Author

Topic: Have you learned about open and close source wallet? (Read 287 times)

legendary
Activity: 2702
Merit: 4002
Being open source does not mean that you are safe, but it reduces the risks that can reach you, and the fact that the wallet is open source and well reviewed is the best because the wallet is open source without reviews and closed source is at a level close to the risks.

All of this is related to your tracking of the news and knowing when an update is necessary and about the expected attacks, because without seeing the news and updates in the market, even open-source wallets with good programming may find some vulnerability.
sr. member
Activity: 658
Merit: 441
For non-techie users, there is nothing else we can do but to trust the developers. Since we lack the knowledge to verify the safetiness of the wallet used, it does not matter whetheri it is a close source or open source, we only rely on the reputation of the said wallet.
Reputation is not enough. I cannot store my asset in a wallet because the company announced that the wallet is an open source or because the company is a major player in the crypto space. Their words and reputation are not enough. If they will not reveal the source code of the wallet on GitHub for other developers to verify it, then I have no business with such wallet.

Open wallet is not a guarantee ticket to security, because even the open source was created by someone and there person can update the server at anytime.
For a wallet that's open source, for every new update or version that's been released, the code is also updated on GitHub so there's nothing to hide.

But from what we discussed yesterday about this Atomic Wallet. It was an open source but funds were transferred from the main server and definitely need all know that, that is not an open source project again. Or was the software compromised? What happened does not look like an open source
Atomic wallet is a close source wallet.
hero member
Activity: 1386
Merit: 731
Leading Crypto Sports Betting & Casino Platform
Electrum which is known as an open-source wallet had also been compromised when the majority of its server was controlled by hackers tricking the user to reveal their private key
Electrum has been never compromised.
Electrum versions older than 3.3.4 had a vulnerability which allowed servers to display any arbitrary message. Some servers abused this feature and asked users to download a fake version of electrum. This was completely different from what happened to Atomic wallet users.
Electrum victims had downloaded a fake version while Atomic wallet victims downloaded a real version. Electrum victims made a mistake with downloading the application from a website other than the official website and not verifying GPG signatures.
Thus the two cases above it becomes clear that they are never the same. The point of it all is that it's not 100% secure, so bitcoin users should know enough how they can get good security for their bitcoins especially if they want to keep them long term. The online wallet is not the best so I think they should keep it on the offline wallet especially on hardware.

Even though Electrum is one of the wallets with a good reputation and security for bitcoin users, but Electrum is not recommended for expert users. Yes it is because experts will obviously really want a higher level of security than what Electrum has to offer.
legendary
Activity: 2380
Merit: 5213
Electrum which is known as an open-source wallet had also been compromised when the majority of its server was controlled by hackers tricking the user to reveal their private key
Electrum has been never compromised.
Electrum versions older than 3.3.4 had a vulnerability which allowed servers to display any arbitrary message. Some servers abused this feature and asked users to download a fake version of electrum. This was completely different from what happened to Atomic wallet users.
Electrum victims had downloaded a fake version while Atomic wallet victims downloaded a real version. Electrum victims made a mistake with downloading the application from a website other than the official website and not verifying GPG signatures.
legendary
Activity: 1932
Merit: 1273
Just because a wallet or a project is open source does not mean it can't be attacked, even Bitcoin has had issues with bugs previously, but all of that was solved/fixed, the thing with open source wallets is that you can verify the wallet code before using it and you can constantly check for bugs/vulnerabilities, making it easier to be detected/discovered before it can be exploited.

I think it is pretty simple to understand why open source wallets are better, if it is closed source you have to believe the devs and trust them to find bugs before they are exploited OR for them not to add anything malicious themselves, you also have to trust them to tell you what went wrong if there is an abnormality going on with the wallet; these are the reasons why open source is better.

Suppose the user does not have any programming or technical background, if they are using open source software they are inherently still trusting the developers. What comes the difference is the communities. A prominent open source wallet is used by many users, with that said, some people, especially those who have reason or motive, and have the ability to check the software itself are able to safeguard the ecosystem.

Trustwallet iOS is no more open source.

Trust Wallet have application on Android, iOS, and Chrome-based extension, they all are not an open source wallet.
legendary
Activity: 2184
Merit: 1302
Just because it is open source does not mean it's completely safe from attack.
Here is an example of an open source wallet that got compromised - BitPay’s Copay Wallet Compromised by Malicious Code, Firm Issues Advice for Users
Just because a wallet or a project is open source does not mean it can't be attacked, even Bitcoin has had issues with bugs previously, but all of that was solved/fixed, the thing with open source wallets is that you can verify the wallet code before using it and you can constantly check for bugs/vulnerabilities, making it easier to be detected/discovered before it can be exploited.

I think it is pretty simple to understand why open source wallets are better, if it is closed source you have to believe the devs and trust them to find bugs before they are exploited OR for them not to add anything malicious themselves, you also have to trust them to tell you what went wrong if there is an abnormality going on with the wallet; these are the reasons why open source is better.
legendary
Activity: 2338
Merit: 1261
Heisenberg
Just because it is open source does not mean it's completely safe from attack.
Here is an example of an open source wallet that got compromised - BitPay’s Copay Wallet Compromised by Malicious Code, Firm Issues Advice for Users
legendary
Activity: 2954
Merit: 1153
For non-techie users, there is nothing else we can do but to trust the developers. Since we lack the knowledge to verify the safetiness of the wallet used, it does not matter whetheri it is a close source or open source, we only rely on the reputation of the said wallet. 

No one ever suspected that the atomic wallet application will be compromised since it has been used for years.  Aside from that it is not only the close source wallet that was compromised and made their user lose millions due to the hacking.  Electrum which is known as an open-source wallet had also been compromised when the majority of its server was controlled by hackers tricking the user to reveal their private key[1]

Open source? Close source? I don't care TBH.
I'm not a coder (though I tried to learn at one moment in my life), so I guess I don't care about these type of wallets. After all, this will not remove the possibility of a wallet being hacked. Close source isn't secure, and at the same time open source isn't as well, so what's the difference.

You should care, because if you don't care then you might find yourself in a similar situation as victims of the recent hacking of a closed source Non custodial wallet (Atomic wallet). Many affected victims might have thought they're using a good Non custodial wallet as we always advice them but they made the mistake of trusting a closed source project which is the same as trusting a centralized projects. Closed source (Non custodial wallets) has to be avoided just like centralized wallets or exchange. They can be used for transaction to receive coins but not use for storing of coins you intend holding for a very long time.

I also think we should care but as a non-technical savvy user, how can we verify whether the wallet is safe to use or not?  As we can see atomic wallet had been safe to use for years same goes with other open-source wallets but, we never know if the wallet will be compromised or not until it happens just like what happen to the electrum when it was compromised.




[1] https://portswigger.net/daily-swig/deep-dive-into-electrum-hack-reveals-70-of-network-was-controlled-by-attackers
legendary
Activity: 2408
Merit: 4282
eXch.cx - Automatic crypto Swap Exchange.
Open source? Close source? I don't care TBH.
I'm not a coder (though I tried to learn at one moment in my life), so I guess I don't care about these type of wallets. After all, this will not remove the possibility of a wallet being hacked. Close source isn't secure, and at the same time open source isn't as well, so what's the difference.

You should care, because if you don't care then you might find yourself in a similar situation as victims of the recent hacking of a closed source Non custodial wallet (Atomic wallet). Many affected victims might have thought they're using a good Non custodial wallet as we always advice them but they made the mistake of trusting a closed source project which is the same as trusting a centralized projects. Closed source (Non custodial wallets) has to be avoided just like centralized wallets or exchange. They can be used for transaction to receive coins but not use for storing of coins you intend holding for a very long time.

Although open source wallets has their vulnerabilities but still they're preferable than closed source wallets as then we can't verify the codes or know the reason behind a hack just like in the case of Atomic wallet explained by the OP. We have to relay on the developers (project owners) to explain to use why we can't have access to our coins been stored using their wallet. We all know they're unlikely to put the blame on them and will always look for an excuse to why they were hack. I think we have to hold project owners responsible and demand they pay the victims whenever they put their customers in situations like this. This was meant to be a safe zone (Non custodial wallet), so what happened.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
That's true. However I think its not case for wallets and codes for crypto. Since being open source they show that they are lenient and open for the codes of the wallet and dont have malicious attempt to manipulate it at will. But you got a point about the possible vulnerability if being watch and seen by people who have motives so I could say that its not also safe 100% Maybe some closed source are thinking like this.

Open-source wallets still gets more brownie points for me because you could say that closed-source wallets relies up to a certain point on secrecy for security whereas open-source ones are confident and willing to be challenged which in turn hardens their security through the help of the community. Afterall, two heads are better than one - more people could check open source softwares as opposed to closed source softwares.

There's no 100% safe setup anyhow and it's all about mitigating risks.
legendary
Activity: 2184
Merit: 1302
...we need to take it very serious when warnings and cautions are being released from the platform like this concerning using those centralised wallets and exchanges, if not your keys it's not your coins, how could someone hodl upto this amount on a centralized exchanges wallet without moving it to a personal decentralized wallet, could it be that he was never informed of the danger or he has decided to show non challant attitude concerning that.
Atomic wallet isn't an exchange wallet, it is in fact a non-custodial wallet because its users have the keys, but where the problem stems from is that it is a closed source wallet, and so being closed source we cannot verify if truly it is a non-custodial wallet and that the Atomic team do not have a copy of their users keys in their servers or that they are not doing anything dangerous with the keys generated for users.
Open source? Close source? I don't care TBH.
I'm not a coder (though I tried to learn at one moment in my life), so I guess I don't care about these type of wallets. After all, this will not remove the possibility of a wallet being hacked. Close source isn't secure, and at the same time open source isn't as well, so what's the difference.
You don't have to be a coder to use what is most secure. Bitcoin itself is an open source project and quite a lot of people know nothing about its technical part or how to verify its protocol, but they use Bitcoin because they trust the large community of developers and nodes as well as the technical individuals who constantly check for bugs and other whatnots. Open source wallets are most secure because their codes can be verified, and even if you can't do it yourself, then use what the community has vetted and pointed out as being recommended. If there is a malicious update in an open source wallet, the community will be aware, but in closed source wallets you can prolly just update your wallet and your wallet will be emptied.
hero member
Activity: 714
Merit: 521
I am not just making this post for no reason. Did you hear about Atomic wallet recent vulnerability that over 35 millions of dollars worth of coin has been stolen? If you have not heard about it, you can read about it.

A Non-Custodial wallet, Atomic Wallet, being compromised
Atomic Wallet hack losses top $35M, on-chain sleuth reports

Just as part of the sad news, $8,000,000 gone from a single user using atomic wallet and you can read more about this here https://twitter.com/coingecko/status/1665565419489337347?t=XLH6vRaT-3GJe7SWZIsYOA&s=19 we need to take it very serious when warnings and cautions are being released from the platform like this concerning using those centralised wallets and exchanges, if not your keys it's not your coins, how could someone hodl upto this amount on a centralized exchanges wallet without moving it to a personal decentralized wallet, could it be that he was never informed of the danger or he has decided to show non challant attitude concerning that.
legendary
Activity: 2576
Merit: 1043
Need A Campaign Manager? | Contact Little_Mouse
After MT. Gox, Crytopia and many other exchanges that have been hacked, many people still do not listen. See huge amount of money lost by FTX users. Followed by exchange outflow, thinking people are becoming wise with their coins. Then followed by FTX exchange inflow. People do not want to learn from what they have seen.
I just remember a few weeks ago when Atomic was also in my option in wallets where I will store my ATOM tokens, so that it will earn money passively thru staking. I guess this is a lesson for me who always love staking that always use the wallet that the own developers created, and if they don't have one, don't buy it.

As for the people who lost their money in Atomic, I don't know the main reason, but I guess one reason is the fact that they are giving staking rewards when you store your coins there. I guess this is the reason why there are still people who prefer storing their coins in some wallets, or exchanges where they can earn money passively like what Atomic is offering. I just hope that these people who lost their money are still ok, learned their lesson, move on, and move forward.

Let me go to the main point. Who knows what caused the Atomic wallet vulnerability that made many users to lose huge amount of money? We can not know becuase it is a close source wallet. Do not use the wallet that you do not know what it is made up of. Nobody knows if the vulnerability is done by Atomic wallet developers or not because you can not verify its code.
Open source? Close source? I don't care TBH.
I'm not a coder (though I tried to learn at one moment in my life), so I guess I don't care about these type of wallets. After all, this will not remove the possibility of a wallet being hacked. Close source isn't secure, and at the same time open source isn't as well, so what's the difference.
hero member
Activity: 2520
Merit: 952
many people still do not listen. Thinking people are becoming wise with their coins. People do not want to learn from what they have seen.

I don't think it's because people don't want to listen, it's just that there is always new fish in pond who don't know stuff, plus some must have assumed non-custodial means secure. Won't be too far when some open-source wallet gets hacked too.



People have lost huge in this hack, recent reviews on Trustpilot are saddening.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Open Source allows everyone to go through the code, and it's much easier to create a vulnerability when you know the source code and how it's interacting with the environment.
That's true. However I think its not case for wallets and codes for crypto. Since being open source they show that they are lenient and open for the codes of the wallet and dont have malicious attempt to manipulate it at will. But you got a point about the possible vulnerability if being watch and seen by people who have motives so I could say that its not also safe 100% Maybe some closed source are thinking like this.
hero member
Activity: 1442
Merit: 775
Open source is not better than close source if you compare a new open source wallet software and a very old close source wallet software.

A new open source wallet software might have many bugs and can be exploited by hackers. It is a warning for people who are always curious and want to explore new wallets. If they do it on a device which stores their coins, they will lose their coins if that new wallet software has malwares.

In general, open source gives us more chances to explore about that wallet in code and it's better than close source that does not give us such chances.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
Only after the recent Atomic wallet hack, I came to know that even though we hold the keys to our wallet it doesn't necessarily mean that our coins are safe.
If the wallet is close source then even holding the keys to the addresses won't be safe because we don't know how the keys were generated.
So if the wallet is open source then it is on the safer side as we can verify the code easily.

That brings me to other question. I have searched and go to know that Mycelium is a good open source wallet.
But few people argue that it's not completely open source. So how do we verify if it's completely open source or not.
If not, then what part of the Mycelium wallet is not open and if it is risky.
legendary
Activity: 1022
Merit: 1341
Op yes we have heard about the incident from these two threads which have been created by NotATether and Wind_FURY. Open wallet is not a guarantee ticket to security, because even the open source was created by someone and there person can update the server at anytime. But from what we discussed yesterday about this Atomic Wallet. It was an open source but funds were transferred from the main server and definitely need all know that, that is not an open source project again. Or was the software compromised? What happened does not look like an open source
copper member
Activity: 1470
Merit: 1609
Bitcoin Bottom was at $15.4k
And the most important thing is an open source wallet doesn't mean the security is 100% safe.

Open Source allows everyone to go through the code, and it's much easier to create a vulnerability when you know the source code and how it's interacting with the environment.
No game developer open source their code, It's not like someone can copy their code and launch it and get their player base, it's because they don't want cheat devs to know how it's working behind the scene.
jr. member
Activity: 38
Merit: 24
This is nice bringing up the topic since most beginners might not have come across it.

If you see any wallet and you do not know how to verify if it is open source or close source, you can post a topic about the wallet so that people on this forum can tell you if it is open source or not because many wallets are claiming to be open source, like Atomic wallet but which is not open source.
Atomic wallet never claimed to be open sourced. You can see it here https://support.atomicwallet.io/article/184-why-is-atomic-wallet-not-open-source where they gave their reasons for not going full open sourced. Open source means the source code is publicly accessible. so a wallet can't really claim open source if the public can't even access its code just like trustwallet whose public code hasn't been updated since binance purchased it.

A good wallet should be both open sourced( this doesn't mean all open sourced wallet are safe) and non custodial in nature. There's a reason Electrum is seen positively by the forum.

hero member
Activity: 644
Merit: 661
- Jay -
Following up the discussions on the issue many users are talking about how they have used Atomic wallet for years without any issues, this is the perspective of many Bitcoin enthusiast; they value the long standing "reputation" over evidence against it, so if a wallet like Trust wallet has existed for a long time with little issues millions would still use it despite the warnings against it.
This is same with Coinomi and Atomic wallet.

And the most important thing is an open source wallet doesn't mean the security is 100% safe.
The user shares some (a whole lot) responsibility in keeping their assets safe. It being open source allows you to be able to verify what security they use, how they generate and store seedphrases...
A user might not be able to do this themselves but can do research on discoveries about the wallet.

- Jay -
hero member
Activity: 854
Merit: 663
And the most important thing is an open source wallet doesn't mean the security is 100% safe.

It's just an open source, even you can check the source, but you're not a coder, you're don't know anything about that. This is why you need to ask many opinions from coders about the source, to make sure there's no malicious code.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
I am not just making this post for no reason. Did you hear about Atomic wallet recent vulnerability that over 35 millions of dollars worth of coin has been stolen? If you have not heard about it, you can read about it.

A Non-Custodial wallet, Atomic Wallet, being compromised
Atomic Wallet hack losses top $35M, on-chain sleuth reports

After MT. Gox, Crytopia and many other exchanges that have been hacked, many people still do not listen. See huge amount of money lost by FTX users. Followed by exchange outflow, thinking people are becoming wise with their coins. Then followed by FTX exchange inflow. People do not want to learn from what they have seen.

Let me go to the main point. Who knows what caused the Atomic wallet vulnerability that made many users to lose huge amount of money? We can not know becuase it is a close source wallet. Do not use the wallet that you do not know what it is made up of. Nobody knows if the vulnerability is done by Atomic wallet developers or not because you can not verify its code.

If you want open source bitcoin wallet, these are some of them:

Open source bitcoin hardware wallets
Bitcoin open source wallets that support replace-by-fee (RBF)

If it is bitcoin, you do not need to trust developers or anyone, do not use a close source wallet. Just use the open source wallets that the community will advice you to use.

If you see any wallet and you do not know how to verify if it is open source or close source, you can post a topic about the wallet so that people on this forum can tell you if it is open source or not because many wallets are claiming to be open source, like Atomic wallet but which is not open source. Just like how Android will claim they are open source but they are truly not open source.



Yogee, can you edit your topic: Do beginners know what closed & open source wallets are?

Trustwallet iOS is no more open source.
Jump to: