Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: How Sensitive Is Trust wallet? (Read 171 times)

BlackHatCoiner
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
How Sensitive Is Trust wallet?
October 07, 2022, 12:24:35 PM
#9
Avoid Trust Wallet, for God's sake. It's closed-source, opaque, not private, and it's written by untrustworthy developers that make this kind of ridiculous statements:

Quote from: trustwallet.com
The most trusted & secure crypto wallet

At the same time, of course, that open-source, reputable, peer-reviewed wallet software exists and eliminates trust, which is what we're doing here in the first place. Just visit bitcoin.org and pick another wallet software, preferably Electrum.
joniboini
legendary
Activity: 2170
Merit: 1789
Re: How Sensitive Is Trust wallet?
October 07, 2022, 07:08:46 AM
#8
As a user of Trust Wallet, I suggest you not use it for cold storage or as your main wallet. While I never get a problem with it, there are simply better options for a cold wallet to store your funds. Wasabi, Samourai, etc are available on mobile too, so I'd use them if you can't buy a new HW.
ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Re: How Sensitive Is Trust wallet?
October 07, 2022, 04:30:55 AM
#7
Quote from: n0nce on October 06, 2022, 12:11:38 PM
Quote from: ?? on ??
Quote from: fennic on October 05, 2022, 01:34:11 PM
If someone be able to predict your phrase than it can be easily hacked.
People can't simply predict your seed/recovery phrase. For 12 words length, there are 2048^12/16 possible combination permutation.
In Trust wallet's case, we don't know that the seed phrases it generates are picked at random out of the 2048^12/16 possible permutations.

That's true. I was just assuming Trust Wallet implement BIP39 correctly.

Quote from: n0nce on October 06, 2022, 12:11:38 PM
As it's closed source, it's definitely possible that they create them deterministically and will either steal small amounts of funds (such that it goes unnoticed for as long as possible) or do a big giant rug pull in the future, emptying all of the wallets.

Not impossible, although i'd worry more about lack of privacy since they could collect and sell your data covertly.
n0nce
hero member
Activity: 882
Merit: 5818
not your keys, not your coins!
Re: How Sensitive Is Trust wallet?
October 06, 2022, 12:11:38 PM
#6
Quote from: ?? on ??
Quote from: fennic on October 05, 2022, 01:34:11 PM
If someone be able to predict your phrase than it can be easily hacked.
People can't simply predict your seed/recovery phrase. For 12 words length, there are 2048^12/16 possible combination permutation.
In Trust wallet's case, we don't know that the seed phrases it generates are picked at random out of the 2048^12/16 possible permutations.
As it's closed source, it's definitely possible that they create them deterministically and will either steal small amounts of funds (such that it goes unnoticed for as long as possible) or do a big giant rug pull in the future, emptying all of the wallets.
n0nce
hero member
Activity: 882
Merit: 5818
not your keys, not your coins!
Re: How Sensitive Is Trust wallet?
October 05, 2022, 08:24:06 PM
#5
Quote from: fennic on October 05, 2022, 01:34:11 PM
I want to know is there any kind of solution so that we cannot be hacked from trust wallet?
The only solution is to stop using it. It has 10 million downloads, but check their WalletScrutiny results:

Quote from: https://walletscrutiny.com/android/com.wallet.crypto.trustapp/
NO SOURCE FOR CURRENT RELEASE FOUND

A wallet that claims to not give the provider the means to steal the users’ funds might actually be lying. In the spirit of “Don’t trust - verify!” you don’t want to take the provider at his word, but trust that people hunting for fame and bug bounties could actually find flaws and back-doors in the wallet so the provider doesn’t dare to put these in.

Back-doors and flaws are frequently found in closed source products but some remain hidden for years. And even in open source security software there might be catastrophic flaws undiscovered for years.

An evil wallet provider would certainly prefer not to publish the code, as hiding it makes audits orders of magnitude harder.

For your security, you thus want the code to be available for review.

If the wallet provider doesn’t share up to date code, our analysis stops there as the wallet could steal your funds at any time, and there is no protection except the provider’s word. [emphasis mine]

I think it's unintended, but the reason you probably don't want to use it is even in their name: 'Trust'.
You have to trust the provider, instead of being able to verify that its codebase is even secure in the first place.
BitMaxz
legendary
Activity: 3248
Merit: 2971
Block halving is coming.
Re: How Sensitive Is Trust wallet?
October 05, 2022, 07:58:46 PM
#4
A 12-word seed phrase can not be easily hacked or predicted by just guessing maybe what you hear outside from this forum those people are victims of phishing or spyware where someone already knows their backup seed phrase.

If you are afraid to become one of them always save your backup physically by writing it on a piece of paper don't store it digitally.
And adding phrases like other said it will help secure your wallet.
Charles-Tim
legendary
Activity: 1512
Merit: 4795
Re: How Sensitive Is Trust wallet?
October 05, 2022, 02:00:36 PM
#3
Quote from: fennic on October 05, 2022, 01:34:11 PM
I have seen that trust wallet is a wallet that only supports Phrase that can be only 13 or 15 characters long and that sucks too much and their is just nothing else. If someone be able to predict your phrase than it can be easily hacked.
I want to know is there any kind of solution so that we cannot be hacked from trust wallet?
Seed phrase can be 12 to 24 words (12, 15, 18, 21 or 24 words). But 12 and 24 word seed phrases are commonly generated on most wallets.

12 words are secure enough, provided you do not expose it where someone can see it, or got exposed online. If you do not feel comfortable with only seed phrase, then you may not want to use Trustwallet if you want to extent it with passphrase.

Trustwallet also only provide you with one address and it is a close source wallet. Some of the reasons I do not recommend the wallet.

Quote from: jackg on October 05, 2022, 01:54:19 PM
Most wallets that incorporate bip39 go with 128 bits (12 words) or 256 bits (24 words). The best way to ensure your wallet is more secure is by extending these words with a passphrase that you'll remember (it can't be recovered) if Trustwallet supports that or finding a different wallet that does.
Trustwallet does not support passphrase.
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: How Sensitive Is Trust wallet?
October 05, 2022, 01:54:19 PM
#2
Bip39 has limits on how long nmemonics can be (and they're set to be divisions of 3). I don't know how trust wallet generates seeds or what length they'll be but it makes sense it'll only give you 12 word seeds (that's 128 bits of entropy and an already impossible number to crack/guess).

Most wallets that incorporate bip39 go with 128 bits (12 words) or 256 bits (24 words). The best way to ensure your wallet is more secure is by extending these words with a passphrase that you'll remember (it can't be recovered) if Trustwallet supports that or finding a different wallet that does.
fennic
member
Activity: 126
Merit: 39
Re: How Sensitive Is Trust wallet?
October 05, 2022, 01:34:11 PM
#1
I have seen that trust wallet is a wallet that only supports Phrase that can be only 13 or 15 characters long and that sucks too much and their is just nothing else. If someone be able to predict your phrase than it can be easily hacked.
I want to know is there any kind of solution so that we cannot be hacked from trust wallet?
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: