Pages:
Author

Topic: Is it dangerous to load other people's wallet files in the Bitcoin client? - page 2. (Read 453 times)

copper member
Activity: 427
Merit: 29
Yes, but a virus cannot infect a given blockchain database?
If the second computer does not have Internet connection,
and we will connect blockchain database from another HDD?
legendary
Activity: 1624
Merit: 2481
Yes, for experiments with client files, we need another computer. Now it’s clear, thanks!

Please not that using another computer doesn't completely solves this problem in case of such a vulnerability in the application.

If (and this is a very big if) it is possible to run code injected through a bitcoin core wallet file, it could compromise your second computer.
The possibility of private keys being stolen from wallets being recovered afterwards on that computer does exist, but is very unlikely.

However, if someone can compromise your computer he might also compromise your whole network.


If you really deal with lots of wallet files in a professional manner, use virtual machines or at least sandbox the application (core).
copper member
Activity: 427
Merit: 29
Yes, for experiments with client files, we need another computer. Now it’s clear, thanks!
legendary
Activity: 1624
Merit: 2481
Most importantly, you said that it is impossible to integrate malicious or virus code into the wallet.dat file,

No, he didn't say that.
What he actually said was:

Whilst there is currently no known vulnerabilities that allows for code execution within the wallet.dat file, I wouldn't trust it too much.

And this actually is the only correct answer to that question.
Currently, there are no known vulnerabilities. This does NOT mean that there are no vulnerabilities. This just means that there is no vulnerability publicly known.
Every Software has bugs, and bitcoin core most probably too. Whether someone can inject malicious code to be executed, can not be answered with an definite yes or no.

If you are opening a lot of wallet files from different (not trustworthy) people, what you in fact should be doing is to sandbox the application you are opening them with (in this case: bitcoin core).
copper member
Activity: 427
Merit: 29
Most importantly, you said that it is impossible to integrate malicious or virus code into the wallet.dat file,
because we were recently sent a wallet that the Bitcoin client program could not open and there was some kind of error.
Therefore, we had a suspicion that this file was sent by a person who wanted to attack us. But now it’s clear that this cannot be done in this way.
Thank you for answering the question. If someone has a different opinion, let me know, please.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Wallet.dat can be modified to show fake addresses to show to the user without the actual private keys being inside. Sending someone your wallet.dat, encrypted or not is never a good idea. It is very much possible for someone to be able to copy your private keys and sipon the funds from your addresses in the future. Whilst there is currently no known vulnerabilities that allows for code execution within the wallet.dat file, I wouldn't trust it too much.
copper member
Activity: 427
Merit: 29
Hello everybody!

Wallets are sent to us to check the availability of private keys inside,
so we can confirm whether this wallet is real or not, but we are worried about our wallets.
Can an attacker send us such a wallet that will harm us and one day, we suddenly lose all our coins?
If this is the "wallet.dat" file format, is it possible to inject malicious code into this file?

Thanks!
Pages:
Jump to: