Pages:
Author

Topic: Is there any malware that captures your recovery seed when shown or typed? (Read 779 times)

hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
Don't use your crypto wallet stuff on a device with which you do your daily internet shit. That already can help a lot, but doesn't protect you 100%. Air-gapped or hardware wallets and careful verification of transaction details helps a lot, too.
Currently I manage my crypto only on my Linux partition, we are not 100% free of malware, but it already solves a good number of problems, I only use Windows for cryptocurrencies with a maximum hardware wallet.

I have suggested before on previous threads that developers create a offline solution, where you encrypt the seed before you go online and when you copy and paste the encrypted data, it will decrypt it within the software with a password... before it can be used. So even if the hacker retrieve the encrypted "seed" ... it cannot be used without the password to decrypt it, when you go online.
That's a great suggestion, I hadn't thought of that, although there are solutions on github that do something similar to what you suggested, but it's an open source third-party tool and you should analyze the code or trust whoever analyzed the code for you.

In multibit classic there was something similar, but it was not a deterministic wallet yet, so to export the wallet's private keys, you would have to encrypt the file to be exported with a password and you could decrypt it with openssl with encryption algorithm aes-256-cbc.

Regarding the tool I suggested in the link, I just did some tests with newly generated seeds that I wouldn't use as main wallets, so I can't guarantee if it's a minimally safe tool. Run your own tests.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I am also one of those paranoid people that worry about things like this. I always make sure that I shift whatever coins that was on a wallet that I recoved to another secure wallet, emmidiately after I used the seed to recover it. You have to be faster than the "hacker" that infiltrated your system.

I have suggested before on previous threads that developers create a offline solution, where you encrypt the seed before you go online and when you copy and paste the encrypted data, it will decrypt it within the software with a password... before it can be used. So even if the hacker retrieve the encrypted "seed" ... it cannot be used without the password to decrypt it, when you go online.

Clipboard attacks will be nulified, because you can reboot your device before you go online and it will clear the clipboard and keyloggers cannot actively record your keystrokes, because you do this offline. (Just open a word pad document and type other random words, while you configure your seed and swap between the program that you are using and wordpad to scramble the inputs)

You can also use TailsOS to clean reboot after each recovery to protect yourself against most Malware infections. Electrum wallet work very well with TailsOS... if you just want to quickly recover a seed and shift the coins to a new wallet.

I do this, when I shift coins from cold storage to hot wallets.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
...

While following your restrictive procedures isn't bad and gives you less bad exposure to potentially bad sites, are you aware of issues with overly complex browser software, zero-day exploits and the possibility of malicious ads delivery from basically any site that has some space where ads are served and shown?

Google makes money with ads, other sites do the same and not every ad blocker does protect you here. Malicious payloads by ads is not a theoretical attack vector, it happened in the past.

Unmanageable complex browser software with tons of bugs is an issue and open door for malware, sooner or later, and nasty things can happen on any reputable sites which deliver programmable ads and other such shenanigans.

Don't use your crypto wallet stuff on a device with which you do your daily internet shit. That already can help a lot, but doesn't protect you 100%. Air-gapped or hardware wallets and careful verification of transaction details helps a lot, too.
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
95% of trojans intercept all yours keyboard typings, all wallet files, all passwords from all browsers and email clients, and trojans do it as some as posible after they come to your computer.



Exposing our private keys to malicious software like keyloggers and screen capture malware is a valid concern. Whenever I create a new wallet on my computer I will disconnect it from the internet so no data can be sent out in that moment. I will carefully write the mnemonic on a piece of paper instead of copying it to the clipboard and saving it to a text document. If you need to verify your seed phrase it is best to use the autocomplete feature if it is supported by your wallet instead of typing the entire words. Whatever precautions you take, there will always be a higher level of vulnerability when using a software wallet which stores your private keys on an internet connected device. You should keep a majority of your funds in a hardware wallet or another form of cold storage like an air-gapped device with Electrum.
Disconnecting your computer from the Internet does not solve the issue totally, some Trojans and spyware comes with service workers which collect data both offline and online and transmits the data back to the attacker's database when Internet connection is restored.

The best solution remains hardware wallets and air gapped devices. Then if you should import it to a normal device, its important you reinstall the operating system, and let the wallet be the first software to be installed after the OS reinstall. Anything that involves third party softwares and usage of browser before importing your seed phrases is a red flag for me.


Some Trojans can even remains after reinstalling OS because it's saved in the BIOS, so no matter when and how you install there is no way that we can assure that the device is free from malware. That's why Airgapped system is mandatory for storing decent amount of BTC. But OP looks more concerned about the crypto wallets of smartphones. We should not use smartphone to store big amount, should keep very minimal amount that you may need for day to day payments if there is any and all the remaining balance should be in HW or cold storage.

most "qality" trojans  clone your type of bios, os, installed software, and after this hackers  login  to your bank account like to  them home...

[moderator's note: consecutive posts merged]
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Exposing our private keys to malicious software like keyloggers and screen capture malware is a valid concern. Whenever I create a new wallet on my computer I will disconnect it from the internet so no data can be sent out in that moment. I will carefully write the mnemonic on a piece of paper instead of copying it to the clipboard and saving it to a text document. If you need to verify your seed phrase it is best to use the autocomplete feature if it is supported by your wallet instead of typing the entire words. Whatever precautions you take, there will always be a higher level of vulnerability when using a software wallet which stores your private keys on an internet connected device. You should keep a majority of your funds in a hardware wallet or another form of cold storage like an air-gapped device with Electrum.
Disconnecting your computer from the Internet does not solve the issue totally, some Trojans and spyware comes with service workers which collect data both offline and online and transmits the data back to the attacker's database when Internet connection is restored.

The best solution remains hardware wallets and air gapped devices. Then if you should import it to a normal device, its important you reinstall the operating system, and let the wallet be the first software to be installed after the OS reinstall. Anything that involves third party softwares and usage of browser before importing your seed phrases is a red flag for me.


Some Trojans can even remains after reinstalling OS because it's saved in the BIOS, so no matter when and how you install there is no way that we can assure that the device is free from malware. That's why Airgapped system is mandatory for storing decent amount of BTC. But OP looks more concerned about the crypto wallets of smartphones. We should not use smartphone to store big amount, should keep very minimal amount that you may need for day to day payments if there is any and all the remaining balance should be in HW or cold storage.
legendary
Activity: 2576
Merit: 1248
Imagine there is a Trojan on your desktop or cell phone that has been programmed to detect recovery seeds, WIF private keys, extended private keys or any sensitive data that allows partial or full access to your funds in a deterministic wallet.




Text above yep just for readers  Smiley yop pecaution or paranoia, just don't mind!
newbie
Activity: 12
Merit: 0
That is why the concept of air gap system exists and we always recommend it in Bitcoin world to those who want to create a wallet with the term Cold Storage.
By being on a clean system that has no connection to outside world, you eliminate "contamination" risk where for example a malware could access and steal your seed phrase.

Agree that, instead of using the mnemonic as a backup, a simple backup of the wallet file like Bitcoin Core, Electrum, Bitcoin Wallet for Android do, does not reduce remote access to your wallet much more, since in these wallets we have to encrypt and then export them to external drive?
The same rules apply here too, if your system can be infected by a malware, that malware can also access the wallet file (encrypted or not) and steal the secrets inside it too.
Additionally the flaw in using the wallet file as your only backup (aka digital storage) is that in this type of storage the data can be lost for different reasons, from physical/electrical damage to the device it is stored on (eg. a USB disk) to data decay. This makes digital storage bad for long term storage.
This is the way. Air gapped is essential if you have any decent amount of BTC. It's liberating being your own back but like a bank, you need to take security seriously.
hero member
Activity: 1078
Merit: 566
Exposing our private keys to malicious software like keyloggers and screen capture malware is a valid concern. Whenever I create a new wallet on my computer I will disconnect it from the internet so no data can be sent out in that moment. I will carefully write the mnemonic on a piece of paper instead of copying it to the clipboard and saving it to a text document. If you need to verify your seed phrase it is best to use the autocomplete feature if it is supported by your wallet instead of typing the entire words. Whatever precautions you take, there will always be a higher level of vulnerability when using a software wallet which stores your private keys on an internet connected device. You should keep a majority of your funds in a hardware wallet or another form of cold storage like an air-gapped device with Electrum.

If your seed is well secured then you have done majority of the hard work in securing your Bitcoins. It's highly recommended to secure your seed on a piece of paper since it will take not more then a minute or two in doing so. Seed has to be flashed once when we are creating our wallet and there is no escape from that but we can minimise the risk of exposing the seed by taking steps as you mentioned. Do spend some money on buying hardware wallet to add extra layer of defence. 
sr. member
Activity: 602
Merit: 295
to enhance security, it is advisable to use multisignature wallets, which require multiple signatures (from different devices or individuals) to authorize transactions. This approach reduces the likelihood of successful attacks by necessitating multiple authorizations and offering additional safeguards against unauthorized access.

Just as you have mentioned a multi sig actually offers better security only if the multi sig isn’t done on one device, using a single device to do that defeats the whole purpose of the multi sig as it points to one single point of failure. As for me if it is not maybe a two or more individual funds I will refer to buy an hardware Wallet or another device as airgapped and use the other as a watch only wallet and then add pass phrase as a second layer to my seed phrase. I believe both are of the same category of security. Except maybe the co signer for the multi sig is higher than 2 to sign a transaction
newbie
Activity: 4
Merit: 0
to enhance security, it is advisable to use multisignature wallets, which require multiple signatures (from different devices or individuals) to authorize transactions. This approach reduces the likelihood of successful attacks by necessitating multiple authorizations and offering additional safeguards against unauthorized access.
hero member
Activity: 994
Merit: 1089
Don't be paranoid when you don't need to be.
I believe that being a little bit paranoid about your funds is not so bad, especially when it is worth a lot. It can help you to take security and privacy very seriously. I agree that it is possible to use an online wallet without getting hacked, that is if you use your device well, like you have said. However, in an online wallet there is always a chance of an attack and if you own a lot in BTC, it is recommended to simply use an offline wallet and keep your keys permanently off the internet.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
Guys, what's your worry if you don't download pirated movies, games and software? If you don't visit torrent and adult websites and don't download something strange from internet, then you don't have to worry about malware because Google and YouTube won't inject keyloggers into your computer. If they do it, then there will be a huge scandal. I have created many Bitcoin and altcoin wallets from a computer that always had online access since I bought it and keep in mind that I own Bitcoin wallet since 2016 and I have stored up to 3 Bitcoin for many months.
My recipe is simple, I don't download everything that I find online, I don't insert USB flash drive on my computer, I don't download pirated content and I don't open emails from strangers. If you use your computer that way, you'll be fine. If you download pirated content and do some other things, then you should get a new and clean computer and create a wallet there or buy a hardware wallet. Don't be paranoid when you don't need to be.
sr. member
Activity: 490
Merit: 346
Let love lead
Exposing our private keys to malicious software like keyloggers and screen capture malware is a valid concern. Whenever I create a new wallet on my computer I will disconnect it from the internet so no data can be sent out in that moment. I will carefully write the mnemonic on a piece of paper instead of copying it to the clipboard and saving it to a text document. If you need to verify your seed phrase it is best to use the autocomplete feature if it is supported by your wallet instead of typing the entire words. Whatever precautions you take, there will always be a higher level of vulnerability when using a software wallet which stores your private keys on an internet connected device. You should keep a majority of your funds in a hardware wallet or another form of cold storage like an air-gapped device with Electrum.
Disconnecting your computer from the Internet does not solve the issue totally, some Trojans and spyware comes with service workers which collect data both offline and online and transmits the data back to the attacker's database when Internet connection is restored.

The best solution remains hardware wallets and air gapped devices. Then if you should import it to a normal device, its important you reinstall the operating system, and let the wallet be the first software to be installed after the OS reinstall. Anything that involves third party softwares and usage of browser before importing your seed phrases is a red flag for me.
sr. member
Activity: 317
Merit: 448
It would be very easy to implement on a Remote Access Trojan that monitors the desktop 24/7. These trojans have existed for decades, I would say since Windows 95 era, I remember some classics like the Sub7 one. For some reason these softwares make me very nostalgic of the early 2000 era. I think this one was of the first to take screenshots and monitor the desktop. So you could just make it recognize formats of seeds and take a screenshot of that so you don't have to go across hours of recordings. Yeah these softwares were pretty nasty but it is what it is, some people will always try to take advantage of others by any means. To avoid this please just use Linux.
sr. member
Activity: 602
Merit: 295

However, some care must be taken, such as not storing the recovery seed and the personalized password in the same place together, but it is challenging, as it requires your creativity to know how to store this data without anyone with knowledge of cryptocurrency finding it and without you losing it. or forget where you stored them.

First is privacy you don’t need to go around talking about you having cryptocurrency because that expose you to search by people. Even if someone sees that seed phrase without the passphrase there are only going to recover a different wallet. As for the storage of seed phrase offline, the same way it is not advisable to store your seed phrase in your head is the same way you shouldn’t rely on your head on where you store the seed phrase. The best thing will be to periodically check that storage location and check if the seed phrase is there. This can be like 6 months or even yearly not necessarily occasionally.
hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
If you extend your seed phrase with a passphrase, you are not expected to commit the passphrase to memory, just the way you are not going to commit your seed phrase to memory, your passphrase should be backed up on paper, but in a different place from your seed phrase. Extending your seed phrase with a passphrase is a good layer of security and it can also be used for plausible deniability, so i recommend.
Good point! Storing the recovery seed in safe places and knowing where it's at the time of recovery, assuming you didn't just keep it at home, is a challenging process, as someone with knowledge of cryptocurrencies could find it and try to drain your wallet...

Hence the importance of extending the recovery seed to a custom word/passphrase and using it as a 2° factor.

However, some care must be taken, such as not storing the recovery seed and the personalized password in the same place together, but it is challenging, as it requires your creativity to know how to store this data without anyone with knowledge of cryptocurrency finding it and without you losing it. or forget where you stored them.
hero member
Activity: 994
Merit: 1089
I'm not a fan of word extension, sometimes its easy to guess, and when you make it very difficult, you put yourself at great risk of forgetting the format one day and losing your coins too. When choosing safety measures, make sure you don't end up shooting yourself in the foot.
If you extend your seed phrase with a passphrase, you are not expected to commit the passphrase to memory, just the way you are not going to commit your seed phrase to memory, your passphrase should be backed up on paper, but in a different place from your seed phrase. Extending your seed phrase with a passphrase is a good layer of security and it can also be used for plausible deniability, so i recommend.
sr. member
Activity: 490
Merit: 346
Let love lead

Even using something similar to encryption which is word extension can make the backup very secure and no need to depend on encryption. Also as the wallet is on airgapped computer, alternative backup like encrypting the seed phrase or the wallet file on a new and yet formated USB stick is also an option. There are 100% ways to security and safety if you wish for one as long as it is bitcoin.
For me personally, air gapped devices its the best, followed by encryption of seed phrases and private keys. But you need to do the encryption yourself, do not use a random software to encrypt because that involves a third party. You do it yourself and keep the encryption key safe somewhere offline and possibly have it off heart so that even when the encryption is compromised, it cannot be decrypted unless the person has the key too. You can decrypt it yourself in seconds by running your little server with the aid of the the secret key you used for the encryption.

I'm not a fan of word extension, sometimes its easy to guess, and when you make it very difficult, you put yourself at great risk of forgetting the format one day and losing your coins too. When choosing safety measures, make sure you don't end up shooting yourself in the foot.
hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
Commonly, when creating a wallet, we are shown the mnemonic code that can basically rebuild your wallet from scratch when imported into another wallet.

The problem is that whoever has access to these initial words will definitely have access to your entire wallet balance belonging to this recovery seed.

Imagine there is a Trojan on your desktop or cell phone that has been programmed to detect recovery seeds, WIF private keys, extended private keys or any sensitive data that allows partial or full access to your funds in a deterministic wallet.

How can we be sure that these things are not monitoring your clipboard, your keyboard when you type totally random words that follow a pattern like 12 to 24 words? Or a screenlogger that takes a screenshot when it detects a seed on the screen and instantly sends it straight to the attacker's server? We know that it is possible to develop this.
The keylogging malware and overlay attacks (which will create a fake screen for attackers to get the victim's private wallet information) that can execute all the forms of attack you listed are already developed. Another one is InnfiRAT malware which was detected years ago but what I believe is that we need to be careful of the environment we use the computer we use for our crypto activities, the websites we visit, use paid reputable antivirus, never share our computer, the device we use, and we need to use airgap computer for our wallet.
member
Activity: 89
Merit: 13
Thanks , I see your point....

If I get it right, you need to move data like signing tx to an internet connected device to pass it on to the Blockchain.
All you need is to import the unsigned tx from your internet connected watch only device into your airgapped wallet, and to export the signed tx from your airgapped wallet into your watch only wallet, and you can do that using qr codes. You simply create the tx in your watch only wallet, and scan the qr code from your offline wallet to import the unsigned tx, then sign it, and scan the qr code from your watch only wallet to import the signed tx, and now you can broadcast it to the network.

This way the airgapped wallet is never connected to the internet and the watch only wallet that is connected to the internet does not hold your keys or seed phrase, but your MPK. So your wallet cannot be compromised through it.

Thanks, have not thought about QR codes...... that is a good option to transfer data Smiley
Pages:
Jump to: