My encrypted private key touched iCloud

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: BitMaxz on November 25, 2023, 08:58:34 AM

I have never heard of someone compromising their iCloud or being hacked, but it's still not advisable to store all your backups on any cloud service because it's always connected online we know everything can be possible online and if you store any private keys or seed phrase to any cloud service considered it as compromised and it's not safe anymore. So like others said to make sure your funds are safe make another offline wallet and move your funds there.

You don't need the password to someone's iCloud to take over it - just having access to a compromised device with the email open or even some trusted person's email is enough to gain access.

OP: You gotta initiate the funds transfer process in an secure environment where you are comfortable that it will not be possible to make a mistake during the operation. The only thing worse than getting hacked is misplacing your own funds.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: unknowncustomer on November 25, 2023, 05:38:27 AM

Should I recreate a cold private key or my security was actually not too much compromised ?

Are you familiar with how some people lose their money even though it is stored in a cold wallet, and they claim they never store their private key online or something similar? I think you have a bigger risk compared to them, which for all we know probably make the same mistake as you did and simply forget them.

I remember julerz losing his campaign funds because his 'cold storage' was compromised and he needed to repay quite a huge sum. I don't think you want to experience the same thing, so you just do what others tell you.

pooya87

legendary

Activity: 3472

Merit: 10611

The question you should ask yourself is whether creating a new cold storage and paying the fee for on-chain transaction(s) to send your coils to this new wallet is worth it compared to not doing anything and taking the risk (even a small one) of losing all your coins in case your wallet got hacked some day.

Sometimes in life the options you have are not favorable but you have to choose one nonetheless. So choose one that is the least bad.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: BitMaxz on November 25, 2023, 08:58:34 AM

I have never heard of someone compromising their iCloud or being hacked

This is an example:

https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/amp/

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

I have never heard of someone compromising their iCloud or being hacked, but it's still not advisable to store all your backups on any cloud service because it's always connected online we know everything can be possible online and if you store any private keys or seed phrase to any cloud service considered it as compromised and it's not safe anymore. So like others said to make sure your funds are safe make another offline wallet and move your funds there.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: unknowncustomer on November 25, 2023, 05:38:27 AM

What advice could you give me now ? Should I recreate a cold private key or my security was actually not too much compromised ?

I will start with something simple, that should answer your initial questions: "there's no cloud, it's just somebody else's computer" (actually server, but yeah).
As advice, I have the feeling you use electrum connected to the internet anyway, so the actual advice would be: get yourself a hardware wallet before it's too late. And yeah, generate (there too) brand new wallet.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

If I do not create another wallet on Electrum even if I use a very strong password, that would be what I will always think about. Because the safest is to never let your seed phrase or private key to be stored online. Create a new wallet and send your coins there.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: unknowncustomer on November 25, 2023, 05:38:27 AM

The private key is secured by a password.

How strong is this password?

Quote from: unknowncustomer on November 25, 2023, 05:38:27 AM

I deleted the file on iCloud just a few minutes later.

Doesn't matter. Nothing is ever really deleted from the cloud. There will be an unknown number of back ups of your data still stored on various servers around the world.

Quote from: unknowncustomer on November 25, 2023, 05:38:27 AM

What advice could you give me now ?

You definitely need to create a new cold wallet and transfer your funds to it. If your password is weak, then you need to this immediately.

I am also curious how you accidentally exported and uploaded the private key from what you are calling a cold wallet. A cold wallet should be on an airgapped computer without an internet connection. To accidentally upload it you would have had to export it on your airgapped computer, copy it to a USB, transfer it to a live computer, and then upload it, all without realizing it was the wallet file and not the xpub. It sounds like you are using a hot wallet, not a cold wallet.

unknowncustomer

jr. member

Activity: 48

Merit: 27

Hello,

I wanted to export my electrum xpub key to iCloud, however I exported the wallet file containing the private key. The private key is secured by a password.
I deleted the file on iCloud just a few minutes later.

What advice could you give me now ? Should I recreate a cold private key or my security was actually not too much compromised ?

Thanks

Topic: My encrypted private key touched iCloud (Read 146 times)