Tag: domain

Unstoppable Domains and Chainlink Introduce Twitter Verification for Crypto Payments

Unstoppable Domains a company building blockchain domain names, and Chainlink the secure oracle network, have launched a Twitter authentication service for .crypto addresses.

According to a release shared with Blockchain.News, with this new feature, .crypto users can quickly authenticate by connecting to a public social media profile, and verify the address’ ownership through MyEtherWallet (MEW), which is the first platform that integrated the new feature.

Brad Kam, Unstoppable Domains co-founder wrote:

“This verification solution is making crypto payments more user-friendly […] It attaches real-world information to a cryptocurrency address, while still enabling a level of privacy through the use of pseudonyms or avatars.”

Phishing scams have been a real threat for many years and crypto addresses have often been vulnerable to such attacks. The recent Twitter hack that affected famous Twitter accounts earlier this year, including Joe Biden, Barack Obama and Elon Musk, led to 400 payments being sent to malicious bitcoin addresses.

According to Kosala Hemachandra, founder of MyEtherWallet:

“Adding your Twitter handle to your blockchain address provides a missing layer of transparency to make crypto safer. For the first time, anyone can use MEW to verify someone’s identity before they send them crypto.”

Unstoppable Domains is also integrating authentication powered by Chainlink oracles, that can connect each .crypto address to a public Twitter username. The verification is instantly confirmed and logged on the blockchain. This means that when sending funds from their wallets, users will be visually notified if the address they’re transacting with has been verified.

Daniel Kochis, Head of Chainlink Business Development said:

“P2P payments such as Paypal, Venmo and Cash App have totaled $310 billion in 2019 and are experiencing tremendous growth. Ownership verification for crypto addresses represents a major milestone towards attracting new users to the ecosystem.”

Several Cryptocurrency Firms Suffer Domain Cyber-Attacks Due to GoDaddy Employee Error

GoDaddy, the world’s biggest domain name registrar, admitted that a number of its customers’ domain names, including several prominent cryptocurrency firms, had been modified after some of its employees fell for a social engineering scam. The US publicly traded internet domain registrar and web hosting company is the latest victim to suffer security attacks caused by scams targeting employees.

The cyber attackers used a phishing campaign involving email usage tricked GoDaddy employees to click a malicious link/file and consequently revealed ownership and or control over targeted domains to fraudsters.

The latest phishing campaign started on November 13 with an attack on the Liquid.com cryptocurrency trading platform.

Liquid CEO Mike Kayamori said:

“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

On November 18, NiceHash cryptocurrency mining services also discovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, shortly redirecting email and web traffic for the site. NiceHarsh, therefore, froze all customers’ funds for about 24 hours until it was able to verify that its domain settings had been back to their original settings.

Matjaz Skorjanc, NiceHarsh founder said that attackers made unauthorized changes from an internet address at GoDaddy and attempted to use their access to its incoming NiceHarsh mails to perform password resets on multiple third-party services including GitHub and Slack.

Skorjanc said:

“We detected this almost immediately [and] started to mitigate [the] attack. Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen.”

Many other cryptocurrency platforms also might have been targeted by the same group including Wirex.app, Celsius.network, and Bibox.com. However, these firms have not responded to the request for comment.

Dan Race, GoDaddy spokesperson, said:

“Separately, and unrelated to the outage, a routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information […]Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.”

Race mentioned that they immediately locked down the accounts affected in such incident, reverted changes that occurred in those accounts, and helped the affected customers to regain access to their accounts. Race further stated that as malicious actors become increasingly aggressive and sophisticated in their attacks, GoDaddy is constantly educating its employees about new tactics which may be utilized against them and adopting new security measures to prevent future attacks. 

Cryptocurrency Scams Becoming Rampant

In late October this year, US President Donald Trump’s 2020 Presidential Campaign website was compromised in an attempt by cyber hackers to gain crypto funds. Cryptocurrency scams are nowadays a popular way that bad actors use to trick people into revealing sensitive data and sending money.

Such scams pop up in several ways like appearing as emails trying to solicit business and investment opportunities or online chain referral schemes. Scammers use such attractive opportunities to entice people including employees, investors, and consumers.  Since it is difficult to distinguish scams from legitimate services, it is advisable for people to be cautious, know how to identify potential scams, and avoid falling into victims.

Exit mobile version