2 Security Precautions for Celsius Users
|By Chris Coney
As you may be aware, Celsius (CEL, Tech/Adoption Grade “C-”) filed for Chapter 11 bankruptcy protection in the U.S. Bankruptcy Court for the Southern District of New York on July 13.
These proceedings are ongoing, and several hearings have been held, which can be found on public record here.
As a creditor in the CEL case, I have personally lost one-third of the Ethereum (ETH, Tech/Adoption Grade “A-”) I was holding at the time of their filing.
And in case you’re a creditor as well, I want to bring a recent development in the Celsius insolvency proceedings to your attention.
As is normally the case for legal proceedings of this nature, court documents are filed and made public for the sake of transparency and accountability.
However, this feature unfortunately may lead to some potential harm to Celsius users.
A recent filing to court was made consisting of around 14,000 pages of documentation … which included a statement of assets and liabilities that names CEL users who had an account balance (and therefore a claim) at the point of the bankruptcy filing.
While Celsius management managed to redact street addresses from these documents, the court decided to publicly release a version displaying full names and the amount of the claim.
Translation: If you’re a Celsius creditor, there’s now a public record with your name on it and the amount of crypto you had in your CEL account when they filed for bankruptcy protection in July.
These financial statements also include details of blockchain transaction IDs and wallet addresses.
And the same goes for all Celsius users who had a balance on that date.
2 Suggested Security Precautions
In this situation, there are two issues to address:
- The public declaration of names and
- The revealing of blockchain wallet addresses.
The public declaration of names and balances introduces potential harm because it gives would-be attackers an idea of the net worth of those individuals, making them a potential target for criminals.
On that front, the first security precaution all Celsius creditors should take is to be on hyperalert for social engineering attacks.
That’s when someone contacts you pretending to be from the court or involved with the Celsius case in order to gain access to your account.
The accuracy of the information now publicly available would be enough to convince some that the person contacting them was legitimate.
Don’t fall for it.
No one from Celsius or the court is going to contact you directly.
The only information that is reliable in terms of what we need to do to get our money back will be available on this website.
Now onto the second issue.
Crypto transactions are deemed pseudonymous, meaning they’re anonymous unless you associate them with a personal identity — like me posting my Bitcoin (BTC, Tech/Adoption Grade “A-”) address on Twitter (TWTR).
Those actions then link a blockchain address with a real person.
The potential harm that comes from this is that anyone can now publicly monitor what flows in and out of that wallet address while knowing exactly who that individual is.
If you ever deposited or withdrew funds to Celsius from an exchange like Coinbase (COIN) or Kraken, it also means that someone could potentially monitor inflows and outflows from your exchange account.
And it’s why the second security precaution is to stop using those addresses and generate new ones.
With most exchanges and crypto wallets, this is easy to do as there is often a “generate new address” feature.
Ethereum wallets don’t quite work like that, though, so it does mean going through a manual process of creating a new address.
But before taking any action, take your time to think this through: If you just generate a new address and then transfer your assets from the compromised address, you have immediately created a public relationship between those two addresses.
That puts you back at square one.
In order to obtain the list of addresses I need to change, I have registered for an account with Public Access to Court Electronic Records, which is the public access to the court electronic records system.
I’m now in a 10-day waiting period for them to activate my account.
If you wish to obtain a list of your wallet addresses that may have been compromised, you may choose to do the same.
For the time being, it’s also possible to log into your Celsius account via the web, inspect your transactions log and obtain the addresses used to deposit and withdraw funds.
This may prove easier, but the court documents are still accessible if you wish to see what’s on public record.
There are a couple of community-built tools I’ve come across that you can use to check your status quickly.
The first one will tell you what the court documents say your account balance at Celsius was in the recently submitted financial statements.
Just go to this site and enter the legal name exactly as it appears in the top-right corner of the screen when you log in to your Celsius account via the web (not mobile).
The second one allows you to enter any crypto wallet address you may have, and it will tell you whether it has been doxxed.
Doxxing happens when an individual’s private data is publicly revealed on the internet, usually with malicious intent.
But when using this free tool, please note its limitations that are listed at the bottom of their website.
Although this event may seem inconvenient, in most bankruptcy cases, creditors must be identifiable to make a claim on the assets of the company filing.
So, while the transparency of court proceedings is important and done with the best intentions, it can sometimes lead to repercussions.
That’s why it’s prudent to shore up your security and remain vigilant.
But that’s all I’ve got for you today. Let me know what you thought of these security tips by tweeting @WeissCrypto.
I’ll be back next week with another update, so stay tuned.