You say you use Bluewallet, is it the android or iOS version (if applicable)? And where did you install it from, in the case of Android?
There are many 0-day vulnerabilities targeting older mobile OSes and it is possible that you were hacked with one of those.
Topic: I thought I would never get hacked... - page 3. (Read 1115 times)
Thank you very much! I will! At least I learnt something from my mistake.
If you have two devices I suggest like others said make a cold/offline wallet with Electrum but this time never connect that device to the internet and make a watch-only wallet in another device where you can monitor your funds and make unsigned transactions and only use the Electrum cold/offline wallet when scanning and signing a transaction. It is way more safer than using Electrum as a hot wallet.
Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc.
Choose a good wallet software if you are to use a mobile app.Wallets like electrum for example have an inbuilt or virtual keyboard. That way, when you are typing your seed, you do it through the virtual keyboard and not those third-party keyboards on your mobile device.
Also, even importing a wallet, do it offline.
Thank you very much! I will! At least I learnt something from my mistake.
Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc.
Choose a good wallet software if you are to use a mobile app.Wallets like electrum for example have an inbuilt or virtual keyboard. That way, when you are typing your seed, you do it through the virtual keyboard and not those third-party keyboards on your mobile device.
Also, even importing a wallet, do it offline.
This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it.
Do you have in mind any keyboard that is relatively safe? Perhaps offline, or without cloud backup etc.
Really? Even when they're at the background? That would be a terrible flaw in Android!
Maybe. Maybe not. Malware is obviously specifically designed to bypass the usual security protocols. And given that most phone firmware and most apps are largely closed source, who knows for sure? But I'm certainly not going to assume that Android or Apple have created the first 100% fool proof security system.F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets.
This is just one possibility. Don't assume this is definitely how your seed phrase was compromised, and that by using a different keyboard app that device is now safe. We can't say for sure what happened, so you should assume that device is compromised until you format it. This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password.
Thanks so much for the info. It makes absolute sense.
This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
Possibly that's the reason why you've been hacked any 3rd party keyboard has some sort of cloud database that records your keystroke. I'm always using the default keyboard than using like Swiftlkey or Grammarly because they record my clipboard and keystroke. However, sometimes I use Grammarly but switch it back to the default keyboard when typing a password.
Btw I am using Swiftkey as my main keyboard app.
Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world.F*CK! I am so stupid... Anyway, what has been done, has been done. I will only use desktop wallets.
Still, I can't figure out why it is a bad idea.
It's a trade-off between paying a transaction fee, or doubling the risk of using a compromised wallet. In this case, with a small wallet, I wouldn't have moved the funds, but instead use both wallets (the new one for receiving funds, the old one for paying until it's empty).Every app on your phone has access to your keyboard inputs.
Really? Even when they're at the background? That would be a terrible flaw in Android! Btw I am using Swiftkey as my main keyboard app.
Which syncs to the cloud. By the time you finished typing in your seed phrase, it was already on an unknown number of servers around the world. Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.
This is true, indeed. Btw I am using Swiftkey as my main keyboard app.
Even the simple act of typing your seed phrase on your phone's keyboard is enough to result in it being stolen. Every app on your phone has access to your keyboard inputs. Any one of them could be maliciously logging your key strokes, or inadvertently leaking information. Your predictive text keyboard links up with Google/Apple/whatever servers to analyze and learn your writing style. I've even seen something as simple as a custom theme for your phone have a built in keylogger.
Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk.
Assume that you have created a wallet using wallet A. Generally speaking, it's possible that there's a vulnerability in wallet A that may cause you to lose your fund. It's also possible that there's a malware which can attack wallet A if your device is infected with. With importing your seed phrase into wallet B, you increase the risk of getting hacked. Now, you will lose your fund if there's a vulnerability in each of wallets A and B. It's possible that your device is infected with a malware that can attack wallet B while it has nothing to do with wallet A.
The more wallets you import your seed phrase in, the more attack vectors you open for hackers.
So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
We don't know what exactly caused your wallet to be compromised, but you should never do this. With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for nay reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that.
Still, I can't figure out why it is a bad idea. But, I can realise the fact that my seed phrase is imported into two distinct applications and this doubles the risk.
So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
We don't know what exactly caused your wallet to be compromised, but you should never do this. With importing your seed phrase into another wallet, you increase the risk of getting hacked. If you no longer want to use bluewallet or any other wallet for any reason and you want to use a different wallet, create a new wallet with a new seed phrase, make a transaction and send all the fund to that.
In my opinion the most likely scenarios are (3), (4).
I guess it's #4. #3 would mean many more people would lose much larger amounts.So backup your data, factory reset your phone, and start over.
definetely. I will.
Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Now that you mention it, I have imported my seedphrase once to another application (blockstream green) because I was thinking of switching from BlueWallet to BS Green. I have forgotten it because it was a month ago and I never thought it was suspicious. I have downloaded the app from the playstore. After I decided to keep using Bluewallet instead of green wallet, I uninstalled the green wallet and kept using BlueWallet.
So, to summarize, I have created and used my wallet with BlueWallet. I have imported my seed phrase once to Blockstream green.
Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Yes hot wallet is not secured as we think but the carelessness of the user can also make the hacker to have access to the funds. Just like our living rooms are not secured but the way we protect the house will prevent arm robbers not to enter the house. But if they use extra measures to penetrate and that how wallet all is. The most important things to do in the protection of one's wallet is to keep your seed phrase and the password in very secure place. Don't disclose it to anyone unless you will it to someone.Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
In most time, our carelessness of login to another person device can also case this hack. And this is what is happening in this days. So one of the preventive measures is to steer clear from other people device with your wallet.
Hot wallets are insecure. This is just a fact of life. Yes, we all use them, but the funds in them are never truly secure. Think of all the apps on your phone, all the links you click on, all the files you download. Any one of these could contain malware.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
Alternatively, are you absolutely certain no one could have accessed your seed phrase? You've never typed it in anywhere, or imported it to any other wallet, or saved it electronically, or even copied it to a clipboard? I've seen lots of cases where people have been careless just once, and that's all it takes for their coins to be stolen.
In my opinion the most likely scenarios are (3), (4).
I guess it's #4. #3 would mean many more people would lose much larger amounts.So backup your data, factory reset your phone, and start over.
Jump to: