Author

Topic: Exodus security question (Read 299 times)

legendary
Activity: 3472
Merit: 10611
December 03, 2021, 12:11:43 AM
#18
It is simply not reliable and doesn't really support importing keys properly.
They've always allowed importing private keys (https://support.blockchain.com/hc/en-us/articles/207746403-Wallets-Addresses) but the problem with importing was that they didn't let you choose the address type and they didn't support SegWit addresses. Not sure if this has changed or not though. You can also sweep or import.
But of course it is not recommended to use a web wallet if you value your security and privacy.
HCP
legendary
Activity: 2086
Merit: 4361
December 02, 2021, 03:38:48 PM
#17
is blockchain.com not able to import private key and add fund instantly ?, i remember a while ago a website has can add fund btc from private key right after import private keys instantly.
I agree with Pmalek, avoid Blockchain.com. It is simply not reliable and doesn't really support importing keys properly.

I would highly recommend you use Electrum: https://electrum.org/#home
and read the guide here on how to verify the digital signatures: https://bitcointalksearch.org/topic/guide-how-to-safely-download-and-verify-electrum-guide-5240594

Electrum will let you import private keys and will show the funds "instantly"... and it's a lot more reliable than blockchain.com
legendary
Activity: 2730
Merit: 7065
December 02, 2021, 03:21:05 AM
#16
is blockchain.com not able to import private key and add fund instantly?
I wouldn't suggest that you use the Blockchain wallet. It has a history of various bugs such as transactions not being displayed or being credited to the correct addresses. Instead of using Blockchain.com, go for a real wallet like Electrum, for example. Just make sure you download it from the official site and verify its signatures. 

i remember a while ago a website has can add fund btc from private key right after import private keys instantly.
Using websites, aka web/online wallets is a bad choice. The only worse practice is storing coins on custodial and centralized exchanges. At least use an open-source and non-custodial software wallet if you don't have a hardware wallet or an airgapped setup.
newbie
Activity: 14
Merit: 0
November 30, 2021, 04:57:01 PM
#15
thank you very much, i don't update often or i can say lack of understanding about things, is blockchain.com not able to import private key and add fund instantly ?, i remember a while ago a website has can add fund btc from private key right after import private keys instantly. I don't remember.
after my hard drive crashed and i almost forgot everything about coin.
legendary
Activity: 2730
Merit: 7065
November 30, 2021, 04:50:18 AM
#14
I find the interface very nice, but sha256 private key is not supported. can someone help me where can i import multiple sha256 private keys to use or add funds into new wallet. thank you.
I have never used Exodus so I am not sure what it supports and what it doesn't. But according to this source of theirs, importing a private key is a simple process. In essence, you select the cryptocurrency you would like to import, you click on the three dots in the top right corner, and select "Move Funds". Once completed, you will sweep the coins into your Exodus wallet. Read through the entire guide I linked to for the step-by-step explanation on how to do it.
newbie
Activity: 14
Merit: 0
November 30, 2021, 03:13:44 AM
#13
I find the interface very nice, but sha256 private key is not supported. can someone help me where can i import multiple sha256 private keys to use or add funds into new wallet. thank you.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 23, 2021, 04:49:32 AM
#12
Knowing half of the seed phrase words can be used by hackers to brute Force the whole 12 words.
It really depends. If you know 6 out of 12 words and the seed is generated by electrum (best case), then you have to search among 20486 = 73,786,976,294,838,206,464 combinations. Having 8 bits of checksum means that you'll have to run through the process of PBKDF2 and HMAC-SHA512 only 2048/(28) = 8 times for each seed phrase.

I'll now divide the half of that enormous number with 28 to get how many times a hacker will need to repeat this process to exclude the majority of the total possible seeds.

73,786,976,294,838,206,464 / 28 = 144,115,188,075,855,872.

So, on average, the hacker will have to perform these functions 144 quadrillion times. Not that I know the exact time required to cover that number, but on my i5 it took around 1-2 minutes to search among 4.1 million, but even if you could, let's say, brute force with 100M per second you would still need 144,115,188 seconds = 2,401,919 minutes = 40,031 hours = 1,667 days to finish. And that is “just” for the majority of the first derivation path.

Anyway, it isn't dangerous because of a possible brute force. I'd rather say that it's dangerous for the owner to lose funds, not to get stolen. What if that email never comes back? What would you do then? Just use the CheckLockTimeVerify described above and sleep easy.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
May 23, 2021, 04:06:30 AM
#11
Why will someone store seed phrase and password on email, what if the email is compromised, it will just be a simple access for a hacker that access the email to steal the seed phrase and password. Know that only seed phrase is needed to access the bitcoin not the password. Knowing half of the seed phrase words can be used by hackers to brute Force the whole 12 words, it is better to backup offline not online not on clouds.

Exodus as a wallet is not also good to use, it is better to use electrum if you need a better online wallet.
HCP
legendary
Activity: 2086
Merit: 4361
May 22, 2021, 07:06:53 PM
#10
...
emailed back to me
...
what's the risk of being hacked?
Definitely much much higher than I would personally consider as "acceptable"... Email is a terrible unreliable method of storing or sending any sort of private data.

If you're just trying to stop yourself spending coins, you'd be better off using OP_CLTV (CheckLockTimeVerify), which prevents spending individual UTXOs until a certain time... and then securing your private keys in an appropriate manner.

But, as bob123 asked, what exactly are you attempting to do... and what are your specific requirements? Huh
legendary
Activity: 1624
Merit: 2481
May 21, 2021, 11:23:31 AM
#9
Don't do that.

Besides the fact that Exodus is a horrible wallet (Don't use it, switch to a proper open source wallet!), sending secret information via an email is a quite bad idea.
There are so many intermediate stations which have access to your mails. That's not what you want with private data.

If you could explain what exactly you are looking for, we'd find a better solution to your problem.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
May 19, 2021, 09:54:42 AM
#8
Voluntarily locking your own coins with time as a parameter doesn't affect security in the slightest. It depends on how you generate and handle the keys for that.

If you want something to lock your coins for a long time, don't use nLockTime or any mechanism like that and pre-generate a transaction. It is not ideal for that as you cannot change anything in the transaction. Instead, use OP_CLTV and include it in a scripthash address. You'll be able to "unlock" and spend the funds after a specified period of time provided that you have the required key to unlock it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 19, 2021, 07:26:52 AM
#7
How safe is it to have have half my exodus password and half of my 12 word recovery phrase emailed back to me via future me in a few years to stop me panic selling.
It reduces the security and it's not practical. How sure are you that you'll receive that email in a few years? Can you really trust your email provider for that? Are you that sure that you'll have access to that email after all these years? From me, it's a NO!

But, here's what you can do to prevent yourself from panic selling: You can use locktime. This is actually your best option with no third party required. Essentially, you're creating an output that can only be spent after a specific block. For example, if I send 1 BTC and lock it for block 1,000,000 it can only be spent after 315,811 * 10 minutes = 2,193 days.  (around 21st of May 2027)

I doubt if you can use any Bitcoin's smart contract on Exodus besides the basic functionalities like Send/Receive/Show Private keys, but you can transfer your funds on electrum and do it from there. Assuming that you have transferred them to electrum this is what it'll pop you once you click to pay:







Also, read this: Using Locktime for inheritance planning, backups or gifts.
legendary
Activity: 2212
Merit: 7064
May 19, 2021, 02:55:12 AM
#6
How safe is it to have have half my exodus password and half of my 12 word recovery phrase emailed back to me via future me in a few years to stop me panic selling. Assuming nothing goes wrong and it all works what's the risk of being hacked?

This is not a good idea, it could be brute forced, and even if you do something like that, there is nothing that would stop you to get this email earlier than you wanted and sell coins at any time.

What you can do instead is to create multisig setup with some of your relatives, friends, family members or even with yourself, and put access to second keys in different location that you can't access fast and easy.
You would need access to both keys (or more if you split them to more people) for sending any coins and you would have much better security than now.
legendary
Activity: 2688
Merit: 3983
May 19, 2021, 02:52:45 AM
#5
What will happen if there is a problem with that email server (hacked or crashed)? Smiley

I do not advise you to use Exouds wallet or spilt your wallet seed Via email, but if you want to use an email, you can:

use Shamir's Secret Sharing[1] [2] you can spilt your wallet seed into 2 of 3 type shares.


Then you can use the e-mail to get one of the parts and one in a safe place (if something happens to the server) and the other with you.

In general, it is better to think about how to learn to invest and control your emotions rather than risk locking your coins with something you may not fully understand.

[1] https://github.com/trezor/python-shamir-mnemonic/
[2] https://github.com/iancoleman/slip39/
legendary
Activity: 3472
Merit: 10611
May 18, 2021, 10:08:52 PM
#4
First of all I would categorize Exodus under closed source wallets which means you have 0 security when using such wallets. In other words it doesn't matter what you do with your seed phrase and password if it was not safe in first place.

Secondly when you cut your seed phrase in half you are decreasing your security by 50%. For example in a 12-word mnemonic you decrease the entropy by 280. That is a huge reduction and we don't consider the 80 bits of entropy to be safe.
legendary
Activity: 2576
Merit: 1860
May 18, 2021, 08:39:48 PM
#3
1. Never assume that nothing goes wrong and everything works fine when your funds is not even under your ownership.

2. Own your Bitcoin. That means you and you alone have the sole control of your private keys.

3. The risk of you panic selling is not much of a big deal compared to the risk of you losing all your funds. You can avoid panic selling in so many ways.

4. I've been using the iOS version of Exodus and I've experienced no problem with it, but I would never store a significant amount of funds in there, especially not for years.

5. Exodus is a software-based wallet. As such, it is prone to malware attacks. Not to mention that security features are limited. For one, and while they have a reason for not integrating it, 2FA is not available.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
May 18, 2021, 12:29:51 PM
#2
They have lots of security risks before and many people have been hacked due to their bad wallet protection and I think it still not safe to use.

If you want a secured wallet and want to hold a large amount of bitcoin and crypto I suggest you switch to a hardware wallet it's more secured compared to Exodus.

If you are planning to reserve your wallet for the future you can save all of your assets on a single hardware wallet and then give it to your wife tell her to hold it until the specific set time frame.
Or you can bury your hardware wallet on the back of your house but make sure it sealed.
newbie
Activity: 6
Merit: 0
May 18, 2021, 11:54:04 AM
#1
Hi,

How safe is it to have have half my exodus password and half of my 12 word recovery phrase emailed back to me via future me in a few years to stop me panic selling. Assuming nothing goes wrong and it all works what's the risk of being hacked?
Jump to: