Topic: To be careful of the noncustododial wallet we are using these days (Read 467 times)

Trust wallet is no longer open source where they claim open source is harmful. Atomic wallet has always been closed source.

Source,
https://trustwallet.medium.com/why-open-sourcing-android-app-could-be-a-harm-to-the-crypto-community-fb3ae1707dc6
https://support.atomicwallet.io/article/184-why-is-atomic-wallet-not-open-source

I've heard about Abra wallet but I don't like it, I prefer atomic wallet and trust wallet since it's open source I think this is why everyone must abandon closed source wallet for opensource they are more safer than others, thanks for sharing this it will be useful for new crypto users

You are not wrong at all, we should be careful of the private key, also the seed phrase that can be used to access our coins, by not given it out on any site and making sure we protect it from hackers and offline attackers. But this thread is all about uncommon wallets that are using different derivation path to generate keys and addresses that are different from BIP39 standard. If such wallets are not reputed and not supported like Electrum, it is advisable for people not to use it for not to lose funds if the developer is no longer supporting it.

Been careful is an under statement you have to be extremely careful with the private key because the private make you have full charge over your wallet address but if we mistakenly submit your private key and one of this hoodlums stumble on it they will take all you have laboured for so one need to be carefull with that key.

That is the purpose of this thread, the reason people should be careful of the wallet they are using. Abra was using a different derivation path which makes it impossible to import Abras seed phrase on BIP39 wallets, different keys and addresses will be generated in which you will not be able to access your coins on the wallet the seed phrase is imported. The only thing that can be done is to move move your funds out of such wallet rather than thinking you will be able to import the seed phrase on BIP39 supported wallets.

Quote so someone may read and help

Hey Guys! Sorry to bump up this thread once again.

I have a recent problem with my Abra.

Almost similar to this, someone sent me a USDT (trc20) to TRX address. I am not aware that someone will send me USDT hence this problem.

ANyhow, I tried your step-by-step instruction but to no avail. Is there someone here who successfully import Abra to any wallet such as trust wallet to recover funds using the pass keys?

Please help me.

Yes, you are right. I have personally tested out Coinomi before, it has the derivation path to BIP44,  BIP49 and BIP 84 which any of its master private key can be imported on another wallet that support BIP39. Coinomi was a good wallet until it went close source, having close source wallet is not safe. Not because of today, but because of anytime malacious codes can be inputted into the source code because it is not available to the public to know the source code they are using. Bitcoin and other crypto assets are money, we must protect it with the source codes available to be public and yet proven to be safe and secure to use as many developers will reveal that.

That will negate any benefit of HD wallets. They are designed such that anyone can derive the keys given a HD seed. By making the users manually extract each individual private keys, then they might as well not use HD wallets. Having a known derivation path is indeed useful. You can bruteforce the derivation path given a known address and the seeds though.

I already tried doing what you did which you remove "at" so that it will become 12 seed phrase. I did tried import the seed phrase to other electrum but the result is the same as what you have said but did not share it here since I don't have problem with lost usdt or other crypto on abra wallet and then I decided not to use abra for that reason.

Nice

OP do you know that closed source wallet can reveal their derivation numbers in their wallet? It's just abra wallet that sucks, coinomi wallet is a closed source wallet right? And I can control all the address in iancoleman myself, I can even suck out the private keys one by one and import into trust wallet if I want, there must be a derivation number that abra is using, before I get coinomi wallet too it was complicated

Kudos to you for manually testing it out.

With that said, in the end of the day, Abra is still mainly an exchange and should only be used as such. If I remember correctly I had zero problems with Abra when I used it in like 2017-2020, and the CEO is quite public and reputable in the space so it gave me confidence in the past. Their "wallet" back end sure is weird though.

Has anyone asked the people behind the Abra wallet what derivation path they use and how do they answer such questions?
I did find a few things on reddit. One guy who apparently works for them claims they use custom derivation paths for each user and each coin. This is the guy > https://www.reddit.com/user/RyanfromAbra/. He can be contacted via PM.

This is how they explain the process of restoring the seed in a different wallet. The users below reply that it doesn't work.

Source: https://www.reddit.com/r/Bitcoin/comments/87cis7/need_help_sweeping_private_key_from_abra_wallet/

 

BIP39 defines the seed phrase standards and this means that the wallet could be having a BIP39 process to convert the phrases into a seed. The derivation path is a whole different story and loads of wallets don't share the same derivation path or the same standards. Having a weird derivation path is completely normal but having a close source wallet is not advisable.

I would probably change this to "recommendable open source wallet from sites like Bitcointalk" since there are still old and new members who admits that they are using closed source wallets.

.....

Apart from closed source, where does this put Abra in the category of mobile wallets? It's like half non-custodial and custodial. You can control your funds because you have the seed phrase but you cannot import it to non-Abra wallets.

.....

The screenshot of the convo isn't in the right order. The first should be the second.

Making use private key wallet makes bitcoin users to be able to have full control over their Bitcoin, while custodial means have been ways another party can have the full control not bitcoin users, that is why experienced Bitcoin users do discourage custodial wallets. But, it is now happening today in many close source wallet how they are using a different diravation part to derive seed phrase and private keys thereby misleading people. It really surprised me how some wallets are able to generate seed phrase and private key in which has no derivation paths linked to open source ones. There was a thread lately on this forum about someone that accidentally sent his binance USDt to Abra's Bitcoin address

This Was the first reply on the thread:

I later had to download the Abra's wallet for experimental purpose, and the wallet generated me 13 word seed phrase and a single Bitcoin address.

Seed phrase
at mention country giant rice boss people bid asset boring midnight wise begin

One P2PKH (legacy) address
19VT5sfnoQRnnzuJum5QkghN3oPJdE3DVc

The conversion between the person and yogg later posted by the victim on the same thread
   

I noticed from the conversation that at will begin every of the seed phrase, so I too excluded it, making it 12 word seed phrase that can work on iamcoleman, I inputed the seed phrase excluding at.



Seed seed phrase was valid, think there will be a way to extract out the privacy key of the legacy address above which is all what the user will have to do about his wallet seed phrase to generate the private key to his Abra's wallet legacy address and import it on wallet that support USDt diravation path, this will make him be able to access his USDt.

But, shockingly, the m/44'/0'/0'/0/0 derivation path is having another address which you can see in the image below, not Abra's wallet address.



Which means only Abra can provide support, but many people might be thinking they are having BIP39 supported wallet with Abra and many other wallet of the same category, but it is not so. If so, it is having another derivation path that is entirely different from the address Abra's wallet is generating. I checked the first 200 addresses and see nothing the same as the address, while in all wallet seed phrase I have used before to generate the private key, the first address generated by the wallet will have the derivation path for m/44'/0'/0'/0/0 while the second address will have m/44'/0'/0'/0/1 and so on.

This led to migs360 the victim to have lost his USDt to this dubious wallet provider.

Advice
1. Never use close source wallet, use open source wallet like mycelium which truly support BIP39 derivation path and electrum which although do not use BIP39 to generate their seed phrase, but all BIP39 seed phrase can still work on electrum but also electrum has a tool to extract private keys which can still be used for such purpose.

2. Use recommendable open source wallet from sites like Bitcointalk.

3. Make sure you can extract the private key of the seed phrase of the wallet you are using like electrum and BIP39 wallets. Make sure it has the derivation path to the addresses the wallet generate using open source tools.


Note: Never reveal your seed phrase or private key to anyone, or all your bitcoin will be stolen by hackers.