Topic: Have you learned about open and close source wallet? (Read 228 times)

Being open source does not mean that you are safe, but it reduces the risks that can reach you, and the fact that the wallet is open source and well reviewed is the best because the wallet is open source without reviews and closed source is at a level close to the risks.

All of this is related to your tracking of the news and knowing when an update is necessary and about the expected attacks, because without seeing the news and updates in the market, even open-source wallets with good programming may find some vulnerability.

Reputation is not enough. I cannot store my asset in a wallet because the company announced that the wallet is an open source or because the company is a major player in the crypto space. Their words and reputation are not enough. If they will not reveal the source code of the wallet on GitHub for other developers to verify it, then I have no business with such wallet.

For a wallet that's open source, for every new update or version that's been released, the code is also updated on GitHub so there's nothing to hide.

Atomic wallet is a close source wallet.

Thus the two cases above it becomes clear that they are never the same. The point of it all is that it's not 100% secure, so bitcoin users should know enough how they can get good security for their bitcoins especially if they want to keep them long term. The online wallet is not the best so I think they should keep it on the offline wallet especially on hardware.

Even though Electrum is one of the wallets with a good reputation and security for bitcoin users, but Electrum is not recommended for expert users. Yes it is because experts will obviously really want a higher level of security than what Electrum has to offer.

Electrum has been never compromised.
Electrum versions older than 3.3.4 had a vulnerability which allowed servers to display any arbitrary message. Some servers abused this feature and asked users to download a fake version of electrum. This was completely different from what happened to Atomic wallet users.
Electrum victims had downloaded a fake version while Atomic wallet victims downloaded a real version. Electrum victims made a mistake with downloading the application from a website other than the official website and not verifying GPG signatures.

Suppose the user does not have any programming or technical background, if they are using open source software they are inherently still trusting the developers. What comes the difference is the communities. A prominent open source wallet is used by many users, with that said, some people, especially those who have reason or motive, and have the ability to check the software itself are able to safeguard the ecosystem.


Trust Wallet have application on Android, iOS, and Chrome-based extension, they all are not an open source wallet.

Just because a wallet or a project is open source does not mean it can't be attacked, even Bitcoin has had issues with bugs previously, but all of that was solved/fixed, the thing with open source wallets is that you can verify the wallet code before using it and you can constantly check for bugs/vulnerabilities, making it easier to be detected/discovered before it can be exploited.

I think it is pretty simple to understand why open source wallets are better, if it is closed source you have to believe the devs and trust them to find bugs before they are exploited OR for them not to add anything malicious themselves, you also have to trust them to tell you what went wrong if there is an abnormality going on with the wallet; these are the reasons why open source is better.

Just because it is open source does not mean it's completely safe from attack.
Here is an example of an open source wallet that got compromised - BitPay’s Copay Wallet Compromised by Malicious Code, Firm Issues Advice for Users

For non-techie users, there is nothing else we can do but to trust the developers. Since we lack the knowledge to verify the safetiness of the wallet used, it does not matter whetheri it is a close source or open source, we only rely on the reputation of the said wallet. 

No one ever suspected that the atomic wallet application will be compromised since it has been used for years.  Aside from that it is not only the close source wallet that was compromised and made their user lose millions due to the hacking.  Electrum which is known as an open-source wallet had also been compromised when the majority of its server was controlled by hackers tricking the user to reveal their private key^[1]. 


I also think we should care but as a non-technical savvy user, how can we verify whether the wallet is safe to use or not?  As we can see atomic wallet had been safe to use for years same goes with other open-source wallets but, we never know if the wallet will be compromised or not until it happens just like what happen to the electrum when it was compromised.

---

[1] https://portswigger.net/daily-swig/deep-dive-into-electrum-hack-reveals-70-of-network-was-controlled-by-attackers

You should care, because if you don't care then you might find yourself in a similar situation as victims of the recent hacking of a closed source Non custodial wallet (Atomic wallet). Many affected victims might have thought they're using a good Non custodial wallet as we always advice them but they made the mistake of trusting a closed source project which is the same as trusting a centralized projects. Closed source (Non custodial wallets) has to be avoided just like centralized wallets or exchange. They can be used for transaction to receive coins but not use for storing of coins you intend holding for a very long time.

Although open source wallets has their vulnerabilities but still they're preferable than closed source wallets as then we can't verify the codes or know the reason behind a hack just like in the case of Atomic wallet explained by the OP. We have to relay on the developers (project owners) to explain to use why we can't have access to our coins been stored using their wallet. We all know they're unlikely to put the blame on them and will always look for an excuse to why they were hack. I think we have to hold project owners responsible and demand they pay the victims whenever they put their customers in situations like this. This was meant to be a safe zone (Non custodial wallet), so what happened.

Open-source wallets still gets more brownie points for me because you could say that closed-source wallets relies up to a certain point on secrecy for security whereas open-source ones are confident and willing to be challenged which in turn hardens their security through the help of the community. Afterall, two heads are better than one - more people could check open source softwares as opposed to closed source softwares.

There's no 100% safe setup anyhow and it's all about mitigating risks.

Atomic wallet isn't an exchange wallet, it is in fact a non-custodial wallet because its users have the keys, but where the problem stems from is that it is a closed source wallet, and so being closed source we cannot verify if truly it is a non-custodial wallet and that the Atomic team do not have a copy of their users keys in their servers or that they are not doing anything dangerous with the keys generated for users.
You don't have to be a coder to use what is most secure. Bitcoin itself is an open source project and quite a lot of people know nothing about its technical part or how to verify its protocol, but they use Bitcoin because they trust the large community of developers and nodes as well as the technical individuals who constantly check for bugs and other whatnots. Open source wallets are most secure because their codes can be verified, and even if you can't do it yourself, then use what the community has vetted and pointed out as being recommended. If there is a malicious update in an open source wallet, the community will be aware, but in closed source wallets you can prolly just update your wallet and your wallet will be emptied.

Just as part of the sad news, $8,000,000 gone from a single user using atomic wallet and you can read more about this here https://twitter.com/coingecko/status/1665565419489337347?t=XLH6vRaT-3GJe7SWZIsYOA&s=19 we need to take it very serious when warnings and cautions are being released from the platform like this concerning using those centralised wallets and exchanges, if not your keys it's not your coins, how could someone hodl upto this amount on a centralized exchanges wallet without moving it to a personal decentralized wallet, could it be that he was never informed of the danger or he has decided to show non challant attitude concerning that.

I just remember a few weeks ago when Atomic was also in my option in wallets where I will store my ATOM tokens, so that it will earn money passively thru staking. I guess this is a lesson for me who always love staking that always use the wallet that the own developers created, and if they don't have one, don't buy it.

As for the people who lost their money in Atomic, I don't know the main reason, but I guess one reason is the fact that they are giving staking rewards when you store your coins there. I guess this is the reason why there are still people who prefer storing their coins in some wallets, or exchanges where they can earn money passively like what Atomic is offering. I just hope that these people who lost their money are still ok, learned their lesson, move on, and move forward.

Open source? Close source? I don't care TBH.
I'm not a coder (though I tried to learn at one moment in my life), so I guess I don't care about these type of wallets. After all, this will not remove the possibility of a wallet being hacked. Close source isn't secure, and at the same time open source isn't as well, so what's the difference.

I don't think it's because people don't want to listen, it's just that there is always new fish in pond who don't know stuff, plus some must have assumed non-custodial means secure. Won't be too far when some open-source wallet gets hacked too.

---

People have lost huge in this hack, recent reviews on Trustpilot are saddening.

That's true. However I think its not case for wallets and codes for crypto. Since being open source they show that they are lenient and open for the codes of the wallet and dont have malicious attempt to manipulate it at will. But you got a point about the possible vulnerability if being watch and seen by people who have motives so I could say that its not also safe 100% Maybe some closed source are thinking like this.

Open source is not better than close source if you compare a new open source wallet software and a very old close source wallet software.

A new open source wallet software might have many bugs and can be exploited by hackers. It is a warning for people who are always curious and want to explore new wallets. If they do it on a device which stores their coins, they will lose their coins if that new wallet software has malwares.

In general, open source gives us more chances to explore about that wallet in code and it's better than close source that does not give us such chances.

Only after the recent Atomic wallet hack, I came to know that even though we hold the keys to our wallet it doesn't necessarily mean that our coins are safe.
If the wallet is close source then even holding the keys to the addresses won't be safe because we don't know how the keys were generated.
So if the wallet is open source then it is on the safer side as we can verify the code easily.

That brings me to other question. I have searched and go to know that Mycelium is a good open source wallet.
But few people argue that it's not completely open source. So how do we verify if it's completely open source or not.
If not, then what part of the Mycelium wallet is not open and if it is risky.

Op yes we have heard about the incident from these two threads which have been created by NotATether and Wind_FURY. Open wallet is not a guarantee ticket to security, because even the open source was created by someone and there person can update the server at anytime. But from what we discussed yesterday about this Atomic Wallet. It was an open source but funds were transferred from the main server and definitely need all know that, that is not an open source project again. Or was the software compromised? What happened does not look like an open source

Open Source allows everyone to go through the code, and it's much easier to create a vulnerability when you know the source code and how it's interacting with the environment.
No game developer open source their code, It's not like someone can copy their code and launch it and get their player base, it's because they don't want cheat devs to know how it's working behind the scene.

This is nice bringing up the topic since most beginners might not have come across it.
Atomic wallet never claimed to be open sourced. You can see it here https://support.atomicwallet.io/article/184-why-is-atomic-wallet-not-open-source where they gave their reasons for not going full open sourced. Open source means the source code is publicly accessible. so a wallet can't really claim open source if the public can't even access its code just like trustwallet whose public code hasn't been updated since binance purchased it.

A good wallet should be both open sourced( this doesn't mean all open sourced wallet are safe) and non custodial in nature. There's a reason Electrum is seen positively by the forum.