Topic: How popular cryptocurrency wallets completely expose your private keys (Read 274 times)
May 02, 2019, 03:20:58 PM
This can be shocking but hey is you job to keep you keys on a safe place and if the PC you using is not safe than is your fault if they steal your coins.
May 01, 2019, 11:44:45 PM
What of phones? They're nowhere near as secure as a hardware wallet obviously but they're not the gaping open door a PC is. I don't think I've ever read on here anyone who had one of the decent phone wallets hacked remotely.
that doesn't make them any safer though. for example the most common case these days specially with a popular wallet such as Electrum is people downloading a fake version from somewhere else and losing their coins after installing that malicious software. that can easily happen for "phone wallets" too!
the difference is that people don't usually use phone wallets in first place and if they do, they don't store that much on them. so the "potential victim count" is much smaller so hackers prefer to spend their time target the larger audience hence more PC related attacks.
May 01, 2019, 05:33:42 PM
Most wallets store the private key on your device storage so asking them not to use such wallets means they only have the option of a hardware wallet or exchange wallet and storing your funds on an exchange wallet is even more dangerous and only people with very huge funds would want to go for the hardware wallet.
What of phones? They're nowhere near as secure as a hardware wallet obviously but they're not the gaping open door a PC is. I don't think I've ever read on here anyone who had one of the decent phone wallets hacked remotely.
May 01, 2019, 05:20:42 PM
This is quite old already.
Exodus is not a wallet which is very security-orientated. And neither is jaxx.
Anyone who can afford it should go for a hardware wallet.
They cost around 60$. That's not too much considering the security and convenience it combines.
If you have BTC worth 200$+, i would spend 60 of them for a hardware wallet.
Better have 120$ worth of BTC protected, than risking losing all 200$ equivalent of BTC.
Exodus is not a wallet which is very security-orientated. And neither is jaxx.
[...] only people with very huge funds would want to go for the hardware wallet.
Anyone who can afford it should go for a hardware wallet.
They cost around 60$. That's not too much considering the security and convenience it combines.
If you have BTC worth 200$+, i would spend 60 of them for a hardware wallet.
Better have 120$ worth of BTC protected, than risking losing all 200$ equivalent of BTC.
May 01, 2019, 03:22:10 PM
Most wallets store the private key on your device storage so asking them not to use such wallets means they only have the option of a hardware wallet or exchange wallet and storing your funds on an exchange wallet is even more dangerous and only people with very huge funds would want to go for the hardware wallet.
May 01, 2019, 10:45:15 AM
I do not understand why any person ever uses a PC to host a wallet. It does not make the slightest sense and I find it really weird that they're still considered a viable option. The only time I'd use a PC in that capacity is if it had its wifi card ripped out and was never hitting the internet ever again.
From my experience based on people I know, it's 90% due to ignorance in terms of information security. One person I know's reason was "I have an antivirus so I am safe", while using his very outdated Windows 7 device. Yikes. For every person that I know that holds bitcoin, I had to school every. single. one. of them.
May 01, 2019, 10:30:26 AM
I do not understand why any person ever uses a PC to host a wallet. It does not make the slightest sense and I find it really weird that they're still considered a viable option. The only time I'd use a PC in that capacity is if it had its wifi card ripped out and was never hitting the internet ever again.
May 01, 2019, 09:41:40 AM
Thanks for sharing this info. I never knew that these wallets store the data (private key) in the memory and that such data can be retrieved from the memory so easily.
It's obvious that anybody who has access to the computer would then be easily able to hack in to the wallets. I am glad I don't use any wallets on my PC.
If the vulnerability is so severe how come there is no solution to it.
It's obvious that anybody who has access to the computer would then be easily able to hack in to the wallets. I am glad I don't use any wallets on my PC.
If the vulnerability is so severe how come there is no solution to it.
May 01, 2019, 08:47:47 AM
That was Exodus' answer to the video: Addressing Vulnerabilities with Software-Based Wallets
Basically, they didn't think this is a major issue and that "Exodus is only as secure as the computer it is running on" (thus, it's your job to keep your wallet secure). AFAIK, they didn't change anything after the video.
Basically, they didn't think this is a major issue and that "Exodus is only as secure as the computer it is running on" (thus, it's your job to keep your wallet secure). AFAIK, they didn't change anything after the video.
May 01, 2019, 08:43:11 AM
Though I'm not sure if this is still the case with Exodus today, whereas the seed is actually in plaintext(was expecting a bit of encryption), take note that these types of wallets shouldn't be used for long-term storage in the first place, unless you definitely know what you're doing(with the usage of an air-gapped device). These wallets should be used only as hot wallets in the first place.
May 01, 2019, 05:55:34 AM
When I was searching the internet about things on how to protect your cryptocurrency assets. I landed on this video, he shows How popular cryptocurrency wallets completely expose your private keys. so know we really need to have extra care when using our crypto wallets on our computer. as he said it is important to use another computer for our crypto wallet different from the computer we used to surf the internet.
Source:
https://youtu.be/VU3Zfrvsm8k
Quote
In this video I demonstrate how unsafe it is to run cryptocurrency wallets on vulnerable PCs. Simply by having the wallet running, your private key is exposed in plaintext and can be stolen by malware in a matter of seconds.
Although it is the responsibility of the user to keep their private keys secure, I think it is very unfortunate that developers don't take even basic security measures to prevent this from happening so easily.
Although it is the responsibility of the user to keep their private keys secure, I think it is very unfortunate that developers don't take even basic security measures to prevent this from happening so easily.
Source:
https://youtu.be/VU3Zfrvsm8k
Jump to: