Category Archives: Cryptocurrency

image_pdfimage_print

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

EU military defense of cryptocurrency

EU Sanctions Reshape Crypto

EU Sanctions Cryptocurrency, setting a global precedent. This regulatory overhaul aims to curb evasion and unify enforcement, enhancing transaction transparency. Dive into the EU’s strategic measures to fortify its financial system against the misuse of digital currencies.

2024 Crypto Currency Cryptocurrency Cyberculture Legal information

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

2024 Cyberculture Legal information

Encrypted messaging: ECHR says no to states that want to spy on them

2024 Articles Cyberculture EviPass Password

Human Limitations in Strong Passwords Creation

2023 Articles Cyberculture EviCypher NFC HSM News Technologies

Telegram and the Information War in Ukraine

2023 Articles CyberStealth legal Legal information News Spying

The American Intelligence: How It Works

Stay informed with our posts dedicated to Cyberculture to track its evolution through our regularly updated topics.

Explore our Cyberculture section for detailed information on the EU Sanctions and Cryptocurrency Regulation, authored by Jacques Gascuel, a pioneer in contactless, serverless, databaseless sensitive data security solutions. Stay up to date and secure with our frequent updates.

EU Sanctions Cryptocurrency Regulation: A Comprehensive Overview

The EU is stepping up its regulatory game to combat economic sanction evasion, focusing sharply on the cryptocurrency sector. This move aims to unify sanction application practices across member states and enhance digital financial transaction traceability.

New EU Sanctions Cryptocurrency: A Global Context

Amid rising geopolitical tensions, the EU has bolstered its economic regulations. These measures, targeting cryptocurrency freezes, aim to thwart sanction dodging and standardize enforcement across member states.

EU Parliament’s Landmark Regulation Cryptocurrency

Confronting sanction evasion threats, the EU Parliament has enacted a regulation criminalizing such acts. Offenders now face harsh penalties, underscoring the EU’s commitment to maintaining sanction regime integrity.

Capital Freeze and Criminal Wealth Confiscation

A significant breakthrough, the EU Council and Parliament have agreed on rules for freezing and seizing criminal funds. This regulation extends to cryptocurrencies, highlighting the EU’s resolve to strip criminals of illicit gains.

Cryptocurrency Implications

These recent regulations signal a pivotal shift in the fight against cryptocurrency misuse. The EU’s clear intent is to battle illicit activities and bolster financial security within its borders.

International Comparison of Cryptocurrency Regulations

While the EU adopts stringent measures against Russia, it’s insightful to compare its stance with other global powers. The US exhibits a fragmented regulatory approach, China enforces restrictive policies, and the UK navigates post-Brexit with moderate regulations. This comparison underscores the varied strategies nations employ to address the rapidly evolving cryptocurrency sector.

Cold Wallets: EU Sanctions Cryptocurrency Regulations’ Reach

Cold wallets, designed for offline key and cryptocurrency address storage, fall outside the direct scope of new EU regulations. Devices like EviVault and EviSeed, incorporating NFC and HSM technologies, do not facilitate transaction signing, placing them beyond payment service regulations.

Hardware Wallets: Transaction Signing Scrutiny

Hardware wallets, enabling private key storage and transaction signing, face stricter regulations. The EU aims to prevent these devices from circumventing sanctions, imposing compliance requirements for signed transactions.

Enhancing Previous Directives

The new regulation builds on previous directives like AMLD5, which set anti-money laundering and terrorism financing standards in the cryptocurrency sector. It introduces additional obligations for crypto service providers, focusing on user identity verification and suspicious transaction monitoring.

Comparative Analysis: International Regulatory Approaches

The global landscape of cryptocurrency regulation is diverse and evolving. The PwC Global Crypto Regulation Report 2023 highlights the varying degrees of regulatory development across jurisdictions. For instance, while the EU has made significant strides with the Markets in Crypto-Assets Regulation (MiCA), differences in scope and implementation timelines persist when compared to other regions. The United States continues to balance innovation with investor protection, employing a multifaceted regulatory approach. In contrast, China maintains a more restrictive stance, reflecting its broader financial policies.

Inclusion of Regulatory References: MiCA

The Markets in Crypto-Assets Regulation (MiCA) represents a landmark in EU financial legislation, establishing uniform market rules for crypto-assets not previously covered by financial services laws. MiCA’s key provisions address transparency, disclosure, authorization, and supervision of transactions, aiming to support market integrity and financial stability. As such, MiCA is a critical reference point for understanding the EU’s approach to digital asset regulation.

Regulations’ Links and Effective Dates

Conclusion

The EU’s latest regulatory measures on cryptocurrency sanctions reflect a proactive stance in addressing the challenges of financial technology. By fortifying sanctions and enhancing compliance, the EU not only aims to deter sanction evasion but also demonstrates its resolve to protect the integrity of its financial system amidst the dynamic digital economy.

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
Ledger security breaches written by Jacques Gascuel, inventor specializing in safety and security of sensitive data, for Freemindtronic. This article will be updated with any new information on the topic.

Ledger security incidents: How Hackers Exploited Them and How to Stay Safe

Ledger security breaches have exposed the personal data and private keys of many users. Ledger is a French company that provides secure devices to store and manage your funds. But since 2017, hackers have targeted Ledger’s e-commerce and marketing database, as well as its software and hardware products. In this article, you will discover the different breaches, how hackers exploited them, what their consequences were, and how you can protect yourself from these threats.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

Ledger Security Breaches from 2017 to 2023: How to Protect Your Cryptocurrencies from Hackers

Have you ever wondered how safe your cryptocurrencies are? If you are using a Ledger device, you might think that you are protected from hackers and thieves. Ledger is a French company that specializes in cryptocurrency security. It offers devices that allow you to store and manage your funds securely. These devices are called hardware wallets, and they are designed to protect your private keys from hackers and thieves.

However, since 2017, Ledger has been victim of several security breaches, which have exposed the personal data and private keys of its users. These breaches could allow hackers to steal your cryptocurrencies or harm you in other ways. In this article, we will show you the different breaches that were discovered, how they were exploited, what their consequences were, and how you can protect yourself from these threats.

Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)

The seed phrase is a series of words that allows you to restore access to a cryptocurrency wallet. It must be kept secret and secure, as it gives full control over the funds. In February 2018, a security researcher named Saleem Rashid discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to recover the seed phrase using a side-channel attack.

How did hackers exploit the breach?

The attack consisted of using an oscilloscope to measure the voltage variations on the reset pin of the device. These variations reflected the operations performed by the secure processor of the Ledger Nano S, which generated the seed phrase. By analyzing these variations, the attacker could reconstruct the seed phrase and access the user’s funds.

Simplified diagram of the attack

Figure Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)
Statistics on the breach
  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: February 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to an oscilloscope and measure the voltage variations on the reset pin. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.
  • Scenario of remote access: The attacker needs to trick the user into installing a malicious software on their computer, which can communicate with the device and trigger the reset pin. The attacker then needs to capture the voltage variations remotely, either by using a wireless device or by compromising the oscilloscope. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.

Sources

1Breaking the Ledger Security Model – Saleem Rashid published on March 20, 2018.

2Ledger Nano S: A Secure Hardware Wallet for Cryptocurrencies? – Saleem Rashid published on November 20, 2018.

Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

The firmware is the software that controls the operation of the device. It must be digitally signed by Ledger to ensure its integrity. In March 2018, the same researcher discovered another breach in the Ledger Nano S, which allowed an attacker to replace the firmware of the device with a malicious firmware, capable of stealing the private keys or falsifying the transactions.

How did hackers exploit the Ledger Security Breaches?

The attack consisted of exploiting a vulnerability in the mechanism of verification of the firmware signature. The attacker could create a malicious firmware that passed the signature check, and that installed on the device. This malicious firmware could then send the user’s private keys to the attacker, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

Figure Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

Statistics on the breach

  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: March 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to a computer and install the malicious firmware on it. The attacker can then use the device to access the user’s funds or falsify their transactions.
  • Scenario of remote access: The attacker needs to trick the user into installing the malicious firmware on their device, either by sending a fake notification, a phishing email, or a malicious link. The attacker then needs to communicate with the device and send the user’s private keys or modify their transactions.

Sources

: [Breaking the Ledger Security Model – Saleem Rashid] published on March 20, 2018.

: [Ledger Nano S Firmware 1.4.1: What’s New? – Ledger Blog] published on March 6, 2018.

Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

The printed circuit board is the hardware part of the device, which contains the electronic components. It must be protected against malicious modifications, which could compromise the security of the device. In November 2018, a security researcher named Dmitry Nedospasov discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to modify the printed circuit board and install a listening device, capable of capturing the private keys or modifying the transactions.

How did hackers exploit the breach?

The attack consisted of removing the case of the device, and soldering a microcontroller on the printed circuit board. This microcontroller could intercept the communications between the secure processor and the non-secure processor of the Ledger Nano S, and transmit them to the attacker via a wireless connection. The attacker could then access the user’s private keys, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

figure Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

Statistics on the breach

  • Number of potentially affected users: unknown
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: November 7, 2019
  • Author of the discovery of the breach: Dmitry Nedospasov, a security researcher
  • Date of publication of the fix by Ledger: December 17, 2020

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to remove the case of the device and solder the microcontroller on the printed circuit board. The attacker can then use the wireless connection to access the user’s funds or modify their transactions.
  • Scenario of remote access: The attacker needs to compromise the wireless connection between the device and the microcontroller, either by using a jammer, a repeater, or a hacker device. The attacker can then intercept the communications between the secure processor and the non-secure processor, and access the user’s funds or modify their transactions.

Sources

  • [Breaking the Ledger Nano X – Dmitry Nedospasov] published on November 7, 2019.
  • [How to Verify the Authenticity of Your Ledger Device – Ledger Blog] published on December 17, 2020.

Ledger Security Breaches: The Connect Kit Attack (December 2023)

The Connect Kit is a software that allows users to manage their cryptocurrencies from their computer or smartphone, by connecting to their Ledger device. It allows to check the balance, send and receive cryptocurrencies, and access services such as staking or swap.

The Connect Kit breach was discovered by the security teams of Ledger in December 2023. It was due to a vulnerability in a third-party component used by the Connect Kit. This component, called Electron, is a framework that allows to create desktop applications with web technologies. The version used by the Connect Kit was not up to date, and had a breach that allowed hackers to execute arbitrary code on the update server of the Connect Kit.

How did hackers exploit the Ledger Security Breaches?

The hackers took advantage of this breach to inject malicious code into the update server of the Connect Kit. This malicious code was intended to be downloaded and executed by the users who updated their Connect Kit software. The malicious code aimed to steal the sensitive information of the users, such as their private keys, passwords, email addresses, or phone numbers.

Simplified diagram of the attack

Figure Ledger Security Breaches The Connect Kit Attack (December 2023)

Statistics on the breach

  • Number of potentially affected users: about 10,000
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: December 14, 2023
  • Author of the discovery of the breach: Pierre Noizat, director of security at Ledger
  • Date of publication of the fix by Ledger: December 15, 2023

Scenarios of hacker attacks

  • Scenario of remote access: The hacker needs to trick the user into updating their Connect Kit software, either by sending a fake notification, a phishing email, or a malicious link. The hacker then needs to download and execute the malicious code on the user’s device, either by exploiting a vulnerability or by asking the user’s permission. The hacker can then access the user’s information or funds.
  • Scenario of keyboard: The hacker needs to install a keylogger on the user’s device, either by using the malicious code or by another means. The keylogger can record the keystrokes of the user, and send them to the hacker. The hacker can then use the user’s passwords, PIN codes, or seed phrases to access their funds.
  • Scenario of screen: The hacker needs to install a screen recorder on the user’s device, either by using the malicious code or by another means. The screen recorder can capture the screen of the user, and send it to the hacker. The hacker can then use the user’s QR codes, addresses, or transaction confirmations to steal or modify their funds.

Sources

Ledger Security Breaches: The Data Leak (December 2020)

The database is the system that stores the information of Ledger customers, such as their names, addresses, phone numbers and email addresses. It must be protected against unauthorized access, which could compromise the privacy of customers. In December 2020, Ledger revealed that a breach in its database had exposed the personal data of 292,000 customers, including 9,500 in France.

How did hackers exploit the breach?

The breach had been exploited by a hacker in June 2020, who had managed to access the database via a poorly configured API key. The hacker had then published the stolen data on an online forum, making them accessible to everyone. Ledger customers were then victims of phishing attempts, harassment, or threats from other hackers, who sought to obtain their private keys or funds.

Simplified diagram of the attack :

Statistics on the breach

  • Number of affected users: 292,000, including 9,500 in France
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: June 25, 2020
  • Author of the discovery of the breach: Ledger, after being notified by a researcher
  • Date of publication of the fix by Ledger: July 14, 2020

Scenarios of hacker attacks

  • Scenario of phishing: The hacker sends an email or a text message to the user, pretending to be Ledger or another trusted entity. The hacker asks the user to click on a link, enter their credentials, or update their device. The hacker then steals the user’s information or funds.
  • Scenario of harassment: The hacker calls or visits the user, using their personal data to intimidate them. The hacker threatens the user to reveal their identity, harm them, or steal their funds, unless they pay a ransom or give their private keys.
  • Scenario of threats: The hacker uses the user’s personal data to find their social media accounts, family members, or friends. The hacker then sends messages or posts to the user or their contacts, threatening to harm them or expose their cryptocurrency activities, unless they comply with their demands.

Sources:
– [Ledger Data Breach: A Cybersecurity Update – Ledger Blog] published on January 29, 2021.

Comparison with other crypto wallets

Ledger is not the only solution to secure your cryptocurrencies. There are other options, such as other hardware wallets, software wallets, or exchanges. Each option has its advantages and disadvantages, depending on your needs and preferences. For example, other hardware wallets, such as Trezor or Keepser, offer similar features and security levels as Ledger, but they may have different designs, interfaces, or prices. Software wallets, such as Exodus or Electrum, are more convenient and accessible, but they are less secure and more vulnerable to malware or hacking. Exchanges, such as Coinbase or Binance, are more user-friendly and offer more services, such as trading or staking, but they are more centralized and risky, as they can be hacked, shut down, or regulated. Another option is to use a cold wallet, such as SeedNFC HSM, which is a patented HSM that uses NFC technology to store and manage your cryptocurrencies offline, without any connection to the internet or a computer. It also allows you to create up to 100 cryptocurrency wallets and check the balances from this NFC HSM.

Technological, Regulatory, and Societal Projections

The future of cryptocurrency security is uncertain and challenging. Many factors can affect Ledger and its users, such as technological, regulatory, or societal changes.

Technological changes

It changes could bring new threats, such as quantum computing, which could break the encryption of Ledger devices, or new solutions, such as biometric authentication or segmented key authentication patented by Freemindtronic, which could improve the security of Ledger devices.

Regulatory changes

New rules or restrictions could affect Cold Wallet and Hardware Wallet manufacturers and users, such as Ledger. For example, KYC (Know Your Customer) or AML (Anti-Money Laundering) requirements could compromise the privacy and anonymity of Ledger users. They could also ban or limit the use of cryptocurrencies, which could reduce the demand and value of Ledger devices. On the other hand, other manufacturers who have anticipated these new legal constraints could have an advantage over Ledger. Here are some examples of regulatory changes that could affect Ledger and other crypto wallets:

  • MiCA, the proposed EU regulation on crypto-asset markets, aims to create a harmonized framework for crypto-assets and crypto-asset service providers in the EU. It also seeks to address the risks and challenges posed by crypto-assets, such as consumer protection, market integrity, financial stability and money laundering.
  • U.S. interagency report on stablecoins recommends that Congress consider new legislation to ensure that stablecoins and stablecoin arrangements are subject to a federal prudential framework. It also proposes additional features, such as limiting issuers to insured depository institutions, subjecting entities conducting stablecoin activities (e.g., digital wallets) to federal oversight, and limiting affiliations between issuers and commercial entities.
  • Revised guidance from the Financial Action Task Force (FATF) on virtual assets and virtual asset service providers (VASPs) clarifies the application of FATF standards to virtual assets and VASPs. It also introduces new obligations and recommendations for PSAVs, such as the implementation of the travel rule, licensing and registration of PSAVs, and supervision and enforcement of PSAVs.

These regulatory changes could have significant implications for Ledger and other crypto wallets. They could require them to comply with new rules and standards, to obtain new licenses or registrations, to implement new systems and processes, and to face new supervisory and enforcement actions.

Societal changes

Societal changes could influence the perception and adoption of Ledger and cryptocurrencies, such as increased awareness and education, which could increase the trust and popularity of Ledger devices, or increased competition and innovation, which could challenge the position and performance of Ledger devices. For example, the EviSeed NFC HSM technology allows the creation of up to 100 cryptocurrency wallets on 5 different blockchains chosen freely by the user.

Technological alternatives

Technological alternatives are already available, such as EviCore NFC HSM, EviCore HSM OpenPGP, EviCore NFC HSM Browser Extension and the NFC HSM devices that work without contact, developed and manufactured by Freemindtronic in Andorra. These are new cyber security and safety technologies that use HSMs with or without NFC. They offer a wide range of security features to manage your cryptocurrencies and other digital assets. These technologies also offer the hardware management of complex and complicated passwords by EviPass NFC HSM, OTP (2FA) keys by EviOTP NFC HSM, Seed Phrases by EviSeed NFC HSM, and the creation of multiple cryptocurrency wallets on the same device.

Conclusion

Ledger, the French leader in cryptocurrency security, has faced several security breaches since 2017. As a result of these breaches, hackers could steal the private keys and funds of Ledger users. In response to these threats, Ledger reacted by publishing security updates, informing its users, and strengthening its protection measures. However, Ledger users must be vigilant and follow the recommendations of Ledger to protect themselves from these attacks. Despite these challenges, Ledger remains a reliable and secure device to manage cryptocurrencies, as long as the best practices of digital hygiene are respected. If you want to learn more about Ledger and its products, you can visit their official website or read their blog. Additionally, you can also check their security reports and their help center for more information.

Securing IEO STO ICO IDO and INO: The Challenges and Solutions

Securing IEO STO ICO IDO INO the challenges and solutions EviCore NFC HSM by Freemindtronic

  Securing IEO STO ICO IDO and INO by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Enhancing Security: Securing IEO STO ICO IDO and INO

Cryptocurrencies are digital assets that can be used to buy goods and services, invest in projects, or trade on online platforms. In this article, we will explore the importance of securing IEOs, STOs, ICOs, IDOs, and INOs and how you can protect your investments using EviCore NFC HSM technology.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

Discover our other articles on digital security

Securing IEO STO ICO IDO and INO: How to Protect Your Crypto Investments

Cryptocurrencies are digital assets that can be used to purchase goods and services, invest in projects, or trade on online platforms. They are built on blockchain technology, which is a decentralized system that records and verifies transactions without intermediaries. However, to securely and conveniently store your private keys and seed phrases, thus ensuring the security of your funds in Securing IEO STO ICO IDO and INO, you need a wallet that stores your private keys and seed phrases. These pieces of data enable you to access and control your funds on the blockchain

But how can you securely and conveniently store your private keys and seed phrases in Securing IEO STO ICO IDO and INO? How can you prevent losing them or falling victim to hackers or scammers? And how can you participate in various forms of cryptocurrency crowdfunding, such as ICOs, IEOs, STOs, IDOs, and INOs, without risking your funds?

In this article, we will address these questions and explain how to protect your private keys and starter phrases using NFC (Near Field Communication) HSM. We will also compare different cryptocurrency crowdfunding models and show how to store your private keys and starter phrases with EviCore NFC HSM technology for each of these models.

By reading this article, you will learn:

  • What ICOs, IEOs, and STOs are and how to participate in Securing IEO STO ICO IDO and INO.
  • The significance of seed phrases and private keys in Securing IEO STO ICO IDO and INO.
  • The features and functionality of EviCore HSM technology in Securing IEO STO ICO IDO and INO.
  • How to securely store your seed phrases and private keys using EviCore NFC HSM technology across various use cases in Securing IEO STO ICO IDO and INO.

If you have an interest in cryptocurrencies and want to understand how to secure your funds with EviCore HSM technology in Securing IEO STO ICO IDO and INO, please continue reading!

What are ICOs, IEOs, STOs, IDOs and INOs?

Cryptocurrencies are virtual digital assets that rely on blockchain technology, a decentralized and encrypted ledger that records all transactions conducted on the network. Cryptocurrencies enable their user community to engage in transactions without the use of traditional currencies and also fund innovative projects through cryptocurrency fundraisers.

A cryptocurrency fundraiser involves issuing tokens in exchange for cryptocurrencies. Tokens are digital units that represent a right or value associated with the funded project. There are various types of cryptocurrency fundraisers based on factors such as the nature of the tokens issued, the platform used for transactions, the involvement of trusted third parties, and the level of regulatory oversight. Let’s take a closer look at the main types of cryptocurrency fundraisers in Securing IEO STO ICO IDO and INO:

ICO (Initial Coin Offering)

An ICO is a fundraising operation in which a company issues tokens that investors subscribe to mainly with cryptocurrencies. These tokens can have different functions, depending on the project funded:

  • Utility tokens, which give access to a service or a platform developed by the company.
  • Governance tokens, which allow holders to participate in the strategic decisions of the project.
  • Security tokens, which represent a share of the capital or the revenues of the company.

An ICO usually takes place in several stages:

  • The presale, where investors can buy the tokens at a discounted price, often with a minimum amount required.
  • The public sale, where the tokens are made available to the general public, often with a maximum amount to be raised.
  • The distribution, where the tokens are sent to investors on their wallets..

The advantages of an ICO for investors are:

  • The possibility to support innovative and promising projects.
  • The possibility to benefit from a high capital gain if the project succeeds and the value of the tokens increases.
  • The possibility to diversify your portfolio with digital assets.

The disadvantages of an ICO for investors are:

  • The risk of losing all or part of your investment if the project fails or if the tokens lose their value.
  • The risk of falling for a scam or a fraud, as ICOs are poorly regulated and controlled. The risk of not being able to resell your tokens easily, as there is not always a liquid secondary market.Depending on the country where the ICO takes place, there may be rules to follow, especially in terms of investor protection, anti-money laundering or taxation. Therefore, it is advisable to check the legal status and the compliance of the ICO before investing. Some countries have banned or restricted ICOs, while others have issued guidelines or regulations to ensure their transparency and security.

IEO (Initial Exchange Offering)

An IEO is a fundraising operation in which a company issues tokens on a cryptocurrency exchange platform. The exchange acts as an intermediary between the company and investors, providing security, liquidity, and visibility for the token sale. Investors can purchase tokens using cryptocurrencies or fiat money, depending on the exchange.

An IEO typically involves a single stage:

  • Public sale: Tokens are sold on the exchange platform within a limited time frame and at a fixed price.

Advantages of IEOs for investors include:

  • Enhanced security, liquidity, and visibility compared to ICOs.
  • Access to vetted and quality projects that have been approved by the exchange.
  • Ability to trade tokens immediately after the sale on the same exchange.

Disadvantages of IEOs for investors include:

  • Dependence on a centralized intermediary that controls the token sale process and charges fees.
  • Need to comply with stricter rules and regulations imposed by the exchange and jurisdiction.
  • Risk of missing out on opportunities due to high demand and limited token supply.

STO (Security Token Offering)

An STO is a fundraising operation in which a company issues tokens that represent securities, such as shares or bonds. These tokens are backed by real assets, and investors can purchase them using cryptocurrencies or fiat money, depending on the platform.

STOs typically involve one or more stages:

  • Private sale: Accredited investors can buy tokens at a discounted price, often with a minimum investment requirement.
  • Public sale: Qualified investors can purchase tokens at a fixed price, often with a maximum fundraising amount.

Advantages of STOs for investors include:

  • Opportunity to invest in regulated and compliant projects that offer legal protection and transparency.
  • Potential for real value and returns from the underlying assets of the company.
  • Access to new markets and opportunities that were previously reserved for institutional investors.

Disadvantages of STOs for investors include:

  • Need for accreditation or qualification based on strict criteria set by regulators and platforms.
  • Lack of liquidity and availability compared to utility tokens or cryptocurrencies.
  • Complexity and cost associated with issuing and managing security tokens on blockchain platforms.

IDO (Initial Dex Offering)

An IDO is a fundraising operation in which a company issues tokens on a decentralized protocol for exchanging cryptocurrencies, known as a DEX (Decentralized Exchange). Investors can purchase tokens directly on the DEX without going through a centralized platform or intermediary.

Advantages of IDOs for investors include:

  • Speed and simplicity of the process, as it does not require identity verification or prior fund deposits.
  • Transparency and security of transactions, as they are conducted on the blockchain without reliance on a trusted third party.
  • Liquidity and accessibility of tokens, which are immediately available on the secondary market and can be exchanged for other cryptocurrencies.

Disadvantages of IDOs for investors include:

  • Technical and operational risks associated with decentralized protocols that may have vulnerabilities or bugs.
  • Regulatory and legal risks due to the lack of a clear and harmonized legal framework for cryptocurrency fundraisers.
  • Volatility and speculation risks arising from high demand and limited token supply.

INO (Initial NFT Offering)

An INO is a fundraising operation in which a company issues non-fungible tokens, called NFTs (Non-Fungible Tokens). NFTs are unique and indivisible digital assets that can represent works of art, collectibles, virtual or real goods. Investors can purchase NFTs using cryptocurrencies on specialized platforms.

Advantages of INOs for investors include:

  • Support for creative and original projects that leverage the blockchain’s potential to create value.
  • Possibility to benefit from exclusive and inalienable ownership rights over NFTs, certified by the blockchain and immune to duplication or falsification.
  • Opportunity to resell NFTs on a growing and demanding secondary market.

Disadvantages of INOs for investors include:

  • Risk of overvaluation and speculative bubbles due to the current frenzy around NFTs and their artificial scarcity.
  • Potential for counterfeiting and plagiarism, as effective legal protection for copyrights and trademarks is lacking.
  • Environmental and ethical concerns related to the high energy consumption and negative externalities generated by the blockchain.

Comparison Table of Different Cryptocurrency Crowdfunding Models

Below is a comprehensive table comparing different crowdfunding models in cryptocurrency:

Crowdfunding modelDefinitionAdvantagesDisadvantages
ICOFundraising in cryptocurrency by issuing tokens that can have various functionsSupport innovative projects, benefit from high potential gain, diversify portfolioRisk losing investment, fall for scam, not be able to resell tokens easily, face regulatory uncertainty
IEOFundraising in cryptocurrency by issuing tokens on an exchange platform that acts as a trusted intermediaryBenefit from better security, liquidity and visibility than ICOs, access a wider pool of investors and projectsDepend on a centralized intermediary, pay higher fees, comply with stricter rules, face platform risk
STOFundraising in cryptocurrency by issuing tokens that represent securities such as shares or bondsInvest in regulated and compliant projects, benefit from real value and returns, access new markets and opportunities, reduce intermediation costsBe accredited or qualified, face lack of liquidity and availability, deal with complexity and cost, follow different regulations depending on jurisdictions
IDOFundraising in cryptocurrency by issuing tokens on a decentralized exchange protocol that eliminates intermediariesEnjoy speed and simplicity of the process, ensure transparency and security of transactions, access liquidity and accessibility of tokensFace technical and operational risk, cope with regulatory and legal risk, deal with volatility and speculation
INOFundraising in cryptocurrency by issuing non-fungible tokens that represent unique and indivisible digital assetsSupport creative and original projects, benefit from exclusive and inalienable ownership of NFTs, resell NFTs on a growing and demanding marketDeal with overvaluation and speculative bubble, encounter counterfeiting and plagiarism issues, consider environmental and ethical impact

Comprehensive Table of Blockchains Supporting ICOs, IEOs, STOs, IDOs, and INOs

Here is a table showcasing the support for ICOs, IEOs, STOs, IDOs, and INOs across different blockchains, focusing on Securing IEO STO ICO IDO and INO:

BlockchainICO supportIEO supportSTO supportIDO supportINO supportBIP32 supportBIP39 supportBIP44 support
EthereumYesYesYesYesYesYesYesYes
Binance Smart Chain (BSC)YesYesYesYesYesYesYesYes
Cardano (ADA)NoNoNoYesNoYesYesYes
Solana (SOL)YesYesNoNoNoYesNoYes
Avalanche (AVAX)YesYesYesNoNoYesYesNo
Cosmos (ATOM)YesYesYesYesYesYesYesNo
Algorand (ALGO)YesYesYesYesYesYesYesNo
Stellar (XLM)YesNoYesNoNoYesYesYes

What are seed phrases and private keys?

Seed phrases and private keys are essential for accessing and controlling your funds in cryptocurrency. If they are lost or stolen, you may permanently lose access to your cryptocurrencies.

Seed phrase

A seed phrase, also known as a secret phrase, is a sequence of words, typically consisting of 12 or 24 words, that allows you to restore your crypto wallet in case of loss or theft. These words are selected in a specific order from a dictionary containing thousands of words. The seed phrase is essentially a more human-readable representation of a private key and can generate an unlimited number of public-private key pairs.

The public key is the address to which you can receive cryptocurrencies on the blockchain, similar to an IBAN for a bank account. The private key enables you to control the funds associated with a public key and initiate transactions from that address. Public and private keys are always generated as pairs.

The seed phrase is crucial for accessing your wallet and funds, and it must be kept secure and confidential. If lost or stolen, there is no way to recover it or block access to your funds.

Private key

A private key is a string of random letters and numbers generated by your wallet when it is created. It is used for encrypting and decrypting data using public-key cryptography. The private key grants access to your funds and enables you to initiate transactions on the blockchain.

A private key looks like this: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

You should never share your private key with anyone or store it digitally or online. If your private key is lost or stolen, you will lose access to your funds permanently.

How to Secure Your Funds in Securing IEO STO ICO IDO and INO

To participate in an ICO, IEO, STO, IDO, or INO and ensure the security of your funds in Securing IEO STO ICO IDO and INO, you need a wallet that is compatible with the tokens being issued and the accepted cryptocurrency. There are different types of wallets available, each offering varying levels of security and convenience.

Online Wallets (Web Wallets): These wallets are accessible through a web browser. While they are easy to use, they are susceptible to hacking and theft. It is important to choose a reputable and secure online wallet.

Mobile Wallets: These wallets are installed on smartphones and provide convenience for daily transactions. However, they are vulnerable to malware and the risk of losing the phone. Ensure you have proper security measures in place for your mobile wallet, such as enabling device passcodes and biometric authentication.

Software Wallets: These wallets are downloaded and installed on a computer. They offer greater security compared to online or mobile wallets, but their reliability depends on the security of the hardware and software. Keep your computer updated with the latest security patches and use reputable wallet software.

Hardware Wallets: These physical devices are specifically designed for storing private keys. They provide the highest level of security by isolating private keys from the internet. Hardware wallets, such as Ledger or Trezor, are recommended for secure storage of your private keys in Securing IEO STO ICO IDO and INO.

Regardless of the type of wallet you choose, there are some basic rules to follow to secure your funds in Securing IEO STO ICO IDO and INO:

  1. Never share your seed phrase or private key with anyone, and avoid storing them digitally or online.
  2. Make a backup copy of your seed phrase or private key on a physical medium such as paper, metal, or plastic. Store them in secure locations.
  3. Use a strong password and PIN code to protect your wallet from unauthorized access.
  4. Regularly update your wallet software to fix any bugs or vulnerabilities.
  5. Utilize reputable antivirus and firewall software to protect your device from malware and hackers.

By following these security practices, you can significantly reduce the risk of losing your funds and ensure the safety of your investments in Securing IEO STO ICO IDO and INO.

Now, let’s explore how you can enhance the security and simplicity of your cryptocurrency transactions by using EviCore NFC HSM technology.

EviCore NFC HSM is a solution that safeguards your seed phrases and private keys in cryptocurrency using Near Field Communication (NFC) technology. With EviCore NFC HSM, you can store your seed phrases and private keys in an encrypted NFC tag or card, protected by a segmented key. This tag or card allows you to restore your wallet on any NFC-compatible device without exposing your sensitive data to the internet.

EviCore NFC HSM is compatible with major cryptocurrency wallets such as Ledger, Trezor, Metamask, Trust Wallet, and more. It also works seamlessly with popular cryptocurrency exchange platforms like Binance, Coinbase, and Kraken. This ensures optimal security and ease of managing your funds in cryptocurrency.

Here’s a step-by-step guide on how to use EviCore NFC HSM to secure your seed phrases and private keys in cryptocurrency:

  1. Download the application that incorporates the EviCore NFC HSM technology on your NFC-compatible Android smartphone.
  2. Pair the NFC HSM device with your smartphone using the unique pairing key.
  3. Translate to English: Add the seed phrase by simply clicking on the multi-language BIP39 words provided during the creation of your secure cryptocurrency wallet, without typing anything on the keyboard, as EviCore NFC HSM performs real-time checksum verification of the seed phrase before securely encrypting and storing it in the NFC device.
  4. You can also add the private key derived from the seed phrase without entering or scanning its QR code through the Android NFC application, which will automatically encrypt and store it in the NFC device in less than 5 seconds. You just need to indicate beforehand which blockchain your derived key belongs to before the registration pro

By utilizing EviCore NFC HSM, you can secure your seed phrases and private keys with maximum security and unparalleled ease of use. You no longer need to worry about losing or having your sensitive data stolen, as you can store them in a physical device that can be carried with you wherever you go. Additionally, you can securely share your seed phrases and private keys with others using encrypted RSA-4096 public keys or segmented key authentication, making it easier to transmit funds to your heirs.

EviCore NFC HSM technology is the ideal solution for securing your seed phrases and private keys in cryptocurrency, enabling you to fully embrace the opportunities offered by cryptocurrencies while minimizing unnecessary risks. If you’re interested in this innovative solution, visit Freemindtronic’s website or contact them for more information.

Additionally, if you’re seeking an alternative method to secure your crypto fundraising, you may consider EviCore HSM OpenPGP technology. This technology transforms your Android or iPhone into a hardware security module (HSM) for encrypting and storing your crypto keys. It leverages the highly secure OpenPGP standard, known for its reliability and security. To learn more about this technology and how it can help you safely fund your blockchain project, you can refer to this article link

Conclusion

In this article, we have provided insights into participating in various forms of cryptocurrency crowdfunding, including ICOs, IEOs, STOs, IDOs, and INOs. We have emphasized the importance of securing your seed phrases and private keys in Securing IEO STO ICO IDO and INO and introduced EviCore NFC HSM technology as a solution. By adopting EviCore NFC HSM, you can enhance the security and simplicity of your cryptocurrency transactions while mitigating risks. We hope this article has been informative and valuable to you. Should you have any questions or comments, feel free to leave them below.

Thank you for reading, and happy investing in Securing IEO STO ICO IDO and INO!

How BIP39 helps you create and restore your Bitcoin wallets

BIP39 EviSeed post Freemindtronic from Andorra web site

BIP39 by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

BIP39: how to create and restore your Bitcoin wallets securely

Do you want to know how BIP39 helps you manage your cryptographic keys with a simple mnemonic phrase? Find out in this article how this standard works and how to use it to protect your bitcoins.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

How BIP39 helps you create and restore your Bitcoin wallets

Do you struggle to manage your cryptocurrency wallets? Are you looking for a simple and secure solution to create and restore your wallets? You are not alone. According to a study, more than 20% of cryptocurrency users have lost access to their funds because of a forgotten or stolen private key. Fortunately, there is an innovative solution to avoid this problem: BIP39 and mnemonic phrases. In this article, we will explain what BIP39 is, how it works, what are its advantages and disadvantages, and which wallets support it.

What is BIP39 and how does it work?

BIP39, also known as Bitcoin Improvement Proposal 39, proposes a novel method to simplify the creation and recovery of cryptocurrency wallets. It relies on the use of mnemonic phrases, which are sequences of words easy to remember generated from a predefined list of words. These mnemonic phrases serve to derive the private keys that allow you to access your funds. The use of this method greatly simplifies the management and backup of wallets, avoiding the need to memorize complex private keys.

BIP39 is part of the many BIPs (Bitcoin Improvement Proposals) that aim to improve the Bitcoin protocol. It was proposed in 2013 by Marek Palatinus, Pavol Rusnak, Aaron Voisine and Sean Bowe. It was implemented on Bitcoin in 2014 and has been adopted by many other cryptocurrency projects since then. You can consult the official document of BIP39 here (link to https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki).

The benefits of BIP39

BIP39 has many benefits for cryptocurrency users. First of all, it simplifies considerably the process of creating and recovering wallets. Thanks to mnemonic phrases, it becomes easier to backup and restore your wallets in case of need. Moreover, these mnemonic phrases are generally more user-friendly, as they are composed of words in natural language, which makes them easier to remember.

Another important benefit is compatibility. Many hardware and software wallets support BIP39, which offers great flexibility in choosing the wallet suitable for your needs. Whether you prefer a physical wallet or a software solution, there is a high chance that you can find a wallet compatible with BIP39.

The drawbacks of BIP39

Despite its many benefits, BIP39 also has some drawbacks. The main drawback lies in the security of the mnemonic phrase. Given that the mnemonic phrase is the key to access your funds, its loss or theft can result in the total loss of your cryptocurrencies. It is therefore crucial to take appropriate security measures to protect your mnemonic phrase, such as secure backup in an offline location.

Another drawback is the dependence on wallet software compatible with BIP39. It is important to verify that the wallet you use supports BIP39 before generating your mnemonic phrase. Otherwise, you may not be able to access your funds with another wallet that uses the same protocol.

Cold wallet vs hardware wallet: what’s the difference?

If you own cryptocurrencies, you need a wallet to store and manage them. But not all wallets are the same. In this article, we will explain the difference between a cold wallet and a hardware wallet, and how to choose the best one for your needs.

What is a cold wallet?

A cold wallet is a type of hardware wallet that is very secure: it never interacts with any smart contract or external source; it only stores assets and executes transfers between your other wallets. For example, a hardware wallet that is not used to explore Web3 can be considered a cold wallet.

What is a hardware wallet?

A hardware wallet is a physical device that stores your private keys in an isolated environment from an internet connection. This is important, because anyone who has access to your private keys has access to your crypto. A hardware wallet also allows you to sign transactions; enabling you to interact with different blockchain networks.

What is the difference between a cold wallet and a hardware wallet?

The main difference between a cold wallet and a hardware wallet is the level of interaction with smart contracts and external sources. A cold wallet is safer than a hardware wallet active online, because it does not face any threat from interactions with smart contracts.

Here is a summary table of the advantages and disadvantages of each type of wallet:

Cold WalletHardware Wallet
+ Very secure+ Secure
+ Ideal for long-term storage+ Ideal for Web3 exploration
– Not convenient for frequent transactions– Less secure than a cold wallet
– Can be lost or damaged– Can be hacked by malicious smart contracts

What standard is used to generate the mnemonic phrase or mnemonic code?

Another important aspect to consider when choosing a wallet is the standard used to generate the mnemonic phrase or mnemonic code. This is a group of easy-to-remember words that serves as a backup for your wallet in case of loss or destruction. The most common standard is BIP39, which is used by many deterministic (HD) wallets and not only by Bitcoin wallets. It has also been adopted for use in many other cryptocurrency projects.

Cold wallets and hardware wallets generally use BIP39 for master key generation. Some hardware wallets also use other BIPs to improve the security and functionality of their wallets. For example:

  • The Trezor Model T uses BIP32, BIP39, BIP44 and SLIP39. SLIP39 is an improvement of BIP39 that allows creating split backups (Shamir Backup) for increased security.
  • The Coldcard uses BIP32, BIP39 and BIP174. BIP174 is a standardized format for partially signed transactions (PSBT) that allows signing transactions offline.

What are the different types of cold wallets and hardware wallets?

There are different types of cold wallets and hardware wallets, and some can belong to both categories. For example, the Keepser is an NFC cold wallet that uses BIP39 to save seed phrases generated by other wallets or blockchains. It is therefore a type of hardware wallet that comes in the form of a contactless card that communicates with an application on your smartphone. The Keepser only protects cryptocurrency private keys, and not other types of private keys. It also allows printing private keys and seed phrases in the form of encrypted QR codes, which can be scanned by the Keepser application to restore wallets. The Keepser uses EviVault and EviSeed technology developed by Freemindtronic, a company specialized in cybersecurity and custom product design.

It is therefore important to check what standards are supported by the wallet you choose and how they affect the security and compatibility of your wallet.

How to choose a BIP39-compatible wallet

Update 29/05/2023

To fully enjoy the benefits of BIP39, it is essential to choose a wallet compatible with this feature. Many hardware and software wallets support BIP39, offering a simplified and secure experience. To help you in your choice, we have created a comprehensive table that compares the best wallets compatible with BIP39:

How to secure your mnemonic phrase with EviSeed?

If you use a BIP39-compatible wallet, you must imperatively protect your mnemonic phrase against any loss or theft. An innovative solution for this is EviSeed, developed by Freemindtronic. EviSeed is an electronic device that allows you to store your mnemonic phrase in a secure and resistant NFC card against physical or logical attacks.

EviSeed offers several advantages over traditional backup methods on paper or metal:

  • It is easy to use: just approach your NFC card from a compatible smartphone to display your mnemonic phrase.
  • It is secure: it uses a patented algorithm that encrypts your mnemonic phrase with a personal PIN code.
  • It is durable: it resists shocks, water, fire and magnetic fields.

EviSeed is compatible with all wallets that support BIP39, such as Ledger, Trezor or Metamask. You can order your EviSeed on Freemindtronic’s official website (link to https://freemindtronic.com/eviseed/en/).

Some real-life examples of people who lost their keys

You may think that losing your mnemonic phrase is a rare or unlikely case. Think again! Many people have already experienced this misadventure, sometimes with dramatic consequences. Here are some real-life examples taken from the media:

  • Stefan Thomas, a programmer living in San Francisco, owns 7 002 Bitcoin that he cannot recover because he lost the password of his IronKey hard drive, which contains the private keys of his wallet1. He only has two attempts left before his hard drive locks permanently.
  • James Howells, a British computer scientist, accidentally threw away his hard drive containing 7 500 Bitcoin in 20132. He tried unsuccessfully to find his hard drive in a municipal landfill.
  • Brad Yasar, an entrepreneur living in Los Angeles, mined thousands of Bitcoin at the beginning of the project3. But he forgot his passwords and failed to access his wallets despite hundreds of hours spent trying.
  • Luke Dashjr, one of the original developers of Bitcoin Core, said he lost more than 200 Bitcoin after his PGP key was compromised on December 31, 20224. He claimed he did not know how hackers were able to access his key.

These examples show well the importance of using a reliable and secure method to backup your mnemonic phrase. With EviSeed, you can avoid this kind of situation and enjoy your cryptocurrencies peacefully.

Other standards related to BIP39

BIP39 is not the only standard that concerns the generation and management of cryptocurrency wallets. There are other standards that are related to BIP39 or that propose alternatives to it. Here are some examples:

  • The BIP32 is another standard that describes how to generate deterministic wallets from a master key. The BIP32 allows creating a hierarchy of derived keys from a single master key, which facilitates the organization and backup of wallets. The BIP32 uses a hash function to derive keys, which ensures that keys are unpredictable and independent from each other. The BIP39 is a method to create a master key from a mnemonic phrase. The two standards are often used together to create deterministic wallets from mnemonic phrases.
  • The BIP44 is an extension of the BIP32 that defines a hierarchical structure for deterministic wallets. It allows managing multiple accounts and multiple currencies with a single mnemonic phrase. The BIP44 defines five levels of derivation: purpose, currency, account, address type, and address index. The purpose is fixed at 44’ to indicate that the wallet follows the BIP44. The currency is a numerical code that identifies the currency used (for example, 0’ for Bitcoin, 60’ for Ethereum). The account is a number that allows separating funds according to personal criteria (for example, 0’ for the main account, 1’ for the secondary account). The address type is a bit that indicates if the wallet uses external addresses (0) or internal addresses (1). External addresses are those that are used to receive payments, while internal addresses are those that are used to send changes. The address index is a number that identifies each address within the address type. For example, the address m/44’/0’/0’/0/0 corresponds to the first external address of the first Bitcoin account of the wallet.
  • The SLIP39 (Shamir’s Secret-Sharing for Mnemonic Codes) is an alternative to BIP39 that allows splitting a mnemonic phrase into several parts that must be combined to restore the master key. The SLIP39 uses Shamir’s secret-sharing scheme, a cryptographic algorithm that allows distributing a secret into several pieces, called shares, such that a minimum number of shares is required to reconstruct the secret. For example, one can split a mnemonic phrase into five shares, of which three are required to restore it. This allows increasing security and redundancy of the wallet, by avoiding that one single share is enough to access funds or that one single share lost makes the wallet irrecoverable.
  • The Electrum Seed Version System is a system used by Electrum wallet to generate and verify mnemonic phrases. It differs from BIP39by several aspects: it uses a different word list, it does not use a checksum but a version code, it allows generating mnemonic phrases of variable lengths (12, 18 or 24 words), it allows deriving keys and addresses from a hash of the mnemonic phrase without depending on a fixed word list, it supports different types of mnemonic phrases according to the type of wallet (standard, multisig or segwit).
  • The Monero Seed Format is a format used by Monero wallet to generate and verify mnemonic phrases. It differs from BIP39 by several aspects: it uses a different word list, it uses a different checksum based on CRC32, it allows generating mnemonic phrases of 13 or 25 words depending on the seed length (128 or 256 bits), it allows deriving keys and addresses from the seed without depending on a fixed word list.

The segmented key authentication technology

Another innovative technology that allows to protect sensitive data such as mnemonic phrases by using encryption keys that are stored on different supports is the segmented key authentication technology. This technology was invented by Jacques Gascuel, a Frenchman living in Andorra, founder of the Andorran company Freemindtronic, is also patented in the USA under number US11281759B2 in 2020.

According to the invention, the encryption keys of the mnemonic phrases are segmented into several parts, which allows to store them on different supports such as contactless devices, phones, computers or a paper print with a QR code. Each mnemonic phrase is associated with an NFC HSM device and/or an EviCore OpenPGP HSM from Freemindtronic, which contains a part of the encryption key, which can be a pairing key. This part allows to decrypt the mnemonic phrase when the other parts are gathered. The other parts can be validated in different ways, such as a password, a fingerprint, a geofence or an identifier of the phone or network, etc. The technology allows to create different segmentation combinations for each mnemonic phrase. To reconstruct the encryption key and access the mnemonic phrase, one must approach the NFC HSM device from the phone and validate the other parts according to the order chosen by the user or automatically if all conditions are met.

According to one of the implementations of the invention, the key segments chosen by the user to constitute the decryption key can be of physical or digital origin. For example, the user can choose a key segment that corresponds to a geofence, thus allowing to decrypt the mnemonic phrase without requiring any other action, apart from being physically in the right geographical area. Of course, this key segment is associated with at least another key segment, such as the identifier of the user’s phone. This greatly improves user experience without compromising security level, as there are other default authentication factors integrated into NFC devices, such as also segmented pairing key, NFC identifier, unique 128-bit key, administrator and/or user password, as well as phone fingerprint.

Finally, an advantage of this technology is that key segments can be entrusted to various third parties without any risk. For example, a third party can hold a key segment without knowing what type of segment he owns, whether it is a BSSID, a geofence or a phone identifier that will receive a donation. There is virtually no limit to this. It is an effective solution for donations and inheritances, where the notary or lawyer can have a geofence key segment that he can only use in a specific place defined in a will or under the supervision of a bailiff.

Conclusion

In summary, BIP39 is a major improvement proposal to simplify the management of cryptocurrency wallets. Thanks to the use of mnemonic phrases, it offers a user-friendly and secure solution to create and recover your wallets. However, it is crucial to protect your mnemonic phrase against any loss or theft, and to choose a reliable and compatible wallet with BIP39.

We hope that this article has helped you understand better the functioning and benefits of BIP39. If you have any questions or comments, we would love to help you in the section below. Simplify your cryptocurrency management experience with BIP39!

Recovery Phrase Backup: How to Secure It

Recovery phrase backup how to secure it article by Jacques Gascuel from Freemindtronic Andorra

Recovery Phrase Backup by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Recovery Phrase Backup: a beginner’s guide

If you own a crypto wallet, you probably have heard of a recovery phrase backup. This is a series of words that allows you to access your crypto funds in case you lose or damage your wallet. It is one of the most important things you need to know and protect when dealing with cryptocurrencies. What is a seed phrase and how does it work? How to create and store it securely? What are the risks and challenges? And what are the best practices and tools to safeguard it?

Articles Crypto Currency Digital Security EviSeed EviVault Technology News

Enhancing Crypto Wallet Security: How EviSeed and EviVault Could Have Prevented the $41M Crypto Heist

Articles EviVault Technology News Uncategorized

Why choose a Cold Wallet NFC HSM to secure your cryptocurrencies?

Articles Digital Security EviVault Technology NFC HSM technology Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

Articles EviVault Technology Phishing

Cryptbot malware steals data cryptocurrencies

This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

How to make a physical backup of your secret phrase

The Mnemonic Phrase is the ultimate key to access your crypto assets. If you lose it or share it, you risk losing control of your funds. That’s why it’s essential to physically backup your seed phrase and store it in a safe and secret place. Here’s how to do it.

Recovery Phrase Backup vs Private Key

Before explaining what to do if you lose your seed phrase, let’s understand the difference between a seed phrase and a private key.

A private key is a secret code that allows you to control your crypto-assets on the blockchain. It is generated from your seed phrase, which is a list of words that stores all the information needed to recover cryptographic funds on the blockchain. It consists of 12 to 24 randomly generated words that allow you to access or restore your wallet on another device. You must keep it in a safe place and never share it with anyone.

What to do if you lose your Recovery Phrase? The solutions to recover your crypto-assets safely.

If you lose your seed phrase, you risk losing permanent access to your crypto-assets. It is used to create your private keys. You don’t need it to access your cryptocurrencies on a daily basis, but it is mainly a backup method. You can restore your crypto-assets in case of a problem with your device or wallet. However, if you lose your hardware wallets (cold wallets) and access to your online wallets (hot wallets), you will not be able to recover your cryptocurrencies without your seed phrase.In case you have correctly noted down your seed phrase, there are some possible recovery solutions:

• If you can still log in to your wallet with your password, you can find or export your seed phrase via the wallet.

• If you have lost your wallet but have your seed phrase, you can restore your wallet on a new hardware or software wallet. Enter the 12 to 24 words at startup.

• If you have forgotten or lost your seed phrase and have no other way to access your wallet, there are specialized services that can try to find it. They use a part of the words or other clues, but they are expensive and not always reliable.

Can you avoid using a Recovery Phrase?

You may wonder if there is a way to avoid using a seed phrase to secure your crypto-assets. The answer is no. The mnemonic Phrase is the only way to guarantee that you can always access your funds. Even if you lose or damage your device or wallet. Without a seed phrase, you depend entirely on the service or provider that you use to store your cryptocurrencies. If the service is hacked, closed or inaccessible for any reason, you also risk losing your assets. The seed phrase is an essential element to protect your financial independence and digital sovereignty.

Introduction: What is a recovery phrase and why is it important?

If you are new to the world of cryptocurrencies, you may have heard of the term “seed phrase” or “mnemonic phrase” or “backup phrase” or “seed recovery phrase” or “recovery phrase”. This is a set of words that allows you to access your crypto wallet and funds. It is one of the most important things you need to know and protect when dealing with cryptocurrencies.

How does a recovery phrase work and what are its formats?

But what exactly is a seed recovery phrasehrase and how does it work? How can you create and store it securely? What are the risks and challenges involved? And what are the best practices and tools to help you safeguard your recovery phrase backup?

This article answers these questions and more. It explains what a seed recovery phrase is, why it is important, how it works, and how to backup and restore it. It also discusses the methods and materials to create and store physical backups (e.g. paper, metal, plastic, wood, or NFC devices). It also explores the pros and cons of each option, and some tips and tricks to make your backup easier and safer.

How to create a recovery phrase?

When you create a crypto wallet, a seed phrase is automatically generated for you. You do not need to choose or invent the words yourself. You just need to write them down and store them safely.

To create a recovery phrase backup, you can use any crypto wallet that supports the BIP39 standard, such as BitPay, Coinbase Wallet, Ledger, Trezor, or Trust Wallet. These wallets will generate a random sequence of 12 or 24 words for you, depending on the level of security you want.

You can also use an online tool like https://iancoleman.io/bip39/ to generate a seed phrase manually. However, this method is not recommended as it exposes your seed phrase to potential hackers or malware. You should only use this tool offline and on a trusted device.

What does a recovery phrase look like?

A recovery phrase backup looks like a list of simple words, such as:

  • army
  • energy
  • fabric
  • lucky
  • opera
  • stereo
  • trash
  • void

These are eight words out of the 2,048 possible words in the BIP39 standard. You can find the complete list of words here: https://www.bitcoinsafety.com/blogs/bitcoin/seed-phrase-list2.

The order of the words matters, as it determines the private keys that are derived from the seed phrase. You should never change or shuffle the words in your seed phrase.

The number of words in your seed phrase also matters, as it determines the level of security and entropy of your wallet. A 12-word seed phrase offers 128 bits of security, while a 24-word seed phrase offers 256 bits of security. The more words, the more secure.

What is the most common term for a recovery phrase?

A recovery phrase can also be called by different names, such as:

  • recovery phrase
  • mnemonic phrase
  • backup phrase
  • seed recovery phrase

These terms are interchangeable and mean the same thing. However, according to web search results, the most common term used for a seed phrase in the world is Recovery Phrase. This term emphasizes the fact that you can use your seed phrase to recover your wallet and your funds in case of loss or damage.

How to physically save your mnemonic Phrase

The Mnemonic Phrase is the ultimate key to accessing your crypto assets. If you lose it or share it, you risk losing control of your funds. That’s why it’s essential to physically back up your seed phrase and store it somewhere safe and secret. Here’s how

The role and mechanism of a secret phrase

Your cryptocurrency wallet generates a set of 12 or 24 words, also known as a seed phrase, using a cryptographic algorithm. A seed phrase is a series of words generated by your crypto wallet that gives you access to the crypto associated with that wallet. For example, if you use the BitPay wallet, you will receive a 12-word seed phrase when you create your wallet. These words are drawn from a list of 2,048 English words called the BIP39 standard1, which offers 128-bit encryption.The seed phrase can derive all the private keys that are associated with your crypto addresses and acts as a master key. You can send or spend your crypto from your wallet with a secret code called a private key.

A standard format such as BIP39 or SLIP39, which uses a predefined list of words that are easy to spell and recognize, forms the basis of the seed phrase. The words have a unique and random order and combination, and they represent a very large number that is virtually impossible to guess or crack. The seed phrase can have different representations, such as QR codes or NFC tags, but it usually appears in a human-readable form, such as “army energy fabric lucky opera stereo trash void”.

This phrase is the ultimate backup for your crypto wallet. If you have your seed phrase, you can restore your wallet and access your funds on any compatible device or platform. You can also migrate your wallet from one service or device to another, or create multiple copies of your wallet for redundancy or convenience with your seed phrase.

However, the seed phrase also comes with great responsibility. Only you know your seed phrase and can access your funds with it. If you forget lose or share your seed phrase with someone else you will lose control over your crypto assets and no one can help you recover them. That’s why backing up your seed phrase physically and storing it safely is necessary.

How to test your recovery phrase backup

After you physically backup your seed phrase, you should test it to make sure it works and you can restore your wallet with it. To test your recovery phrase backup, you can use a different device or platform than the one you used to create your wallet. For example, if you created your wallet with a hardware wallet, you can test your Mnemonic phrase with a software wallet or another hardware wallet. You should also test your backup phrase periodically, especially if you use a paper or metal backup that can degrade over time.

To test your recovery phrase backup, follow these steps:

  1. Install or launch a compatible wallet on a different device or platform than the one you used to create your wallet.
  2. Choose the option to restore or import a wallet from a seed phrase.
  3. Enter your seed phrase exactly as you wrote it down, including the order and spelling of the words.
  4. Verify that the wallet shows the same balance and addresses as your original wallet.
  5. If everything matches, your recovery phrase backup works and you can safely delete or close the test wallet.
  6. If something doesn’t match, check for errors in your recovery phrase backup and try again.

Why you need a physical backup of your seed phrase

A digital backup has several disadvantages compared to a physical backup of your seed phrase. An electronic device such as a computer, smartphone or USB drive stores a copy of your seed phrase as a digital backup. A digital backup can be convenient and easy to access, but it also comes with some risks.

Hackers, malware or phishing attacks can access your device and steal your seed phrase by compromising your digital backup. Fire, water, power surge or hardware failure can also render your device unusable by losing or damaging your digital backup. Authorities or third parties can also access your device and demand your seed phrase by confiscating or seizing your digital backup.

Being offline and disconnected from any network or device helps a physical backup avoid these risks. Hacking, destroying or confiscating a physical backup is harder than a digital backup. You have more control and ownership over your seed phrase with a physical backup than with a digital backup.

However, you need to be aware of some drawbacks that a physical backup also has. If you don’t store it in a safe and secret place, you can lose, steal or forget your physical backup. If you don’t use a durable material or protect it from environmental factors, fire, water, corrosion or wear and tear can also damage your physical backup. If you don’t write it down clearly or use a standard format, your physical backup can also be illegible or unreadable.

Following some best practices and using some tools is necessary when creating and storing your physical backup.

How to Divide Your recovery phrase backup for Enhanced Security

To protect your crypto assets, safeguard your recovery phrase backup. Secure it by splitting and storing it in different locations. This lowers the risk of losing or exposing the backup and boosts the recovery chances in emergencies. However, splitting the backup also has risks and challenges, like choosing the number, distribution and combination of parts.

You can split the backup using different methods, like paper or metal cards, QR codes, or NFC modules (e.g. EviSeed technology). You can also use cryptographic techniques like SSSS, a mathematical algorithm that divides the backup into shares that can be combined with a threshold number. For instance, you can split your backup phrase into 5 shares and require 3 shares to reconstruct it.

Using SSSS adds security and flexibility to your backup, as you do not need all the shares to recover it. You can also create share combinations for different scenarios or purposes (e.g. for yourself, your family or your lawyer). EviSeed technology also achieves this by sharing trust criteria among people in segments.

However, SSSS also has drawbacks, like more complexity and errors in your backup process. You need to use a compatible wallet that supports SSSS, such as Spectre or Unchained Capital. You should also regularly test your actions and ensure that you remember the threshold number and the location of the shares. By following these best practices, you can divide your recovery phrase backup for enhanced security and peace of mind.

How to cipher your secret phrase

To physically secure it and protect your privacy, encrypt your backup with a code or cipher. However, encryption also has risks and challenges, like choosing a secure and memorable code or cipher, following the method correctly, and avoiding errors.

You can encrypt your backup using various methods, like numbers, symbols, colors, or images. Cryptographic techniques such as BIP38 or BIP39 secret phrase encryption also work. They encrypt your private keys or seed phrase with a password. For example, BIP38 encrypts your private keys with a password and stores them on a paper wallet. Or BIP39 secret phrase encryption adds a password to your seed phrase and generates a different wallet.

Encryption adds privacy and security to your backup, as you need the encrypted seed phrase and password to access your funds. You can also create passwords for different scenarios or purposes (e.g. for yourself, your family or your lawyer). Freemindtronic’s EviSeed technology makes this possible.

However, encryption also has drawbacks, like more complexity and errors in your backup process. You also need a compatible wallet that supports encryption and regular tests of your encrypted backup, as well as the password and method. Freemindtronic’s EviSeed technology avoids these inconveniences by using NFC devices that natively feature two AES-256 encryption systems with keys over 256 bits and manage RSA-4096 keys.

How to Choose a Secure Wallet for Your Seed Phrase

Choose a secure wallet that generates and manages your starting phrase to physically safeguard it. A wallet is software or hardware that lets you create, store, and use your addresses and keys. You can choose from many types of wallets, such as online, mobile, desktop, or hardware wallets and hot wallets. Each wallet type has its pros and cons for security, convenience, and functionality.

A hardware wallet is the most secure type. It is a device that stores your keys offline and protects them from threats. It physical device also have features like PIN codes, secret phrases, recovery phrases, and some add trust criteria through segmented key systems for more security.

However, virtual and hardware wallets are not perfect and can have problems. That is why backing up your starting phrase physically and storing it safely is important. You should also pick a reputable and compatible hardware wallet that supports standard formats like BIP39 or SLIP39.Storage devices like the NFC module with Freemindtronic’s EviSeed technology also do this. They are secure for several reasons. Mainly, they are offline. They encrypt seed phrases end-to-end from the module by AES 256 contactless and post-quantum. They also allow adding trust criteria for each backup starting phrase and individual security measures. They also have a user-defined multi-factor authentication system to access the module.

In conclusion, pick a secure wallet to store your backups and protect your starting phrase.

How to Choose the Best Material for Your recovery phrase backup

You can use various materials to back up your seed phrase. Paper, metal, plastic, and wood are common. Now, hardened and waterproof NFC devices also exist. Each material has its pros and cons for cost, availability, quality, and security. Paper is cheap and easy to use, but easily damaged. Metal is strong and durable, but expensive and hard to write on. Plastic is lightweight and waterproof, but degrades over time. Wood is natural and biodegradable, but rots or burns.

However, hardened NFC devices (e.g. Freemindtronic’s IP89K NFC modules) are great. These devices resist many environmental factors and are durable. They don’t need a battery and preserve data for 40 years. The modules have EviSeed technology that controls errors through checksums when writing, reading, sharing or using. They are also affordable, available and secure (hardware and digital).

You can encrypt your backups in AES-256 by cloning or copying them between NFC modules (nearby or remotely via RSA-4096 encryption from the module) if you use NFC modules. You can also back up your seed phrases through RSA-4096 from the device in the cloud (via email USB key or other digital media) or on paper (by printing the encrypted QR Code in RSA-4096). The Freemindtronic Android NFC phone app scans the encrypted QR Code backup seed phrase easily.

An encrypted QR Code backup seed phrase is advantageous as it protects from prying eyes and brute force decryption. Your preferences budget and storage conditions determine the best material for your backup. You should also consider using multiple materials for redundancy and diversity. For example, you can use paper for a quick and easy backup, metal or NFC modules for secure and long-term backup, and plastic, wood, or NFC Tag for a backup that you can hide or disguise as an RFID door opening tag.

The best technique to backup the recovery phrase

Secret phrases, also known as recovery phrases or seed phrases, are key elements to use a physical wallet for cryptocurrencies. They consist of a set of 24 words randomly chosen, which serve as a backup for all the crypto-assets managed by the wallet. In case of loss or theft of the wallet, it is possible to restore access to the private keys by using the secret phrase.

There are different techniques to backup your secret phrase and protect it from risks related to loss, theft or deterioration. Here is an overview of the main options available:

Write down the secret phrase on a sheet of paper

This technique consists of writing the words of the secret phrase on a sheet of paper and keeping it in a safe place. You need to make sure that the phrase is correctly spelled, numbered and readable. You also need to avoid making a digital copy of the phrase, sharing it with anyone or entering it into a computer or smartphone.

Advantages and disadvantages

  • Advantages: this technique is simple, free and does not require any specific equipment. It allows you to keep full control over your secret phrase and your crypto-assets.
  • Disadvantages: this technique is vulnerable to physical hazards (fire, water, wear, etc.) and human errors (loss, theft, bad writing, etc.). It does not allow you to easily verify if the secret phrase is correct or compatible with the wallet.

Risks related to cyber security and cyber espionage

  • Risks related to cyber security: this technique does not involve exposure to networks or computer systems, so the risk of cyber security is low.
  • Risks related to cyber espionage: this technique involves physical exposure to malicious or indiscreet third parties, so the risk of cyber espionage is high.

The legal aspect and protection of sensitive data

  • Legal aspect: this technique does not pose any particular legal problem, unless the possession or use of crypto-assets is prohibited or regulated in the country concerned.
  • Protection of sensitive data: this technique does not guarantee optimal protection of sensitive data, as the secret phrase can be seen, copied or stolen by unauthorized third parties.
Another aspect that you need to consider when backing up your secret phrase is the legal aspect and protection of sensitive data. Depending on where you live and where you store your secret phrase, you may be subject to different laws and regulations regarding data privacy and security.

Data privacy refers to the right of individuals to control how their personal information is collected, used and shared by others. Data security refers to the technical measures taken to protect data from unauthorized access or disclosure.

Some examples of laws and regulations that may affect how you backup your secret phrase are:

  • GDPR (General Data Protection Regulation): A European Union law that aims to protect the personal data of EU citizens and residents by imposing strict rules on how data controllers and processors handle their data.
  • CCPA (California Consumer Privacy Act): A California state law that gives California consumers more control over their personal information by granting them rights such as access, deletion and opt-out.
  • HIPAA (Health Insurance Portability and Accountability Act): A US federal law that protects the privacy and security of health information by setting standards for how health care providers and other entities handle their data.

To comply with these laws and regulations, you need to be aware of:

  • The type of data that you backup: Is it personal data (such as name, email address or phone number) or sensitive data (such as health records, biometric data or financial information)?
  • The location where you backup your data: Is it within your country or jurisdiction, or is it in another country or region that may have different laws or standards?
  • The purpose for which you backup your data: Is it for personal use only, or is it for business or professional purposes?
  • The consent that you obtain from others: If you backup data that belongs to someone else (such as a client or a partner), do you have their permission and agreement on how you will use and protect their data?

To ensure that you respect the legal aspect and protection of sensitive data when backing up your secret phrase, you need to:

  • Choose a technique that suits your needs and preferences in terms of privacy and security.
  • Check the laws and regulations that apply to your situation and follow their requirements.
  • Inform yourself about the risks and responsibilities involved in backing up your secret phrase.
  • Respect the rights and interests of others whose data may be affected by your backup.

Use a metal device resistant to fire, water and corrosion

This technique consists of using a metal device resistant to fire, water and corrosion, such as a capsule or a plate, to engrave or insert the words of the secret phrase. This device can then be hidden or sealed in a safe place.

Advantages and disadvantages

  • Advantages: this technique offers better protection against natural elements, but it requires a higher financial investment and can attract the attention of malicious people.
  • Disadvantages: this technique requires a higher financial investment and can attract the attention of malicious people.

Risks related to cyber security and cyber espionage

  • Risks related to cyber security: this technique does not involve exposure to networks or computer systems, so the risk of cyber security is low.
  • Risks related to cyber espionage: this technique involves physical exposure to malicious or indiscreet third parties, so the risk of cyber espionage is high.

The legal aspect and protection of sensitive data

  • Legal aspect: this technique does not pose any particular legal problem, unless the possession or use of crypto-assets is prohibited or regulated in the country concerned.
  • Protection of sensitive data: this technique offers better protection of sensitive data than paper, as the metal device is more durable and less visible.
Another aspect that you need to consider when backing up your secret phrase is the legal aspect and protection of sensitive data. Depending on where you live and where you store your secret phrase, you may be subject to different laws and regulations regarding data privacy and security.

Data privacy refers to the right of individuals to control how their personal information is collected, used and shared by others. Data security refers to the technical measures taken to protect data from unauthorized access or disclosure.

Some examples of laws and regulations that may affect how you backup your secret phrase are:

  • GDPR (General Data Protection Regulation): A European Union law that aims to protect the personal data of EU citizens and residents by imposing strict rules on how data controllers and processors handle their data.
  • CCPA (California Consumer Privacy Act): A California state law that gives California consumers more control over their personal information by granting them rights such as access, deletion and opt-out.
  • HIPAA (Health Insurance Portability and Accountability Act): A US federal law that protects the privacy and security of health information by setting standards for how health care providers and other entities handle their data.

To comply with these laws and regulations, you need to be aware of:

  • The type of data that you backup: Is it personal data (such as name, email address or phone number) or sensitive data (such as health records, biometric data or financial information)?
  • The location where you backup your data: Is it within your country or jurisdiction, or is it in another country or region that may have different laws or standards?
  • The purpose for which you backup your data: Is it for personal use only, or is it for business or professional purposes?
  • The consent that you obtain from others: If you backup data that belongs to someone else (such as a client or a partner), do you have their permission and agreement on how you will use and protect their data?

To ensure that you respect the legal aspect and protection of sensitive data when backing up your secret phrase, you need to:

  • Choose a technique that suits your needs and preferences in terms of privacy and security.
  • Check the laws and regulations that apply to your situation and follow their requirements.
  • Inform yourself about the risks and responsibilities involved in backing up your secret phrase.
  • Respect the rights and interests of others whose data may be affected by your backup.

Use an online service to backup your seed phrase

One of the techniques to backup your seed phrase is to use an online service that connects it to your verified identity. This way, you can recover your keys with your ID and a selfie, and still keep control of your money. In this article, we will explore the advantages and disadvantages of this technique, as well as the risks and legal aspects involved.

Advantages and disadvantages of online seed phrase backup

  • Advantages: online seed phrase backup is easy and convenient. You don’t need to worry about storing or protecting a physical device or a paper backup. You can access your backup from anywhere with an internet connection and a compatible device. You can also benefit from the encryption and security features of the online service provider.
  • Disadvantages: online seed phrase backup exposes your secret phrase to risks of hacking, censorship or confiscation by third parties who can access the servers or the identification process. You need to trust that the online service provider and its servers are reliable, honest and secure. You also need to trust that your identity information is safe and not misused. You may face legal or regulatory issues depending on where you live and where the servers are located. You may also have to pay fees or subscriptions for using the online service.

Risks related to cyber security and cyber spying in online seed phrase backup

  • Risks related to cyber security: online seed phrase backup makes you use networks and computers, so the risk of cyber attacks is high. You need to trust that the online service and its servers protect your secret phrase and data well. You may face hackers, malware, ransomware, denial-of-service attacks or other threats that could compromise your backup or access to it. You may also face human errors, technical glitches or natural disasters that could damage or destroy the servers or your device.
  • Risks related to cyber spying: online seed phrase backup makes you use networks and computers, so the risk of cyber spying is high. You need to trust that the online service and its servers keep your secret phrase and data private. You may face spies, snoops, trackers, advertisers or other parties that could monitor, collect, analyze or share your backup or activity data. You may also face government agencies, law enforcement or courts that could request, subpoena or seize your backup or data for legal or national security reasons.
  • Risks related to phishing: online seed phrase backup makes you face fake messages and tricks that may make you give up your secret phrase or other information. Phishing is when someone pretends to be someone else, such as the online service or your wallet, to trick you into giving them your data or money. For example, you may receive an email that looks like it comes from the online service provider, asking you to verify your account or update your payment details by clicking on a link that leads to a fake website.
  • Risks related to bitb: online seed phrase backup makes you face bad browser add-ons that may change or see your web activity and take your secret phrase or other data. Bitb is when someone adds malicious code to a browser extension that can spy on or modify what you do online. For example, you may install an extension that claims to enhance your browsing experience, but actually records your keystrokes, screenshots your screen or redirects you to malicious websites.
  • Risks related to typosquatting: online seed phrase backup makes you face bad websites that look like the online service or your wallet, but have different spellings. Typosquatting is when someone registers a domain name that is similar to a legitimate one, but with a typo, to trick you into visiting their fake website. For example, you may type in www.onlineservice.com but end up on www.onlineservlce.com (with an L instead of an I), which looks identical but steals your login credentials or infects your device with malware.

The legal aspect and protection of sensitive data in online seed phrase backup

Online seed phrase backup may cause legal problems depending on the rules of the online service and its servers. You also need to think about the data privacy and security laws that affect you and follow them. Data privacy means the right of people to choose how their information is collected, used and shared by others. Data security means the ways to protect data from being seen or used by others who should not.

Some examples of laws and rules that may change how you backup your secret phrase are:

  • GDPR (General Data Protection Regulation): A European Union law that protects the information of EU people by making strict rules on how data controllers and processors handle their data.
  • CCPA (California Consumer Privacy Act): A California state law that gives California people more power over their information by giving them rights such as access, deletion and opt-out.
  • HIPAA (Health Insurance Portability and Accountability Act): A US federal law that protects the privacy and security of health information by making standards for how health care providers and other groups handle their data.

To follow these laws and rules, you need to know:

  • The kind of data that you backup: Is it personal data (such as name, email or phone) or sensitive data (such as health records, biometric data or money information)?
  • The place where you backup your data: Is it in your country or area, or is it in another country or area that may have different laws or standards?
  • The reason why you backup your data: Is it for yourself only, or is it for work or business purposes?
  • The permission that you get from others: If you backup data that belongs to someone else (such as a client or a partner), do you have their OK and agreement on how you will use and protect their data?

To make sure that you respect the legal aspect and protection of sensitive data when backing up your secret phrase, you need to:

  • Pick an online service that fits your needs and likes in terms of privacy and security.
  • Learn about the risks and duties involved in backing up your secret phrase.
  • Respect the rights and interests of others whose data may be affected by your backup.

Use a hybrid solution of cold wallet and online service

Another technique to backup your seed phrase is to use a hybrid solution of a cold wallet and an online service. A cold wallet is a device that stores your keys offline, such as a hardware wallet or a smart card. An online service is a platform that links your cold wallet to your verified identity and provides additional features, such as recovery, insurance or monitoring. This way, you can combine the security of a cold wallet with the convenience of an online service.

Advantages and disadvantages of hybrid seed phrase backup

  • Advantages: hybrid seed phrase backup is secure and flexible. You can store your keys on a cold wallet that is resistant to hacking, malware or network attacks. You can also access your backup from an online service that offers recovery options, identity verification or other benefits. You can choose the level of security and convenience that suits your needs and preferences.
  • Disadvantages: hybrid seed phrase backup is complex and costly. You need to buy and maintain a cold wallet device that is compatible with the online service. You also need to trust that the online service provider and its servers are reliable, honest and secure. You may face legal or regulatory issues depending on where you live and where the servers are located. You may also have to pay fees or subscriptions for using the online service or the cold wallet device. Some online services may also require you to renew your subscription annually or risk losing access to your backup. Some online services may also have access to your backup or keys, which could make them vulnerable to identity theft, fraud or coercion. Some online services may also split your backup into multiple servers or devices, which could increase the security but also the complexity of your backup.

Shamir’s Secret Sharing (SSS) method

Some online services use a technique called Shamir’s Secret Sharing (SSS) to split your seed phrase into multiple parts, called shares, that can be recombined to recover the original seed phrase. This technique allows you to distribute your backup across different locations, devices or people, and to set a threshold number of shares that are needed to restore your backup.

For example, you can split your seed phrase into 5 shares and store them on 5 different servers or devices. You can then set the threshold to 3, meaning that you need at least 3 out of 5 shares to recover your seed phrase. This way, you can protect your backup from being lost or stolen by one or two parties, but still be able to access it if you have 3 or more shares.

Some cold wallets use this technique to backup seed phrases in a secure way. They encrypt the parts of the seed phrase in a secure element in the device and send them to partners through a secure channel. When restoring, the parts are sent back by the partners and the seed phrase can be generated in the new device.

Advantages and disadvantages of SSS method
  • Advantages: SSS method is secure and resilient. You can increase the security of your backup by splitting it into multiple parts that are stored separately. You can also increase the resilience of your backup by setting a lower threshold that allows you to recover it even if some parts are lost or damaged.
  • Disadvantages: SSS method is complex and risky. You need to manage multiple parts of your backup and keep track of where they are stored and how they can be accessed. You also need to trust that the parties who hold the parts of your backup are reliable, honest and secure. You may face legal or regulatory issues depending on where the parts of your backup are located. You may also face technical or human errors that could compromise the integrity or availability of your backup.
Risks related to SSS method
  • Risks related to cyber security: SSS method makes you use networks and computers, so the risk of cyber attacks is moderate. You need to trust that the parties who hold the parts of your backup protect them well. You may face hackers, malware, ransomware, denial-of-service attacks or other threats that could compromise one or more parts of your backup or access to them. You may also face human errors, technical glitches or natural disasters that could damage or destroy one or more parts of your backup.
  • Risks related to cyber spying: SSS method makes you use networks and computers, so the risk of cyber spying is moderate. You need to trust that the parties who hold the parts of your backup keep them private. You may face spies, snoops, trackers, advertisers or other parties that could monitor, collect, analyze or share one or more parts of your backup or activity data. You may also face government agencies, law enforcement or courts that could request, subpoena or seize one or more parts of your backup for legal or national security reasons.
  • Risks related to collusion: SSS method makes you rely on multiple parties who hold the parts of your backup, so the risk of collusion is moderate. You need to trust that the parties who hold the parts of your backup do not cooperate with each other or with other parties to steal or misuse your backup. For example, if you split your seed phrase into 5 shares and set the threshold to 3, you need to trust that no 3 parties will collude to recover your seed phrase without your consent or knowledge.
  • Risks related to fragmentation: SSS method makes you split your seed phrase into multiple parts, so the risk of fragmentation is moderate. You need to ensure that the parts of your backup are compatible and consistent with each other and with the original seed phrase. You may face errors in splitting or recombining the parts of your backup that could result in an invalid or corrupted seed phrase. You may also face changes in formats or standards that could make some parts of your backup obsolete or incompatible.

The legal aspect and protection of sensitive data in hybrid seed phrase backup

Hybrid seed phrase backup may cause legal problems depending on the rules of the online service and its servers. You also need to think about the data privacy and security laws that affect you and follow them. Data privacy means the right of people to choose how their information is collected, used and shared by others. Data security means the ways to protect data from being seen or used by others who should not.

Some examples of laws and rules that may change how you backup your secret phrase are:

  • GDPR (General Data Protection Regulation): A European Union law that protects the information of EU people by making strict rules on how data controllers and processors handle their data.
  • CCPA (California Consumer Privacy Act): A California state law that gives California people more power over their information by giving them rights such as access, deletion and opt-out.
  • HIPAA (Health Insurance Portability and Accountability Act): A US federal law that protects the privacy and security of health information by making standards for how health care providers and other groups handle their data.

To follow these laws and rules, you need to know:

  • The kind of data that you backup: Is it personal data (such as name, email or phone) or sensitive data (such as health records, biometric data or money information)?
  • The place where you backup your data: Is it in your country or area, or is it in another country or area that may have different laws or standards?
  • The reason why you backup your data: Is it for yourself only, or is it for work or business purposes?
  • The permission that you get from others: If you backup data that belongs to someone else (such as a client or a partner), do you have their OK and agreement on how you will use and protect their data?

To make sure that you respect the legal aspect and protection of sensitive data when backing up your secret phrase, you need to:

  • Pick an online service that fits your needs and likes in terms of privacy and security.
  • Learn about the risks and duties involved in backing up your secret phrase.
  • Respect the rights and interests of others whose data may be affected by your backup.

Use a contactless technology

This technique consists of using a contactless technology that allows you to store your secret phrase in an electronic device, such as a card or a keychain, that works with NFC (Near Field Communication) technology. This device can be used with a compatible smartphone to backup and share your private keys, passwords or secret phrases.

Advantages and disadvantages

  • Advantages: this technique offers ease of transport and resistance to shocks. It also allows you to verify and restore your secret phrase at any time with your smartphone.
  • Disadvantages: this technique requires a compatible smartphone and a dedicated app. It also exposes you to the risks of loss or theft of your device. This can be dangerous if the NFC Cold Wallet does not have a digital backup system encrypted that can allow restoration in another device and/or a cloning or copying system between NFC devices, such as the EviSeed technology.

Risks related to cybersecurity and cyberespionage

  • Risks related to cybersecurity: this technique is not connected to networks, computer systems or servers in principle and has no database with the same properties as an HSM, so the cybersecurity risk is almost nil. You must ensure that your device and your smartphone are protected by PIN codes or passwords or a multi-authentication system, and that you use a reliable and secure app of origin.
  • Risks related to cyberespionage: in principle, a cold wallet is not connected and cannot be exposed to espionage on networks and computer systems. However, the attack by listening to the NFC signal is possible if the device is not equipped with a security and encryption system. The risk of remote espionage is therefore almost nil. As for proximity cyberespionage, whether invasive or non-invasive, the risk is nil to moderate depending on the type of security and access control implemented. You should avoid sharing your secret phrase with unauthorized third parties or using it in public or insecure places. Some technologies such as EviSeed have an encrypted sharing system with trust criteria defined by the sender that the recipient cannot modify and must also have an NFC device to access the secret phrase.

The legal aspect and the protection of sensitive data

  • Legal aspect: this technique does not pose any particular legal problem, unless the possession or use of crypto assets is prohibited or regulated in the country concerned.
  • Protection of sensitive data: this technique depends on the encryption and security measures implemented by the electronic device and its NFC technology. You should inquire about the technical characteristics and guarantees offered by the manufacturer or supplier of the device.
Another aspect that you need to consider when backing up your secret phrase is the legal aspect and protection of sensitive data. Depending on where you live and where you store your secret phrase, you may be subject to different laws and regulations regarding data privacy and security.

Data privacy refers to the right of individuals to control how their personal information is collected, used and shared by others. Data security refers to the technical measures taken to protect data from unauthorized access or disclosure.

Some examples of laws and regulations that may affect how you backup your secret phrase are:

  • GDPR (General Data Protection Regulation): A European Union law that aims to protect the personal data of EU citizens and residents by imposing strict rules on how data controllers and processors handle their data.
  • CCPA (California Consumer Privacy Act): A California state law that gives California consumers more control over their personal information by granting them rights such as access, deletion and opt-out.
  • HIPAA (Health Insurance Portability and Accountability Act): A US federal law that protects the privacy and security of health information by setting standards for how health care providers and other entities handle their data.

To comply with these laws and regulations, you need to be aware of:

  • The type of data that you backup: Is it personal data (such as name, email address or phone number) or sensitive data (such as health records, biometric data or financial information)?
  • The location where you backup your data: Is it within your country or jurisdiction, or is it in another country or region that may have different laws or standards?
  • The purpose for which you backup your data: Is it for personal use only, or is it for business or professional purposes?
  • The consent that you obtain from others: If you backup data that belongs to someone else (such as a client or a partner), do you have their permission and agreement on how you will use and protect their data?

To ensure that you respect the legal aspect and protection of sensitive data when backing up your secret phrase, you need to:

  • Choose a technique that suits your needs and preferences in terms of privacy and security.
  • Check the laws and regulations that apply to your situation and follow their requirements.
  • Inform yourself about the risks and responsibilities involved in backing up your secret phrase.
  • Respect the rights and interests of others whose data may be affected by your backup.

Use a mnemonic method

This technique consists of using a mnemonic method that consists of associating each word of the secret phrase with a mental image or a story. This method allows you to memorize your secret phrase more easily without having to write it down or store it. It requires however a good memory and regular repetition to not forget your secret phrase.

Advantages and disadvantages

  • Advantages: this technique offers discretion and total independence, but it exposes the secret phrase to risks of amnesia, confusion or interference.
  • Disadvantages: this technique exposes the secret phrase to risks of amnesia, confusion or interference.

Risks related to cyber security and cyber espionage

  • Risks related to cyber security: this technique does not involve exposure to networks or computer systems, so the risk of cyber security is low.
  • Risks related to cyber espionage: this technique does not involve exposure to networks or computer systems, so the risk of cyber espionage is low.

The legal aspect and protection of sensitive data

  • Legal aspect: this technique does not pose any particular legal problem, unless the possession or use of crypto-assets is prohibited or regulated in the country concerned.
  • Protection of sensitive data: this technique offers optimal protection of sensitive data as long as you do not reveal your mnemonic method or your secret phrase.
Another aspect that you need to consider when backing up your secret phrase is the legal aspect and protection of sensitive data. Depending on where you live and where you store your secret phrase, you may be subject to different laws and regulations regarding data privacy and security.

Data privacy refers to the right of individuals to control how their personal information is collected, used and shared by others. Data security refers to the technical measures taken to protect data from unauthorized access or disclosure.

Some examples of laws and regulations that may affect how you backup your secret phrase are:

  • GDPR (General Data Protection Regulation): A European Union law that aims to protect the personal data of EU citizens and residents by imposing strict rules on how data controllers and processors handle their data.
  • CCPA (California Consumer Privacy Act): A California state law that gives California consumers more control over their personal information by granting them rights such as access, deletion and opt-out.
  • HIPAA (Health Insurance Portability and Accountability Act): A US federal law that protects the privacy and security of health information by setting standards for how health care providers and other entities handle their data.

To comply with these laws and regulations, you need to be aware of:

  • The type of data that you backup: Is it personal data (such as name, email address or phone number) or sensitive data (such as health records, biometric data or financial information)?
  • The location where you backup your data: Is it within your country or jurisdiction, or is it in another country or region that may have different laws or standards?
  • The purpose for which you backup your data: Is it for personal use only, or is it for business or professional purposes?
  • The consent that you obtain from others: If you backup data that belongs to someone else (such as a client or a partner), do you have their permission and agreement on how you will use and protect their data?

To ensure that you respect the legal aspect and protection of sensitive data when backing up your secret phrase, you need to:

  • Choose a technique that suits your needs and preferences in terms of privacy and security.
  • Check the laws and regulations that apply to your situation and follow their requirements.
  • Inform yourself about the risks and responsibilities involved in backing up your secret phrase.
  • Respect the rights and interests of others whose data may be affected by your backup.

How to update your backup phrase

Sometimes, you may need to update your Backup phrase if you change your wallet settings or switch to a different custody model. For example, if you add a passphrase to your singlesig wallet, you need to update your backup phrase with the new passphrase. Or if you migrate from singlesig to multisig, you need to create new recovery phrase backups for each of the multisig keys.

To update your recovery phrase backup, follow these steps:

  1. Make sure you have access to your current recovery phrase backup and any other information that may affect your wallet, such as a passphrase or a derivation path.
  2. Create a new physical backup of your updated seed phrase using the same methods and materials as before.
  3. Test your new recovery phrase backupusing a different device or platform than the one you used to create or update your wallet.
  4. If everything matches, your new recovery phrase backup works and you can safely destroy or erase your old recovery phrase backup.
  5. If something doesn’t match, check for errors in your new recovery phrase backup and try again.

Why and How to Share Your Recovery Phrase Backup with Trusted Parties.

In some cases, If you choose to share your backup seed phrase with trusted individuals, such as family, friends, or lawyers, to ensure your cryptographic assets remain accessible in emergencies, accidents, or death. However, sharing your backup seed phrase has risks and challenges, such as choosing trustworthy individuals, secure communication, and preventing conflicts or disputes.

If you want to share your approved seed phrase with others, follow these steps:

  1. Choose trusted individuals who have knowledge about cryptography to access your backup seed phrase. Explain to them the risks and responsibilities associated with accessing it, as well as what a seed phrase is and how it works.
  2. Select a secure communication method that protects your privacy and prevents unauthorized access or interception. You can use encrypted messaging apps, password-protected files, or face-to-face meetings. For an added layer of security, you can use Freemindtronic’s EviSeed technology. EviSeed allows you to share your encrypted seed phrases offline via the Near Field Communication (NFC) encrypted communication protocol between end-to-end encrypted NFC devices. You can also share your seed phrases via an RSA-4096 encrypted QR code, which can be generated from an NFC device and shared through any means of communication, including air gap (webcam, proximity, email, SMS, chat, face-to-face).
  3. Share your backup seed phrase with your chosen individuals using the secure communication method you have selected. Make sure to include any relevant information for accessing or managing your cryptographic assets, such as a secret phrase, derivation path, or instructions on how to use a specific wallet. You can use EviSeed’s patented technology to achieve higher security, such as segmented key authentication by adding trust criteria. For example, you can share one or more trust criteria to control the conditions of access to your AES-256 post-quantum encrypted seed phrases. You can share a password associated with a unique geographic zone, which must be used in a specific location to decrypt your seed phrase. Give this password to a trusted third party who does not know the geographic zone or who can only access it under extremely complicated conditions, such as at a notary, sealed by a bailiff, or in a bank vault.
  4. Once you have shared your backup seed phrase with your chosen individuals, ask them to confirm that they have received and understood it, as well as any other relevant information.
  5. Keep their contact information in a safe place in case you need to contact them in the future.
  6. With EviSeed technology, you have other options for sharing backup seed phrases. You can clone your NFC device with all of your trust criteria onto another Freemindtronic NFC device. Then, you can entrust it to a trusted third party or keep it in an easily remembered location. Choose an extremely rugged and waterproof IP89KNFC device to limit the risk of damage. Your recovery phrase backups are also protected against the risk of theft or loss since the device is physically locked with multi-factor physical and digital authentication. Additionally, if you have added trust criteria, even if the access controls are compromised, your recovery phrase backups will remain secure until all the trust criteria you have defined are validated. You can also share your individually encrypted and protected seed phrases by trust criteria, which you can also share in a segmented manner among various individuals, as explained above.
  7. Lastly, make sure to periodically review and update your list of trusted individuals, as well as your communication and security methods, to ensure the ongoing protection and accessibility of your cryptographic assets.

Header EviSeed has an asymmetric RSA 4096 key generator to share private keys cryptocurrency and public address passphrases mnemonic code bip39 by QR Encrypted code displayed on smartphone nfc android 1920px

Best practices for creating and storing your physical backup

Here are some best practices that you should follow when creating and storing your physical backup:

  • Write down or engrave your seed phrase on a durable material such as paper, metal or plastic. Avoid using materials that can fade, rust, melt or degrade over time.
  • Use a pen or a tool that produces clear and permanent marks on the material. Avoid using pencils, markers or stickers that can smudge, erase or peel off.
  • Use a standard format for writing down your seed phrase such as BIP39 or SLIP39. These formats use a predefined list of words that are easy to spell and recognize. Avoid using abbreviations, acronyms or symbols that can cause confusion or errors.
  • Make multiple copies of your physical backup and store them in different locations. This way, you can reduce the risk of losing all your backups in case of theft, loss or damage. You can also use different materials for each copy to increase the durability and diversity of your backups.
  • Store your physical backups in a safe and secret place that only you know and can access. You can use a safe, a lockbox, a hidden compartment or any other secure container that can protect your backups from unauthorized access or environmental factors.
  • Do not share your seed phrase with anyone or store it online. Your seed phrase is the key to your crypto wallet and funds. If you share it with anyone or store it online, you are exposing yourself to the risk of losing your funds to hackers, scammers or third parties.

Tools for creating and storing your physical backups

Some tools help you create and store your physical backups easily and securely. These tools let you write or engrave your seed phrase on durable materials and protect them from damage or tampering. Here are some examples:

  • CryptoSteel: This device engraves your seed phrase on stainless steel tiles that resist fire water and corrosion. The tiles assemble in a metal casing with a lock and a seal. CryptoSteel is compatible with BIP39 and SLIP39 formats and stores up to 24 words.
  • Billfodl: This device also engraves your seed phrase on stainless steel tiles that resist fire water and corrosion. The tiles arrange in a metal frame with a sliding cover and a seal. Billfodl is compatible with BIP39 format and stores up to 24 words.
  • Cobo Tablet: This device also engraves your seed phrase on stainless steel tiles that resist fire water and corrosion. The tiles insert in a metal plate with holes for each word position. Cobo Tablet is compatible with BIP39 format and stores up to 24 words.
  • Paper Wallet: This is the simplest way to create a physical backup. You just write your seed phrase on paper with a pen. You can also print your seed phrase if you prefer. However, paper wallets are not durable and can be damaged by fire water or wear and tear.
  • NFC Seed Backup: This device encrypts and saves your seed phrase on an NFC coin that resists fire water and corrosion. An app on your smartphone scans the NFC coin and views your seed phrase without leaving anything visible. NFC Seed Backup is compatible with BIP39 format and stores up to 24 words.
  • EviSeed: EviSeed is a technology developed by Freemindtronic that allows you to save and share sensitive data such as private keys recovery phrases or passwords It is integrated into physical device such as electronic cards which work with NFC (Near Field Communication) technology The EviSeed technology offers several advantages:
    • the EviSeed technology that uses two patented systems of multifactor authentication and advanced access control
    • It encrypts data with AES256 algorithm which ensures high level of security
    • It stores data in Eprom memory which ensures long term durability without battery
    • It allows data sharing via QR code NFC tag NFC reader/writer Bluetooth Wi-Fi SMS email etc
    • It supports multiple languages formats standards protocols etc
    • It protects data with patented physical blockchain technology which allows user-defined access control authentication encryption decryption etc EviSeed is compatible with BIP39 SLIP39 IOTA formats and can store up to 100 recovery phrases
    • It protects data with two international patents on access control and segmented key authentication
    • Keepser: Keepser is another product based on EviSeed technology created by Keepser Group It allows you to store up to 100 recovery phrases on an electronic card embedded in military grade resin It offers the same features as EviSeed plus some additional benefits:

In this article, we have explained what a recovery phrase is and how to secure it. A recovery phrase is a list of 12 or 24 words that can restore your crypto wallet and your private keys on any device. It is the ultimate key to access your crypto assets, so you need to keep it safe and secret.

We have given some tips on how to physically backup your recovery phrase and store it in a safe and secret place. Some of the methods are:

  • Writing it down on paper and keeping it in a fireproof and waterproof container.
  • Engraving it on durable metals like stainless steel or titanium and hiding it in a secure location.
  • Encrypting it with a strong password and storing it on an offline device or a cloud service that you trust.
  • Using a hardware wallet that is legitimate and trustworthy and keeping it away from physical damage or malware.
  • Using a decentralized digital vault that offers a high level of security and privacy and does not require you to trust a third party.

We have also introduced EviSeed, a technology by Freemindtronic that allows you to store and share your recovery phrase securely and contactlessly. EviSeed uses NFC technology to store your recovery phrase in a hardware device that can last for at least 40 years without battery or maintenance. EviSeed also uses its own patented segmented key technology to add criteria to the encryption keys of your recovery phrases. This means that all the segments must be reunited and validated to access your seed phrases. You do not need to take the risk of relying on presumed trustworthy guardians offline and/or online. You have total control of the segmentation from end to end from your NFC HSM device by Freemindtronic. EviSeed is compatible with all BIP39 recovery phrases. It offers several solutions for storing encrypted recovery phrases, including externalizing them from the NFC device. This allows you to recover your recovery phrase in case of loss or theft.

We hope that this article has helped you understand the importance of securing your recovery phrase and the different options available to do so. Remember, your recovery phrase is the key to your crypto wealth, so treat it with care and respect. Among the various solutions, we believe that EviSeed is the most innovative and reliable one. It combines the advantages of physical and digital backups, while adding an extra layer of security and convenience. With EviSeed, you can access your crypto funds with ease and confidence, without fear of losing or compromising your recovery phrase.

Pour en savoir plus sur les phrases de départ et leur fonctionnement, consultez cet article

BITB Attacks: How to Avoid Phishing by iFrame

BITB attacks Browser-In-The-Browser remove delete destroy by IRDR Ifram Redirect Detection Removal since EviCypher freeware web extension open-source from Freemindtronic in Andorra
BITB attacks by Jacques Gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.

Beware of BitB phishing attacks by iframe!

Phishing by iframe is a malicious technique that inserts a fake web page into a legitimate one, to trick users and steal their personal or financial information. This method often targets cryptocurrency holders, especially BitB users. Learn how to spot and avoid BitB phishing attacks by iframe with Freemindtronic.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

BITB Attacks: How to Avoid Phishing by iFrame

We have all seen phishing attacks aren’t uncommon, and they demand urgent attention with fake emails and messages at least once.. However, there’s much more in the cybersecurity landscape than just conventional email practices when it comes to phishing. Enterprises that don’t take the necessary precautions can suffer a death blow from a phishing attack. The top line is affected, but the brand’s image and trust can be obliterated if news of a data breach reaches the public.

The latest form of phishing scam is the browser in the browser attack (BITB) that simulates a browser window within a web browser and steals sensitive user information. A fraudulent pop-up window caters to the user and asks for their credentials to sign into the website in the previous web browser window, leading to identity theft.

This article explains what BITB attacks are and how they work, what the risks and consequences of BITB attacks are, how to prevent and protect yourself from BITB attacks using EviBITB technology, and how to install EviBITB on your web browser.

What are BITB attacks and how do they work?

BITB stands for Browser-In-The-Browser. This phishing technique creates a fake browser window within your web browser using HTML and CSS code. An iFrame of redirection, which is an invisible element that loads content from another URL, is displayed by this fake window. The iFrame of redirection mimics the appearance and functionality of a legitimate site, such as Google, Facebook, or Outlook, and asks you to enter your authentication information.

This fake window shows a legitimate URL in the address bar, as well as the icon and the title of the original site. That is the problem. Most users rely on checking the URL to verify the authenticity of a site. This makes it very difficult to detect the phishing attempt. This attack can affect you even if you use a secure connection (https).

BITB attacks can bypass many security measures that are designed to prevent phishing. That is why they are very dangerous. For example:

  • BITB attacks do not involve malicious links or domains. Anti-phishing software may fail to detect them because of that.
  • BITB attacks do not intercept your verification codes or tokens. Two-factor authentication may not protect you from them because of that.
  • Password managers may autofill your credentials on the fake window. They may not protect you from BITB attacks because of that.

Therefore, BITB attacks can allow hackers to access your accounts, steal your data, or even take over your identity. They pose a serious threat to your online security and privacy because of that.

How do BITB attacks work?

Two features of modern web development enable BITB attacks: single sign-on (SSO) options and iFrames.

Many websites embed SSO options that allow you to sign in using an existing account from another service, such as Google, Facebook, Apple, or Microsoft. This option is convenient because you do not need to create a new account or remember a new password for each website you visit.

iFrames are elements that can load content from another URL within a web page. They are often used for embedding videos, maps, ads, or widgets on websites.

The attackers do the following steps:

  • They make a phishing website with SSO options.
  • On their phishing website, they embed an iFrame of redirection that leads to their own server with a fake SSO window.
  • Using HTML and CSS code, they design their fake SSO window to imitate a browser window inside the browser.
  • They make their fake SSO window appear when you click on an SSO option on their phishing website.
  • With JavaScript code, they show a legitimate URL in the address bar of their fake SSO window.
  • Using OAuth methods, they request you to enter your credentials on their fake SSO window.
  • To their server, they send your credentials and then redirect you to the real website.

As you can see, BITB attacks are very deceptive and convincing. They can fool even savvy users who check the URL before entering their credentials.

What are the risks and consequences of BITB attacks?

BITB attacks are a serious threat. They can compromise data and identity for users and businesses. Users who fall victim to BITB attacks face these risks and consequences:

  • Their SSO account can be hijacked and all linked services accessed by the attacker.
  • Their personal and financial information can be stolen and used for identity theft, fraud or blackmail.
  • Their devices can be infected by malware or ransomware and their files damaged or encrypted.
  • Their online reputation can be tarnished by spamming or posting malicious content.

Businesses that offer SSO options are also vulnerable to BITB attacks. They can lose trust and loyalty from their customers or employees. Businesses that suffer a data breach due to BITB attacks face these risks and consequences:

  • Their customer or employee data can be exposed, exploited or sold by the attacker or the dark web.
  • Their brand image and reputation can be damaged by negative publicity and customer complaints.
  • Their legal and regulatory compliance can be violated by data protection laws and regulations.
  • Their revenue and profitability can be reduced by customer churn, lawsuits and fines.

Recent Examples of BITB Attacks

BITB attacks are not new, but they have become more sophisticated and widespread in recent years. Here are some examples of BITB attacks that targeted governmental entities:

  • In February 2020, Zscaler revealed a campaign of phishing BitB targeting users of Steam, a video game digital distribution service. The hackers created fake Counter-Strike: Global Offensive (CS: GO) websites that offered free skins or weapons for the game. These websites displayed a fake pop-up window that asked users to sign in with Steam. If users entered their credentials, they were sent to the hackers who could then access their Steam accounts and steal their items.
  • In March 2020, Bitdefender reported a campaign of phishing BitB targeting users of Office 365, a cloud-based suite of productivity applications. The hackers sent emails that pretended to be from Microsoft and asked users to update their Office 365 settings. These emails contained a link that led users to a fake Office 365 website that displayed a fake pop-up window that asked users to sign in with Office 365. If users entered their credentials, they were sent to the hackers who could then access their Office 365 accounts and steal their data.
  • In September 2020, Proofpoint uncovered a campaign of phishing BitB targeting users of Okta, a cloud-based identity and access management service. The hackers sent emails that pretended to be from various organizations and asked users to verify their Okta account. These emails contained a link that led users to a fake Okta website that displayed a fake pop-up window that asked users to sign in with Okta. If users entered their credentials, they were sent to the hackers who could then access their Okta account and compromise their other connected applications.

These examples show that BITB attacks can target any SSO provider and any website or web application that uses SSO. They also show that hackers can use various methods to lure users into clicking on malicious links or entering their credentials on fake windows.

What are some statistics on BITB attacks?

BITB attacks use iFrames to deceive users with fake SSO windows. Here are some statistics on BITB attacks:

  • According to Statista, the number of unique phishing sites detected worldwide reached 2.11 million in the third quarter of 2020, an increase of 10% from the previous quarter.
  • According to The Hacker News, BITB attacks can exploit third-party SSO options embedded on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft) to create fake browser windows within the browser and spoof legitimate domains.
  • According to Zscaler, BITB attacks have been used in the wild at least once before, in February 2020, to target Steam users by means of fake Counter-Strike: Global Offensive (CS: GO) websites.
  • According to NetSPI, the volume of successful phishing attacks on organizations worldwide in 2021 was highest in Brazil (25%), followed by India (17%), and Mexico (14%).
  • According to DZone, the most targeted industry sectors by phishing attacks as of the third quarter of 2020 were SaaS/Webmail (33%), Financial Institutions (22%), and Payment Services (14%).

How to effectively fight against BITB attacks?

BITB attacks are very hard to detect, but not impossible. There are some signs that can help you spot them and some measures that can help you prevent them. Here are some tips:

  • Always check the URL of the site before entering your credentials. Make sure it matches the domain of the site or the SSO provider that you want to use. Do not rely on the URL displayed on the pop-up window, as it can be fake.
  • Always check the SSL certificate of the site before entering your credentials. Make sure it is valid and issued by a trusted authority. Do not rely on the padlock icon displayed on the pop-up window, as it can be fake.
  • Always use an updated antivirus software and browser extension that can detect and block malicious sites and scripts. They can help you avoid landing on phishing pages or loading fake windows.
  • Always use strong and unique passwords for each site or application that you use. Do not reuse the same password for different accounts, as it can increase the risk of compromise if one of them is breached.
  • Always use two-factor authentication (2FA) for your accounts, especially those that you use for SSO. 2FA adds an extra layer of security by requiring a second factor (such as a code sent to your phone or email) to verify your identity. Having your username and password is less useful for hackers if they need your device or access to your email account too.

How to prevent and protect yourself from BITB attacks using EviBITB technology?

The best way to prevent and protect yourself from BITB attacks is to use EviBITB technology, a technology that allows you to detect and remove redirection iframes from web pages. EviBITB is integrated for free in the free and paid extensions of Freemindtronic that are compatible with NFC HSM devices that use a smartphone or an NFC HSM device. The latter stores encrypted multiple authentication information (username, password, otp) for secure authentication for any website on the internet or intranet.

EviBITB technology also has a system of automatic backup of the URL of connection to the account using a web browser to connect to an online account on the internet or intranet. This extension is paired with the NFC android phone which is itself paired with an NFC HSM where encrypted detailed authentication information such as username, password, and secret keys OTP (TOP or HOTP) are stored. Thus, before authorizing auto-filling of connection fields or auto-connection to an online account, the phone will check beforehand if the connection URL is compliant (sandbox technique). This system adds to EviBITB protection.(click here to learn more about EviBITB)

By using EviBITB technology, you can enjoy many benefits:

  • You can avoid falling victim to BITB attacks that can steal your data or compromise your identity.
  • You can reduce the risk of keylogging or malware infections that can capture your keystrokes or spy on your online activity.
  • You can save time and hassle by using your smartphone or NFC HSM card as an authentication key instead of creating or remembering passwords for each website you visit.
  • You can enjoy a seamless and user-friendly experience by accessing websites with just a tap of your smartphone or NFC HSM card on your computer screen.
  • You can protect your privacy by controlling what data you share with each website you visit, such as your name, email, or profile picture.

By using EviBITB technology, you can be sure that the web page you see is the one you want to see, and that you do not give away your data to hackers.

How can EviBITB protect you from BITB attacks?

EviBITB is a technology that enhances your online security. It is implemented in the freemindtronic extensions that allow secure end-to-end autofill and auto-login from an NFC HSM. It also detects and removes phishing iFrames from your web browser.

EviBITB works with an application installed on an NFC Android phone that is paired with an NFC HSM. The application has a sandbox that checks if the origin URLs saved automatically during the first login are compliant. If they are, it transfers encrypted authentication information to the extension.

EviBITB also analyzes the web page source code and detects any possible BITB iFrames. It looks for hidden elements, suspicious URLs, or mismatched styles that indicate a fake browser window.

When EviBITB detects a BITB iFrame, it alerts you by showing a warning window on your computer screen. This window shows you the redirection iFrame URL and asks you to check if you trust this URL before entering any sensitive information.

How EviBITB technology can improve your browsing experience?

EviBITB technology is a security, performance and privacy enhancer. It removes redirection iframes and improves your browsing experience in several ways:

  • It speeds up web page loading, by avoiding requests to third-party sites.
  • It reduces bandwidth consumption, by saving data transferred to or from iframes.
  • It limits exposure to ads and pop-ups, by blocking their sources in iframes.
  • It prevents online activity tracking, by deleting cookies and data stored by iframes.
  • It enhances readability and usability of web pages, by removing distracting elements from iframes.
  • It increases compatibility and accessibility of web pages, by avoiding conflicts or errors caused by iframes.

With EviBITB technology, you can enjoy a faster, smoother and more private browsing experience, without compromising security or convenience.

How to use EviBITB to protect yourself from BITB attacks?

EviBITB is a technology that detects and removes malicious iFrames that expose you to BITB attacks. These attacks simulate a browser window in a web page to prompt you to enter credentials on a fraudulent site.

When EviBITB detects a suspicious iFrame, it shows a warning window that informs you of the risk. This window also gives you five buttons to act on the BITB iFrame:

  • Close Warning: this button closes the warning window without acting on the BITB iFrame. You can use it if you trust the iFrame URL or want to ignore it.
  • Never Show Warnings On This Site: this button adds the website URL to a list of trusted sites. EviBITB will not alert you of BITB iFrames on these sites. You can use it if you are sure the website is safe and has no malicious iFrames.
  • Destroy: this button deletes the BITB iFrame from the web page source code. You can use it if you do not trust the iFrame URL or want to remove it.
  • Clean Storage: this button clears the data stored by the BITB iFrame in the browser. You can use it if you have been exposed to phishing by iFrame and want to erase any traces.
  • Read More: this button redirects you to a page with more information about EviBITB and its benefits. You can use it if you want to learn more about how EviBITB works and protects you from hackers.

Why you should use EviBITB to secure your online access?

EviBITB is a technology that allows you to use your smartphone or your NFC HSM card as a secure authentication key for any website. With EviBITB, you enjoy many benefits:

  • You avoid BITB attacks that can steal your data or impersonate your identity.
  • These attacks simulate a browser window in a web page to prompt you to enter your credentials on a fraudulent site.
  • You reduce the risk of keylogging or malware infections that can capture your keystrokes or spy on your online activity.
  • You save time and hassle by using your smartphone or NFC HSM card as an authentication key instead of creating or remembering passwords for each website you visit.
  • You enjoy a seamless and user-friendly experience by accessing websites with just a tap of your smartphone or NFC HSM card on your computer screen.
  • You protect your privacy by controlling what data you share with each website you visit, such as your name, email, or profile picture.

By using EviBITB, you can be sure that the web page you see is the one you want to see, and that you do not give away your data to hackers.

How EviBITB can improve your browsing experience?

EviBITB is not only a security tool, but also a performance and privacy enhancer. By removing redirection iframes, EviBITB can improve your browsing experience in several ways:

  • It can speed up the loading of web pages, by avoiding unnecessary or malicious requests to third-party sites.
  • It can reduce the bandwidth consumption, by saving the data that would otherwise be transferred to or from the iframes.
  • It can limit the exposure to ads and pop-ups, by blocking the sources that display them in the iframes.
  • It can prevent the tracking of your online activity, by deleting the cookies and other data that the iframes may store in your browser.
  • It can enhance the readability and usability of web pages, by removing distracting or irrelevant elements from the iframes.
  • It can increase the compatibility and accessibility of web pages, by avoiding potential conflicts or errors caused by the iframes.

By using EviBITB, you can enjoy a faster, smoother and more private browsing experience, without compromising your security or convenience.

How to get started with EviBITB?

Getting started with EviBITB is easy and fast. You just need to follow these steps:

  • Download the EviBITB extension for your web browser based on Chromium or Firefox from Freemindtronic’s official website: https://freemindtronic.com/evibitb-stop-bitb-phishing-attacks/
  • Install the extension on your web browser and follow the instructions to set it up.
  • Get a smartphone or an NFC HSM card compatible with the extension. You can find more information about these devices on Freemindtronic’s website: https://freemindtronic.com/how-does-evibitb-work-detailed-guide/
  • Pair your smartphone or NFC HSM card with your computer using Bluetooth or NFC technology.
  • Start browsing the web securely with EviBITB. Whenever you visit a website that offers SSO options, you will see a green icon on the address bar indicating that EviBITB is active. You can then tap your smartphone or NFC HSM card on your computer screen to authenticate yourself and access the website.

What are some videos on BITB attacks and EviBITB?

If you want to learn more about BITB attacks and EviBITB technology, you can watch some videos on these topics:

  • A video demonstration of a BITB attack by mrd0x:

In conclusion

BITB attacks are a new and sophisticated form of phishing that can steal your credentials by simulating a browser window within your browser. They can bypass many security measures that are designed to prevent phishing and compromise your online security and privacy.

EviBITB is a free technology that detects and removes phishing iFrames from your web browser. It also offers other features to enhance your online security, such as authentication via NFC HSM devices that secure your credentials without typing them on your keyboard.

If you want to benefit from EviBITB technology, you just need to download the extension corresponding to your web browser on Freemindtronic’s official website:

You will also need a smartphone or an NFC HSM card compatible with the extension. You can find more information about these devices on Freemindtronic’s website.

https://freemindtronic.com/evibitb-stop-bitb-phishing-attacks/ :

Don’t wait any longer and try EviBITB now!

Hashtags: #EviBITB #Phishing #Cybersecurity #NFC #HSM

ViperSoftX How to avoid the malware that steals your passwords

ViperSoftX How to avoid the malware that steals your passwords

ViperSoftX malware by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.  

ViperSoftX: The malware that steals your passwords and cryptocurrencies

Do you use password managers or cryptocurrency wallets to secure your online data? Beware, you could be the target of a malware named ViperSoftX, which infiltrates your computer and steals your sensitive information. Find out how it works, how to detect it and how to protect yourself from it in this article.

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

2024 Articles Digital Security News

BitLocker Security: Safeguarding Against Cyberattacks

2024 Articles Digital Security News Spying

How to protect yourself from stalkerware on any phone

ViperSoftX: The Malware that Steals Your Cryptocurrencies and Passwords

ViperSoftX is a malware that steals sensitive information from infected computers, including data related to cryptocurrencies and passwords. It was first discovered in 2020 as a JavaScript-based remote access trojan and cryptocurrency hijacker. Since then, it has evolved to become more sophisticated and stealthy, using innovative arrival and execution techniques, enhanced encryption and a malicious extension for web browsers. In this article, we will examine the features, targets and consequences of ViperSoftX malware, as well as how to protect yourself from it.

Global impact of ViperSoftX malware

This is not a regional threat, but a global one. The malware is mostly spread via torrents and software-sharing sites, which attract users from all over the world. According to Avast, the most impacted countries by ViperSoftX in 2022 were India, USA, Italy, and BrazilHowever, Trend Micro reported that the malware also affected a significant number of victims in Australia, Japan, Taiwan, Malaysia and France in 2023. Both enterprises and consumers are at risk of losing their sensitive data and cryptocurrencies to this stealthy malware. Therefore, it is important to raise awareness about the dangers of ViperSoftX and how to prevent its infection.

How to avoid ViperSoftX, the malware that steals your sensitive data

This is malware is dangerous malware that targets Chrome and other browsers, and can steal your passwords from virtual password managers like 1Password or KeePass 2 and virtual cryptocurrency wallets. In this article, you will learn how it works and how to prevent it from infecting your device.

Features of ViperSoftX malware

ViperSoftX is a malware that stands out for its innovative arrival and execution techniques, enhanced encryption and malicious extension for web browsers. VipersoftX is a malware that steals information from infected computers.

What is ViperSoftX and how does it work?

ViperSoftX is a type of malware called infostealer, which means it is designed to steal the data from a device. It was first discovered in 2020 by Fortinet1, and has since evolved to become more sophisticated and stealthy.

ViperSoftX mainly targets the users of Chrome and other browsers, such as Firefox, Opera, Brave and Microsoft Edge. It installs a malicious extension called VenomSoftX on the browser, which can access and extract sensitive information such as browser login data, cryptocurrency wallets, stored credit card information, passwords and more2.

It is a JavaScript-based Remote Access Trojan (RAT) that allows attackers to remotely control the compromised machine and execute various malicious actions. VipersoftX uses advanced obfuscation techniques to hide itself and evade detection from security software, It uses 8 layers of code obfuscation before executing its actual payload. It uses 3 types of obfuscation techniques: AES decryption, character array conversion, and UTF-81 decoding,

It establishes its persistence by copying itself to %APPDATA% and creating a shortcut in the startup directory to invoke it. It uses seemingly legitimate names to disguise itself, such as v pn_port.dll, reg.converter.sys, install.sig, and install.db

The main features of the malware

These features make ViperSoftX malware a serious threat to the security of users and organizations that use cryptocurrencies or password managers.

  • Arrival technique by cracked software: The malware usually poses as a cracked software, an activator or a key generator, which hides the malicious code in the overlay. The malware uses non-malicious files as carriers of the malicious code, such as gup.exe from Notepad++, firefox.exe from Tor or ErrorReportClient.exe from Magix. These files are accompanied by a DLL file that serves as a decryptor and loader of the malicious code. This technique aims to deceive users who are looking for illegal versions of software and to avoid detection by security solutions.
  • Enhanced encryption by byte remapping: The malware uses a sophisticated encryption method that consists of remapping the bytes of the malicious code according to a specific byte map. Without the correct byte map, the encrypted malicious code, including all components and relevant data, cannot be correctly decrypted, making the decryption and analysis of the code longer and more difficult for analysts. The malware also changes its byte map every month, which makes it even harder to track the malicious code.
  • Monthly change of command and control server: The malware communicates with a command and control (C&C) server to send the stolen information and receive instructions. The C&C server also changes every month, according to a predictable algorithm based on the current date. The C&C server uses the HTTPS protocol to encrypt the communication with the malware.
  • Ability to steal data from various cryptocurrency wallets and web browsers: The malware mainly aims to steal data related to cryptocurrencies, such as private keys, passwords and addresses of wallets. The malware targets more than 20 different cryptocurrency wallets, such as Blockchain, Binance, Coinbase, MetaMask or Ledger Live. The malware also installs a malicious extension named VenomSoftX on Chrome, Brave, Edge, Opera and Firefox web browsers. This extension can intercept and modify cryptocurrency transactions made on web browsers. The malware can also steal other sensitive data stored on web browsers, such as cookies, history, bookmarks or autofill data.
  • Detection of two password managers, KeePass 2 and 1Password: The malware checks for files associated with two popular password managers, KeePass 2 and 1Password, on the infected computer. It also tries to steal data stored in the browser extensions of these password managers. It is not clear whether the malware exploits a known vulnerability of the password managers or whether it uses another method to access the saved passwords.

Consequences of information theft by ViperSoftX malware

ViperSoftX is a malware that can cause serious damage to the users and organizations whose data it steals. The consequences of information theft by ViperSoftX malware can include:

  • Loss of money: The malware can steal data related to cryptocurrencies, such as private keys, passwords and addresses of wallets. This can result in the loss of funds stored in these wallets, or the redirection of transactions to the attacker’s accounts. The malware can also steal data related to online banking, credit cards or other payment methods, which can enable the attacker to make fraudulent purchases or transfers using the victim’s identity.
  • Loss of identity or confidentiality: The malware can steal data related to personal or professional identity, such as passport numbers, driver’s license numbers, social security numbers, medical records, online subscriptions, etc. This can result in identity theft, where the attacker can use the victim’s identity to access secure accounts, set up credit cards, apply for loans, or commit other crimes. The malware can also steal data related to confidential or proprietary information, such as software code, algorithms, processes or technologies. This can result in the loss of intellectual property, competitive advantage or trade secrets.
  • Risks for the consumer and enterprise sectors: The malware targets both individual users and organizations that use cryptocurrencies or password managers. For individual users, the malware can compromise their privacy and security, as well as expose them to financial losses or legal liabilities. For organizations, the malware can compromise their reputation and customer trust, as well as expose them to lawsuits, ransomware demands, recovery costs, regulatory fines or penalties

Victims of the ViperSoftX malware and statistics

The ViperSoftX malware has made many victims around the world, especially in France. Some users have lost large amounts of cryptocurrencies due to the theft of their wallet addresses. Others have seen their online accounts hacked due to the theft of their passwords. Here are some testimonies collected from forums or social networks:

  • “I was infected by ViperSoftX two weeks ago. I only realized it when I wanted to make a transfer of bitcoins to another wallet. The address I had copied had been replaced by another one in the clipboard. I lost 0.5 bitcoin, which is about 20,000 euros.”
  • “I got caught by ViperSoftX by downloading a cracked software from a torrent site. The malware installed a malicious extension on my Firefox browser and stole my passwords stored in KeePass. I had to change all my passwords and disinfect my computer with an antivirus.”
  • “ViperSoftX caused me a lot of problems. The malware accessed my personal and professional data by going through the extension of 1Password on Chrome. It used my Gmail account to send spam to my contacts and my PayPal account to make fraudulent purchases.”

According to TrendMicro, the ViperSoftX malware has infected more than 10,000 computers worldwide since its appearance in 2020. The number of victims could be even higher, as the malware is difficult to detect by antivirus.

How does ViperSoftX spread?

The malware also checks if the device has virtual password managers installed, such as 1Password or KeePass 2. These are applications that help users store and manage their passwords securely. ViperSoftX exploits a vulnerability called CVE-2023-24055 to access the data stored by these password managers through their browser extensions3.

ViperSoftX also steals users’ cryptocurrency by attacking wallets and exchanges. It targets the following wallets in particular: Armory, Atomic Wallet, Binance, Bitcoin, Blockstream Green, Coinomi, Delta, Electrum, Exodus, Guarda, Jaxx Liberty, Ledger Live, Trezor Bridge, Coin98, Coinbase and MetaMask.

The stolen data is then sent to a command-and-control (C2) server controlled by the attackers, who can use it for financial gain or sell it to other hackers.

How to protect yourself from ViperSoftX malware

ViperSoftX is a stealthy and dangerous malware that can cause serious damage to your computer and your data. Therefore, you should take some preventive measures to avoid being infected by this malware. Here are some tips to help you protect yourself from ViperSoftX:

  • Avoid cracked software: The malware often arrives as cracked software, an activator or a key generator, which hides the malicious code in the overlay. Avoid downloading or using illegal versions of software or games, as they may contain malware. Only download software from trusted sources and verify their authenticity.
  • Use security software: Use a robust antivirus software that can detect and remove malware from your device. Keep your security software updated and perform regular scans of your device. You can also use a firewall to block unauthorized network connections and a VPN to encrypt your online traffic.
  • Update your browsers and password managers: The malware installs a malicious extension named VenomSoftX on web browsers and steals data from them. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly. Update your browsers and password managers regularly to fix any security vulnerabilities. Also, only install extensions from trusted sources and check their permissions and reviews.
  • Backup your data: The malware can steal or encrypt your data, making it inaccessible or unusable. Backup your data regularly to an external storage device or a cloud service, so you can restore it in case of a malware attack. You can also use encryption tools to protect your data from unauthorized access.
  • Be careful with email attachments and links: The malware can also arrive through phishing emails that trick you into clicking on a link or opening an attachment. Be wary of emails that ask you to provide personal or financial information, or that seem to be from unknown or suspicious senders. Also, avoid clicking on links or attachments that look suspicious or irrelevant.
  • Use strong and unique passwords: The malware can steal your passwords for your online accounts, especially for your cryptocurrency wallets and exchange platforms. Use strong and unique passwords for each account, and avoid using the same password for multiple accounts. You can use a password generator or a password manager to create and store strong passwords.
  • Enable two-factor authentication (2FA): The malware can use your stolen passwords to access your accounts and perform fraudulent transactions. Enable two-factor authentication (2FA) whenever possible, which adds an extra layer of security to your login process. 2FA requires you to enter a code sent to your phone or email, or generated by an app, in addition to your password.
  • Avoid downloading and installing software or documents from untrusted sources: The malware often hides behind cracked versions of popular software or games, which are offered on torrent or illegal download sites.
  • Keep your browser and password manager updated: with the latest security patches, and use strong and unique passwords for each account.

How to remove ViperSoftX from your system

ViperSoftX is a malware that can infect your computer and steal your data. If you suspect or know that your computer is already infected by ViperSoftX, you should act quickly to remove it and prevent further damage. Here are some steps to help you remove ViperSoftX from your system:

  • Uninstall malicious programs from Windows: ViperSoftX may have installed some malicious programs on your computer that can interfere with your removal process. To uninstall them, go to Control Panel > Programs > Uninstall a program and look for any suspicious programs that you do not recognize or that you did not install yourself. Select them and click Uninstall.
  • Reset browsers back to default settings: ViperSoftX may have modified your browser settings and installed a malicious extension named VenomSoftX that can steal your data. To reset your browser settings, go to your browser settings and look for an option to reset your browser to its default state. This will remove any malicious extensions, cookies, history, passwords, and other data that ViperSoftX may have added or modified.
  • Use Rkill to terminate suspicious programs: ViperSoftX may have some processes running in the background that can prevent you from removing it. To stop them, use Rkill, a free tool that can terminate any suspicious processes that are running on your computer. Download Rkill from here and run it as administrator. Wait for it to finish scanning and killing any suspicious processes.
  • Use Malwarebytes to remove Trojans and unwanted programs: ViperSoftX is a Trojan malware that can hide itself from antivirus detection by using camouflage mechanisms. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly. To remove it, use Malwarebytes, a powerful anti-malware software that can detect and remove ViperSoftX and other threats from your computer. Download Malwarebytes from here and install it. Run a full scan and follow the instructions to quarantine or delete any detected threats.
  • Use HitmanPro to remove rootkits and other malware: ViperSoftX may have some hidden malware components that may have escaped Malwarebytes. To find and remove them, use HitmanPro, a second-opinion scanner that can find and remove any hidden malware that may be on your computer. Download HitmanPro from here and run it. Follow the instructions to scan your computer and remove any remaining malware.
  • Use AdwCleaner to remove malicious browser policies and adware: ViperSoftX may have changed some browser policies or installed some adware on your computer that can display unwanted ads or pop-ups. To clean your browser from them, use AdwCleaner, a free tool that can remove any unwanted policies, extensions, toolbars, ads, or pop-ups that may have been installed by ViperSoftX or other adware. Download AdwCleaner from here and run it. Click Scan Now and then Clean & Repair to remove any detected threats.
  • Perform a final check with ESET Online Scanner: To make sure that your computer is completely free of malware infections, perform a final check with ESET Online Scanner, a free online tool that can scan your computer for any remaining malware infections. It can detect and remove viruses, Trojans, spyware, phishing and other internet threats. To use ESET Online Scanner, go to this website and click Start Scan Now. Accept the terms of use and click Enable ESET LiveGrid feedback system. This will allow ESET to collect anonymous data about detected threats and improve its detection capabilities. Wait for the scan to complete and follow the instructions to delete any detected threats.”

By following these steps, you should be able to remove ViperSoftX from your computer completely. However, you should also change your passwords for your online accounts, especially for your cryptocurrency wallets and exchange platforms

ViperSoftX is a very stealthy malware that can evade antivirus detection by using various techniques. It also checks if the device has security software installed, such as Windows Defender or ESET, and activates its camouflage mechanisms accordingly4.

How to secure your passwords and cryptocurrencies with modern authentication methods?

One of the best ways to protect your passwords and cryptocurrencies from ViperSoftX and other malware is to use modern authentication methods that rely on hardware devices instead of software. These devices are called hardware password managers or cold wallets.

Hardware password manager

A hardware password manager is a device that stores and manages your passwords securely. Unlike a virtual password manager, which runs on your computer or smartphone, a hardware password manager is a separate device that you can carry with you. This way, you can avoid storing your passwords on potentially compromised devices or online services.

A hardware password manager generates and stores strong passwords for your online accounts, which you can access with one master password. To log in to an online service, you can either type the password manually or use the NFC feature of the device to transmit the password to your computer or smartphone.

NFC

NFC (Near Field Communication) is a wireless technology that allows devices to communicate over short distances. You can use NFC for various purposes, such as contactless payments, smart cards, and authentication. By using NFC, you can log in to your online accounts with a simple tap of your hardware password manager on your device.

Some of the benefits of using NFC are:

  • It is fast and convenient: you do not need to type long passwords or scan QR codes.
  • It is secure: NFC uses encryption and authentication protocols to prevent eavesdropping or tampering.
  • It is compatible: NFC works with most:

Cold wallet

A cold wallet is a device that stores your cryptocurrencies offline. Unlike a hot wallet, which is connected to the internet and vulnerable to hacking, a cold wallet is isolated and protected from unauthorized access. To use a cold wallet, you need to transfer your cryptocurrencies from an online platform to the device and vice versa.

A cold wallet generates and stores private keys for your cryptocurrency accounts. A private key is a secret code that allows you to access and control your cryptocurrency funds. You should never share or lose your private key, as it is the only way to access your funds.

Some of the advantages of using a cold wallet are:

  • It is safe and reliable: you do not have to worry about hackers, malware, or phishing attacks.
  • It is easy and convenient: you can manage your funds with a simple interface and a few clicks.
  • It is versatile and compatible: you can store different types of cryptocurrencies on the same device.

One example of a cold wallet that uses NFC technology is the NFC Cold Wallet with EviVault technology from Freemindtronic Andorra. This device allows you to store and manage your cryptocurrencies securely and conveniently with your smartphone.

EviVault Cold Wallet & Hardware Wallet

EviVault is a patented technology that enhances the security and performance of NFC devices. It uses a combination of hardware and software features to protect your data from physical and logical attacks.

Some of the features of EviVault are:

  • It encrypts and authenticates your data with AES-256 and HMAC-SHA256 algorithms.
  • It prevents cloning, tampering, or replay attacks with anti-counterfeiting and anti-replay mechanisms.
  • It detects and blocks brute force attacks with auto unpairing functions traced in a black box.
  • It optimizes the speed and reliability of NFC communication with error correction and data compression techniques.

With EviVault, you can enjoy the benefits of NFC technology without compromising your security or privacy.

The impact of the ViperSoftX malware on businesses

The ViperSoftX malware does not only target individuals, but also businesses. Indeed, the malware can compromise the security of professional data by stealing the passwords of employees or customers. It can also infect the computer network of the company and spread other malware, such as ransomware or cryptominers.

To protect themselves from the ViperSoftX malware, businesses must take several measures:

  • Educate employees about the risks associated with downloading software or documents from unofficial or illegal sources.
  • Use up-to-date and effective antivirus software to detect and remove the malware.
  • Choose secure and reliable password managers, which do not store sensitive data in browser extensions.
  • Check regularly the transactions in cryptocurrencies and the addresses of the wallets.

In conclusion

ViperSoftX is a dangerous malware that can steal your passwords and cryptocurrencies from your virtual password managers and online platforms. To protect yourself from ViperSoftX, you should be careful about what you download and install on your device, keep your software updated and secure, avoid installing unknown or suspicious extensions and backup your data regularly.

To secure your passwords and cryptocurrencies with modern authentication methods, you can use hardware password managers or cold wallets that rely on hardware devices instead of software. These devices use NFC technology to offer you a high level of security and convenience for your online accounts. However, you should also follow some best practices, such as keeping your devices updated and secure, using strong passwords and two-factor authentication, and storing only small amounts of cryptocurrency on online platforms.