Topic: Warning: Using Bitcoin Cash means trusting your private keys to buggy software! (Read 1277 times)

I first moved my assets out of Kraken to be able to split more safely. But now when they officially says they will support BCH (not BCC!) I've moved them back. I trust them more than I trust an untested client. Kraken worked very well when Ethereum split into ETH/ETC and I could immidiately sell the minor coin. Thanks for the warning!

Good advice. Thank you.

Not if you are using Ledger wallet, then you will instant have acces to your BCC using their chrome app

And what about "wipeout" on the new address?
How can one protect against that?

I would also make sure that you control the private keys of the new address to which you are sending the coins to, just in case replay protection does not work on the BCC chain. In the unlikely event that the transaction does get replayed on BCC then the coins would go to an address that you control.

Good point. I overlooked the deterministic adress generation.

It doesn't even meet the rules of the forum as a whole. It's completely off-topic and I'm doing you a favour by deleting it myself instead of letting the mods handle it. Reposting it every time I delete it isn't going to help.

I got familiar with the bitcoin code source,  because i'm working on altcoin project, but when i looked into Bitcoin cash, i noticed that the developers deleted a lot of member functions, some check/verify functions,  but i'm not sure what their intentions are yet, i will post more if i find anything interesting.

Huh? The Electrum Cash BCC wallet is not associated with the Electrum BTC wallet? I thought it's being developed by the same guy.

So, is this the reason why some services might refuse to release BCC to BTC owners? Because it would require a lot of effort to do it without jeopardizing BTC addresses, right?
And what about services that have promised to release BCC? Would they become less secure after exporting private keys to BCC, unless they create new wallets and move all funds to them?

A new wallet, not just a new address. If your existing wallet uses deterministic key generation, or keeps a pool of unused keys (nearly all wallets do one or the other), any new address you create will still be accessible to old copies of that wallet. Forgetting about the keypool when transferring wallet files or individual private keys (as people have done in the past) provides another surprising way to lose your money.

Sounds ledgit and safe.

BEFORE not after.
if we assume there is a bug, malware, backdoor, .... in BCC code then you must not import any private keys there that have BTC in them.

First spend the coins on BTC chain then import the keys that are now empty of BTC to BCC client and dump the BCC tokens.

here is help for electrum users: https://electrum.org/bcc.txt
1. empty the wallet on BTC by creating a new wallet and seed and sending your coins there.
2. import your seed into the BCC client (do it on another computer preferably).
3. dump BCC

I would advice to do it BEFORE using them on BCC.

Once the chain split happens, your private key holds balance on both chains. Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address. Then you can use that private keys on BCC. If replay protection is properly working, your BCC balance should be there and BTC are empty.

To minimize the risk of leaking your private keys with BCC, one needs to move their BTC to new wallets immediately after they used the private keys in the BCC software.

there's a big risk in trusting your private key to a buggy software developer team. there's a tendency of a security breach and leaking of a private key. this Bitcoin Cash seems to be unsustainable and one day the BCC cryptocurrency will be renamed and they might be called as the ..........."Bitcoin CRASH"

OP, you make a very valid point. We did not call Bitcoin Unlimited, "BugCoin" for nothing. They also tried to hide their mistakes in proprietary code, which is not a good thing. The Peer review of Bitcoin Core code is much better and they have a track record of producing solid/legit code.

The problem is, most people running the code have no programming skills or experience and will not be able to tell the difference between good or bad code. We just hope the Core developers will highlight all their mistakes and expose them for what they are.

If your warning is right and become true, try use private key for receive Bitcoin Cash very risk! And 2 exchange Bittrex & BTCC not have preventive measures for this situation when they said will support user use their wallet receive BCC but they don't know can loss Bitcoin of user anytime or they skipped this dangerous happens. Final, thank you very much your warning, it make me think careful about event receive BCC

Would you be concerned at all if private keys to Bitcoin Cash were on a Trezor or Nano S? Both hardware wallets will support BCH.

I've warned about this twice before, when a bug in Bitcoin Unlimited caused actual loss of coins, but it bears repeating now that the Bitcoin Cash "developers" (if they can so be called) are messing with the crypto code in ways they don't understand (the fact that they illegally stole that code is less important than the fact that they stole an old and insecure version of it).

If you run Bitcoin Cash, you are trusting your private keys to untested software developed by a team with a history of catastrophic bugs. A current or future bug in Bitcoin Cash may leak your private keys, allowing your Bitcoin Core coins to be stolen! While any Bitcoin software may naturally contain money-losing bugs, the rushed development and almost complete lack of testing of Bitcoin Cash, combined with the overall extreme incompetence of its so-called "developers", makes the likelihood of such bugs existing in or being introduced to Bitcoin Cash unacceptably high, in my opinion (disregard my opinion at your own risk).

(Self-moderated because this topic is likely to attract the usual "What is Bitcoin Cash?" and "Core/Blockstream/SegWit is evil!!1!" posts. I'd like to uselessly remind everyone that Blockstream and SegWit are off-topic and questions of the form "What is X?" can be usually be answered with a Google search, and such posts will be deleted on sight.)

EDIT: It seems the latest debacle is currently being spun by Bitcoin Cash supporters as "it's not plagiarism if it's open source, no matter what the license says about attribution being required" which is a) not true; and b) not even slightly related to the actual risk described here, which is why I said in the first place that it isn't important. Any posts along these lines will also be deleted, as they are off-topic.