crypto wallets

Crypto wallets combat scammers with transaction previews and blocklists

New features aimed at protecting users come amid recent crypto thefts and phishing attacks targeted at well-known crypto executives and influencers.

United States-based crypto exchange Coinbase has become the latest crypto wallet provider to roll out transaction previews and blocklists amid a rise in crypto thefts.

On Jan. 30, the crypto exchange announced that it had integrated a new suite of safety features to its wallet app to make it easier for users to spot and take action on potential foul play from scammers.

Such integrations include a transaction preview feature that gives the user an estimation of how users’ “token and NFT balances will change” during a transaction before the confirm button is hit.

Wallet, Coinbase, Transactions, Phishing

The firm has also rolled out token approval alerts, which make it clear to the user when a decentralized application dApp is requesting approval to withdraw tokens and nonfungible tokens (NFTs).

Additionally, the firm has also introduced new layers of permission management that enable users to revoke DApp connections directly from the app to help minimize “exposure to potential vulnerabilities.”

The crypto exchange joins the ranks of several other crypto wallet providers that have either rolled out or announced similar features aimed at combating crypto scams and phishing attacks, including Solana-based Phantom, Web3 wallet provider Ember and Bitski.

Just two days after Moonbirds creator Kevin Rose admitted to losing $1.1 million in NFTs via a targeted phishing attack, Phantom reminded users on Jan. 27 that its wallets are protected with a number of security features which include transaction previews, an open-source blocklist, NFT spam reporting and burning.

The firm explained its transaction preview feature: “when you take an action in Phantom, like minting an NFT, we scan your transaction and proactively find anything that looks fishy. Website looks fishy? You get a warning. Trying to obfuscate code? Warning. Interacting with suspicious tokens? Warning.”

The open-source blocklist consists of a “community-maintained list of malicious domains” that Phantom blocks users from mistakenly connecting with.

12/ We’re proud of the security features we have implemented, but this is only the beginning.

We will continue to work tirelessly to protect our users with best-in-class security features, education, and support to make everyone’s journey through web3 safe, easy, and fun.

— Phantom (@phantom) January 26, 2023

Tweeting on the same day as Phantom, Web3 wallet provider Ember detailed the list of its own security tools.

The list includes translation previews, token and NFT locking to stop assets being drained as part of malicious transactions, and approval revoking.

5/7) As well, Ember allows you to lock your NFTs and tokens, which disables the ability to send or sell them until they have been unlocked which requires your authentication to do so

This means that if you do sign a malicious transaction, your locked assets can’t be drained

— Ember (@EmberWallet) January 27, 2023

On Jan. 24, Bitski also indicated that it was working on similar integrations via its 2.0 wallet, with product designer Jasmine Xu noting that this will cover “self custody, dapp browser, transaction simulation previews, notifications about account activity, in-app burner vault, and a bunch more in a few weeks.”

In its most recent blog post, Coinbase said in the coming weeks, the firm will launch a feature so that users can “view and revoke existing token balances.”

These types of features are important for crypto and NFT users, as scammers/hackers deploy a wide array of tools to hijack transactions and get funds sent to them instead of the originally intended destination.

Popular methods that dupe even experienced users include phishing attacks, scam airdrops directing people to click on malicious links, and malware.

Revoke your smart contract approvals ASAP, warns crypto investor

A Reddit user has warned of the potential dangers of unchecked smart contracts, advising the community to revoke approvals on a regular basis.

On the back of the worst year for crypto hacks and exploits, the crypto community has given some advice to newbie investors going into 2023 — check your smart contract approvals and revoke access regularly.

Reddit user 4cademy posted their advice to the r/CryptoCurrency subreddit on Jan. 1, noting that they had approved a slew of smart contracts over a two-year period and “thought it was time to check my approved smart contracts.”

They found “nearly all” of their approvals were for “unlimited amounts,” which spurred them to revoke approvals for all smart contracts in their wallet as it was “better safe than sorry,” and advised:

“You should at least check your approvals too and possibly revoke them.”

The reason to do this, the user said, is that some users of decentralized finance (DeFi) protocols or nonfungible tokens (NFTs) could have mistakenly approved malicious smart contracts from phishing attempts that could be lying in wait to steal user funds.

Such ice phishing scams have been successful in the past, with one such elaborate month-long scam involving an offering from a fake film studio leading to 14 Bored Ape Yacht Club (BAYC) NFTs stolen from a single wallet.

Even known “good-behaving” contracts should be revoked as hackers could find exploits to pilfer funds from connected wallets.

The 10 largest exploits in 2022 saw around $2.1 billion stolen mostly from DeFi protocols and cross-chain bridges where attackers found vulnerabilities in existing smart contracts to carry out their heists.

The user offered up further advice, saying to “use different wallets for different purposes” such as having a wallet that only interacts with smart contracts and another that doesn’t which is used for the sole purpose of holding funds.

Users commenting on the post also suggested that one could schedule a reoccurring interval to revoke all smart contract approvals, such as on the 1st of every month or even at the start of every week.

Others suggested there were third-party services that could check and revoke smart contract approvals across a number of chains, including BNB Smart Chain, Ethereum and Polygon.

One user responded that the “best” advice was to interact with as few smart contracts as possible, saying “revoking permissions is good practice but not giving permissions in the first place is better.”

Friday after-work drinks with Twitter’s new owner Elon Musk, who’s in?

After Elon Musk signaled his intention to continue the deal to buy the social media platform earlier in October, reports are emerging that the acquisition is almost over.

Crypto-friendly billionaire Elon Musk is set to finalize the acquisition of social media platform Twitter by Oct. 28, which brings to a close the protracted Musk-Twitter saga.

On Oct. 24, Musk vowed to the banks assisting with the roughly $13 billion of financing for the deal that it would be closed by the end of the week and the banks have completed the final credit agreement, one of the last steps before sending the money to Musk, according to Bloomberg sources.

Musk has also reportedly notified his co-investors who are helping him fund the acquisition by sending over paperwork for the financing commitment, according to Reuters sources, which include venture capital firm Sequoia Capital, crypto exchange Binance and Qatar’s Investment Authority.

During a conference in Saudi Arabia on Oct. 25, Binance CEO Changpeng Zhao reaffirmed his commitment to backing Musk’s takeover, according to Bloomberg.

The latest developments in the deal point to Musk seemingly adhering to a court-issued deadline set by a Delaware judge in early October where Musk filed his intention to proceed with closing the deal at the original $44 billion price after previously wanting to back out in July.

Musk intends to close the transaction at a price of $54.20 per share. Twitter stock prices jumped on the news, closing at $52.78 a share and up 2.45% for the day, according to Yahoo Finance.

In the past, Musk has highlighted many areas of the platform he wishes to change with his stated “top priority” being to cut down on crypto scam tweets and at one time planned to charge users 0.1 Dogecoin (DOGE) — much less than half a cent — to post on Twitter but later admitted it wouldn’t be feasible.

Crypto wallets on Twitter?

The news comes a few days after rumors emerged that Twitter may be working on a cryptocurrency wallet, according to Security researcher Jane Manchun Wong, who made Forbes 30 under 30 for her high-profile tech leak scoops.

On Oct. 25, she tweeted the platform was working on a “wallet prototype” that supports “crypto deposit and withdrawal” but did not provide evidence or a source for her claim. Cointelegraph has reached out to Twitter for comment.

Meanwhile, news of Musk’s deal nearing its end comes as internal documents from Twitter, seen by Reuters on Oct. 26, reveal the platform is struggling to retain its most active users, those who log in to the platform up to seven days a week and tweet a minimum of three times a week.

While these heavy users are less than 10% of the total monthly overall users, they account for a massive 90% of all tweets on the platform and around half of Twitter’s global revenue.

The leaked research also found over the last two years the topics of interest among English-speaking heavy users have shifted with one of the highest-growing topics being cryptocurrency and interest in news, sports and entertainment has seen a decline.