Bitcoin Forum>Other>Archival
Pages:
Author

Topic: ㅤ (Read 274 times)

buwaytress
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
December 29, 2021, 11:52:00 AM
#22
Quote from: stompix on December 29, 2021, 05:13:13 AM
I think that just the names of the websites show one what side they are.
If poeple who are into bitcoin for years and specifically travelled to Salvador for this are coming up with titles like this:
https://bitcoinitaliapodcast.it/missione-el-salvador/day-02-the-problem-is-chivo
one might start to think that there is no conspiracy by the evil gubbermint and that actually the wallet sucks!

It was a rushed product that was ordered to be at the x date available and like every rushed product you find out months after the release about the bugs in it.

But let's look at the bright side, if poeple are losing money it's because they are using the wallet to buy coins, so at least we have poeple who want to buy BTC.

Can't imagine myself talking Salvador this often but yeah, Chivo WAS the problem before -- commented on it some time back, mainly because one had to question the multi-million dollar contract they got (I want to say won, but I don't think there was any bidding I could locate at the time).

We have easy, mature, solutions. But this was the one pushed down citizens' throats.

Like you said, though, I suppose if people really are buying BTC, least that's proof of concept (but really, did we need them to have a bad experience?).
stompix
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Re: ㅤ
December 29, 2021, 05:13:13 AM
#21
Quote from: Symmetrick on December 28, 2021, 05:05:06 AM
Again, a wave of negativity rained down on Chivo's wallet.

It's not a single wave it's a constant storm with every possible problem happening.
Rather than the wallet "stealing" user funds it's more like every bug that could be happening happens and it ends up with users losing money to nowhere, and every fix brings up something else.
 
Quote from: Poker Player on December 28, 2021, 05:18:55 AM
I guess this kind of news is being magnified by the detractors of Bukele and bitcoin,

https://decrypt.co/89275/bukele-has-not-responded-claims-bitcoin-vanishing-citizens-wallets-report
https://cointelegraph.com/news/some-salvadorans-claim-funds-are-missing-from-their-chivo-wallets
https://cryptodeadline.com/some-el-salvadorians-claim-that-part-of-their-money-was-lost-in-their-chivo-wallet/
https://bitcoinik.com/el-salvador-chivo-wallet-facing-technical-error-users-lose-funds/

I think that just the names of the websites show one what side they are.
If poeple who are into bitcoin for years and specifically travelled to Salvador for this are coming up with titles like this:
https://bitcoinitaliapodcast.it/missione-el-salvador/day-02-the-problem-is-chivo
one might start to think that there is no conspiracy by the evil gubbermint and that actually the wallet sucks!

It was a rushed product that was ordered to be at the x date available and like every rushed product you find out months after the release about the bugs in it.

But let's look at the bright side, if poeple are losing money it's because they are using the wallet to buy coins, so at least we have poeple who want to buy BTC.


witcher_sense
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
Re: ㅤ
December 29, 2021, 05:04:41 AM
#20
Quote from: Wind_FURY on December 29, 2021, 02:02:33 AM
But are the funds held in Bitcoin, and the transactions merely denominated in U.S. Dollars? It would be laughable for the hackers to steal only fiat and leave the real money behind. OR do Chivo users hold everything in fiat? Haha.

It is a well-known fact that the Chivo wallet is both a closed-source and custodial wallet, which means users of that wallet hold nothing literally and control no keys. Moreover, having no idea what is going on inside the wallet, they can't be sure if the funds (digits on a screen) are actually real until they ask permission from the government to buy something in Mcdonalds. Given that the government has full control over money sitting in someone's Chivo wallet, it theoretically can steal it selectively in order to finance its shady activities or acquire more bitcoin for its reserves.

According to this article, the Chivo wallet has serious issues with the interface, in particular, it doesn't show that a transaction or payment was successful, which causes "vendors to feel uncomfortable, possibly feeling scammed.” Also, users have to rely on Chivo's server to provide them with the history of transactions, they can't check it in a block explorer, for example. The server will obviously know that a particular user made a particular transaction, which is terrible for privacy.
goldkingcoiner
legendary
Activity: 2240
Merit: 1993
A Bitcoiner chooses. A slave obeys.
Re: ㅤ
December 29, 2021, 04:46:15 AM
#19
Quote from: o_e_l_e_o on December 29, 2021, 04:22:14 AM
Quote from: pooya87 on December 29, 2021, 01:42:59 AM
It looks like everyone is jumping to conclusion and are bashing the government (which may well be at fault) without inspecting each case to see what the real reasons were for the losses.
Look at any big centralized exchange and look at just how many hundreds or even thousands of complaints they have had from various users over the years.

I have yet to find a single centralized or decentralized exchange without at least a few people complaining about something which initially, was probably due to their own fault. I doubt there is any kind of business model without complainers.

If we see a lot of people complaining about the same thing, that becomes suspicious and worth looking into. Otherwise it's not really worth looking at. Roll Eyes
aoluain
legendary
Activity: 2436
Merit: 1362
Re: ㅤ
December 29, 2021, 04:33:57 AM
#18
Quote from: Poker Player on December 28, 2021, 05:18:55 AM
I saw the news the other day and I would like to think that with things like this people would learn the meaning of: "not your keys not your bitcoin" but I remain convinced that mass adoption is going to come with custodial wallets and El Salvador is a case in point.

I guess this kind of news is being magnified by the detractors of Bukele and bitcoin, but it doesn't seem like it is going to affect day to day life. Bukele is going to continue in his line, I guess the problems will be solved, even if it takes months, and the detractors will continue to look for anything to criticize politics regarding Bitcoin in El Salvador.



I agree with this.
My thinking is firstly why would "The Government" steal users funds from the wallets?
El Salvador wants and needs adoption and acceptance by the population.
Secondly, if there is a security flaw it could very well be used by both hackers and
those opposed to ES's Bitcoin move both internally in the country and externally outside
the country.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Re: ㅤ
December 29, 2021, 04:22:14 AM
#17
Quote from: pooya87 on December 29, 2021, 01:42:59 AM
It looks like everyone is jumping to conclusion and are bashing the government (which may well be at fault) without inspecting each case to see what the real reasons were for the losses.
Look at any big centralized exchange and look at just how many hundreds or even thousands of complaints they have had from various users over the years. Yes, the exchange was at fault for some of these issues, but most of the time it is the user who has done something stupid, reused weak passwords which have been breached elsewhere, used weak 2FA or no 2FA at all, been the victim of malware, stored seed phrases on email accounts, and so on. This app has essentially gone from nothing to 7 million potential users in the space of a few months. Even the biggest exchanges have never seen this kind of growth. It would be amazing if there weren't any cases such as these ones.

Quote from: Wind_FURY on December 29, 2021, 02:02:33 AM
But are the funds held in Bitcoin, and the transactions merely denominated in U.S. Dollars?
No. They are stored separately, and you can perform conversions between the two within the app itself. USD and Bitcoin payments also show up denominated in their respective currency, with blue icons for USD and orange for BTC. Take a look at the screenshots in this article for examples: https://techvodoo.com/chivo-wallet-for-windows-7-8-8-1-10-xp-vista-laptop/. The stolen payments above were definitely USD.
Wind_FURY
legendary
Activity: 2898
Merit: 1823
Re: ㅤ
December 29, 2021, 02:02:33 AM
#16
Quote from: o_e_l_e_o on December 28, 2021, 06:08:48 AM
There are two important things to note here. First of all, Chivo is both a BTC wallet and a USD wallet. Secondly, it appears to predominantly be USD which is being stolen, not BTC. Here are some tweets from affected users:

https://twitter.com/_elcomisionado_/status/1472326380620632064 - also shared by Ratimov above. Clearly shows USD transactions.
https://twitter.com/_elcomisionado_/status/1472326563605581824/photo/1 - shows debit card transactions.
https://twitter.com/_elcomisionado_/status/1472341221850845186/photo/1 - shows a USD transaction.
https://twitter.com/_elcomisionado_/status/1472385853234114560/photo/2 - shows a USD transaction.
https://twitter.com/_elcomisionado_/status/1472387061613137922/photo/1 - debit card transactions.
https://twitter.com/_elcomisionado_/status/1472759692468305921/photo/1 - USD transactions.
https://twitter.com/_elcomisionado_/status/1472768427458768901/photo/1 - USD transactions.

So yes, this is awful for the people affected, and it shows gross incompetence on the part of the Salvadoran government, but if anything, this is an argument for why you should not be trusting fiat banks or centralized services and instead be holding bitcoin, and holding bitcoin in your own wallet.


But are the funds held in Bitcoin, and the transactions merely denominated in U.S. Dollars? It would be laughable for the hackers to steal only fiat and leave the real money behind. OR do Chivo users hold everything in fiat? Haha.

Quote from: o_e_l_e_o on December 28, 2021, 07:05:43 AM
Quote from: DdmrDdmr on December 28, 2021, 06:31:15 AM
I wasn’t sure if Chivo Wallet used any kind of 2FA during the login process, and it does seem to. At least it requires you to provide your phone number, wait for an incoming code via SMS, and provide that alongside your pin at a later stage. Whilst it lacks a proper 2FA, there is something in place.
Completely useless, and provides a false sense of security.

There is absolutely no point having your 2FA on the same device as the app in question. An attacker no longer needs to compromise two factors to access your account - the compromise of a single thing (your phone, in this case) providers an attacker with access to both your app and your 2FA method, rendering the 2FA useless. Further, using SMS as a 2FA is also next to useless even if on a different device, since SMS messages are sent unencrypted, can be read by anyone along the way, and can be redirected to another device through a SIM swapping attack, which can be pulled off in under 5 minutes with no technical knowledge whatsoever.

Quote from: ?? on ??
But very possible (I am not sure) some people are the cause of their own coin lost due to online safety ignorance.
With a population of almost 7 million, it is completely predictable that there would be several hundred cases of people losing money. That's pretty standard for any custodial service, exchange, bank, app, etc.


Plus it’s not open source. There could be backdoors.

Quote from: hatshepsut93 on December 28, 2021, 02:01:16 PM
Quote from: Wind_FURY on December 28, 2021, 05:51:02 AM
That should be a big “DO NOT USE ME” sign for every user, but no one cares. It’s simply a lack of education, and the educated users never care to teach everyone because no one listens.

Is it also custodial? They will learn “not your keys, not your coins” the hard way.

When Chivo was first announced and rolled out, a lot of users were highly positive towards it, even despite its centralization, because everyone was happy to finally see some big adoption action, so everyone kinda ignored the centralization problem. IMO it should be a reminder for us that we shouldn't rely on government and centralized entities to make Bitcoin adoption happen, because they can so easily screw things up and only hurt the image of Bitcoin.


Some people want to learn the hard way.

Is anyone from El Salvador? You should educate your fellow users, https://bitcoin.org/en/choose-your-wallet?step=5
pooya87
legendary
Activity: 3472
Merit: 10611
Re: ㅤ
December 29, 2021, 01:42:59 AM
#15
Quote from: Charles-Tim on December 28, 2021, 07:04:07 AM
Some people take their security for granted and their wallet can be hacked, but this will all be blamed on the Chovo wallet.
We all know that people have been losing their funds for years using any kind of wallets. For example we have millions of dollars worth of bitcoin lost by lots of Electrum users; a well known, secure and open source wallet.
The fact that people have lost money in this brand new software shouldn't really come as a surprise. It looks like everyone is jumping to conclusion and are bashing the government (which may well be at fault) without inspecting each case to see what the real reasons were for the losses.

I think the best way to avoid this issue and any future ones is to start by making thesoftware open source. That way they can both reduce the cost of development and also significantly increase the security of their software in a short time.
so98nn
hero member
Activity: 2114
Merit: 603
Re: ㅤ
December 28, 2021, 02:30:56 PM
#14
Hmm, this is what happens when government tries to take control of decentralise transaction system. I always respect savador for their brave decision on running the infra of bitcoin throughout their country. However they must be prepared for such unattended calls because with the time huge number of peeps gonna use their services. Being the government project there is high chance that peeps will start trusting them very quickly and will also think that their money is way safer with the as compared to the private companies and crypto wallet where principle is not your keys not your bitcoin.

The amount of money that is wiped out is huge. I suspect a glitch in code or may be just lethargy of government. That’s all.
DaveF
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Re: ㅤ
December 28, 2021, 02:25:30 PM
#13
It's a few issues all rolled into one product. As others have said, it's closed source so you don't know what is going on. And the back end is also closed source / hidden so you don't know what they are doing at the server level. So at that point the 'not your keys, not your coins or USD' is 100% not important. They could give you your keys and whatever else it is that makes people feel safe, but without the ability to see what the app is doing with it, it's all 100% irrelevant. They could be taking your keys and sending them wherever.

That was issue #1 as other people have said.

Issue #2 is the fact that there is no real security, and all the '2fa' is happening on the device with the wallet.
Add in that there are so many people using it all at once, with vastly different knowledge of security and general ability of using tech and it's really surprising how few issues there seem to be.

But having the government give the appearance of no support, not talking about it is not good. They don't know if it's user error or something wrong with the app or?Huh?

Also, lets be honest how many times have we heard about a spouse / significant other emptying out their partners accounts. Or having someone having someone they thought could be trusted steal.

-Dave
hatshepsut93
legendary
Activity: 3024
Merit: 2148
Re: ㅤ
December 28, 2021, 02:01:16 PM
#12
Quote from: Wind_FURY on December 28, 2021, 05:51:02 AM
That should be a big “DO NOT USE ME” sign for every user, but no one cares. It’s simply a lack of education, and the educated users never care to teach everyone because no one listens.

Is it also custodial? They will learn “not your keys, not your coins” the hard way.

When Chivo was first announced and rolled out, a lot of users were highly positive towards it, even despite its centralization, because everyone was happy to finally see some big adoption action, so everyone kinda ignored the centralization problem. IMO it should be a reminder for us that we shouldn't rely on government and centralized entities to make Bitcoin adoption happen, because they can so easily screw things up and only hurt the image of Bitcoin.
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: ㅤ
December 28, 2021, 01:42:01 PM
#11
This is what happens when you allow any government to control you wallet and funds, so I am not surprised if this really happened, but it's possible that people made their own mistakes with transactions.
I would never keep Bitcoin in Chivo or any other custodial wallet if I was in El Salvador, and I would transfer it to some other open source non custodial wallet.
Like o_e_l_e_o said, only thing that is missing from wallet accounts of this people is US dollars and this could easily be hacked, I don't think 2FA or anything else would help in this case.
Interesting that most cases are round numbers missing like $800, $900, $3000, etc... and all this will only give more support to Bukele opposition to hate Bitcoin even more.  Tongue
titular
sr. member
Activity: 287
Merit: 368
"Stop using proprietary software."
Re: ㅤ
December 28, 2021, 01:23:40 PM
#10
Simply having a self custodial wallet would fix this issue immediately. The mere fact that the wallet is not open source should catch people's eyes.

The sad fact is they could be stealing money, but the only people that would know are the developers of Chivo. I wonder if those Bitcoin Beach folks educated the masses on the importance of self-custodianship.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Re: ㅤ
December 28, 2021, 07:05:43 AM
#9
Quote from: DdmrDdmr on December 28, 2021, 06:31:15 AM
I wasn’t sure if Chivo Wallet used any kind of 2FA during the login process, and it does seem to. At least it requires you to provide your phone number, wait for an incoming code via SMS, and provide that alongside your pin at a later stage. Whilst it lacks a proper 2FA, there is something in place.
Completely useless, and provides a false sense of security.

There is absolutely no point having your 2FA on the same device as the app in question. An attacker no longer needs to compromise two factors to access your account - the compromise of a single thing (your phone, in this case) providers an attacker with access to both your app and your 2FA method, rendering the 2FA useless. Further, using SMS as a 2FA is also next to useless even if on a different device, since SMS messages are sent unencrypted, can be read by anyone along the way, and can be redirected to another device through a SIM swapping attack, which can be pulled off in under 5 minutes with no technical knowledge whatsoever.

Quote from: ?? on ??
But very possible (I am not sure) some people are the cause of their own coin lost due to online safety ignorance.
With a population of almost 7 million, it is completely predictable that there would be several hundred cases of people losing money. That's pretty standard for any custodial service, exchange, bank, app, etc.
davis196
hero member
Activity: 3150
Merit: 937
Re: ㅤ
December 28, 2021, 07:04:17 AM
#8
Problems like these will occur always,it doesn't matter if we are talking about a fiat service or a crypto service.
There will always be users complaining about stolen funds,missing transactions or hacked wallet accounts.
Sometimes it's the user's fault,sometimes the centralized service gets exploited by hackers.
I really don't believe that the government of El Salvador will try to steal funds from the Chivo wallet users.
This is what you get,when you have Bitcoin adoption,which is being forced by the government,without enough proper online security education among the people.
I hope that those problems with the Chivo app will be solved and more people will start using BTC without this app in El Salvador.
 
Charles-Tim
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Re: ㅤ
December 28, 2021, 07:04:07 AM
#7
From the first tweet, I believe money wouldn't be used to refer to bitcoin (although bitcoin is money), money would likely be used by most El Salvadorians to refer to USD.

Quote from: Poker Player on December 28, 2021, 05:18:55 AM
I saw the news the other day and I would like to think that with things like this people would learn the meaning of: "not your keys not your bitcoin" but I remain convinced that mass adoption is going to come with custodial wallets and El Salvador is a case in point.
'Not your key not your bitcoin' is a very valid statement but how about someone making use of noncustododial wallet but his wallet gotten hacked all because he is not careful and privacy oriented. What if this is also the case? Some people take their security for granted and their wallet can be hacked, but this will all be blamed on the Chovo wallet.

Quote from: Obito on December 28, 2021, 05:38:43 AM
This will be a problem though as it's going to be causing a rift between people and their belief on the potential of bitcoin, pretty sure that no one here wants their funds lost for not reason. I still believe in the mass adoption but I think that it's going to get a bit delayed with this problem.
This will really discouraged some El Salvadorians not to make use of the wallet, but if truly the coin disappeared, this would later be known. If the wallet is having a kind of bug or exploit, this would be later known. But likely some people are the cause of their own coin lost due to online safety ignorance.
DdmrDdmr
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Re: ㅤ
December 28, 2021, 06:31:15 AM
#6
I wasn’t sure if Chivo Wallet used any kind of 2FA during the login process, and it does seem to. At least it requires you to provide your phone number, wait for an incoming code via SMS, and provide that alongside your pin at a later stage. Whilst it lacks a proper 2FA, there is something in place.

That leads to trying to hypothesise on the nature of these cases. Some of them could be cases of sim swapping, but that would render their current sim card normally unoperational, and I haven’t read that in the reported cases. You’d then move on to think that the system has some important bugs, and drafted from the account it shouldn’t during sparse TXs in time, or that there’s some kind of intended or unintended backdoor that allows for a malicious actor to act rouge. Many of the TXs shown do seem to involve amounts that are non-depreciable, even highish for the country.

Of course there’s no real way to know the root cause, and they should really be looked into, and not left on ignore as is seemingly happening from what the people comment on the Twitter thread.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18711
Re: ㅤ
December 28, 2021, 06:08:48 AM
#5
There are two important things to note here. First of all, Chivo is both a BTC wallet and a USD wallet. Secondly, it appears to predominantly be USD which is being stolen, not BTC. Here are some tweets from affected users:

https://twitter.com/_elcomisionado_/status/1472326380620632064 - also shared by Ratimov above. Clearly shows USD transactions.
https://twitter.com/_elcomisionado_/status/1472326563605581824/photo/1 - shows debit card transactions.
https://twitter.com/_elcomisionado_/status/1472341221850845186/photo/1 - shows a USD transaction.
https://twitter.com/_elcomisionado_/status/1472385853234114560/photo/2 - shows a USD transaction.
https://twitter.com/_elcomisionado_/status/1472387061613137922/photo/1 - debit card transactions.
https://twitter.com/_elcomisionado_/status/1472759692468305921/photo/1 - USD transactions.
https://twitter.com/_elcomisionado_/status/1472768427458768901/photo/1 - USD transactions.

So yes, this is awful for the people affected, and it shows gross incompetence on the part of the Salvadoran government, but if anything, this is an argument for why you should not be trusting fiat banks or centralized services and instead be holding bitcoin, and holding bitcoin in your own wallet.
Wind_FURY
legendary
Activity: 2898
Merit: 1823
Re: ㅤ
December 28, 2021, 05:51:02 AM
#4
Quote

Chivo wallet is not open-source


That should be a big “DO NOT USE ME” sign for every user, but no one cares. It’s simply a lack of education, and the educated users never care to teach everyone because no one listens.

Is it also custodial? They will learn “not your keys, not your coins” the hard way.
Obito
sr. member
Activity: 1274
Merit: 293
Re: ㅤ
December 28, 2021, 05:38:43 AM
#3
Quote from: Poker Player on December 28, 2021, 05:18:55 AM
I saw the news the other day and I would like to think that with things like this people would learn the meaning of: "not your keys not your bitcoin" but I remain convinced that mass adoption is going to come with custodial wallets and El Salvador is a case in point.
This will be a problem though as it's going to be causing a rift between people and their belief on the potential of bitcoin, pretty sure that no one here wants their funds lost for not reason. I still believe in the mass adoption but I think that it's going to get a bit delayed with this problem.
Pages:
Bitcoin Forum>Other>Archival
Jump to: