Private key exposure? | Bitcointalksearch.org

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: bitcoin enthusiast on April 20, 2023, 09:45:58 PM

your private key is briefly exposed during a transaction, and thus, this opens the door to the private key being stolen.

To close this door, briefly opened by software wallet (including Electrum) in the course of the transaction signing, use software wallet in conjunction with hardware one. In this case the private keys will never expose themselves to software wallet as all the magic happens inside secure element - the major part of almost all hardware wallets.

Abdussamad

legendary

Activity: 3584

Merit: 1560

Your private keys are never exposed to the public.

Husires

legendary

Activity: 1582

Merit: 1284

Quote from: bitcoin enthusiast on April 20, 2023, 09:45:58 PM

Does anyone know if this is indeed the case?

The answer to your question depends on the type of attack that you may be exposed to. If the hacker has obtained root access or what is known as a rootkit, you may be in trouble, as once you decrypt the wallet, your coins will be stolen.
The same thing if the attack was limited only to things like keylogging, where the difference of the tool will determine the amount of risk.
Hackers are rarely able to carry out the above two attacks by simply clicking on a link, as they need you to download or install the tool yourself.
So always use cold storage to sign the transaction.

Quote from: nc50lc on April 21, 2023, 01:02:27 AM

"2FA wallet" requires 2 signatures, only one will be exposed when sending transactions so it's not enough to get your bitcoins stolen.

If all of your devices are severely affected, even 2FA or multiple signatures won't be the solution.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: nc50lc on April 21, 2023, 01:02:27 AM

For it to be compromised, your machine still needs to be compromised by a hacker, virus or malware; if you have a good security, it wont be an issue.

Also that even if an online wallet do not sign any transaction, the private key or the seed phrase can still be revealed to hackers through malware, online wallets are vulnerable and can be exposed to malware from an attacker.

There are cold storage option and the use of Electrum 2FA wallet mentioned by nc50lc which are recommended. Or the use of multisig wallet. Or to buy a reputable hardware wallet. Using them safely and securely.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: bitcoin enthusiast on April 20, 2023, 09:45:58 PM

Does anyone know if this is indeed the case?

Yes, in standard wallet.
Electrum will have to decrypt the encrypted key in order to sign transactions, thus, exposing it for a brief moment.
And it's not limited to transactions, other options like creating a "signed message" will require access to the keys as well.

"Exposed" as in it's temporarily saved in your RAM, not literally exposed.
For it to be compromised, your machine still needs to be compromised by a hacker, virus or malware; if you have a good security, it wont be an issue.

Use cold-storage set-up to be safe from those security risk: electrum.readthedocs.io/en/latest/coldstorage.html

For other wallet types:
"2FA wallet" requires 2 signatures, only one will be exposed when sending transactions so it's not enough to get your bitcoins stolen.

bitcoin enthusiast

newbie

Activity: 1

Merit: 0

Greetings to all.

My question is not about the Electrum wallet in particular. It is about software wallets in general. Since the Electrum wallet is a prestigious software wallet for its privacy and security, I thought that some of its users probably know this.

What I have heard a number of times when learning about btc security, is that when you use a software wallet, your private key is briefly exposed during a transaction, and thus, this opens the door to the private key being stolen.

Does anyone know if this is indeed the case?

Cordially,

Topic: Private key exposure? (Read 86 times)