Celsius Network Phishing Attack: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/celsiusnetworkphishingattack.php}} thumb|Celsius NetworkCelsius Network is a cryptocurrency lending platform, where you can deposit your cryptocurrency and take out a loan against it. According to reports, a third party database containing 20,000 - 30,000 emails out of 100,000 total emails in their system was compromised. Users reported receiving both emails and texts a...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/celsiusnetworkphishingattack.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/celsiusnetworkphishingattack.php}} | ||
{{Unattributed Sources}} | |||
[[File:Celsiusnetwork.jpg|thumb|Celsius Network]]Celsius Network is a cryptocurrency lending platform, where you can deposit your cryptocurrency and take out a loan against it. According to reports, a third party database containing 20,000 - 30,000 emails out of 100,000 total emails in their system was compromised. Users reported receiving both emails and texts announcing a $500 bonus for setting up an account with a new wallet software provided by Celsius. Several users reported that their funds were taken after setting up the wallet which required importing their private key. While the total lost has not been reported, a total of just over $9,000 worth of cryptocurrency was donated to affected users through the community and assuming Celsius followed through on their matching pledge. | [[File:Celsiusnetwork.jpg|thumb|Celsius Network]]Celsius Network is a cryptocurrency lending platform, where you can deposit your cryptocurrency and take out a loan against it. According to reports, a third party database containing 20,000 - 30,000 emails out of 100,000 total emails in their system was compromised. Users reported receiving both emails and texts announcing a $500 bonus for setting up an account with a new wallet software provided by Celsius. Several users reported that their funds were taken after setting up the wallet which required importing their private key. While the total lost has not been reported, a total of just over $9,000 worth of cryptocurrency was donated to affected users through the community and assuming Celsius followed through on their matching pledge. | ||
This exchange or platform is based in United States, or the incident targeted people primarily in United States. | This exchange or platform is based in United States, or the incident targeted people primarily in United States.<ref name="bankinfosecurity-6009" /><ref name="cryptobriefing-6013" /><ref name="celsiusnetworkblog-6109" /><ref name="celsiusnetworktwitter-6110" /><ref name="celsecuritytwitter-6111" /><ref name="youtube-6112" /><ref name="mashinskytwitter-6113" /><ref name="celsiusnetworktwitter-6114" /><ref name="celsiusnetworktwitter-6115" /><ref name="bleepingcomputer-6116" /><ref name="uidtwitter-6117" /><ref name="cyberintelmag-6118" /><ref name="celsiusnetwork-6119" /><ref name="starttrades-6120" /><ref name="logixblog-6121" /><ref name="mashinskymedium-6122" /><ref name="blockchaindotcom-6123" /><ref name="etherscan-6124" /><ref name="heimdalsecurity-6125" /><ref name="coinmarketcap-623" /><ref name="coinmarketcap-4651" /><ref name="etherscan-6126" /><ref name="coinmarketcap-6127" /><ref name="wikipedia-6128" /><ref name="cointelegraph-6129" /><ref name="celsiusnetwork-6130" /> | ||
== About Celsius Network == | == About Celsius Network == | ||
| Line 59: | Line 60: | ||
Don't Include: | Don't Include: | ||
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
| Line 80: | Line 80: | ||
!Description | !Description | ||
|- | |- | ||
|April 14th, 2021 1:48:00 PM | |April 14th, 2021 1:48:00 PM MDT | ||
| | |Main Event | ||
| | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
|- | |- | ||
| | | | ||
| Line 92: | Line 88: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 105: | Line 104: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
There do not appear to have been any funds recovered in this case. | |||
What funds were recovered? What funds were reimbursed for those affected users? | What funds were recovered? What funds were reimbursed for those affected users? | ||
| Line 111: | Line 110: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== General Prevention Policies == | |||
When setting up a new wallet, always check to make sure you are using the official trusted website. Get the URL from multiple trusted third parties and only use the official URL in your sign-up. Never set up a wallet with a large balance in it, or import a wallet with a large balance into new software. Instead, perform a test with a smaller wallet before any transfer or upgrade. Store the majority of funds offline in cold storage, preferably protected by a multi-signature wallet. We propose that new crypto users should be given a short quiz to educate them prior to investing. Part of our framework has an industry insurance fund which could be available to help phishing victims. | |||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
[https://www.bankinfosecurity.com/coinmarketcap-no-breach-despite-31m-email-address-leak-a-17789 CoinMarketCap: No Breach Despite 3.1M Email Address Leak] (Jan 25) | <references><ref name="bankinfosecurity-6009">[https://www.bankinfosecurity.com/coinmarketcap-no-breach-despite-31m-email-address-leak-a-17789 CoinMarketCap: No Breach Despite 3.1M Email Address Leak] (Jan 25, 2022)</ref> | ||
[https://cryptobriefing.com/3-million-coinmarketcap-email-addresses-have-leaked/ 3 Million CoinMarketCap Email Addresses Have Leaked - Crypto Briefing] (Jan 26) | <ref name="cryptobriefing-6013">[https://cryptobriefing.com/3-million-coinmarketcap-email-addresses-have-leaked/ 3 Million CoinMarketCap Email Addresses Have Leaked - Crypto Briefing] (Jan 26, 2022)</ref> | ||
[https://blog.celsius.network/celsius-security-notice-april-2021-154a587f7ca3 https://blog.celsius.network/celsius-security-notice-april-2021-154a587f7ca3] (Jan 30) | <ref name="celsiusnetworkblog-6109">[https://blog.celsius.network/celsius-security-notice-april-2021-154a587f7ca3 https://blog.celsius.network/celsius-security-notice-april-2021-154a587f7ca3] (Jan 30, 2022)</ref> | ||
[https://twitter.com/CelsiusNetwork/status/1385937142677913600 @CelsiusNetwork Twitter] (Jan 30) | <ref name="celsiusnetworktwitter-6110">[https://twitter.com/CelsiusNetwork/status/1385937142677913600 @CelsiusNetwork Twitter] (Jan 30, 2022)</ref> | ||
[https://twitter.com/CelSecurity/status/1385942329685684231 @CelSecurity Twitter] (Jan 30) | <ref name="celsecuritytwitter-6111">[https://twitter.com/CelSecurity/status/1385942329685684231 @CelSecurity Twitter] (Jan 30, 2022)</ref> | ||
[https://www.youtube.com/watch?v=R1hgmwE9Veg Celsians Care Fund & Loans Q&A - Celsius AMA (April 16th 2021) - YouTube] (Jan 30) | <ref name="youtube-6112">[https://www.youtube.com/watch?v=R1hgmwE9Veg Celsians Care Fund & Loans Q&A - Celsius AMA (April 16th 2021) - YouTube] (Jan 30, 2022)</ref> | ||
[https://twitter.com/Mashinsky/status/1383014561679310848 @Mashinsky Twitter] (Jan 30) | <ref name="mashinskytwitter-6113">[https://twitter.com/Mashinsky/status/1383014561679310848 @Mashinsky Twitter] (Jan 30, 2022)</ref> | ||
[https://twitter.com/CelsiusNetwork/status/1382654382668460037 @CelsiusNetwork Twitter] (Jan 30) | <ref name="celsiusnetworktwitter-6114">[https://twitter.com/CelsiusNetwork/status/1382654382668460037 @CelsiusNetwork Twitter] (Jan 30, 2022)</ref> | ||
[https://twitter.com/CelsiusNetwork/status/1382420465533157382 @CelsiusNetwork Twitter] (Jan 30) | <ref name="celsiusnetworktwitter-6115">[https://twitter.com/CelsiusNetwork/status/1382420465533157382 @CelsiusNetwork Twitter] (Jan 30, 2022)</ref> | ||
[https://www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/ Celsius email system breach leads to phishing attack on customers] (Jan 30) | <ref name="bleepingcomputer-6116">[https://www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/ Celsius email system breach leads to phishing attack on customers] (Jan 30, 2022)</ref> | ||
[https://twitter.com/UID_/status/1349125896003837963 @UID_ Twitter] (Jan 30) | <ref name="uidtwitter-6117">[https://twitter.com/UID_/status/1349125896003837963 @UID_ Twitter] (Jan 30, 2022)</ref> | ||
[https://cyberintelmag.com/attacks-data-breaches/celsius-network-confirms-email-system-breach-phishing-attacks-on-customers/ https://cyberintelmag.com/attacks-data-breaches/celsius-network-confirms-email-system-breach-phishing-attacks-on-customers/] (Jan 30) | <ref name="cyberintelmag-6118">[https://cyberintelmag.com/attacks-data-breaches/celsius-network-confirms-email-system-breach-phishing-attacks-on-customers/ https://cyberintelmag.com/attacks-data-breaches/celsius-network-confirms-email-system-breach-phishing-attacks-on-customers/] (Jan 30, 2022)</ref> | ||
[https://celsius.network/ Celsius Network | Earn Crypto, Borrow Cash and Unbank Yourself] (Jan 30) | <ref name="celsiusnetwork-6119">[https://celsius.network/ Celsius Network | Earn Crypto, Borrow Cash and Unbank Yourself] (Jan 30, 2022)</ref> | ||
[https://starttrades.com/blogs/news/is-celsius-network-safe-to-put-your-money Is Celsius Network Safe To Put Your Money (Updated Dec'21 on BadgerDAO | <ref name="starttrades-6120">[https://web.archive.org/web/20220103001119/https://starttrades.com/blogs/news/is-celsius-network-safe-to-put-your-money Is Celsius Network Safe To Put Your Money (Updated Dec'21 on BadgerDAO)] (Jan 30, 2022)</ref> | ||
[https://blog.logix.in/celsius-data-breach/ Celsius Data Breach – Phishing Claims More Victims] (Jan 30) | <ref name="logixblog-6121">[https://blog.logix.in/celsius-data-breach/ Celsius Data Breach – Phishing Claims More Victims] (Jan 30, 2022)</ref> | ||
[https://mashinsky.medium.com/from-the-ceo-an-update-on-celsius-security-6f80b50012bd From The Ceo An Update On Celsius Security] (Jan 30) | <ref name="mashinskymedium-6122">[https://mashinsky.medium.com/from-the-ceo-an-update-on-celsius-security-6f80b50012bd From The Ceo An Update On Celsius Security] (Jan 30, 2022)</ref> | ||
[https://www.blockchain.com/btc/address/1KBdR5jQ9unrGxevHnFdFwphpu1nS7AD6E Address: 1KBdR5jQ9unrGxevHnFdFwphpu1nS7AD6E | Blockchain Explorer] (Jan 30) | <ref name="blockchaindotcom-6123">[https://www.blockchain.com/btc/address/1KBdR5jQ9unrGxevHnFdFwphpu1nS7AD6E Address: 1KBdR5jQ9unrGxevHnFdFwphpu1nS7AD6E | Blockchain Explorer] (Jan 30, 2022)</ref> | ||
[https://etherscan.io/address/0x7DBe022DcDef584E68bb5D75EfBac4BD3f4a53b7 https://etherscan.io/address/0x7DBe022DcDef584E68bb5D75EfBac4BD3f4a53b7] (Jan 30) | <ref name="etherscan-6124">[https://etherscan.io/address/0x7DBe022DcDef584E68bb5D75EfBac4BD3f4a53b7 https://etherscan.io/address/0x7DBe022DcDef584E68bb5D75EfBac4BD3f4a53b7] (Jan 30, 2022)</ref> | ||
[https://heimdalsecurity.com/blog/celsius-email-system-suffers-security-breach/ Celsius Email System Suffers Security Breach] (Jan 30) | <ref name="heimdalsecurity-6125">[https://heimdalsecurity.com/blog/celsius-email-system-suffers-security-breach/ Celsius Email System Suffers Security Breach] (Jan 30, 2022)</ref> | ||
[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May | <ref name="coinmarketcap-623">[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 16, 2021)</ref> | ||
[https://coinmarketcap.com/currencies/ethereum/historical-data/ https://coinmarketcap.com/currencies/ethereum/historical-data/] (Dec | <ref name="coinmarketcap-4651">[https://coinmarketcap.com/currencies/ethereum/historical-data/ https://coinmarketcap.com/currencies/ethereum/historical-data/] (Dec 21, 2021)</ref> | ||
[https://etherscan.io/address/0x54BD1BaeB7b860119253f5bB56250F8aFb2a22c4#tokentxns https://etherscan.io/address/0x54BD1BaeB7b860119253f5bB56250F8aFb2a22c4#tokentxns] (Jan 30) | <ref name="etherscan-6126">[https://etherscan.io/address/0x54BD1BaeB7b860119253f5bB56250F8aFb2a22c4#tokentxns https://etherscan.io/address/0x54BD1BaeB7b860119253f5bB56250F8aFb2a22c4#tokentxns] (Jan 30, 2022)</ref> | ||
[https://coinmarketcap.com/currencies/celsius/historical-data/ https://coinmarketcap.com/currencies/celsius/historical-data/] (Jan 30) | <ref name="coinmarketcap-6127">[https://coinmarketcap.com/currencies/celsius/historical-data/ https://coinmarketcap.com/currencies/celsius/historical-data/] (Jan 30, 2022)</ref> | ||
[https://en.wikipedia.org/wiki/Celsius_Network Celsius Network - Wikipedia] (Jan 30) | <ref name="wikipedia-6128">[https://en.wikipedia.org/wiki/Celsius_Network Celsius Network - Wikipedia] (Jan 30, 2022)</ref> | ||
[https://cointelegraph.com/news/email-server-breach-sees-celsians-targeted-by-phishing-attacks Email server breach sees Celsians targeted by phishing attacks] (Jan 30) | <ref name="cointelegraph-6129">[https://cointelegraph.com/news/email-server-breach-sees-celsians-targeted-by-phishing-attacks Email server breach sees Celsians targeted by phishing attacks] (Jan 30, 2022)</ref> | ||
[https://celsius.network/about-us About Us | Unbank Yourself] (Jan 30) | <ref name="celsiusnetwork-6130">[https://celsius.network/about-us About Us | Unbank Yourself] (Jan 30, 2022)</ref></references> | ||
Latest revision as of 17:47, 2 May 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Celsius Network is a cryptocurrency lending platform, where you can deposit your cryptocurrency and take out a loan against it. According to reports, a third party database containing 20,000 - 30,000 emails out of 100,000 total emails in their system was compromised. Users reported receiving both emails and texts announcing a $500 bonus for setting up an account with a new wallet software provided by Celsius. Several users reported that their funds were taken after setting up the wallet which required importing their private key. While the total lost has not been reported, a total of just over $9,000 worth of cryptocurrency was donated to affected users through the community and assuming Celsius followed through on their matching pledge.
This exchange or platform is based in United States, or the incident targeted people primarily in United States.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26]
About Celsius Network
"Celsius Network is a cryptocurrency loan company." "Celsius was founded in 2017 with the mission to harness blockchain technology to provide unprecedented financial freedom, economic opportunity, and income equality for the 99%." "Celsius Network Limited was incorporated on 9 February 2018."
"Celsius is proud to provide a platform of curated services that have been abandoned by big banks – things like fair interest, zero fees, and lightning quick transactions. Our goal is to disrupt the financial industry, one happy user at a time, and introduce financial freedom through crypto."
"Celsius is not a bank, depository institution, custodian or fiduciary and the assets in your Celsius account are not insured by any private or governmental insurance plan (including FDIC or SIPC), nor are they covered by any compensation scheme (including FSCS)."
"On April 14, 2021, Celsius customers began reporting a fraudulent website claiming to be an official Celsius platform. We also became aware of some Celsius customers receiving SMS and email messages, that claimed to be official Celsius communication, linking to that website, and prompting recipients to enter sensitive information."
"By now, Celsius customers had also received SMS on their phones along with emails, posing as Celsius. All fraudulent communication from the hackers was concluded by a link to the spoofed website, where a contact form snatched sensitive information of the users who fell for the trick."
"Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list." "An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers."
"The intent was to make the recipients believe the fraudulent email came from Celsius, that the fraudulent site was a true Celsius site, and to take ownership of recipients’ cryptocurrency assets from their personal (non-Celsius) wallet by prompting the user to provide the seed phrase to their personal wallet address."
"After gaining access to the customer list, the threat actors impersonated Celsius Networks in phishing texts and emails that promoted a new Celsius Web Wallet. As an incentive to get people to visit the site, the text states Celsius is offering $500 in the CEL cryptocurrency if they create a wallet and enter a special promo code."
"Hey Celsians! Have you heard the news?! We're thrilled to share that the Celsius Web Wallet is officially live! Celsius is surpassing milestones faster than you can say 'Satoshi Nakomoto' - and it's all thanks to YOU! To celebrate the launch of our new web wallet, we're giving away $500 in CEL with the promo code WEBWALLET500 for a limited time only!"
"How to receive $500 CEL: (1) Create your Celsius Web Wallet by following the steps for the wallet create process. (2) Include your promo code WEBWALLET500 to claim $500 in CEL after completing registration. (3) Follow the step-by-step tutorial on how the Celsius Web Wallet works." "Tune in to our AMA tomorrow with Alex for a more detailed update on the milestone and a preview of other exciting news on the horizon."
"When you attempted to create this fake wallet, the site asked visitors to link their other online wallets and input those wallet's seed phrases. Once this seed phrase is provided, the threat actors can import your wallet and steal any cryptocurrency within it." "VirusTotal shows that the celsiuswallet[.]network phishing domain initially had a DNS SOA record that indicated it was registered at the Njalla registrar." "Njalla is a registrar located in Sweden that is a favorite for certain threat actors, such as the Fancy Bear and Cozy Bear Russian hacking groups."
"I’ll start with the most important news: all funds are safe. Our back-end systems remain fully secure and have not been breached. Customer funds and sensitive data are not affected nor connected to any front-facing or external communications platforms."
“I would like to reassure our community that Celsius remains fully secure and our own systems have not been breached in any way. Customer funds and sensitive data are safe within our back-end systems, and our security team has done an incredible job to identify the situation and very quickly notify the Celsius community with extreme urgency on the steps and precautions to be followed. This rapid response has helped minimize the impact to the Celsius community.”
"Our team is actively working to understand how the unauthorized party managed to gain access to the third-party email distribution system and the source of the list used to send fraudulent communications via SMS." "The team is still investigating how the hackers gained access to the phone numbers of Celsius’ clients, considering the security breach occurred with an email management system."
"We are checking with all of our third-party vendors and within other recent external/public data leaks to understand where this information came from and if third-party platforms have been vulnerable to any related incidents. We know that customers who had not registered an email or phone number with Celsius also received fraudulent messages to these contact details, thus we believe the data was collected from external data sources."
"It reinforces the importance of the message we have consistently delivered to our community members over the years. That is, all crypto assets delivered to Celsius remain completely secure, but with respect to any private wallets, always keep your private keys and passwords private and secure. Furthermore, we have always communicated to our customers and will continue to reinforce that Celsius will never ask for passwords, private keys, seed phrases and other confidential user credentials."
"In response to recent events, some members of the Celsius community had the inspiring idea to start a compensation fund to assist those who may have lost their crypto assets. We’re happy to share that we have set up the Celsians Care Fund under the following addresses to accept contributions."
"Despite the incident, the price of CEL is up nearly 1% in the past 24 hours and has gained 50% in the past fortnight. Cel last changed hands for $7.03, according to CoinGecko."
"If you want to help the @CelsiusNetwork community victims of the scam to give their Metamask & Ledger seed phrase we published BTC & ETH addresses in this update. Celsius will match all contributed funds to make sure we help the ones who need most help."
This exchange or platform is based in United States, or the incident targeted people primarily in United States.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| April 14th, 2021 1:48:00 PM MDT | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
When setting up a new wallet, always check to make sure you are using the official trusted website. Get the URL from multiple trusted third parties and only use the official URL in your sign-up. Never set up a wallet with a large balance in it, or import a wallet with a large balance into new software. Instead, perform a test with a smaller wallet before any transfer or upgrade. Store the majority of funds offline in cold storage, preferably protected by a multi-signature wallet. We propose that new crypto users should be given a short quiz to educate them prior to investing. Part of our framework has an industry insurance fund which could be available to help phishing victims.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ CoinMarketCap: No Breach Despite 3.1M Email Address Leak (Jan 25, 2022)
- ↑ 3 Million CoinMarketCap Email Addresses Have Leaked - Crypto Briefing (Jan 26, 2022)
- ↑ https://blog.celsius.network/celsius-security-notice-april-2021-154a587f7ca3 (Jan 30, 2022)
- ↑ @CelsiusNetwork Twitter (Jan 30, 2022)
- ↑ @CelSecurity Twitter (Jan 30, 2022)
- ↑ Celsians Care Fund & Loans Q&A - Celsius AMA (April 16th 2021) - YouTube (Jan 30, 2022)
- ↑ @Mashinsky Twitter (Jan 30, 2022)
- ↑ @CelsiusNetwork Twitter (Jan 30, 2022)
- ↑ @CelsiusNetwork Twitter (Jan 30, 2022)
- ↑ Celsius email system breach leads to phishing attack on customers (Jan 30, 2022)
- ↑ @UID_ Twitter (Jan 30, 2022)
- ↑ https://cyberintelmag.com/attacks-data-breaches/celsius-network-confirms-email-system-breach-phishing-attacks-on-customers/ (Jan 30, 2022)
- ↑ Celsius Network | Earn Crypto, Borrow Cash and Unbank Yourself (Jan 30, 2022)
- ↑ Is Celsius Network Safe To Put Your Money (Updated Dec'21 on BadgerDAO) (Jan 30, 2022)
- ↑ Celsius Data Breach – Phishing Claims More Victims (Jan 30, 2022)
- ↑ From The Ceo An Update On Celsius Security (Jan 30, 2022)
- ↑ Address: 1KBdR5jQ9unrGxevHnFdFwphpu1nS7AD6E | Blockchain Explorer (Jan 30, 2022)
- ↑ https://etherscan.io/address/0x7DBe022DcDef584E68bb5D75EfBac4BD3f4a53b7 (Jan 30, 2022)
- ↑ Celsius Email System Suffers Security Breach (Jan 30, 2022)
- ↑ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16, 2021)
- ↑ https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 21, 2021)
- ↑ https://etherscan.io/address/0x54BD1BaeB7b860119253f5bB56250F8aFb2a22c4#tokentxns (Jan 30, 2022)
- ↑ https://coinmarketcap.com/currencies/celsius/historical-data/ (Jan 30, 2022)
- ↑ Celsius Network - Wikipedia (Jan 30, 2022)
- ↑ Email server breach sees Celsians targeted by phishing attacks (Jan 30, 2022)
- ↑ About Us | Unbank Yourself (Jan 30, 2022)