Bitcoin wallet users, have you ever?

taufik123

legendary

Activity: 2464

Merit: 1703

airbet.io

Quote from: virasog on April 23, 2023, 12:42:57 AM

This is a misconception that Electrum on Andrion is vulnerable. Having fewer features on a Android version does not make it risky. You can download and use Electrum on your Android phone with full confidence. However, the desktop version of Electrum has not only more features but it is more user friendly and easy to use.

About the security of a Bitcoin wallet on android also depends on how the user is.
Nothing will be safe even a desktop electrum wallet if the user is not concerned about the security of their device and is not aware of some malware that will enter from various loopholes generated by the user.

Quote from: virasog on April 23, 2023, 12:42:57 AM

If you are familiar with the desktop Electrum version, you may not be comfortable with the Android version. Personally, I have installed Electrum in my phone but never used it only because I do not like its interface.

Regarding the features of the Electrum wallet on Android, currently the android electrum wallet is also getting more features and a full overhaul of the user interface makes the Android electrum wallet more comfortable to use and more responsive.

The interface used to look more rigid, but for the Electrum 4.4.0 update version, it gives a new feel and a more dynamic look.
Very different from the previous appearance.

https://play.google.com/store/apps/details?id=org.electrum.electrum&hl=id&gl=US

#Release 4.4.0 (April 18, 2023)

Code:

* New Android app, using QML instead of Kivy
   - Using Qt 5.15.7, PyQt 5.15.9
   - This release still on python3.8
   - Feature parity with Kivy
   - Android Back button used throughout, for cancel/close/back
   - Note: two topbar menus; tap wallet name for wallet menu, tap
   network orb for application menu
   - Note: long-press Receive/Send for list of payment requests/invoices
* Qt GUI improvements
   - New onchain transaction creation flow, with configurable preview
   - Various options have been moved to toolbars, where their effect
   can be more directly observed.
* Privacy features:
   - lightning: support for option scid_alias.
   - Qt GUI: UTXO privacy analysis: this dialog displays all the
   wallet transactions that are either parent of a UTXO, or can be
   related to it through address reuse (Note that in the case of
   address reuse, it does not display children transactions.)
   - Coins tab: New menu that lets users easily spend a selection
   of UTXOs into a new channel, or into a submarine swap (Qt GUI).
* Internal:
   - Lightning invoices are regenerated everytime routing hints are
   deprecated due to liquidity changes.
   - Script descriptors are used internally to sign transactions.

https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

virasog

legendary

Activity: 2954

Merit: 1159

Quote from: bettercrypto on March 21, 2023, 06:19:04 PM

Quote from: hosseinimr93 on February 15, 2023, 03:32:28 AM

Quote from: gunhell16 on February 15, 2023, 02:23:26 AM

Electrum in android apps seems to have a high-risk level, right?

Some features of the desktop version of electrum aren't available on the android version, but that doesn't mean the android version of electrum isn't secure enough.
If you use electrum on android, the security of your fund depends on the security of your device. Electrum itself is secure and if it used properly, there is no risk.
Take note that any online device is prone to hacking.

Agreed, this is the exact answer in terms of using electrum. Your clarification in Electrum explaining that it is not Electrum itself that has the problem but rather the use of the wrong one that opens the way for hackers is dangerous because the device is open to risks.

Because of that, if the application of Electrum itself is dangerous on a mobile device, we probably shouldn't see it on the android phone to download it, but that's not the case, instead, it can be downloaded on our phone devices anytime.

This is a misconception that Electrum on Andrion is vulnerable. Having fewer features on a Android version does not make it risky. You can download and use Electrum on your Android phone with full confidence. However, the desktop version of Electrum has not only more features but it is more user friendly and easy to use.

If you are familiar with the desktop Electrum version, you may not be comfortable with the Android version. Personally, I have installed Electrum in my phone but never used it only because I do not like its interface.

bettercrypto

sr. member

Activity: 1316

Merit: 268

★Bitvest.io★ Play Plinko or Invest!

Quote from: hosseinimr93 on February 15, 2023, 03:32:28 AM

Quote from: gunhell16 on February 15, 2023, 02:23:26 AM

Electrum in android apps seems to have a high-risk level, right?

Some features of the desktop version of electrum aren't available on the android version, but that doesn't mean the android version of electrum isn't secure enough.
If you use electrum on android, the security of your fund depends on the security of your device. Electrum itself is secure and if it used properly, there is no risk.
Take note that any online device is prone to hacking.

Agreed, this is the exact answer in terms of using electrum. Your clarification in Electrum explaining that it is not Electrum itself that has the problem but rather the use of the wrong one that opens the way for hackers is dangerous because the device is open to risks.

Because of that, if the application of Electrum itself is dangerous on a mobile device, we probably shouldn't see it on the android phone to download it, but that's not the case, instead, it can be downloaded on our phone devices anytime.

Ben Barubal

member

Activity: 476

Merit: 16

Eloncoin.org - Mars, here we come!

Quote

1. Is there any way to generate bitcoin address offline without internet help?

Of course it can be done even without internet, I have done it several times with my friend. Then here in my local community there is a convenience store where you can buy Bitcoin and other merchants here as well.

Quote

2. Since Bitcoin launched is there any wallet that supports automatic Bitcoin gas fee editing right from your android or IOS machine?

What I know is that in Electrum, you can adjust the gas fee if you want it fast, just increase the fee or reduce it if you want cheap.

Quote

3. Do high gas fees mean faster bitcoin wallet transfers?

Yes

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Saint-loup on March 09, 2023, 07:38:11 PM

I don't disagree with you on some points, and it is more complicated to use compared to traditional fiat methods. Using PGP apps and verifying signatures isn't rocket science, and we shouldn't make it look like it is. You learn it after a 2 min video and then you know it.

I had no need to verify the digital signatures of anything either before I got into bitcoin. Now I know it and my life isn't any more difficult because I use a new piece of software and click a few buttons every couple of months. Basic IT literacy won't do you any harm in the 21st century, and it's expected that you know some things or know how to find the information you need.

Saint-loup

legendary

Activity: 2590

Merit: 2348

Quote from: Pmalek on March 09, 2023, 02:36:52 PM

Quote from: Saint-loup on March 09, 2023, 12:30:38 PM

<>

Electrum doesn't operate the servers that displayed those messages and attempted to phish people. Individual users did. I can operate a legitimate server and you can operate a malicious one using the same software client. Those kind of messages can no longer be sent, but I am just saying.

My client broadcasts transactions normally > You configured yours with other motives.
If people who connected to malicious servers paid attention to the what they downloaded, installed, and from where, no money would be lost. If the signatures were verified, they would notice something was off.

Well initially the discussion was about the safety of the Android version vs the desktop one. But now I really wonder how Bitcoin could be widely adopted if people using it need to be IT professionals to avoid being scammed or robbed. How many people on earth know PGP, and know how to check a signature with it? The average Joe will never choose Bitcoin over fiat money if he can't even fully trust error messages from the wallet he is using. Bitcoin is already risky because it's a highly volatile asset, it doesn't need to be also risky when we are using it. Victims shouldn't always be blamed, softwares need to be adapted to users first, not the opposite.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Saint-loup on March 09, 2023, 12:30:38 PM

<>

Electrum doesn't operate the servers that displayed those messages and attempted to phish people. Individual users did. I can operate a legitimate server and you can operate a malicious one using the same software client. Those kind of messages can no longer be sent, but I am just saying.

My client broadcasts transactions normally > You configured yours with other motives.
If people who connected to malicious servers paid attention to the what they downloaded, installed, and from where, no money would be lost. If the signatures were verified, they would notice something was off.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Saint-loup on March 09, 2023, 12:30:38 PM

So how would you call that?
---
This is more serious than a common phishing attack for me.

I would call it a vulnerability that was found and used by bad people (and they still use it today), in order to deceive Electrum users in a very vile way and convince them that the message they saw was legitimate. Certainly part of the responsibility lies with those who developed Electrum and who did not notice it in time, but also with every Electrum user who was not guided by the basics that say - download - verify - install.

Quote from: hosseinimr93 on February 03, 2023, 02:57:03 AM

~snip~
As already said, there is no gas fee in bitcoin. The transaction in question took a long to be confirmed, because it used a low fee rate.

Some are apparently so deeply immersed in altcoins that they can't even call things by their right names...

Saint-loup

legendary

Activity: 2590

Merit: 2348

Quote from: Pmalek on February 18, 2023, 05:09:58 AM

Quote from: Saint-loup on February 15, 2023, 09:30:35 AM

You're wrong actually, I've never heard of a massive hack of the Android version while the desktop version has undergone an attack during several years causing many people to lose their funds because of it unfortunately.

Sad and avoidable? Yes. Was it a hack? No. Electrum allowed the people operating servers to send messages to those connected to them. That feature was abused to trick people into downloading fake software. You lost your coins if you used the fake software. Nothing happened to people that didn't use the fake apps. Hence, it's not a hack.

Imagine if theymos allowed Bitcointalk members to post random messages in a new chat feature or a notification bar at the top of the forum. If someone posts a link to an official Bitcointalk mobile app ver. 1.0, and 50 users download it and lose access to their Bitcointalk accounts, that's not a forum hack.

So how would you call that? A sad and avoidable but normal behavior for a software wallet? I disagree with you because here the messages were error messages displayed by Electrum software on the computer of the victims, after victims have broadcasted transactions, moreover the transactions were rejected by the servers. So we are not talking about random messages displayed on a random website or a forum here. We are talking about a weakness of a software exploited by malicious people. This is more serious than a common phishing attack for me.

https://github.com/spesmilo/electrum/issues/4968

aylabadia05

hero member

Activity: 1470

Merit: 755

Quote from: hosseinimr93 on February 28, 2023, 05:35:46 PM

Quote from: aylabadia05 on February 28, 2023, 02:43:25 PM

The process of using Trust Wallet on mobile to send Bitcoin is probably much easier as far as I'm concerned even though the fees are set automatically.

Due to obvious reasons, I don't like trustwallet and I wouldn't recommend anyone to use trustwallet, ...

For fear of being misinterpreted, I don't want to say so even though I indirectly also have the same views and principles as you regarding Trust Wallet related to Bitcoin assets.
Regarding the storage of Bitcoin assets, I do not want to experience things that can make me careless even though I have been using Trust Wallet for a long time.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: aylabadia05 on February 28, 2023, 02:43:25 PM

The process of using Trust Wallet on mobile to send Bitcoin is probably much easier as far as I'm concerned even though the fees are set automatically.

Due to obvious reasons, I don't like trustwallet and I wouldn't recommend anyone to use trustwallet, but it may worth mentioning that trustwallet allows users to set the fee rate manually.
To set the fee rate manually on trustwallet, you can tap on "Setting" button at top right corner of the screen before confirming your transaction details.

aylabadia05

hero member

Activity: 1470

Merit: 755

Quote from: KiaKia on February 03, 2023, 02:44:36 AM

2. I am using Trust wallet and whatever transaction fee been asked of me when sending bitcoin is what I have to go with, though it's not very high but it feels suck not to edit yourself.

In addition to Electrum, Blue Wallet is also available to set the fee amount by pressing the costum button if the slow, medium, fast options are not desired by the user as shown in the image below.

Example of setting up a Bitcoin transfer using the Blue Wallet App

The process of using Trust Wallet on mobile to send Bitcoin is probably much easier as far as I'm concerned even though the fees are set automatically.
If it is just a transaction, Trust Wallet can be used. For storing Bitcoin, choose an open-source wallet to be more secure.

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Quote from: joniboini on February 21, 2023, 10:31:16 AM

I believe most developers already give notifications/alerts about fake apps, whether it is on social media, in-app messages, forums, etc. Not to mention notifications like that is useless if a user is being attacked with phishing attacks, DNS hijack, or something similar. At least those that I'm aware of never wait until a user report that they get scammed to issue a notice saying that they won't ask for their private key, etc.

The suspicious apps don't need to ask for their private keys, it can easily expose who they're, the scam sites developers give victims addresses that belongs to them, they can easily increase the digits on the person's balance, but withdrawal will be impossible; pig butcher scam. So, what matters is that more people don't fall into the same mess. My suggestion is derived from the normal way of bursting scam, dropping a notification, indicating to users that a specific scam developer owns an app similar to theirs, which is used to take victim's money.

Quote from: joniboini on February 21, 2023, 10:31:16 AM

I think the main issue is how easy it is for fake apps to get listed on the play store, or how easy it is for scam ads to show on search results. A lot of users already complain about the lack of efficiency in reporting fake apps and ads, since scammers can easily list a new one under a different profile. There is no better way to solve this unless Google or Apple change the way they list new apps. I believe Google is more notorious for this though.

Google has tried to restrict strange apps from getting listed on their platform. Atleast I've heard some developers complaining about the hassle of uploading their app on the playstore. Yet that doesn't stop suspicious apps from finding their way into the app store. I'd say that some developers don't need to utilize the app store they can easily spam the links to their victims. Moreover Android phones warn users about the authenticity of an app without certificate, but they move ahead to download.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Accardo on February 19, 2023, 04:27:30 AM

Though, it's always the work of users to come forth to the core developers and report to them that a site is taking control of users through a different download link or app store. As it's difficult for the victims to differentiate the user interface, so an alert on the site would help save others from falling into such scam. Most importantly, the deed has been done.

I believe most developers already give notifications/alerts about fake apps, whether it is on social media, in-app messages, forums, etc. Not to mention notifications like that is useless if a user is being attacked with phishing attacks, DNS hijack, or something similar. At least those that I'm aware of never wait until a user report that they get scammed to issue a notice saying that they won't ask for their private key, etc.

I think the main issue is how easy it is for fake apps to get listed on the play store, or how easy it is for scam ads to show on search results. A lot of users already complain about the lack of efficiency in reporting fake apps and ads, since scammers can easily list a new one under a different profile. There is no better way to solve this unless Google or Apple change the way they list new apps. I believe Google is more notorious for this though.

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Quote from: Pmalek on February 20, 2023, 02:56:14 PM

Quote from: Accardo on February 19, 2023, 08:21:39 PM

However, some exchanges use offshore services to host their platform so that they won't be any traces whatsoever when things go wrong. While some would host their headquarters in a lawless country like you said, where they won't be persecuted.

I am certainly not an expert in administration and law so someone correct me if I am wrong. I think I read some time ago, that online services (like exchanges or casinos) need to have their servers physically in a certain location to be licensed and governed by regulators in that territory. The site and company itself can then operate in a completely different jurisdiction. I think that's how online gambling works on licensed casinos in North America where individual States and provinces have their own laws and regulatory frameworks.

I think the jurisdiction that issues the license to a casino would take care of the server location of that casino. For instance, the kahnawake gaming commission insists that the casino server would be hosted in the Mohawk territory. So, it can be concluded that the casino has a location for its server. The site can then operate in places like USA without facing any problem, but people are advised to be careful when using offshore casinos.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Accardo on February 19, 2023, 08:21:39 PM

However, some exchanges use offshore services to host their platform so that they won't be any traces whatsoever when things go wrong. While some would host their headquarters in a lawless country like you said, where they won't be persecuted.

I am certainly not an expert in administration and law so someone correct me if I am wrong. I think I read some time ago, that online services (like exchanges or casinos) need to have their servers physically in a certain location to be licensed and governed by regulators in that territory. The site and company itself can then operate in a completely different jurisdiction. I think that's how online gambling works on licensed casinos in North America where individual States and provinces have their own laws and regulatory frameworks.

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Quote from: Pmalek on February 19, 2023, 04:51:42 AM

Quote from: Accardo on February 19, 2023, 04:27:30 AM

Indeed, its the problem most android app based wallets face, and the company cannot do anything to help the victims. Imagine if a wallet is hacked or an exchange they can easily be responsible for the refund.

With open-source software, you are responsible for the security of your money. The wallet developers aren't. If you get hacked, there is a bug, a vulnerability, or the software simply doesn't work as advertised, there is a clause where it says you can't hold the wallet creators responsible for any outcomes. Plus, they aren't for-profit companies generating money from your usage of their apps. There is no pool they can pay you damages from.

I am not sure what the law says that exchanges need to do in case of massive hacking incidents. But I have seen the mention of exchange hacking being called an "extraordinary circumstance" that the platform is not responsible for. It's also worth mentioning that centralized platforms prefer operating out of jurisdictions where they are more protected from prosecution than in the EU or the US.

I understand that nobody would be held responsible on open source, since different developers have an eye on the program source code trying to detect bugs and vulnerability, which tends to make it more secure and recommendable over closed source, isn't it beautiful to work with a wallet that has admins that can be held responsible if their platform malfunctions. True, not even a closed source wallet would care if their customer's wallet gets hacked due to the customer's personal mistake, but we are looking at a general mistake.

However, some exchanges use offshore services to host their platform so that they won't be any traces whatsoever when things go wrong. While some would host their headquarters in a lawless country like you said, where they won't be persecuted.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Accardo on February 19, 2023, 04:27:30 AM

Indeed, its the problem most android app based wallets face, and the company cannot do anything to help the victims. Imagine if a wallet is hacked or an exchange they can easily be responsible for the refund.

With open-source software, you are responsible for the security of your money. The wallet developers aren't. If you get hacked, there is a bug, a vulnerability, or the software simply doesn't work as advertised, there is a clause where it says you can't hold the wallet creators responsible for any outcomes. Plus, they aren't for-profit companies generating money from your usage of their apps. There is no pool they can pay you damages from.

I am not sure what the law says that exchanges need to do in case of massive hacking incidents. But I have seen the mention of exchange hacking being called an "extraordinary circumstance" that the platform is not responsible for. It's also worth mentioning that centralized platforms prefer operating out of jurisdictions where they are more protected from prosecution than in the EU or the US.

Accardo

hero member

Activity: 1078

Merit: 509

Leading Crypto Sports Betting & Casino Platform

Quote from: Pmalek on February 18, 2023, 05:09:58 AM

Quote from: gunhell16 on February 15, 2023, 02:23:26 AM

Electrum in android apps seems to have a high-risk level, right?

The risk-level is the same as with any other mobile wallet. It's used on a phone that is constantly online, probably has no anti-malware or firewall security, and its users are clicking, downloading, emailing, watching, signing up all over the place. If you do that without considering the consequences, no mobile wallet is safe on your device.

Quote from: Saint-loup on February 15, 2023, 09:30:35 AM

You're wrong actually, I've never heard of a massive hack of the Android version while the desktop version has undergone an attack during several years causing many people to lose their funds because of it unfortunately.

Sad and avoidable? Yes. Was it a hack? No. Electrum allowed the people operating servers to send messages to those connected to them. That feature was abused to trick people into downloading fake software. You lost your coins if you used the fake software. Nothing happened to people that didn't use the fake apps. Hence, it's not a hack.

Imagine if theymos allowed Bitcointalk members to post random messages in a new chat feature or a notification bar at the top of the forum. If someone posts a link to an official Bitcointalk mobile app ver. 1.0, and 50 users download it and lose access to their Bitcointalk accounts, that's not a forum hack.

Indeed, its the problem most android app based wallets face, and the company cannot do anything to help the victims. Imagine if a wallet is hacked or an exchange they can easily be responsible for the refund. But, in a situation like this, the main wallet is not involved in anyway, the victims are to be blamed not the wallet developer. Though, it's always the work of users to come forth to the core developers and report to them that a site is taking control of users through a different download link or app store. As it's difficult for the victims to differentiate the user interface, so an alert on the site would help save others from falling into such scam. Most importantly, the deed has been done.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: gunhell16 on February 15, 2023, 02:23:26 AM

Electrum in android apps seems to have a high-risk level, right?

The risk-level is the same as with any other mobile wallet. It's used on a phone that is constantly online, probably has no anti-malware or firewall security, and its users are clicking, downloading, emailing, watching, signing up all over the place. If you do that without considering the consequences, no mobile wallet is safe on your device.

Quote from: Saint-loup on February 15, 2023, 09:30:35 AM

You're wrong actually, I've never heard of a massive hack of the Android version while the desktop version has undergone an attack during several years causing many people to lose their funds because of it unfortunately.

Sad and avoidable? Yes. Was it a hack? No. Electrum allowed the people operating servers to send messages to those connected to them. That feature was abused to trick people into downloading fake software. You lost your coins if you used the fake software. Nothing happened to people that didn't use the fake apps. Hence, it's not a hack.

Imagine if theymos allowed Bitcointalk members to post random messages in a new chat feature or a notification bar at the top of the forum. If someone posts a link to an official Bitcointalk mobile app ver. 1.0, and 50 users download it and lose access to their Bitcointalk accounts, that's not a forum hack.

Topic: Bitcoin wallet users, have you ever? (Read 525 times)