Author

Topic: How Sensitive Is Trust wallet? (Read 191 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
October 07, 2022, 11:24:35 AM
#9
Avoid Trust Wallet, for God's sake. It's closed-source, opaque, not private, and it's written by untrustworthy developers that make this kind of ridiculous statements:

Quote from: trustwallet.com
The most trusted & secure crypto wallet

At the same time, of course, that open-source, reputable, peer-reviewed wallet software exists and eliminates trust, which is what we're doing here in the first place. Just visit bitcoin.org and pick another wallet software, preferably Electrum.
legendary
Activity: 2170
Merit: 1789
October 07, 2022, 06:08:46 AM
#8
As a user of Trust Wallet, I suggest you not use it for cold storage or as your main wallet. While I never get a problem with it, there are simply better options for a cold wallet to store your funds. Wasabi, Samourai, etc are available on mobile too, so I'd use them if you can't buy a new HW.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 07, 2022, 03:30:55 AM
#7
If someone be able to predict your phrase than it can be easily hacked.
People can't simply predict your seed/recovery phrase. For 12 words length, there are 2048^12/16 possible combination permutation.
In Trust wallet's case, we don't know that the seed phrases it generates are picked at random out of the 2048^12/16 possible permutations.

That's true. I was just assuming Trust Wallet implement BIP39 correctly.

As it's closed source, it's definitely possible that they create them deterministically and will either steal small amounts of funds (such that it goes unnoticed for as long as possible) or do a big giant rug pull in the future, emptying all of the wallets.

Not impossible, although i'd worry more about lack of privacy since they could collect and sell your data covertly.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
October 06, 2022, 11:11:38 AM
#6
If someone be able to predict your phrase than it can be easily hacked.
People can't simply predict your seed/recovery phrase. For 12 words length, there are 2048^12/16 possible combination permutation.
In Trust wallet's case, we don't know that the seed phrases it generates are picked at random out of the 2048^12/16 possible permutations.
As it's closed source, it's definitely possible that they create them deterministically and will either steal small amounts of funds (such that it goes unnoticed for as long as possible) or do a big giant rug pull in the future, emptying all of the wallets.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
October 05, 2022, 07:24:06 PM
#5
I want to know is there any kind of solution so that we cannot be hacked from trust wallet?
The only solution is to stop using it. It has 10 million downloads, but check their WalletScrutiny results:

NO SOURCE FOR CURRENT RELEASE FOUND

A wallet that claims to not give the provider the means to steal the users’ funds might actually be lying. In the spirit of “Don’t trust - verify!” you don’t want to take the provider at his word, but trust that people hunting for fame and bug bounties could actually find flaws and back-doors in the wallet so the provider doesn’t dare to put these in.

Back-doors and flaws are frequently found in closed source products but some remain hidden for years. And even in open source security software there might be catastrophic flaws undiscovered for years.

An evil wallet provider would certainly prefer not to publish the code, as hiding it makes audits orders of magnitude harder.

For your security, you thus want the code to be available for review.

If the wallet provider doesn’t share up to date code, our analysis stops there as the wallet could steal your funds at any time, and there is no protection except the provider’s word. [emphasis mine]

I think it's unintended, but the reason you probably don't want to use it is even in their name: 'Trust'.
You have to trust the provider, instead of being able to verify that its codebase is even secure in the first place.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
October 05, 2022, 06:58:46 PM
#4
A 12-word seed phrase can not be easily hacked or predicted by just guessing maybe what you hear outside from this forum those people are victims of phishing or spyware where someone already knows their backup seed phrase.

If you are afraid to become one of them always save your backup physically by writing it on a piece of paper don't store it digitally.
And adding phrases like other said it will help secure your wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
October 05, 2022, 01:00:36 PM
#3
I have seen that trust wallet is a wallet that only supports Phrase that can be only 13 or 15 characters long and that sucks too much and their is just nothing else. If someone be able to predict your phrase than it can be easily hacked.
I want to know is there any kind of solution so that we cannot be hacked from trust wallet?
Seed phrase can be 12 to 24 words (12, 15, 18, 21 or 24 words). But 12 and 24 word seed phrases are commonly generated on most wallets.

12 words are secure enough, provided you do not expose it where someone can see it, or got exposed online. If you do not feel comfortable with only seed phrase, then you may not want to use Trustwallet if you want to extent it with passphrase.

Trustwallet also only provide you with one address and it is a close source wallet. Some of the reasons I do not recommend the wallet.

Most wallets that incorporate bip39 go with 128 bits (12 words) or 256 bits (24 words). The best way to ensure your wallet is more secure is by extending these words with a passphrase that you'll remember (it can't be recovered) if Trustwallet supports that or finding a different wallet that does.
Trustwallet does not support passphrase.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
October 05, 2022, 12:54:19 PM
#2
Bip39 has limits on how long nmemonics can be (and they're set to be divisions of 3). I don't know how trust wallet generates seeds or what length they'll be but it makes sense it'll only give you 12 word seeds (that's 128 bits of entropy and an already impossible number to crack/guess).

Most wallets that incorporate bip39 go with 128 bits (12 words) or 256 bits (24 words). The best way to ensure your wallet is more secure is by extending these words with a passphrase that you'll remember (it can't be recovered) if Trustwallet supports that or finding a different wallet that does.
member
Activity: 126
Merit: 39
October 05, 2022, 12:34:11 PM
#1
I have seen that trust wallet is a wallet that only supports Phrase that can be only 13 or 15 characters long and that sucks too much and their is just nothing else. If someone be able to predict your phrase than it can be easily hacked.
I want to know is there any kind of solution so that we cannot be hacked from trust wallet?
Jump to: