Topic: A bad practice that cost a friend everything. - page 2. (Read 323 times)

Victim of bad circumstance I guess.
You don't blame the developers for allowing you to take screenshot of your seed phrase and private keys. I think some of them even need permission to have access to your phone screenshot before the app can work to take a screenshot. If you take a screenshot, it's because you give them the permission from your phone, there is a setting for that to disable screenshot for some apps or even more permission on how you allow some apps to have access to your files and gallery.

Always follow good practice of keeping seed phrase in good place, there is no good thing in keeping wallet seed phrase in gallery especially if you have a phone that is good in camera, your mate will always want to borrow them to take pictures. They can use this to steal anything important from the phone.

Never back up your keys online or use encryption as a justification for doing so. Multiple proven and reliable methods exist for backing up your keys. Please make use of them. Moreover it's strongly recommended not to fragment the 24 words like hiding them separately or obscure individual words within a book's pages. In the first case your bitcoins may be at risk of theft by hackers exploiting online apps you may have downloaded, while in the second scenario accidental loss becomes a real possibility. In both situations the responsibility of loss rests with the owner for disregarding the guidance provided by wallet security experts.

How it's possible in the first place? few months ago I tried to take a screenshot of my wallet's back up, but I can't and received a warning message. Although there are a lot wallets out there and not every wallet have a same security.

Remember it's not only about screenshot, it also depends on how many apps you installed, downloaded file you run in the background, etc etc.

They think it is safe or they think that they will send those screenshots to their PCs, download them on PCs and store there BUT likely they did not delete screenshot files on their mobile devices.

I know even delete them in a simple way will not erase all data on your mobile devices but at least that step can save you a little bit.

An ultimate prevention is better than this. Don't screenshot sensitive data like wallet seeds, passwords and so on.

I guess there is a saying or famous quote that when you use something for free, you are the product. Indeed, the developers look for some kind of benefits from its users. They do not work for free. Even if it looks like free, the reality is it is not free. Either they collecting your personal information from your phone, or they are showing ads in your device when you use the app.

I am not saying all developers do that, but I believe most of them does. Mobile device has never been friendly for crypto users. Mobile users gives all the permission during the installation without checking what access they have gained in your device.

People don't read these warnings or take them seriously until something happens to them. Some people think that nothing can happen to them, mistakenly thinking that a photo taken from a phone will remain only on the phone. But it has already been written many times that all photos are scanned both on the iPhone and on the smartphone. We will pretend that we believe that nothing is stolen, although such promises are not at all worth believing. Developers, not only of wallet software but also of applications that sometimes seem far from crypto, can do anything after gaining access to the gadget. Of course, for many people, having multiple devices can be an expensive pleasure, but even more so, you should take care and understand how expensive an innocent and thoughtless installation of a completely unnecessary application or clicking on someone else’s link will be.

It is a bad practice for someone to create their main crypto wallet on a smartphone, because even when you avoid one trap, another is almost certainly waiting for you, it's just a matter of time. If, for example, OP's friend had avoided taking a sample of his screen and saving it on his device, he might have saved his seed in the cloud, e-mail and something similar - and what about keyloggers or clipboard malware?

If we also take into account that the majority of smartphone users attach very little importance to their security, it is more than clear that they are exposed to numerous risks.

The way to protect yourself is to only download applications that have been available for a long time and have good reviews, and to be careful what permissions you give them when installing them. You should also take into account that your smartphone regularly receives security and critical patches, which means that the same phone is not older than 3-4 years, considering that then it will most likely not have official support.

Take your wallet security seriously like your life depends on it is understatement because your life actually depends on it. It's your asset and your asset is your future. You might guess right by thinking that the screenshot is the reason but did you check to confirm as to whether he grants those photo apps access permission to file? Taking Screenshot of seed phrase is actually wrong in all ramifications but I want us to be sure of what happened before we accuse the app developers. Something might be more to that.

Having Screenshot image on the phone means that anyone that has access to his phone also have access to his wallet if by any chance they come across those images. My point is this, it might not be app developers but probably a close friend or even family members who knows. Anyone who's into crypto knows a seedphrase when they sees one and can take advantage. Just like other comments above mine, I don't think Binance can really help in this case neither. This is a bitter experience for your friend, lesson learned in a hard way.

Two of my friend also click screenshots to save any sensitive info or if they are on pc, they write in notepad. Aside from security, I find such saved stuff hard to restore when you change device. Argument they give is that it's easy and they don't have that many funds to lose, same argument is given for privacy related matters as well.

Thats probably what happened there. Some apps really are suspicious no matter how helpful it is. If this proven true, will the developer of the app held liable for the stolen eth? Maybe they will say its an assumption since there is no evidence from the one who got loss unless he ca prove the app functionality that it can access the phones images.

Aside the screenshots on the phone of your friend I think he didn’t also create the wallet offline or even use it offline. My reasons are; phones are hardly the best device to use for offline wallet creation because there is a point probably before the time of creation that the phone must have had a connection with the internet before and this defeats the purpose of wallet creation on offline device because the wallet should never have been offline.

Another thing is not just creating the wallet offline also but it shouldn’t be on a device which is comes online except it is a watch only wallet which doesn’t hold the private key or seed of the wallet and we know phones one way or the other comes online when we use they for general purposes. Also maybe during the signing of transactions your friend made a mistake that also comes online. That’s why it is advisable to use hardware when you have limited knowledge about how to set up and use offline wallet


Yes OP needs to help us with the wallet name so that others can be aware because most popular Alticoin wallets mostly the MetaMask for Ethereum doesn’t allow the use of screenshots and neither does trust wallet


I strongly doubt Binance can help, exchanges only reveal identity or reverse deposits to senders address only when a standard warrant is presented by security agency and that is if they are under that countries regulations. The reverse your funds when you engage in the in app P2P and one turns out to be a scammer

From being taught to write down seed words to screenshot it, it is a very big different in practice. You did not make any fault in your advice to your friend but perhaps you can do it better next time to other friends.

"Write down your seed, store it offline physically. Don't make screenshot and store it in a device you use Internet daily because it is like storing your seed backup online."

Tell your friends to read this guide.
How to back up a seed phrase?.

I am not familiar with Ethereum, tokens or Altcoins generally, what wallet was the person using, because i know that good wallet softwares for hodling Bitcoin do disable taking screenshots of your seed phrase.
Definitely not a shrewd scammer for sending the funds to Binance, but mind you that some of these scammers use fake (bought) accounts even on KYC exchanges. BTW, i doubt Binance would even be of help to you here, how much was lost?

Cloud is not safe, computer or phone connected (at any time, even briefly) are also not safe. This is written all over the place, nothing new under the sun, still, people tend to ignore that.
And especially if the theft doesn't happen in the first few hours or days after the seed reaches the internet, people will may not consider it the culprit.

So a warning like this (although, as I said, it's not new) is welcome now and then in B&H. (PS. I've made your text red in my quote to make it stand out even more, I hope it's ok)

A friend lost all his Ethereum and tokens two days ago and it came to my attention, this is someone who I shared some tips about crypto wallets with some past months ago, I made sure he generate the new wallet offline and he wrote his recovery seed down, though I was not there with him, we are having the conversation online.

So I was like how the hell he managed to lost his recovery seed to hackers or scammers, he started swearing that he is damn sure he did nothing wrong, and we meet today, looking into his phone and my mind was on the phone, thinking maybe he rooted the phone or something, then I stumbled on his recovery seed been screenshot, that was when I knew he messed up.

He have some picture apps on his phone for meme creations and picture filtering apps, one of this apps have access to his library, including all his photos, and I believe the app scooped the image screenshot, maybe the developer of the app happen to stumble on the picture and decide to steal the fund.

The funds were moved to Binance exchange and sold, we are now hoping that Binance help in this case because he filed complain to them and hopefully the scammer already KYCed on Binance exchange.

Now I am starting to believe that some app creators are intentionally creating useful apps for people to use only to gain access into their files and pictures, this is why when apps ask for some access on my phone I always block them.

This is new to me, but let's take this serious, some stupid crypto wallets still allow taking screenshots, it's wrong, this should be a RED FLAG when installing a crypto wallet on your phone, and as for you and everyone it's a stupid idea to take screenshot of your recovery seed.

Do not be like those average users, take your wallet security very seriously like your life depends on it.

Stop taking screenshot of your recovery seeds, it's basically you storing it online for someone else to see.