Crypto is the darkest of dark forests: hacks, security incidents, and scams are commonplace. Crypto security is a high-stakes game; minor lapses in security can easily lead to loss of funds. Every Monday, check in on the Activity Feed for a curated list from Delphi Labs and Delphi Research on security-related events you should know about. Stay aware, and stay safe.

May 15th to the 22nd

• Google’s .zip domain potentially creates a new avenue for convincing phishing attempts. Exercise extreme caution if you receive investment deck PDFs or other links from unverified sources.

• Ledger recently shocked the crypto community by announcing their Ledger Recovery service. The service splits the private key into shards and stores it with third parties. Users can recover the keys if they sign up for the service with a government-issued ID. This caused a minor stir. Ledger suggested that private keys could leave the device. Although probably not of immediate concern for Ledger users, I recommend following this to see if more information is forthcoming and if switching wallets is recommended.
  
• OnRampBitcoin claims more than $120B lost in crypto hacks and custody issues, with Japanese users being the most common victims.
• Security researchers disclosed a Telegram exploit that could’ve allowed attackers to take control of a connected device’s camera. Telegram denies any users were at risk and claims the issue has more to do with Apple permissions than any flaws in Telegram itself.
  
• Trend Micro and Tech Crunch both released reports claiming that millions of lower-end Android devices (including phones) are coming pre-loaded with malware.