Author

Topic: Warning: Using Bitcoin Cash means trusting your private keys to buggy software! (Read 1305 times)

full member
Activity: 212
Merit: 102
I first moved my assets out of Kraken to be able to split more safely. But now when they officially says they will support BCH (not BCC!) I've moved them back. I trust them more than I trust an untested client. Kraken worked very well when Ethereum split into ETH/ETC and I could immidiately sell the minor coin. Thanks for the warning!
newbie
Activity: 9
Merit: 0
To minimize the risk of leaking your private keys with BCC, one needs to move their BTC to new wallets immediately after they used the private keys in the BCC software.

I would advice to do it BEFORE using them on BCC.

Once the chain split happens, your private key holds balance on both chains. Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address. Then you can use that private keys on BCC. If replay protection is properly working, your BCC balance should be there and BTC are empty.

Good advice. Thank you.
sr. member
Activity: 378
Merit: 260
Bitcoin SV is Bitcoin
Not if you are using Ledger wallet, then you will instant have acces to your BCC using their chrome app
full member
Activity: 184
Merit: 101
And what about "wipeout" on the new address?
How can one protect against that?
donator
Activity: 1617
Merit: 1012

Once the chain split happens, your private key holds balance on both chains. Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address. Then you can use that private keys on BCC. If replay protection is properly working, your BCC balance should be there and BTC are empty.

I would also make sure that you control the private keys of the new address to which you are sending the coins to, just in case replay protection does not work on the BCC chain. In the unlikely event that the transaction does get replayed on BCC then the coins would go to an address that you control.
hero member
Activity: 574
Merit: 502
waiting to explode
Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address.
A new wallet, not just a new address.

Good point. I overlooked the deterministic adress generation.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
this post meets the rules laid out in the OP
It doesn't even meet the rules of the forum as a whole. It's completely off-topic and I'm doing you a favour by deleting it myself instead of letting the mods handle it. Reposting it every time I delete it isn't going to help.
sr. member
Activity: 361
Merit: 284
A new beginning

I got familiar with the bitcoin code source,  because i'm working on altcoin project, but when i looked into Bitcoin cash, i noticed that the developers deleted a lot of member functions, some check/verify functions,  but i'm not sure what their intentions are yet, i will post more if i find anything interesting.






legendary
Activity: 2604
Merit: 1036
Huh? The Electrum Cash BCC wallet is not associated with the Electrum BTC wallet? I thought it's being developed by the same guy.
legendary
Activity: 3038
Merit: 2162
So, is this the reason why some services might refuse to release BCC to BTC owners? Because it would require a lot of effort to do it without jeopardizing BTC addresses, right?
And what about services that have promised to release BCC? Would they become less secure after exporting private keys to BCC, unless they create new wallets and move all funds to them?
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address.
A new wallet, not just a new address. If your existing wallet uses deterministic key generation, or keeps a pool of unused keys (nearly all wallets do one or the other), any new address you create will still be accessible to old copies of that wallet. Forgetting about the keypool when transferring wallet files or individual private keys (as people have done in the past) provides another surprising way to lose your money.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
To minimize the risk of leaking your private keys with BCC, one needs to move their BTC to new wallets immediately after they used the private keys in the BCC software.

I would advice to do it BEFORE using them on BCC.

Once the chain split happens, your private key holds balance on both chains. Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address. Then you can use that private keys on BCC. If replay protection is properly working, your BCC balance should be there and BTC are empty.

Sounds ledgit and safe.
legendary
Activity: 1946
Merit: 1137
To minimize the risk of leaking your private keys with BCC, one needs to move their BTC to new wallets immediately after they used the private keys in the BCC software.

BEFORE not after.
if we assume there is a bug, malware, backdoor, .... in BCC code then you must not import any private keys there that have BTC in them.

First spend the coins on BTC chain then import the keys that are now empty of BTC to BCC client and dump the BCC tokens.

here is help for electrum users: https://electrum.org/bcc.txt
1. empty the wallet on BTC by creating a new wallet and seed and sending your coins there.
2. import your seed into the BCC client (do it on another computer preferably).
3. dump BCC
hero member
Activity: 574
Merit: 502
waiting to explode
To minimize the risk of leaking your private keys with BCC, one needs to move their BTC to new wallets immediately after they used the private keys in the BCC software.

I would advice to do it BEFORE using them on BCC.

Once the chain split happens, your private key holds balance on both chains. Now whatever BTC private key you want to use on BCC, you should first empty it by sending coins to new address. Then you can use that private keys on BCC. If replay protection is properly working, your BCC balance should be there and BTC are empty.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
To minimize the risk of leaking your private keys with BCC, one needs to move their BTC to new wallets immediately after they used the private keys in the BCC software.
sr. member
Activity: 616
Merit: 256
there's a big risk in trusting your private key to a buggy software developer team. there's a tendency of a security breach and leaking of a private key. this Bitcoin Cash seems to be unsustainable and one day the BCC cryptocurrency will be renamed and they might be called as the ..........."Bitcoin CRASH"
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
OP, you make a very valid point. We did not call Bitcoin Unlimited, "BugCoin" for nothing. They also tried to hide their mistakes in proprietary code, which is not a good thing. The Peer review of Bitcoin Core code is much better and they have a track record of producing solid/legit code.

The problem is, most people running the code have no programming skills or experience and will not be able to tell the difference between good or bad code. We just hope the Core developers will highlight all their mistakes and expose them for what they are.
hero member
Activity: 644
Merit: 500
If your warning is right and become true, try use private key for receive Bitcoin Cash very risk! And 2 exchange Bittrex & BTCC not have preventive measures for this situation when they said will support user use their wallet receive BCC but they don't know can loss Bitcoin of user anytime or they skipped this dangerous happens. Final, thank you very much your warning, it make me think careful about event receive BCC
legendary
Activity: 1806
Merit: 1164
Would you be concerned at all if private keys to Bitcoin Cash were on a Trezor or Nano S? Both hardware wallets will support BCH.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
I've warned about this twice before, when a bug in Bitcoin Unlimited caused actual loss of coins, but it bears repeating now that the Bitcoin Cash "developers" (if they can so be called) are messing with the crypto code in ways they don't understand (the fact that they illegally stole that code is less important than the fact that they stole an old and insecure version of it).

If you run Bitcoin Cash, you are trusting your private keys to untested software developed by a team with a history of catastrophic bugs. A current or future bug in Bitcoin Cash may leak your private keys, allowing your Bitcoin Core coins to be stolen! While any Bitcoin software may naturally contain money-losing bugs, the rushed development and almost complete lack of testing of Bitcoin Cash, combined with the overall extreme incompetence of its so-called "developers", makes the likelihood of such bugs existing in or being introduced to Bitcoin Cash unacceptably high, in my opinion (disregard my opinion at your own risk).

(Self-moderated because this topic is likely to attract the usual "What is Bitcoin Cash?" and "Core/Blockstream/SegWit is evil!!1!" posts. I'd like to uselessly remind everyone that Blockstream and SegWit are off-topic and questions of the form "What is X?" can be usually be answered with a Google search, and such posts will be deleted on sight.)

EDIT: It seems the latest debacle is currently being spun by Bitcoin Cash supporters as "it's not plagiarism if it's open source, no matter what the license says about attribution being required" which is a) not true; and b) not even slightly related to the actual risk described here, which is why I said in the first place that it isn't important. Any posts along these lines will also be deleted, as they are off-topic.
Jump to: