKey, log into your Google Account and in the top right-hand corner of the screen, click onto “Manage Your Google Account“, choose “Security” from the left and then “2 StepVerification“.
Step 2: Select Your Key, Insert and Tap
Click onto “Get Started” and select “choose another option”. Then from here, you can select Security Key. It’ll then ask you to make sure you have your key beside you.
Click “Next” and then insert your YubiKey and press the Yellow button on your YubiKey.
You’ll then be prompted to enter a name for Yubikey. Once entered click onto “Done“
Step 3: Back Up Codes
From the next screen, you’ll be shown other ways you can secure your account. You’ll want to use your YubiKey in conjunction with google back up codes, just in case you lose your device and you don’t have a spare key.
Which you can print off from here, then keep the codes somewhere safe and use to restore your account if needed.
How to Log into Gmail Using YubiKey
Once you have enabled your 2 step verification with YubiKey you’ll then be prompted to use your security key when you log into your Google Account.
First, you’ll be prompted to enter your username/email and password and then you’ll need to insert your YubiKey into a USB-Port and touch the yellow button to verify you are human and not a remote hacker. Then you will be able to access your account.
How to Setup YubiKey with Blockchain.com
If you’re holding your bitcoin or other cryptocurrencies in a Blockchain wallet you’ll want to ensure that it’s kept secure and you can use a Yubikey with Blockchain to secure your assets.
Step 1: Security Center
To connect your YubiKey, log into your Blockchain.com Wallet and go to “Security Center” in the top right-hand side of the screen. Go down to “Two-Step Verification” and select “Enable“.
Step 2: Pair your Key, Insert & Tap
Select to Pair your YubiKey, then insert the YubiKey into the USB Port and click into the field. Once your cursor is flashing in the box, tap onto the yellow button your YubiKey and a string of dots will appear on the screen. You’ll then receive a message on screen once the Yubikey has been verified.
How to Log into Blockchain Using YubiKey
Once you have enabled your 2 step verification with YubiKey you’ll then be prompted to use your security key when you log into your Blockchain.com wallet.
You’ll be prompted to enter your wallet ID, password and also your YubiKey. Insert your YubiKey into a USB-Port and touch the yellow button to verify you are human and not a remote hacker. Then you will be able to access your account.
How to Setup YubiKey with LastPass
Lastpass is a great password manager, making passwords more secure and storing them in a vault so you don’t have to remember them. By connecting YubiKey you can make Lastpass even more secure. Making access and authentication seamless. This is only available for Premium users and you can enter in up to 5 keys incase you have other family members using LastPass with their own keys.
Step 1: Account Settings
To connect your YubiKey, log into your LastPass account and go to “Account Settings” in the bottom left-hand side of the screen. Go across to “Multi-Factor Options” and scroll down to “Yubico” and click onto the pencil icon.
Step 2: Enable, Associate your Key, Insert & Tap
Under “Enabled“, select “Yes” and then you will need to click onto allocated YubiKey number. Then insert the YubiKey into the USB Port and click into the field. Once your cursor is flashing in the box, tap onto the yellow button on your YubiKey and a string of dots will appear on the screen.
Click on “Update“.
How to Log into LastPass Using YubiKey
Once you have enabled your 2 step verification with YubiKey you’ll then be prompted to use your security key when you log into your LastPass account.
You’ll be prompted to enter your username/email address and master password. Then you’ll be prompted to enter your multi factor authentication i.e. your YubiKey. Insert your YubiKey into a USB-Port and touch the yellow button to verify you are human and not a remote hacker. Then you will be able to access your account.