Topic: Is there any malware that captures your recovery seed when shown or typed? - page 2. (Read 779 times)

All you need is to import the unsigned tx from your internet connected watch only device into your airgapped wallet, and to export the signed tx from your airgapped wallet into your watch only wallet, and you can do that using qr codes. You simply create the tx in your watch only wallet, and scan the qr code from your offline wallet to import the unsigned tx, then sign it, and scan the qr code from your watch only wallet to import the signed tx, and now you can broadcast it to the network.

This way the airgapped wallet is never connected to the internet and the watch only wallet that is connected to the internet does not hold your keys or seed phrase, but your MPK. So your wallet cannot be compromised through it.

Thanks , I see your point....

If I get it right, you need to move data like signing tx to an internet connected device to pass it on to the Blockchain. To avoid any kind of infection here I think the best option is to use a CD writer on the airgapped laptop, to write the data to a CD and then read the CD on the internet connected device.  If you use a USB Stick, you run the risk that the USB Stick is infected and affects your air gapped device when plugging it in there....A blank CD is likely more safe....

Take note that if you want an airgapped wallet, it has to be completely disconnected from the internet, connecting it 'occasionally' to the internet means it is no longer an airgapped wallet and your wallet can be compromised in that way. After setting up your airgapped wallet, you would need a complementary online watch only wallet for creating and broadcasting tx's, all your airgapped wallet does is sign tx's, which you would do offline.

I would use a cheap new laptop, install only the software needed for Bitcoin transactions from a USB Stick or so and connect it to the internet when really needed to perform transactions. Means NO surfing or installing something else.

That should keep your exposure very limited to catch any kind of malware......

Of course, at the moment I don't see the need to encrypt mnemonics with AES-256-CBC, but some wallets export backups in this standard like the Bitcoin Wallet for Android (Schildbach), which I think would be good if other wallets provided this backup option encrypted.

Yes. Although in this case, you better ensure your device is secure. If malware exist on your device, your mnemonic would be compromised when you create new wallet or perform encryption over plain text/file.


Or remember password used for AES-256 encryption. And yes, i'm aware the password is hashed into 256-bit data which used as encryption key.

"Safe"? Yes. "Safer than simply writing down on paper"? No. AES-256 is pretty strong, but it provides no single benefit. It's obviously safer than storing the seed phrase in plain text on a hard drive, but you shouldn't be storing the seed phrase anywhere digitally in the first place. It's also more complex, and complexity is the enemy of security.

Forget the mnemonic. You still have to store the AES-256 private key somewhere in plain text. It's just like the standard method of writing down the phrase but with extra steps.

Why would you want to do that? They are meant to be written on paper. Storing them on a computer, even encrypted, is almost certainly asking for trouble since the mnemonic has to be decided at some point.

Is encrypting mnemonic codes with aes-256-cbc or any sensitive data still safe, using Linux?

A few years ago I used to do this, but stopped, 'cause using bip39 passphrase made more sense.

The best option from my point of view is to use Linux, that's the secure way to deal with sensitive data and to avoid paranoia. The main problem with security on Windows is that anyone can install a program or software without asking, but that doesn't happen in Lunix, it always asks you for root access to install software, which makes us feel more secure with our OS.

If you are concerned on screen recording malware during seed generation and keyloggers during seed recovery, then create an airgapped device. I really don't see how seed phrases are less secure on an Internet connected device. Less comparably to what? A Bitcoin Core wallet file? A malware affected device can compromise Bitcoin Core itself.

That is unnecessarily complicated. Just back the seed phrase up in a piece of paper, or if secured for the long term, use washers. Encrypting the seed phrase just adds an additional private key that you need to be aware of.

If your computer/smartphone is infected with some malware/virus, sometimes there are signs that can point to it, such as increased consumption of RAM or processor, opening of programs that you did not start, redirection to random pages in the browser...

However, the only way to be sure that you really have a problem is the hard way, which means that you create a wallet, send some BTC to it and you are left without everything. However, there is a difference in whether the malware is programmed to automatically steal every small amount that appears in your wallet, or whether the hacker will monitor your balance and empty your wallet only when a larger value is stored in it.


HWs are definitely a higher level of protection, although we can discuss their security protocols and shortcomings here - but also emphasize that even such devices are not immune to human carelessness and stupidity. The most common way for people to be "hacked" while using HW is to be fooled by clipboard malware or to fall for the cheap trick of fake support that asks them to enter their seed in something that looks like the original interface.

If someone cannot afford a hardware wallet or make an airgapped wallet from an old computer, then the best way to avoid exposure to online dangers is to stay away from all those things that are risky, which means no porn sites, downloading torrents and clicking on any suspicious links.

Also, forget about inserting USB sticks and portable HDDs that come from external sources (friends, family members) because they can be infected even without their knowledge. Also, turn off Bluetooth when you are not using it, and protect your wireless home network well and do not connect to any public networks.

There is any sort of malware out there, there are also hardware backdoors, even sounds from your hard disk drive can be used to steal a PC's data. Everything depends on who you are, what you do and where you do.

If you want to feel secure, you have to use an air-gapped device because what can malware do if your computer has no access to the Internet? You generate seeds or keys and never connect your computer to the internet, malware doesn't affect you.

By the way, my opinion is that if you bought a clean computer, didn't download pirate games and softwares, didn't visit any infected website (i.e. only visit youtube, google and similar websites), your seeds or keys won't be compromised but I suggest this if you want to have a hot wallet, for cold wallet, you definitely need an air-gapped computer or air-gapped hardware wallet.

You won't believe it, but there are things like this, some are called "keyloggers". Don't ask how I know about it, it was a very expensive and painful experience for me.


All this is fine, but for an ordinary user, it is too much work and additional devices. There is always an additional risk of losing a file or deleting files on the USB flash drive... Some of the hardware wallets should always be the first recommendation.

Even using something similar to encryption which is word extension can make the backup very secure and no need to depend on encryption. Also as the wallet is on airgapped computer, alternative backup like encrypting the seed phrase or the wallet file on a new and yet formated USB stick is also an option. There are 100% ways to security and safety if you wish for one as long as it is bitcoin.

It all boils down to the same thing "do not backup your wallet seed phrases online".[1] it's never an option to backup whatsoever that has to do with your wallet security online no matter how you have been assured security it's always risky knowing fully well that as days goes by that is the stronger hackers develop their traps. [2]

Using an airgapped devices [3] reduces every chance of your wallet getting hijacked by any hacker, air gap here mean not have connections to the outside world. to maintain this one could disable every connectivity of the devices to prevent virus attacks.

What gives better security is always any offline events, if you back up your seed phrases offline like using the crypto steel [4] type of backup you have more security than back up your recovery seed phrases online even with encryption.

---

[1] https://www.reddit.com/r/ledgerwallet/comments/16qxdfh/curiosity_do_not_store_your_seed_phrase_online_on/
[2] https://www.graphus.ai/blog/hackers-are-constantly-evolving-their-attack-strategies-are-your-security-tools-keeping-up/
[3] https://electrum.readthedocs.io/en/latest/coldstorage.html
[4] https://bitcointalksearch.org/topic/--5278839

By avoiding malware completely. Example is the use of a cold wallet like wallet on airgapped device that pooya87 has already talked about. If the wallet remains on the airgapped device and the airgapped device remain airgapped, no malware can be able to steal from such wallet.

Due to privacy reasons, and the safety of wallet on airgapped device which is equivalent to hardware wallet, I will recommend airgapped device. What that is needed is for the person that wants to use it is to learn about it. It is the best for someone that wants to hold just bitcoin and no altcoin.

He is wrong. Seed phrase are secure because no one can steal your coins unless the seed phrase or part of the seed phrase is seen. If you are concerned about possible offline attack, you can use passphrase to extend the word. If the passphrase is lost, just like the seed phrase, the coins will be lost.

That is why the concept of air gap system exists and we always recommend it in Bitcoin world to those who want to create a wallet with the term Cold Storage.
By being on a clean system that has no connection to outside world, you eliminate "contamination" risk where for example a malware could access and steal your seed phrase.

The same rules apply here too, if your system can be infected by a malware, that malware can also access the wallet file (encrypted or not) and steal the secrets inside it too.
Additionally the flaw in using the wallet file as your only backup (aka digital storage) is that in this type of storage the data can be lost for different reasons, from physical/electrical damage to the device it is stored on (eg. a USB disk) to data decay. This makes digital storage bad for long term storage.

Exposing our private keys to malicious software like keyloggers and screen capture malware is a valid concern. Whenever I create a new wallet on my computer I will disconnect it from the internet so no data can be sent out in that moment. I will carefully write the mnemonic on a piece of paper instead of copying it to the clipboard and saving it to a text document. If you need to verify your seed phrase it is best to use the autocomplete feature if it is supported by your wallet instead of typing the entire words. Whatever precautions you take, there will always be a higher level of vulnerability when using a software wallet which stores your private keys on an internet connected device. You should keep a majority of your funds in a hardware wallet or another form of cold storage like an air-gapped device with Electrum.

Well, it  depends on how well you store either of them. storing wallet files encrypted on an external drive provides a layer of security, but it may still be susceptible to potential risks such as drive failure, loss, or unauthorized access if the encryption passphrase is compromised. Mnemonic phrases, if stored securely, offer a more resilient and versatile backup solution for cryptocurrency wallets. But just as I said before, the security of your seed phrase or wallet dat files purely depend on how well your store either of them.