Topic: Phones on mobile wallet becoming riskier (Read 570 times)

There are reputable mobile wallets, but the risk lies more in carrying the phone with you daily, but you are also not wrong at all, people are more using phones this days for online activities, the more such online activities can be a chance of phishing attack. Experienced people can easily spot phishing attack but there is also more risk to other attacks like malware as well and for people that hold, it would have just been better on cold storage as the coins are not frequently accessed.

That is true, no matter the wallet someone is using, there are still a probabilities that money can still be stolen, no wallet is totally safe unless you that owns it is making it safe and avoid online attacks and people around you not to compromise it, but this does not change that online wallets are more/most vulnerable to attacks than offline wallets.

All wallets do have risks and the level of risk depends on what wallet is used. Mobile wallets are indeed very vulnerable to malware attacks and some phishing applications etc. because the phone is easy to be compromised because it is always online 24 hours. Meanwhile, computer devices can also be attacked by malware methods through applications that will be installed or through hidden advertisements. there will be many ways that can be done by scammers to hack mobile wallets and computer devices.
Whereas hardware wallets are not as easy as other wallets. Because security is better and need some verification.

who become vulnerable are the users themselves. they should know how to properly secure a wallet and not be careless.

this is one of the reasons why the type of wallet used is very important, we continue to advise for a push on the use of offline or cold storage for safety, using a decentralized exchange wallet is a good idea as well for mobile users but one thing that secure the safety of the coins from a lost mobile phone is when the keys to accessing the coins is protected such that only the user have access to it, the wallet can be accessed and recovered back using the keys that link access to the coins on the blockchain.


you're somewhat right but when we consider the rate of the attacks we could come about this conclusion, first you believe with me that most mobile wallets are web or online wallets, without having your ohone stolen already it is not advisable using them because they are more vulnerable to attack or data breach, while most challenges from Hardware or desktop wallet were almost from the users end being careless to how they handle their keys.

I think it all depends on the user of the wallet. It is not that only mobile wallet are vulnerable to attacks there has been a lot of reports on how desktop and hardware wallets have been attacked. Holding your assets on any wallets can be risky if a user doesn't know how to safe guard the wallet. You cannot blame on a particular device or pinpoint a particular being risky.

For sure all of us are investors because we are here to earn by putting money on crypto we think it can give profits to us. And the risk from this matter is for the huge whales because storing money from phone app wallets is not the best option to ve made knowing that their are so many scam wallets,phising attempts and also other type of attacks which hackers penetrate unto their platform.

The most secure way of accessing a online wallet i.e Electrum/Bitcoin Core connected to the internet without using a hardware wallet, would be accessing it via a computer on a home computer connected to the router via a Ethernet cable. However, that's assuming the network is safe, and the computer is safe.

Generally, most people don't know. However, as soon as you start taking your wallet with you there's additional risk, whether through theft or losing it. If you don't have a backup, and lose that phone or corruption occurs you could be screwed. However, I won't get into that here.

The most important thing to consider is a mobile phone that you're carrying on you frequently has a bigger attack surface than that of a computer at home, simply because of physical theft or threats.

I too think computer (PC) is better than phone but because people do not carry it about like phones, like I have said before too, most of my online activities is mostly through phone which still make it more vulnerable to attack, but if using computer, some people have their email on the computer active and phishing link can be sent to the email. If some people do not know how to avoid phishing messages, it can be sent to their phone, transfer the link to their computer to proceed. What is most necessary about phishing attempts is for someone to know about it and avoid it completely.

I agree with sim authentication, it is risky and have led to scam in the past, the two that are most recommended are 2fa app and hardware authenticator, but having the 2fa app on the same device you have the account you are using it for is not also good.

Freewallet? Just that it is a custodial wallet and not good to use custododial wallet, using noncustododial wallet is good to have control on your coins.

There are many fake apps on app stores, they will be noticed, removed and another one will be there again, that is true. If downloaded, that is another scam again.

If the wallet is fake which is common on app stores, malware will be included to steal the coins. But it may be in a way only addresses would be seen as the developer will have the private keys with them.

That is true, you are right but most people are using Windows, an OS that hackers also prefer to design malware for to scam multitudes. Linux is not also completely safe, just that people that are using it are not many and used more by people that know how to avoid malware, hackers prefer just not to design malware for it, just little malware are for Linux.

yea you know that mobile wallet is easy to use have better User Interface and there so much more but also the the other side is that lack of security and usually people got hacked or fall to scam. i mean yes we can still using mobile wallet but for daily transaction only

just little bit advice if you hodl lot amount of coin store to Hardware wallet cold/cold wallet

if you like farming and staking made new wallet save the private key and make sure that you are trust with the site also you can disable deposit permission after deposit on https://app.unrekt.net/

then made new regular wallet for trying new dapp receive bounty or airdrop everyday swap

and dont fall to scammer hahah

I disagree.  Smart phones are not safer than a PC is.  Generally, the approximately same conditions apply if you do not want to be the victim of a theft.  Do not download unknown APK's, do not browse random websites, do not install random Google Play software.

With Google Play, malware and spyware is even easier to install.  It is easy to create a developer account and publish a fake Bitcoin Wallet on the store.  Check out Free Wallet.  They have been scamming for years and they are still up and running.

Moreover.  If spyware is a thing you are afraid of.  It is worth noting an iOS or Android phone will have so much more spyware than a PC with Linux on it would.  And with computers you have the freedom of choosing your preferred Operating System.  When you buy an Android or an iOS phone, you just know there is no way you can change your Operating System to one that is less filled up with spyware and bloatware.

-
Regards,
PrivacyG

@_act_, you don't necessarily have to have a crypto wallet in which you keep a coin on your smartphone, but a smartphone can be a vector of attack on the crypto exchange you use while trading on the go. Whether it's getting a phishing link via text message or email, or someone will try a SIM swap to access your crypto exchange account.

In short, it is not recommended to trade via smartphones and various official apps or use SMS 2FA - there are many cases where it turned out to be a fatal mistake. How easy was (or at least it was 2020) to make a SIM swap in the US -> https://www.usenix.org/system/files/soups2020-lee.pdf

Wallet on phone for an investor? Investor will have huge amount and phone is not good to be used, phone is very vulnerable, I can not have any amount I can not afford to lose on phone as a wallet, I can only use it for small amount of bitcoin or never use it at all. You can freely use paper wallet or buy a hardware wallet which are cold wallets.

just as one wouldn't want to risk his fiat bank account sensitive informations on a levity hand while handling it, same it is expected to conciously be mindful of our coins as we wouldn't lobe to loose them, scammers don't indicate their crevices on the fore head but it is our responsibility to be at alert against all related affairs that may renders us vulnerable for an attack, i see no reason why a friend should have access to one's mobile cell in the first place.

I am still wondering if we become a target of thief or people to get our phone because of some certain condition:
1. The thief exactly know about crypto world and the way to get it even through hacking account, it menas that it's not a common thief, maybe because crypto has been very popular in the area 
2. From where they know that we have certain wallets or platform in our phone? If they target people who have it, it may be because they spot us holding phone and see some spotted wallets or application. That is why it is better not to out this kind of app on the first page spot.
3. They may be the people who know us and maybe from social media, that's why it is better that we don't spot or tell social media about what we have.

But, aside from whatever condition, saving assets on  mobile wallet application is less risks. Because we know that there may be some viruses or malware, phishing link, cracked phone or others. Moreover if we are using them for long term holding. It is absolutely not recommended

It is good to physical copy down the recovery seeds of your wallet but not allowing anyone to the mobile phone you used to store crypto didn't safe you from attackers because mobile phone stores are always vulnerable to attack and thats why people are advised to only save the amount of crypto they can afford to lose on their mobile wallets.

Note: all crypto hot wallets are vulnerable to online attacks but web and mobile wallets are the most vulnerable.

A crypto investor who uses mobile phone to store coins shouldn't allow any one to access their phone, talking about close friends in this case is stupid, I use mobile wallets and I have never allowed my friends to operate my phone for any reasons, lost of phone is possible and robbery attack is a valid point but if you copy down your recovery seed at home in a safe location you can move your coins easily.

This should be a proper way to use bitcoin wallet, it does not even matters you should get a hardware wallet, but if you have some extra dollars to spare or have a amount of bitcoin, you can buy one for convenience sake and use it, instead of online wallets. But paper wallet can be used too, not for making transaction everytime but for storage, the coins that want to be used daily for transaction can be moved to online wallet, but with privacy and security in place. For this later, someone may not have a computer and just need a mobile phone for it, but not advisable.

I will say no. Both mobile and desktop wallet are online and they are both risky, but because people are taking phone around and to everywhere they are going makes it more prone to attack.

Malware are just in kilobytes, both desktop or phones can easily download it in less than a second.

If using any, you have to be careful of malware and avoid your device from downloading malware. Phones will also download malware even without the owner knowing.

If you take your wallet outside of your home, it is more prone to attacks in my opinion. I would rather prefer my home (personal) computer for little amount of bicoin for frequent transfer while I can only use mobile phone for the amount I can be able to lose because anything can happen because outside is riskier and the wallet is still an online wallet. But I do not make use of phone for wallet again.

That is just it, I can never even do that. The easier the usage, the more the device is less secure just like everyone using fingerprint today to unlock both phone and the wallet on the phone which is an easy way to steal.

If you're worried about mugging a mobile wallet is a million times better than a hardware wallet. As long as you aren't wearing a shirt with a big B with a line through it nobody will be the wiser. I always try to use multisig so an attacker (physical or digital) needs more than one of my devices to steal my coins.

You know, the smartphone I use has this feature that I can activate that makes my phone unlocks itself whenever I'm around a certain area. However, it scares me to activate and use that feature till date. It's because of incidence like you've described that hasn't made me come around to using it. Device manufacturers want to make life easier for their users and then thieves want to beat users to it. It's good to know and select what features we should activate on our devices so as to further strengthen our security and not the opposite. Once again, thanks for the insight.

When I bought the first smartphone that had this option, I also did not think too much about it, and then I accidentally read some advice from the manufacturer who warned about the possibility of such abuse. The advice is to use a fingerprint to unlock the device in a safe environment and while we are not sleeping, and to turn this option off when sleeping.

It's not just about data security on the device, but also about protecting our privacy - although jealous women (but also husbands) don't mind peeking into their partner's device from time to time.

This one cuts across every security feature we put on our devices, not just on mobile phones. Be it password, pincode, facelock or fingerprint, people can be coerced into unlocking them at gun or weapon point. However, the best preventive method is not to carry such a device that holds out treasures around. I try not to take the smartphone phone  I've important stuff on along whenever I embark on long journey or during unsure movements. By unsure movement I meant in territories inhabited by touts and hoodlums or late night outings.

Now, that's scary. I've never thought in that direction, and you're right.

In case someone forces you to unlock your smartphone that way, you won't have too many choices - either you'll do it voluntarily, or you risk losing your finger (or your whole hand). Furthermore, if you are sleeping or in a state where you are not fully aware (drugs/alcohol), someone can use it and unlock your device.

As for classic hacking, various methods have existed for years, and here you can read about one that is relatively simple and cheap -> Hacking Fingerprints Is Actually Pretty Easy—and Cheap

This is one thing I don't fancy about those who go on live video cast to talk about how much they invest and what ROI they expect or make from such an investment. It makes them vulnerable to attacks.

---

PCs have become like mobile phones in developed countries where almost everyone owns and carries one around. It's in underdeveloped countries that PCs are seen as an exclusive acquisition of the rich and only a few carry it.

How so, please explain I urge thee. I would think a fingerprint feature on a phone or any other device is tough to break. I use it on my phone and it's seamless to use.

When I was hacked $12k worth of assets in my 3 Metamask/Trust Wallet accounts combined, I just realized that it’s time for me to consider storing them seriously in my Ledger Nano S. So from now on, my assets should be stored in the Ledger Nano S.

It is not safe anymore to store them in mobile wallets, especially if you have exchange apps like Binance, KuCoin, etc. In the future, if muggers would definitely going to take advantage of it, they would really force us not only to hand over our phones, but also to unlock it with finger print or facial recognition. In case our exchange apps have extra layers of verification, they would also force us to do that before handing it over to them to steal our assets.

My advice is that if we don’t need to withdraw or transact our assets while going outside, better not bring our phones where we have installed Binance, Trust Wallet, etc. Always have a burner phone where you can just simply bring it for communication purposes only and not having crypto apps there. Just my two cents.

The wider the adoption, these kinds of crimes would also increase too. That’s the sad reality though.

There's also a few other things that a lot of users might not even consider. For example, and I believe you might want to get your tin foil hat out for this, but what about unlocking your wallet in public spaces? There's the chance that prying eyes could see what password you're using, but also security cameras. They could technically be recording you entering your password, increasing the chance of being able to use that to successfully get into your wallet, especially compared to just looking over the shoulder or what not.

I've see it where people are entering their passwords or pin numbers right over a security camera. I'm not saying that the security camera owner would even look, but for me it's a glaring security issue that you wouldn't get with your computer, since it's very likely you're using your computer in your own home.

So, as you hinted. Even if a mobile phone isn't inherently insecure itself, the fact that it is mobile basically enlarges its attack surface.

So which is it? 

As people have already hinted on this thread, the user himself makes one or the other true, based on his security awareness, and how zealous he is on the matter. Nevertheless, carrying around a phone with substantial amounts seems more risky per se than using a laptop at home, due to the mobility factor, having perhaps greater chances of being coerced to opening the device/wallet (no data to back this though).

Smartphones are prone to malware and spyware attacks more than PC but still PC can be infected with malicious links especially if we use pirated softwares even the OS especially for the windows users. So having basic knowledge about how to safe ourselves from sich attacks can save our money as well as our private contents. Especially when someone want to store bigger amount they can go for hardware wallets.

I installed electrum on my phone but it doesn't have much balance. Of course, there are many risks that lurk including robbery, theft, or damage. There are several other options that can be done besides having a custom ROM and in my opinion is to backup the private key or seed ^{[have several copies]} and uninstall it on android, keep it in a safe place if someone wants to store large amounts of bitcoin in electrum.

Of course that's my personal opinion although actually I wouldn't keep all bitcoin in one wallet including electrum or HW. Also I don't think a person should carry a wallet that has hundreds of thousands of dollars in his cell phone everywhere he goes. Just have a customized copy of PK or Seed and he will be able to access his wallet easily even if he has uninstalled it from his phone.

When it comes to malware, Spyware and the likes, desktops are more at a risk of catching this viruses than mobile phones, desktops can easily download documents, apps and all sort of files while you browse or have data connected, even without your knowledge.
Using desktop wallets,( without adequate and proper security softwares installed and running) is far more riskier than using mobile wallet.

In the other hand, mobile wallets (no matter how insecure it looks like they are) can not be easily ruled out of this game because of their ease of use and how convenient they are, many of us are crypto traders on the go, we need our mobile phones, and the mobile wallets in other to be able to buy, sell, withdraw, send, store our crypto even while on transit, we need the mobile phone and wallet to be able to monitor the market and grab financial opportunities when they show up on the market even while we are traveling.

Yes, this is really a good advice and it's sure a thing to consider, even if the phone does not have the hide feature, there is an app or apps on Google playstore or iPhone app store that can do the job effectively and efficiently, I have the app on my phone through which other apps can be hidden, the app itself can also be hidden, you can't want to ask: How then can the app be opened when needed?
Here's how....
When downloading and installing the app, during setup, you will be required to setup a passcode of your choice, this is the code you will use to unlock the app, but incase you also decide to hide the app also, when ever you need the app to open, you just go to your dial pad and type in the app passcode, after typing, press the "#" sign and the app will open automatically so that you can access your hidden apps.

Custom ROM's just have more privacy, and security features than the default usually. Not always, some default Android's (Manufacturer's alterations) are pretty good. I guess the question then is if you trust your manufacturer. To a certain extent, if you're using their hardware already, you do.

That's right. Custom ROM's usually utilize preexisting launchers that you can get without actually running custom ROMS. Although, I'd recommend a open source one if possible. I'm not too familar with Nova launcher that you've recommended, so can't comment either way.

Whilst on that topic. Open source custom ROM also. Although, as far as I'm aware most of them are, since they build from phh's treble. Except for a few.

While I do somewhat agree, I'd probably recommend users only store as much as they can afford. That's going to be different from person to person.

While this is an option, you don't even need to install a custom ROM to have those app hiding features. Nova Launcher, the best customization launcher back then has this hide app feature whereas you can only see the hidden apps when searched; and I'm pretty sure numerous other launchers also has this feature. Not the very best solution, but at least your bitcoin wallet isn't in the spotlight.

Also, always use your mobile wallet as a hot wallet. Probably only with a maximum of $200 worth of crypto or so. It's sucks to lose $200, but at least its only a minority of your stack.

Right, I have it for android phone at the moment. The custom ROM option will allow us to hide any apps we use including the wallet because when we switch to multiuser the phone will only show the default apps. This method may be useful if bitcoin users are comfortable enough using a mobile wallet to make transactions. Security depends on the personal of the user, there are many options but there are risks.

is not a guarantee that desktop wallets cannot be attacked by malware, even more violent malware is designed for desktops. Mobile wallets are still more secure than desktops. But it all also depends on the user. Use double security with antivirus and it will help the wallet to be more secure.
Actually everything is vulnerable whether mobile wallet or desktop, make sure not to be careless and not to install unknown apps. stay alert, don't give the private key to anyone.

Phone mobile wallet is prone to alot of risk, due to Lost of phone,Robbery attack ,phone hacking, easy access to phone by friends and close once all in the name of using your phone, phone damages and forgotten passwords,it also has it advantage for effective monitoring of your accounts and market rates ,for fast easy transactions anywhere.

This will be the case now for a more modern theft or something. It's not just the wallet applications but also the trading exchange applications that can be utilized. If there is access to the phone, then they can manage to log in to the app (they are probably hoping that it's still logged in) and then probably withdraw in some way. They could also put to use the wallet apps. Imagine custodial wallets just requiring you to receive an OTP to your device, and you can then send the balance you have on that wallet to another one.

It's going to be a hard thing to do, to manage everything in one device and then lose it. People should be vigilant with their smartphones.

Stealing Robbing and Thuggery of mobile phones are nothing new in the UK! We see them on BBC news.
A whole lotta violence out there on the streets, were they also forced or coaxed to input them seed phase ? (Victims)

Stealing etc have been in going even before C-C!! and BTC

Hiding apps on mobile devices is still not safe i just agree with hard ware wallets or paper wallet as safest except for urgent transactions a small fraction can be transferred across mobile wallets for immediate transaction. Thieves are getting more digital and advanced lately and many spend time learning how to debug and cack down softwares to steal informations

I believe we are as well expected to guide our mobile devices with safety by taking some security measures, always put your mobiles in your bag or pocket, avoid holding it too much frequently at hand except you're using it, though i understand from the name implies "mobile handset" but still yet we have to be security conscious and avoid rendering it to vulnerability of attack, there are somethings we ourselves do to attract the attention for an attack but when we are security conscious then we increase the safety from our own end as well.

I have used this several times on my Android phone, hide the wallet app and password it.. But I have noticed to broswe more with phones and use phone more for daily online reasons while my PC is not connecting so much online than my phone, because of these, I moved my online wallet completely from phone to my PC. What is most risky that I do not like about phone is that people are using fingerprint for everything they want to access, making the risks of this kind of coin theft to be high, but following security way of handling phones can help just like you said.

If they target a Coinbase account, it's not even a wallet. I'd never give my phone access to an exchange or bank. There's no 2FA either if it's all in the same device.

I don't even use my real email address on my phone.

These days, people who are more comfortable using their cellphone for business other than a personal computer now go an extra mile of owning two cell phones, one for personal use and the other for business. Anyone with a concern that muggers may easily access their wallets on their phones can get two phones as well, one which everyone can see, and another that you keep privately and don't move around with. Another method to use if you can't get two cellphones is to lock and hide any crypto related application on your cellphone.

When it comes to malwares and online attacks then I don't believe wallets on desktop devices are any safer than wallets on mobile phones unless this device is totally air-gapped (offline wallet).
If your concern is the $5 wrench attack or losing your phone then having your coins on a mobile phone or carrying a hardware wallet with you when you go out doesn't make much difference, supposing your mobile and the wallet app are secured with a strong password/pin.
What you should do is to keep all your coins on an offline wallet and keep on your mobile wallet just a small amount enough to cover your expenses while being out.

Yes, this is another display is wisdom in handling the wallet and the risk attached to the mobile wallets is reduced for the sake of those that can't do without having the use of online wallet especially those with centralized exchanges making daily trading, except for the case of those who failed to realize the danger in putting all their coins on CEX.


I strongly agree with this but I've come to think of it in some situations whereby the need for the use of a mobile phone and wallets on them couldn't be avoided because its an easy, fast and reliable means to makes any cryptocurrency transactions without having to worry about location, device or any other barriers before one can enjoy the suitability in making any transaction.

But just as advised, i will employ users to make use of an offline wallet and preferably with the use of electrum mobile wallet which could serve an open source but i will also give a warn to avoid the automatic backup of the wallet keys on cloud or google drive.

Classic sensationalist headline, DdmrDdmr is spot on in my opinion. The thing is phones, especially online phones have never been a good idea, at least for storing a significant amount of Bitcoin. However, I can see their uses for small amounts. Android has a good permission system, the locking system on it is decent, depending on the options you choose i.e don't use a pin or fingerprint, use a password. The problem with phones is people are more inclined to download apps which they haven't verified or know they can trust, and also connect to networks which they don't trust. Otherwise, they are pretty decent apart from a few issues.

The fact is, even if you do have a Bitcoin wallet on your phone, it should still be encrypted, and should lock after exiting the app even if it has been kept in memory or the open apps drawer, and you should be able to hide the icon. Android, at least custom ROMS usually have this option.

Naaah, what makes you think that a desktop PC is safe from malware? PC is always vulnerable to attacks every minute unless you don't do the following on the PC

1. Browse the internet.
2. Download stuffs online.
3. Play PC games on your PC.

There are many ways how malware or spyware can land on your PC, smartphones aren't like this.

Regardless if it's easy to trace the funds to the thieves or not, it's obviously simply not worth risking. $5 wrench attacks have always been a risk, since like forever even before Bitcoin existed. Hence why I'm a hard advocate of simply not letting other people know that you own bitcoin/cryptocurrencies.

https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md

While I do agree that there is a risk to have easy access to a wallet through a very easily visible app on one’s phone, and I also commented on the fact on my local board within a greater context, I do find that the reported cases by the media:

-   Are not quantified, to get a sense of proportion or magnitude, in order to see how widespread it is.

-   Are exemplified through only a handful of cases, which may be lucky lateral findings.

The thugs do have enough crypto knowledge to make the crypto TXs though, and possibly acting in the financial district of London, do have crypto in mind as a by-product of their mugging expectations.

The reported cases though do not really tell us exactly how they accessed the victim’s accounts; whether they were cohered to hand the passwords over, or whether they has some kind of auto login. I’d suspect the former.

Some phones do have features to hide, or at least make app less easy to spot, and it could be a thing to consider. Nevertheless, I figure one also has to be rather conscious, and in addition, gain a habit of deleting the apps from the list of recent apps or background running apps.

Offline wallets are most secure, a good idea is to transfer just small amount from offline wallet to online wallet if you see online wallet necessary for making transaction often or get a hardware wallet which is cold wallet that you can use often for making transaction. If you need online wallet for making transaction, it is not good to use a mobile phone wallet, use a desktop wallet that you do not carry about like phones and that is safe from malware.

See what is happening in London

‘Crypto muggings’: thieves in London target digital investors by taking phones






These mugglers will know that crypto transactions are not reversible and if crypto wallet is set up properly, it will be very difficult to trace the muggler after the attack. People should not be telling people of the bitcoin and altcoins they have because no one can be trusted, anyone can send someone to attack. This has just been the start, there are many other harmful ways there can be people that can be physically attacked to steal cryptocurrencies from them, some might lead to wound or beyond. Let us be careful.