from closed source to open source wallet[what is the risk]

Zoomic

sr. member

Activity: 420

Merit: 252

My post made philipma1957 wear signature

Quote from: virasog on June 17, 2023, 02:36:23 PM

Quote from: Bureau on June 13, 2023, 09:41:12 AM

Quote from: Charles-Tim on June 05, 2023, 07:16:13 PM

Do not let anyone knows your seed phrase. Open source or close source wallet can not help against the person that knows your seed phrase because the person can steal your coins.

The benefit of open source wallet is that the public know its source code, unlike close source wallet that its source code is only known to the developers that created the wallet, and vulnerabilities can be included which the public can not know about.

After reviewing the replies, I believe you have all the technical answers. What I write now is a simple knowledge that most of us forget. it's crucial to remember the following steps to improve security, such as using strong passwords, enabling two-factor authentication, and keeping your devices and software up to date. Do remember that backing up your seed phrase and storing it securely offline is one of the most important steps. If you follow the above steps, you will never be going through any anxiety about losing your cryptocurrency.

The question asked by the OP is not about the general security of the wallets. You can keep your seed phrases to the safest place on the earth, keep your devices virus free, take every precaution with a closed source wallet and still the owners of the wallet can steal your funds if they make changes in the code to get your seed phrases.

Now you know why we are discussion here the open and close source wallets and not the general security. First you need to transfer funds to the reputed open source wallet and then make all the measures to safe guard your wallet.

Yea my question was not about the general security of the wallet. I believe he misunderstood my question and that very first reply would have blown the whole thread into off topic.
But I already got the answers from hosseinimr93 and kryptowerk. I will have to lock this thread now.

virasog

legendary

Activity: 2954

Merit: 1159

Quote from: Bureau on June 13, 2023, 09:41:12 AM

Quote from: Charles-Tim on June 05, 2023, 07:16:13 PM

Do not let anyone knows your seed phrase. Open source or close source wallet can not help against the person that knows your seed phrase because the person can steal your coins.

The benefit of open source wallet is that the public know its source code, unlike close source wallet that its source code is only known to the developers that created the wallet, and vulnerabilities can be included which the public can not know about.

After reviewing the replies, I believe you have all the technical answers. What I write now is a simple knowledge that most of us forget. it's crucial to remember the following steps to improve security, such as using strong passwords, enabling two-factor authentication, and keeping your devices and software up to date. Do remember that backing up your seed phrase and storing it securely offline is one of the most important steps. If you follow the above steps, you will never be going through any anxiety about losing your cryptocurrency.

The question asked by the OP is not about the general security of the wallets. You can keep your seed phrases to the safest place on the earth, keep your devices virus free, take every precaution with a closed source wallet and still the owners of the wallet can steal your funds if they make changes in the code to get your seed phrases.

Now you know why we are discussion here the open and close source wallets and not the general security. First you need to transfer funds to the reputed open source wallet and then make all the measures to safe guard your wallet.

Zoomic

sr. member

Activity: 420

Merit: 252

My post made philipma1957 wear signature

Quote from: mk4 on June 12, 2023, 03:14:45 PM

Quote from: Zoomic on June 08, 2023, 07:13:48 PM

Should I agree with this? Anyways you said "it can be argued". I believe open source concerns about making the codes visible and accessible to every developer. So, this shouldn't determine if a wallet is non custodial or not.
It can be open source and still compromised.

Of course, because open-source doesn't automatically mean it's secure. It's just that with open-source wallets (assuming a lot of eyes have gone through the source code), potential vulnerabilities could be spotted by coders interested in the said wallet. With closed-source on the other hand, you're entrusting everything to the dev team alone.

You said it well just like I and Charles-Tim opined above. I also know that there are some open source projects which many developers are not interested in. This means your code can be open and accessible but due to lack of people's interest in your kind of project, there will not be enough developers to look through the code. In this situation it's even worse because maintaining the code wouldn't be on the shoulders of anyone.
For it to be open source and secured, it should be a project that many people have interest in.

Bureau

sr. member

Activity: 406

Merit: 262

Eloncoin.org - Mars, here we come!

Quote from: Charles-Tim on June 05, 2023, 07:16:13 PM

Do not let anyone knows your seed phrase. Open source or close source wallet can not help against the person that knows your seed phrase because the person can steal your coins.

The benefit of open source wallet is that the public know its source code, unlike close source wallet that its source code is only known to the developers that created the wallet, and vulnerabilities can be included which the public can not know about.

After reviewing the replies, I believe you have all the technical answers. What I write now is a simple knowledge that most of us forget. it's crucial to remember the following steps to improve security, such as using strong passwords, enabling two-factor authentication, and keeping your devices and software up to date. Do remember that backing up your seed phrase and storing it securely offline is one of the most important steps. If you follow the above steps, you will never be going through any anxiety about losing your cryptocurrency.

Flexystar

full member

Activity: 1092

Merit: 227

Quote from: Charles-Tim on June 05, 2023, 07:16:13 PM

Do not let anyone knows your seed phrase. Open source or close source wallet can not help against the person that knows your seed phrase because the person can steal your coins.

The benefit of open source wallet is that the public know its source code, unlike close source wallet that its source code is only known to the developers that created the wallet, and vulnerabilities can be included which the public can not know about.

Alright, got the technical point right after reading this one. I think this is the very reason blockchain and related resources were made open source in the first place. However soon after people saw investment opportunity and private companies started rolling in with their closed wallets. As charles stated we could never know what is behind the written code. I am always scared to download free apps which are associated with financial operations. There are many apps that could be leading to the phishing operation in the background. In the world of crypto space that’s even dangerous. This is mostly frightening for the newbie since they wouldn’t be understanding the wallets properly. There gotta be way to learn these things for sure.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: Zoomic on June 08, 2023, 07:13:48 PM

Should I agree with this? Anyways you said "it can be argued". I believe open source concerns about making the codes visible and accessible to every developer. So, this shouldn't determine if a wallet is non custodial or not.
It can be open source and still compromised.

Of course, because open-source doesn't automatically mean it's secure. It's just that with open-source wallets (assuming a lot of eyes have gone through the source code), potential vulnerabilities could be spotted by coders interested in the said wallet. With closed-source on the other hand, you're entrusting everything to the dev team alone.

tranthidung

legendary

Activity: 2170

Merit: 3858

Farewell o_e_l_e_o

Quote from: Zoomic on June 06, 2023, 06:18:39 AM

Much more easier and simple to do than complex but less secured.

Import your private key from a closed source wallet to an open source wallet is like you drop your house keys somewhere and can not find them. Your next response is bad, you just order someone to make keys to open your house locks but what if your lost keys found on the street by someone, who will able to enter your house later.

You don't know what will happen if you response like this. If you don't want to bet your luckiness with your coins, don't do this.

You must move your coins to a new wallet and you have two options. Option one is recommended by hossenimir. Option two is above, sweeping.

Sweeping your private keys into Electrum

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: Zoomic on June 08, 2023, 07:13:48 PM

Should I agree with this? Anyways you said "it can be argued". I believe open source concerns about making the codes visible and accessible to every developer. So, this shouldn't determine if a wallet is non custodial or not.
It can be open source and still compromised.

When we talk about security, it is sometimes like defensive measures you take to increase your protection against different types of attack hence increasing your security. For example when you use a non-custodial wallet you eliminate certain ways you could lose your money and bring yourself one step to being safe. When you use an open source wallet you eliminate other ways of losing your money,... when you use a popular open source wallet you eliminate another set of ways you could lose money, and so on.

You may never be able to eliminate every single way you could lose money but that doesn't mean you shouldn't try to eliminate what you can. This is why when it comes to choosing between a closed source wallet and open source wallet the later is always the choice whether or not there is any way that the later could also be compromised.

Zoomic

sr. member

Activity: 420

Merit: 252

My post made philipma1957 wear signature

Quote from: Kryptowerk on June 06, 2023, 07:45:55 AM

Instead of importing the private key, just sweep it. Some wallets already give that option. For example electrum wallet (open source) or Coinomi (closed source, not recommended).
What it does, is import your private key and immediatelly sends the funds to a new address within the wallet. So, even if the old key was compromised, after sweeping your funds are in your hands only again.

Ofc you can do so manually, too.

Oh good... everything is possible with the tech geeks. Thanks alot.

Quote from: Z-tight on June 08, 2023, 01:29:13 PM

, but it can be argued that a true self custody wallet should be open source.

Should I agree with this? Anyways you said "it can be argued". I believe open source concerns about making the codes visible and accessible to every developer. So, this shouldn't determine if a wallet is non custodial or not.
It can be open source and still compromised.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: Agbe on June 08, 2023, 11:21:50 AM

I thought Close Sources is not non custodian. Custodian = Close Source and Non custodian = Open Source.

If a wallet is closed source it is hard to believe that it is truly a self custody wallet, because you can't be sure how the keys are generated or if they are sent somewhere else across the internet, in a self custody wallet only the owner is supposed to control the keys to their wallet. But if we are to go with the obvious meaning of self custody as the owner of the wallet having their keys and seed phrase, then yes a wallet can be closed source and still be a self custody wallet, for example Trust wallet and Atomic wallet, but it can be argued that a true self custody wallet should be open source.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Agbe on June 08, 2023, 11:21:50 AM

Yes because they are not controlled by the owner of the wallet alone. But both the creator of the wallet and owner of the wallet. That means the both parties have access to coins.

Trustwallet is close source and we don't know how exactly it's working.
I would always consider the worst-case scenario for any close source wallet and assume that developers have access to the keys, but we can't say that trustwallet developers definitely have control over users wallets.

Quote from: Agbe on June 08, 2023, 11:21:50 AM

I thought Close Sources is not non custodian. Custodian = Close Source and Non custodian = Open Source. So I don't know why op said

A wallet can be close source and non-custodial.
Non-custodial means that users have access to the keys.

Agbe

hero member

Activity: 854

Merit: 1246

Quote from: Zoomic on June 05, 2023, 07:12:02 PM

I have read many places in the forum and I have come to conclusion that majority of the forum members do not trust closed source code wallets.

Yes because they are not controlled by the owner of the wallet alone. But both the creator of the wallet and owner of the wallet. That means the both parties have access to coins. And that is just like a Fiat banks which the cashier in the back can also have an access to your account if they have your public bank address. That is the second option of the non custodian or open source wallet is always recommended.

Quote from: Zoomic on June 05, 2023, 07:12:02 PM

I advice my friend to migrate from trust wallet to an open source non custodial wallet. He agreed to do so and I will have to help him do that. But as he left my house, one question rang in my head:

Trust Wallet is not trusted at all. So it is better you move out the coins very fast before bit is too late. You should not have second thought if it is for long term investment.

Quote from: Zoomic on June 05, 2023, 07:12:02 PM

What if as he is coming from closed source non custodial wallet and let's say the guys at the backend knows his seed phrase (if possible). He then imported his seed in a closed source non custodial wallet.
The guys who I supposed know his seed phrase from the closed source now steal his bitcoin while it is in the new open source wallet.
Is it possible and what will be the role of the closed source non custodial wallet to ensure the security of seeds imported into it.

I thought Close Sources is not non custodian. Custodian = Close Source and Non custodian = Open Source. So I don't know why op said

Quote

closed source non custodial

. Op please restructure the bolded sentence again. I don't understand it. I am a little bit confused of the last paragraph of the op.

yudi09

hero member

Activity: 1120

Merit: 741

Rollbit - Crypto Futures

Quote from: pooya87 on June 08, 2023, 12:34:05 AM

I'd say at least there are two important steps:

First step is to making sure you are actually getting the correct software for installation. This is done through some research and finally by finding the correct public key of the developers and verifying the signature of the wallet binaries you are about to install. Example for Electrum: https://bitcointalksearch.org/topic/guide-how-to-safely-download-and-verify-electrum-guide-5240594
Otherwise if you skip this important step you may lose funds in this step.

Second step is to securing the wallet you chose. For example by using it offline (in an airgap computer) as opposed to using it online on the same system you use to surf the internet.

Yes. These two steps are the most basic things that we need to pay attention to regarding the security we need in protecting assets.
In that first step, I myself admit that I often ask myself questions regarding the process I did in installing the wallet software even though until now it still looks safe.

Apart from securing it by using it offline to a certain degree, I also pay attention to the seeds that I save.
Regarding wallet security, from the beginning until now I have always paid attention to several important steps in protecting assets.
Hopefully the assets are safe and hopefully nothing will happen to what I have done.

pooya87

legendary

Activity: 3444

Merit: 10537

In addition to what is discussed here you should not forget that migrating to an open source wallet is not going to provide complete security on its own. There is a lot of other things that need to be done to gain a good degree of security.

I'd say at least there are two important steps:

First step is to making sure you are actually getting the correct software for installation. This is done through some research and finally by finding the correct public key of the developers and verifying the signature of the wallet binaries you are about to install. Example for Electrum: https://bitcointalksearch.org/topic/guide-how-to-safely-download-and-verify-electrum-guide-5240594
Otherwise if you skip this important step you may lose funds in this step.

Second step is to securing the wallet you chose. For example by using it offline (in an airgap computer) as opposed to using it online on the same system you use to surf the internet.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

The wallet is a software that manages your private keys, so recommending an open source wallet is the best option because there are many people who have reviewed the code and verified that it is safe, so the fact that the wallet is open source is meaningless if there are not enough developers who have reviewed the code.

using an open source wallet is not only about security, but many open source wallets outperform closed source ones in features such as the ability to integrate the Lightning Network, enhanced privacy by connecting to your own node/tor, address control feature, better fee estimation, and cheaper fees option compared to closed source wallets. Most of the closed source wallets are weakly programming and very poor privacy, the only reason to use them is that they support a lot of currency pairs and attractive interfaces.

by swapping your coins from closed source to widely reviewed open source wallet will reduce your risks (Electrum or Sparrow.)

for multi-coins wallet i think the open source option as unstoppable wallet is not ideal so hardware wallets are the best.

Kryptowerk

legendary

Activity: 2030

Merit: 1401

Disobey.

Quote from: Zoomic on June 06, 2023, 06:18:39 AM

Quote from: hosseinimr93 on June 05, 2023, 07:31:10 PM

With importing your seed phrase from the close source wallet to a trusted open source wallet, you don't really increase the security of your fund.
Create a new wallet, make a transaction and send all the fund to the new wallet.

Much more easier and simple to do than complex but less secured.

Instead of importing the private key, just sweep it. Some wallets already give that option. For example electrum wallet (open source) or Coinomi (closed source, not recommended).
What it does, is import your private key and immediatelly sends the funds to a new address within the wallet. So, even if the old key was compromised, after sweeping your funds are in your hands only again.

Ofc you can do so manually, too.

Zoomic

sr. member

Activity: 420

Merit: 252

My post made philipma1957 wear signature

Quote from: hosseinimr93 on June 05, 2023, 07:31:10 PM

With importing your seed phrase from the close source wallet to a trusted open source wallet, you don't really increase the security of your fund.
Create a new wallet, make a transaction and send all the fund to the new wallet.

Much more easier and simple to do than complex but less secured.

rat03gopoh

hero member

Activity: 2002

Merit: 633

Your keys, your responsibility

Quote from: Zoomic on June 05, 2023, 07:12:02 PM

Is it possible and what will be the role of the closed source non custodial wallet to ensure the security of seeds imported into it.

Importing 1 privkey/seed in some software is actually not recommended for long-term use.

Your friend actually didn't leave the trustwallet completely, s/he still has the keys generated (questionably) from the previous wallet software. The worst risk assumption is that the wallet is actually leaked and has been stalked by the hacker to wait for a large tx of input to be transferred immediately.

witcher_sense

legendary

Activity: 2310

Merit: 4313

🔐BitcoinMessage.Tools🔑

Quote from: Zoomic on June 05, 2023, 07:12:02 PM

What if as he is coming from closed source non custodial wallet and let's say the guys at the backend knows his seed phrase (if possible). He then imported his seed in a closed source non custodial wallet.
The guys who I supposed know his seed phrase from the closed source now steal his bitcoin while it is in the new open source wallet.
Is it possible and what will be the role of the closed source non custodial wallet to ensure the security of seeds imported into it.

When migrating from a closed-source wallet to an open-source one, a user should assume that the information he entered into a wallet got compromised and may be used in the future to get access to funds. What one needs to do to protect their holdings from unauthorized access is set up a new wallet (preferably a well-reviewed non-custodial open-source wallet such as Electrum or Sparrow) or buy a hardware wallet (again, an open-source one such as Foundation Passport) and create a completely new seed phrase with different addresses unknown to a potential attacker. Once you transferred funds to new addresses, the developers of a closed-source wallet or hackers silently exploiting bugs in the said wallet won't be able to extract your seed or move your funds. In other words, opting out of closed-source wallets implies severing all ties with the company developing it by changing sensitive financial information that may be used to steal your money.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

With importing your seed phrase from the close source wallet to a trusted open source wallet, you don't really increase the security of your fund.
Create a new wallet, make a transaction and send all the fund to the new wallet.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Do not let anyone knows your seed phrase. Open source or close source wallet can not help against the person that knows your seed phrase because the person can steal your coins.

The benefit of open source wallet is that the public know its source code, unlike close source wallet that its source code is only known to the developers that created the wallet, and vulnerabilities can be included which the public can not know about.

Zoomic

sr. member

Activity: 420

Merit: 252

My post made philipma1957 wear signature

I have read many places in the forum and I have come to conclusion that majority of the forum members do not trust closed source code wallets.
I advice my friend to migrate from trust wallet to an open source non custodial wallet. He agreed to do so and I will have to help him do that. But as he left my house, one question rang in my head:

What if as he is coming from closed source non custodial wallet and let's say the guys at the backend knows his seed phrase (if possible). He then imported his seed in a closed source non custodial wallet.
The guys who I supposed know his seed phrase from the closed source now steal his bitcoin while it is in the new open source wallet.
Is it possible and what will be the role of the closed source non custodial wallet to ensure the security of seeds imported into it.

Topic: from closed source to open source wallet[what is the risk] (Read 339 times)