Topic: Can A Chrome app be a malwware and steal your private keys? - page 3. (Read 640 times)
Yes, a chome app that contains malware can read or open your email. Delete it. Don't store your private keys into your gmail or another cloud service or provider. That's not a wise thing to do. And if you're a person that likes downloading extension apps to your browser, make sure that you know the source because they can contain malware which can access your entire personal computer. Just for your sake and private keys, it is best to store it and write it.
<…>
In February of this year, Google has to remove around 500 Chrome extensions from the store. Many of them were Ad related, but others were malicious, and could redirect the traffic to a malware based site with phishing or rouge links to malware downloads.A couple of months later, Google has to remove a batch of 49 Chrome extensions that were specifically targeting crypto wallets.
Chrome apps require you to give them certain permission to operate, but people tend to give them whatever they ask for without question. Consequently, it’s feasible for an extension to oversee your activity, log and resend information to a hacker.
See:
https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/
https://www.zdnet.com/article/exclusive-google-removes-49-chrome-extensions-caught-stealing-crypto-wallet-keys/
I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it? 
The only way for malware to read the information on your email is to have your email hacked. If you install malware that has the function of a keylogger (records everything you enter via the keyboard), then you will compromise your e-mail password, which will allow the hacker to access your e-mail and gain possession of all the information contained there. The way you store your private keys is definitely very risky, and you should consider at least encrypting sensitive information you store online.
Google Chrome is a very popular browser, which means that it is constantly targeted by hackers. Examples from the recent past testify to this.
https://www.cnet.com/news/google-gooligan-accounts-hacked-malware-trojan-horse-gmail-play-drive-photos-docs/
https://threatpost.com/500-malicious-chrome-extensions-millions/152918/
https://threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/
Malware is being written to find 12/24 words.
This is a terrible idea. Please level-up your security game.
Get a coldcard/seedplate & air gap that shit. Add some multi-sig or passphase too (aka 25th word)
There's going to be so many attacks on people who have this level of security.
Strive for the best security you can, Bitcoin is going to go up a lot - you definitely want to sort it out ASAP.
Also, CoinJoin/Lightning your BTC on TOR too using Wasabi. Privacy will only become more important as time goes on.
This is a terrible idea. Please level-up your security game.
Get a coldcard/seedplate & air gap that shit. Add some multi-sig or passphase too (aka 25th word)
There's going to be so many attacks on people who have this level of security.
Strive for the best security you can, Bitcoin is going to go up a lot - you definitely want to sort it out ASAP.
Also, CoinJoin/Lightning your BTC on TOR too using Wasabi. Privacy will only become more important as time goes on.
This forum useless no one answer I need. I ask about random chrome extnetion abilities to read emails.
I look for technical answer from security guy.
I'm not security guy, but if the malware have permission to "read and change all your data on the website you visit" and you open gmail on your google chrome, theoretically they could steal your private keys.
it's gonna be easy to decrypt it especially when you're using free software for encryption.
It's very naive to assume all free encryption software have weak encryption and could be decrypted easily. There are some good free encryption software such as VeraCrypt and GnuPG.
I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?
It is a pity, that you disregard the fact that every online app or service is not protected and too vulnerable for hack attacks. Of course you shoukd not keep your private information there - especially keys or passwords to wallets. You should remember this rule like your name or date of birth. Everything is good till nothing bad has happened. So it is better to to be safe than sorry about your lost assets.
I actually got this advice from a forum post in the internet and have actually used it ever since: always have an ounce of doubt on apps that came from unknown sources. If your app came from verified, reputable sources such as the App Store or Google Play Store (for mobiles) and verified websites for your PC apps, you're good to go. Then again, the issue here is not the app as you've mentioned that you're keeping your private keys on your email. You might want to take a look at the security of the passwords that you're using and whether or not you have other means to secure the account like two-factor authentication.
Any app created in this day and age can have the potential to be used against its user to snoop and collect data and inflict malware on your PC. Observing extra care when downloading apps online would be your first line of defense to ensure that you are not gladly taking in software that will harm you.
Any app created in this day and age can have the potential to be used against its user to snoop and collect data and inflict malware on your PC. Observing extra care when downloading apps online would be your first line of defense to ensure that you are not gladly taking in software that will harm you.
Dude, it's a wrong move that you're putting private keys online. Imagine if all of your accounts got hacked by some anonymous hackers and they've noticed that there are private keys stored in Gmail, probably they will steal it. We can't say that it's safe because there are different ways of hijacking or hacking a specific account especially if hackers knew it stores valuable coins. The only thing you should do is be careful and don't disclose any information about where did you store your private keys.
We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.
Even putting encryption on private keys, it's gonna be easy to decrypt it especially when you're using free software for encryption. 
When we are talking about security you should remember nothing is completely and 100% safe. Because there is always a way to steal your coins. But, regarding the question you asked, storing private keys online is a huge mistake no matter if you trust chrome or not. many people lost their coins saying 'my bitcoins are hacked' while bitcoin wallet was not hacked itself but the environment they used to store seeds/keys was not reliable. I would recommend you to use offline methods instead of trying any online services, including chrome. However, if you are using windows PC platform, the chrome apps won't have access to the passwords and keys unless you give them permission for that, the only way here is to bypass the user-side permission request.
I look for technical answer from security guy. Your answer is not what i am looking. And I am a nomad in countries where robbery is common.
I live n the nature and the mountains.
and it's definitely safer bet for me to have it on email in case of all my things robbed I will have another 3k in BTC.
So YES there is a reason to answer this.
I live n the nature and the mountains.
and it's definitely safer bet for me to have it on email in case of all my things robbed I will have another 3k in BTC.
So YES there is a reason to answer this.
It would be safer for you to hide your keys in the forest than trusting Google in keeping something valuable. Google Mail in no sense a secure place to store your keys. They have full access to the information you send and recieve in your emails, your keys will be stored as plaintext on their servers once you decide to put them in there. If there is a malicious admin at Google, for example, they can sweep all your private keys and you have no chance to prove you were robbed. Of course, you can encrypt your private keys before uploading them, but it requires you to store additional keys and still doesn't guarantee you are safe. Literally, it would mean you exhibit your personal information and wait for hackers to crack it for bounty.
Storing your private keys online is very risky because anytime possible that hacker will know it if they hack your device .
We are responsible for the security of our wallet just we make sure that we keep it safe from the hackers because they want to hack it to stole our coins .
You should write or keep your private key onlines or right it down so the hackers will never findout what is your private keys so they will not hack it and your funds is safe .
We are responsible for the security of our wallet just we make sure that we keep it safe from the hackers because they want to hack it to stole our coins .
You should write or keep your private key onlines or right it down so the hackers will never findout what is your private keys so they will not hack it and your funds is safe .
I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?
There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so. Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.
edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.
I look for technical answer from security guy. Your answer is not what i am looking. And I am a nomad in countries where robbery is common.
YES there is a reason to answer this. !!
I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?
We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.
I've been using Google drive to store my private key/recovery of my trezor for a very long time and so far my funds is untouchable.
I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?
There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so. Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.
edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.
I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?
Jump to: