Bitcoin Forum>Economy>Marketplace>Service Discussion>Web Wallets
Author

Topic: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable” (Read 158 times)

Patatas
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
[Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 29, 2018, 07:25:20 AM
#7
Quote from: buwaytress on March 27, 2018, 09:53:53 AM
This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.
Before using Exodus people should have a fair idea what it does,it's not natively written in any Desktop Development Environment but built on top on GitHub's Electron Api which is nothing but another instance of the browser running on your desktop.Speaking technically,you are just using a browser which have the capabilities to diirectly/indirectly  manipulate the data on your computer.Do you see any red flags now ? You should !

Quote from: buwaytress on March 27, 2018, 09:53:53 AM
As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.
Since the Exodus files will reside on the client's computer,the wallet is always vulnerable to other viruses/throjans.
mobnepal
legendary
Activity: 1218
Merit: 1006
Re: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 27, 2018, 07:56:34 PM
#6
Quote from: LTU_btc on March 27, 2018, 07:26:28 PM
Did I missed something about Coinomi? Or you talking about that privacy issue where app broadcasting addresses in plain text over the network? But it's not security vulnerability where our coins are in danger, it's more about privacy. Correct me if I'm wrong.
I also think its just that privacy issue rose by @lukechilds and it came into light after dev reacts to him in harshly manner.
https://www.dashforcenews.com/coinomi-vulnerability-discovered-developers-react-harshly/

I am still using coinomi because couldn't find any other better alternative.

I wasn't aware of exodus vulnerability before, looks similar to jaxx one.
LTU_btc
legendary
Activity: 3038
Merit: 1330
Slava Ukraini!
Re: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 27, 2018, 07:26:28 PM
#5
Quote from: OmegaStarScream on March 27, 2018, 12:18:19 PM
Quote from: buwaytress on March 27, 2018, 09:53:53 AM
This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Agreed. Coinomi, Jaxx and now Exodus. These wallet providers seem to focus more on earning money through supporting more coins that can be exchanged with Changelly/ShapeShift then the security of the users funds.
Did I missed something about Coinomi? Or you talking about that privacy issue where app broadcasting addresses in plain text over the network? But it's not security vulnerability where our coins are in danger, it's more about privacy. Correct me if I'm wrong.
Hardware wallets like Ledger Nano S is solid and secure option for multi-coin wallets. The problem that you can use very limited number of coins on this wallet.
OmegaStarScream
staff
Activity: 3402
Merit: 6065
Re: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 27, 2018, 12:18:19 PM
#4
Quote from: buwaytress on March 27, 2018, 09:53:53 AM
This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Agreed. Coinomi, Jaxx and now Exodus. These wallet providers seem to focus more on earning money through supporting more coins that can be exchanged with Changelly/ShapeShift then the security of the users funds.
buwaytress
legendary
Activity: 2758
Merit: 3408
Join the world-leading crypto sportsbook NOW!
Re: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 27, 2018, 09:53:53 AM
#3
This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.
TryNinja
legendary
Activity: 2758
Merit: 6830
Re: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 26, 2018, 12:58:32 PM
#2
The guy from the video is the founder of a gaming dev company called TeamSalvato. I doubt he would create a fake video just to FUD cryptocurrencies.

IMO this looks like the vulnerability that Jaxx has, where anyone can get your seed by having access to your device. So it's only a problem if you get infected or someone gets physical access to your device.
hugeblack
legendary
Activity: 2492
Merit: 3612
Buy/Sell crypto at BestChange
Re: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”
March 26, 2018, 11:47:01 AM
#1
Quote from: https://cryptocoremedia.com/exodus-neon-wallets-hackable/
I have watched this video from youtube: https://www.youtube.com/watch?v=VU3Zfrvsm8k&feature=youtu.be
and read this from this site " that the Exodus wallet can be hacked fairly easily. This can be done by just running a simple script written using the Python programming language in the background and dumping the memory onto a notepad. The script was run after the user logged into the Exodus wallet, and to our surprise, we were able to see the 12-word recovery phrase.

These malicious scripts can infiltrate a computer system through malware or a bot installed secretly on browsers. If we search through the system memory for a recovery phrase, we will be able to get them very quickly and easily. An experienced hacker can retrieve the keys even faster than us, since only very basic scripts were used in this example."[1]

Is this information true/correct or is it just a trick in video design?
Source:
#1 https://cryptocoremedia.com/exodus-neon-wallets-hackable/
Bitcoin Forum>Economy>Marketplace>Service Discussion>Web Wallets
Jump to: