Questo attacco mette in evidenza quello che dico da anni: una 2-factor authentication che si appoggia a un singolo device dipende dalla sicurezza del device. Cioè è insicura. Non riguarda solo i wallet bitcoin: dovrebbero prenderne atto soprattutto le banche, che spingono app mobile e 2FA *sullo stesso device mobile*. Chi ha il controllo del device fa quello che vuole... <https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of...> I lost north of $100,000 last Wednesday. It evaporated over a 24-hour time span in a “SIM port attack” that drained my Coinbase account. It has been four days since the incident and I’m gutted. I have zero appetite; my sleep is restless; I am awash in feelings of anxiety, remorse, and embarrassment. This was the single most expensive lesson of my life and I want to share my experience + lessons learned with as many people as possible. My goal is to increase awareness about these types of attacks and to motivate you to increase the security of your online identity. This is still very raw (I haven’t even told my family yet); please reserve judgement with regards to the naive security practices laid out in this post. Details Of The Attack You might be asking yourself, what exactly is a “SIM port attack”? In order to describe the attack, let’s examine a typical online identity. The diagram below should look familiar to most people. [...]