Topic: Mnemonic is no longer safe? - page 3. (Read 615 times)
Mnemonic phrase has always been saved, it's the way you handle your wallets that determines the security and safety. Some persons store their recovery phrase on emails, google drive, notepad and other online security storages. This should be discontinued and never to be tolerated for any reason. I understand some persons have been caught unaware in this era of web3 and Defi movement due to phishing links compromising their wallets, therefore it's important to practice proper wallet management and deploy hardware wallet for bigger fund.
I agree, maybe this is just part of the story, maybe someone the OP's friend has access to his PC and then later found out his mnemonic phrase. So not necessarily a hacked or his PC has malware, it's more of an inside job.
And this is the main reason why you don't do that, saving your mnemonic phrase in a text base or something that is very clear to read and understand by others. Keep it away that only you have access to it.
Either an inside job or a hacking incidents and with this, we can still say that Mnemonic is still a safe option for your wallet all you have to do is to secure it at the best possible way. I wonder if your friend let someone use his computer without him around? This is also why I don't let anyone to access my computer because I value privacy and this is where I secure my wallet details aside from having my own black book. The other option is really to write it down in a secure notebook and have code on that which you are the only one who understand that code. And this is the main reason why you don't do that, saving your mnemonic phrase in a text base or something that is very clear to read and understand by others. Keep it away that only you have access to it.
This is very first time I'm experiencing with the name of Coin98 wallet! Maybe its an extinction of crome browser, i notice it also available as Coin98 Super apk for mobile device. I don't know how safe this is for generating Mnemonic seed. I suggest to open another Mnemonic seed by using Trust wallet or metamask and transfer funds from others wallets which are created by using Coin98! Cause it also possible those wallets are already compromised and hacker will transfers fund later and recheck your device and make sure that is safe
I'm also not aware of Coin98 mobile wallet.
There might be some part of the story that we didn't know since OP just conclude right away that it's because of mnemonics being not safe. OP should look at all sides of the case starting from the hardware/devices that were used or might be his friend did some unintentional action that is not aware of.
Technically, mnemonics are safe and can't be breached that just easy. Although I'm not really aware of this Coin98 wallet and I'm confused about how on earth your friend ended up with a wallet that I can't even consider as popular or reputable.
I agree, maybe this is just part of the story, maybe someone the OP's friend has access to his PC and then later found out his mnemonic phrase. So not necessarily a hacked or his PC has malware, it's more of an inside job.
And this is the main reason why you don't do that, saving your mnemonic phrase in a text base or something that is very clear to read and understand by others. Keep it away that only you have access to it.
legendary
Activity: 2394
Merit: 1082
Leading Crypto Sports Betting & Casino Platform
@OP Mnemonic phrase does not prevent a user from being hacked, keeping the mnemonic phrase safe from Hackers is what does prevent a user from hacks.
You already know and stated how and why your friend got hacked, you said he's device was infiltrated by malware, this is more than enough reason to get hacked and lose alot of money, and I thank God for your friend because in his case, he didn't loose much, $300 to $400 I understand is quite a lot for some people, but think of it, people loose millions of dollars in this same simple process.
So to assure you, I tell you that mnemonic are very safe, but also very importantly requires to be kept safe to avoid being hacked.
You already know and stated how and why your friend got hacked, you said he's device was infiltrated by malware, this is more than enough reason to get hacked and lose alot of money, and I thank God for your friend because in his case, he didn't loose much, $300 to $400 I understand is quite a lot for some people, but think of it, people loose millions of dollars in this same simple process.
So to assure you, I tell you that mnemonic are very safe, but also very importantly requires to be kept safe to avoid being hacked.
There might be some part of the story that we didn't know since OP just conclude right away that it's because of mnemonics being not safe. OP should look at all sides of the case starting from the hardware/devices that were used or might be his friend did some unintentional action that is not aware of.
Technically, mnemonics are safe and can't be breached that just easy. Although I'm not really aware of this Coin98 wallet and I'm confused about how on earth your friend ended up with a wallet that I can't even consider as popular or reputable.
This is very first time I'm experiencing with the name of Coin98 wallet! Maybe its an extinction of crome browser, i notice it also available as Coin98 Super apk for mobile device. I don't know how safe this is for generating Mnemonic seed. I suggest to open another Mnemonic seed by using Trust wallet or metamask and transfer funds from others wallets which are created by using Coin98! Cause it also possible those wallets are already compromised and hacker will transfers fund later and recheck your device and make sure that is safe
I haven't experienced any Mnemonic leak in my device. I believe all the phrases created within our unit is safe until it is breached by malware. The leak of this secret phases maybe caused by a malware or virus that snippet wallet and it is possible that @OP friend is infected by cryware[1]. It is said that this malware is designed to collect and exfiltrate data from hot wallets, or non-custodial cryptocurrency wallets, that are stored on common user devices and help complete crypto transactions. [1] The link below gives more detail about this kind of malware. It also gives pointers on how to keep our gadgets and devices safe from malware.
(copy pasted it here to anyone who doesn't want to click the link)
Malware or viruses is never been new on digital world.There's always those hackers who would really be keep on making malwares and other related stuff considering that crypto space is something a (copy pasted it here to anyone who doesn't want to click the link)
honeypot for them to get tons of money with those crawling malwares which we know that majority of us really make use of pc and mobiles which is really that easy to penetrate if you arent that
aware on how these things works or make yourself that safe with it.Its typical but people would only learn up on strengthen up their security once they had
experience some losses.
I haven't experienced any Mnemonic leak in my device. I believe all the phrases created within our unit is safe until it is breached by malware. The leak of this secret phases maybe caused by a malware or virus that snippet wallet and it is possible that @OP friend is infected by cryware[1]. It is said that this malware is designed to collect and exfiltrate data from hot wallets, or non-custodial cryptocurrency wallets, that are stored on common user devices and help complete crypto transactions. [1] The link below gives more detail about this kind of malware. It also gives pointers on how to keep our gadgets and devices safe from malware.
(copy pasted it here to anyone who doesn't want to click the link)
[1] https://www.simplilearn.com/malware-and-crypto-wallets-how-hackers-are-exploiting-article#:~:text=A%20new%20threat%20has%20recently,and%20help%20complete%20crypto%20transactions.
(copy pasted it here to anyone who doesn't want to click the link)
Quote
Microsoft has been on the front lines to help protect users against crypto wallet malware. The company has provided a number of tips for protecting users’ hot wallets.
Keep hot wallets locked when the user is not actively trading, and disconnect sites that are connected to the hot wallet.
Do not store private key information in plain text format (which can be easily stolen), and use care when copying and pasting password information.
Terminate a browser session every time a transaction is completed.
Be on the lookout for suspicious links to wallet websites and apps, and double-check crypto wallet transactions and approvals.
Don’t share private key information or seed phrases, and seek out wallets that use multifactor authentication.
Use hardware wallets that store private keys offline.
Double check the full file extensions of files that you download.
Keep hot wallets locked when the user is not actively trading, and disconnect sites that are connected to the hot wallet.
Do not store private key information in plain text format (which can be easily stolen), and use care when copying and pasting password information.
Terminate a browser session every time a transaction is completed.
Be on the lookout for suspicious links to wallet websites and apps, and double-check crypto wallet transactions and approvals.
Don’t share private key information or seed phrases, and seek out wallets that use multifactor authentication.
Use hardware wallets that store private keys offline.
Double check the full file extensions of files that you download.
[1] https://www.simplilearn.com/malware-and-crypto-wallets-how-hackers-are-exploiting-article#:~:text=A%20new%20threat%20has%20recently,and%20help%20complete%20crypto%20transactions.
When we do talk about mnemonic phrases then based up on experience and hopefully i wont really be able to experience loss of funds.
After a long years of using up my MyEtherwallet (MEW) and Electrum which is really that based on having those phrases
which my assets are still intact or havent lost because i had stored up offline those keys and not into my pc or cloud storage or something like that.
Safety of your assets would be definitely be depending on you.You might believe that you hadnt missed out something
but its impossible that a certain wallet could be bruteforce without knowing those words.
Those are been exposed.
We must save files on external devices to prevent damage to the operating system or to prevent files from being infected with viruses. In other cases, many Newbies do not realize that they have filled in the PK in the airdrop or bounty registration form so that they lose the assets that have been accumulated in their wallet. So there are many factors that mnemonics can be hacked even our own mistakes in copying so as to publish wallet access to others, so anything related to wallet files must be ensured to be stored securely and must be careful to distinguish Public wallet and Private Key. After a long years of using up my MyEtherwallet (MEW) and Electrum which is really that based on having those phrases
which my assets are still intact or havent lost because i had stored up offline those keys and not into my pc or cloud storage or something like that.
Safety of your assets would be definitely be depending on you.You might believe that you hadnt missed out something
but its impossible that a certain wallet could be bruteforce without knowing those words.
Those are been exposed.
When we do talk about mnemonic phrases then based up on experience and hopefully i wont really be able to experience loss of funds.
After a long years of using up my MyEtherwallet (MEW) and Electrum which is really that based on having those phrases
which my assets are still intact or havent lost because i had stored up offline those keys and not into my pc or cloud storage or something like that.
Safety of your assets would be definitely be depending on you.You might believe that you hadnt missed out something
but its impossible that a certain wallet could be bruteforce without knowing those words.
Those are been exposed.
After a long years of using up my MyEtherwallet (MEW) and Electrum which is really that based on having those phrases
which my assets are still intact or havent lost because i had stored up offline those keys and not into my pc or cloud storage or something like that.
Safety of your assets would be definitely be depending on you.You might believe that you hadnt missed out something
but its impossible that a certain wallet could be bruteforce without knowing those words.
Those are been exposed.
My best advise is for your friend not to used that machine or PC, it could have been ridden by malware already that is monitoring his wallet, a keylogger malware.
If he can format it better to that, just to make sure that the malware is deleted but he has to scan everything to make sure that it is clean.
I'm sorry for your friends lost, although it is not huge money, but I know it's hard earn and hopefully he will still invest and make profits down the line to recover that $500.
If he can format it better to that, just to make sure that the malware is deleted but he has to scan everything to make sure that it is clean.
I'm sorry for your friends lost, although it is not huge money, but I know it's hard earn and hopefully he will still invest and make profits down the line to recover that $500.
The seed phrase is still pretty much safe AFAIK.
Maybe your friend made and error unknowingly to him or maybe his device was infected by malware.
And again your should have chosen a popular and more safe wallet rather than going for an unknown wallet IMO.
This seems like the most likely option, people are not really as careful as they believe when they are surfing the web and it is possible the friend of the OP installed an application which is monitoring his actions and extracted enough information for that money to be stolen, so the best thing that can be done now is to not use that computer anymore, backup your seed words and then make a fresh install and once that is done then generate new addresses with another set of seed words and move whatever coins are left there. Maybe your friend made and error unknowingly to him or maybe his device was infected by malware.
And again your should have chosen a popular and more safe wallet rather than going for an unknown wallet IMO.
Coin98 is actually a non custodian wallet, although never used it so I have depressed idea of how it work. But from my experiences I think to hack cases can happen without any loopholes created by the hackers victims (in this case your friend was the victim).
I don't know the popularity of coin98 and this just makes me wonder about its own safety too. I have used electrum for a while now and since I kept my mnemonic key/ seed phrase safe I really haven't had any issues I believe the security behind it is impenetrable except their are so vulnerable actions on my path.
I don't know the popularity of coin98 and this just makes me wonder about its own safety too. I have used electrum for a while now and since I kept my mnemonic key/ seed phrase safe I really haven't had any issues I believe the security behind it is impenetrable except their are so vulnerable actions on my path.
This is as much Safe as I was not able to access my own ledger when I lost it and also had the memonic phrases written perfectly on paper yet I was not able to access my coins. Somehow I found Back my ledger and then was able to access it, obviously the first thing I did was to reset and took entire back up of it.
Now if being owner of that I went through all that trouble, just imagine how hard it could be for someone third party to hack into someone’s non custodial wallet and gain access. Seems impossible. It’s safe for me.
Now if being owner of that I went through all that trouble, just imagine how hard it could be for someone third party to hack into someone’s non custodial wallet and gain access. Seems impossible. It’s safe for me.
@OP, about the addresses, there could really be the same addresses that are being supported in differet networks or chains just as what you've posted.
And about your friend being hacked, let's say that there's something to do with the wallet especially if it's unknown and the developers of it are saving those keys and gains access to their users.
But a reputable one doesn't have that control to all of their users. I'm guessing that this is another fault of the user for which your friend has been a victim of phishing or has downloaded a malware.
And about your friend being hacked, let's say that there's something to do with the wallet especially if it's unknown and the developers of it are saving those keys and gains access to their users.
But a reputable one doesn't have that control to all of their users. I'm guessing that this is another fault of the user for which your friend has been a victim of phishing or has downloaded a malware.
as far as i use wallet mnemonic though no hacking happened. but the vigilance and care of the wallet must really be considered. What I do is often change the wallet if the wallet is used for airdrop transactions because it is so easy for hackers to get our wallet data by sending dusting tokens. but without the information experienced by a friend, I think it is an unnatural thing. did he make a mistake he wasn't aware of?
This is why it is advisable to use a different wallet for Airdrops if you are the type that participates in airdrops however, I too don't think Mnemonic is that easy to break if you did not place them carelessly. Safeguarding your login information can not be overemphasized and connecting your wallet to every site is not advisable too, I would normally write down all my Info in different Dairies and have soft copies of them too, and these devices I never connect to the internet. 
I have heard about this Revoke.Cash but I don't know how safe the website is, have you used this yourself? Is it safe for any wallet users to connect to? Seed phrases are safer offline, maybe his friend copied the Seed phrase online, in mail or in PDF, I've seen people keeping their seed phrases in the most stupid places.
Revoke.cash is very safe to use, you don't have to worry about anything happening to your wallet, instead by using Revoke.cash, you know where your wallet is connected. About Phrases, it will indeed be safer if it is stored online. I personally made a copy of it on a piece of paper and kept it in the closet, so I don't have to worry about hacking phrases. It makes sense that the OP's friend's wallet would be hacked if the OP's friend saved it online and maybe the file was accessed by hackers.
Mnemonic seed or private key itself is not harmful but you must use a clean device when you use a wallet to generate wallet seed or private key or when you import it.
Because if your device is infected, what you are typing will be caught and hackers can see your wallet seed or private key. Therefore they will be able to access your wallet and when they have access, they will still your coins and tokens.
It is why people recommend to generate wallet offline and use an airgapped device to store your wallet and coin.
Don't have bad web surfing activities and use antivirus, Internet security softwares. Prevention is better than cure and it is a best practice to avoid wallet hack.
Good topics on security and privacy
Because if your device is infected, what you are typing will be caught and hackers can see your wallet seed or private key. Therefore they will be able to access your wallet and when they have access, they will still your coins and tokens.
It is why people recommend to generate wallet offline and use an airgapped device to store your wallet and coin.
Don't have bad web surfing activities and use antivirus, Internet security softwares. Prevention is better than cure and it is a best practice to avoid wallet hack.
Good topics on security and privacy
Mnemonic and private keys - perhaps they are safe as long as you know how to keep safe of these things. But if you just keep this on your computer, and save it online, I could imagine that it was easy to trace and lead to the cracking of your account. Well, I was not sure how you keep that and in your friend but most scenarios that lead to this are because we are practicing the wrong way of keeping them until we realized that our wallet has been accessed by an unauthorized person.
Jump to: