Author

Topic: is bitcoin core wallet compromiced ? got warning in debugwindow about phishing? (Read 487 times)

legendary
Activity: 3472
Merit: 4801
i want to teach them how to get there priv keys out

Why?

One reason that Bitcoin Core is so safe, is that the private keys are kept encrypted so that hackers and thieves can't get them.  Why would you encourage new users to extract their private keys into an easy to access unencrypted format?
HCP
legendary
Activity: 2086
Merit: 4361
The english version shows as:

Quote
Welcome to the Bitcoin Core RPC console.
Use up and down arrows to navigate history, and Ctrl-L to clear screen.
Type help for an overview of available commands.
WARNING: Scammers have been active, telling users to type commands here, stealing their wallet contents. Do not use this console without fully understanding the ramification of a command.
It is just a warning about social engineering really... basically it says "don't just blindly copy/paste commands and/or the output to anyone that asks for it"...

Honestly, newbies probably shouldn't be playing with the debug console anyway Tongue But, hopefully the warning is scary enough that anyone looking at the console will properly investigate what a given command actually does before they try and execute it!
legendary
Activity: 1078
Merit: 1000
so as long as we use
help
and for example
dumpprivkey in the console like listed on the help list we are safe ?
i want to teach them how to get there priv keys out

As long as they do not paste whatever people tell them to, unless they trust that person or know what they are doing.

Key in dumpprivkey [ADDRESS] to dump the address. You have to unlock the wallet using
Code:
walletpassphrase "PASSPHRASE" 600
before that.
is this warning ment like:

dont use command lines given by people you find in the net and which ask you to post the output to them ?
Don't paste anything that a stranger tells you to, unless you can trust them or know what you are doing.

thank you
and yes i know htat
i am here just becouse the way the warning is put there in german language it sounds like the phishing can be done in the console at your pc
a line like never let third part see the output or past them to otheres

for newbyes that would be more clear.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
so as long as we use
help
and for example
dumpprivkey in the console like listed on the help list we are safe ?
i want to teach them how to get there priv keys out

As long as they do not paste whatever people tell them to, unless they trust that person or know what they are doing.

Key in dumpprivkey [ADDRESS] to dump the address. You have to unlock the wallet using
Code:
walletpassphrase "PASSPHRASE" 600
before that.
is this warning ment like:

dont use command lines given by people you find in the net and which ask you to post the output to them ?
Don't paste anything that a stranger tells you to, unless you can trust them or know what you are doing.
legendary
Activity: 1078
Merit: 1000
is this warning ment like:

dont use command lines given by people you find in the net and which ask you to post the output to them ?

we use german language
and there its not makeing that clear
a line like
never ever post outputs of the console
to others you dont realy trust

becouse in german version it sounds like the problem is in the commandlines in the console
for a newby thats scaring and confusing
legendary
Activity: 1078
Merit: 1000
my question is are there actual  phishing atempts and where would i find infos about it ?

i am helping a few newbys in bitcoin and i told them core is the best wallet never got hacked


I haven't encountered any.'

This is just a common social engineering attack, just like how people get fake calls from Microsoft and they pay hundreds of dollars to remove a non existent virus. This is the same except that the victim is lured to paste the command into their client and reply with the output which contains the private key. Bitcoin Core is not hacked, it can happen to any wallet.
so as long as we use
help
and for example
dumpprivkey in the console like listed on the help list we are safe ?
i want to teach them how to get there priv keys out
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
my question is are there actual  phishing atempts and where would i find infos about it ?

i am helping a few newbys in bitcoin and i told them core is the best wallet never got hacked


I haven't encountered any.'

This is just a common social engineering attack, just like how people get fake calls from Microsoft and they pay hundreds of dollars to remove a non existent virus. This is the same except that the victim is lured to paste the command into their client and reply with the output which contains the private key. Bitcoin Core is not hacked, it can happen to any wallet.
legendary
Activity: 1078
Merit: 1000
Bitcoin Core is not compromised and that message is completely normal.

It is just a message to inform people not familiar with using Bitcoin Core that using the functions within the debug console can result in them being scammed. Eg. using dumpprivkey would expose the private key.

i use bitcoincore now for years and never had that warning
at least its new
my question is are there actual  phishing atempts and where would i find infos about it ?

i am helping a few newbys in bitcoin and i told them core is the best wallet never got hacked

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Bitcoin Core is not compromised and that message is completely normal.

It is just a message to inform people not familiar with using Bitcoin Core that using the functions within the debug console can result in them being scammed. Eg. using dumpprivkey would expose the private key.
legendary
Activity: 1078
Merit: 1000
hi  got this warning in my debugwindow today:


WARNUNG: Betrüger versuchen aktiv Nutzer dazu zu bringen Kommandos hier auszuführen um die Wallet Inhalte zu stehlen. Diese Konsole sollte nicht benutzt werden ausser man kennt die möglichen Folgen des Kommandos.

ist german and sais warning: there are thiefs that try to activly force users to use comands to take what is in the wallet. dont use this console if you are not certain about the comands result.

how do this thief do it ?
what comands would that be ?
Jump to: