Author

Topic: What if digital-wallet creators hack users bitcoins? (Read 226 times)

brand new
Activity: 0
Merit: 0
Announcing MyEtherWallet v3.24.00: Difficulty Bomb&Updating blockchain

Due to the complexity of the Bomb and the increased risk of hacking, we pushed a rather drastic update that implements a number of changes and improvements, including enhancement of efficiency and scalability of the blockchain, acceleration of transaction speed, and additional security in the form new formats private keys which will help protect users against hacking.
If you are using private key or UTC, then you need to go into the wallet and update manually, otherwise they risk being unprotected.

How do i update my Ethereum wallet?

1. Go to our website MyEtherWallet.com
2. Unlock your wallet using your Keystore File (UTC / JSON) or simply use your private key.
3. Click Unlock and wait for the update.

Please note that you need to manually update your wallet, failure to do so may result in funds being lost.

We are taking these measures to protect both you and our network from phishing and malicious attacks.

Thank you for your cooperation and understanding!
MyEtherWallet Security Team.

If you use other methods, then ignore this message.
full member
Activity: 1232
Merit: 186
Actually the wallet I am using right now is online based but I'm not worried at all to be honest. Even though my private key is not in my hands, I'm still confident that they will not steal the money of all of its users simply because they don't want to be imprisoned and I'm very sure of that; they might face embezzlement or even estafa for doing such act. I don't know about the punishment for those violations but it was a tough one for sure and besides what's the point of stealing if in return you will lose more money (by not able to gain profits any longer) and have a miserable life Grin.

I know that the tendency of getting robbed by the company who runs the digital wallet we used is always there. To avoid this, make sure that the wallet you are will use is legal and trustworthy before investing in Smiley.
full member
Activity: 924
Merit: 221
IT could be possible but you can have an offline wallet where you can store your bitcoin. These could not be accessed by anybody even the team developer. And also they should not forget that they should maintain the credibility of the digital wallet being made by the team in fact they should do the opposite and that is to secure their digital wallet being made and earn more clients as to let them earn more also in a good way.
jr. member
Activity: 224
Merit: 8
No digital wallet are having some block chains where in it is you only who can access your account. Event the team could not access your account and that you should trust on it. If not then basically no one will put their money in exchange to crypto to these digital wallet. How ever there are phishing sites that could scan the transactions online and could be able to phished out even your private key to your wallet so this is the problem for digital wallet especially to those who are not that establish digital wallet. ANyway we should wait for AL Finney's digital wallet whom he is working. I bet that one could be good.
newbie
Activity: 32
Merit: 0
This is impossible. You should know what blockchain is before entering into this market.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Relevant reads:

I wouldn't say these are "relevant" because none of these incidents have anything to do with a "wallet", these are all exchange platforms for trading cryptocurrency not storing them.
a better example (which may not be as relevant either) would have been the blockchain.info incident where they were using random.org for their RNG which led to many users having the same private key when random.org change that specific webpage and that meant big fund loss. I say it is irrelevant because it is more like bug than a hack.

I totally get your point. I just think they're "relevant" enough due to exchanges like Bitfinex, Mtgox, etc and wallet services like coinbase, xapo, etc both sort of hold the private keys, instead of the wallet user.
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
One thing to consider is that they can't "hack" you, if they don't get access to your private keys whether or not you use their software. There are plenty of tools that you can use to generate your private keys offline, and if you take special care that they're never exposed online, you're pretty much hack-free.

One easy example I can think of is an air-gapped PC with an Electrum wallet. You generate your keys offline, and make sure the PC doesn't ever go online again. Setting one up correctly means you're virtually hack-proof, except in cases where hackers have had physical contact with your device.

There are also open source projects, but other than that, yeah, you will have to trust developers.

Well, that's 99% true, but you're forgetting a botched RNG... If i would write a wallet that picks a random integer between 1 and 10000, then calculates the sha256() hash of this integer and uses this hash as a private key, it does not matter if my wallet's users use my wallet only in an airgapped scenario... The private keys they generate could only be one of the 10000 possibility's.

Even without using a GPU, it would only take me less than an hour to bruteforce all possible keys, calculate the public key, generate the address and check for unspent outputs funding this address...

Now, this is not the case for electrum, but it *could* be the case for other, closed source, wallets (you never know)...
hero member
Activity: 1834
Merit: 759
One thing to consider is that they can't "hack" you, if they don't get access to your private keys whether or not you use their software. There are plenty of tools that you can use to generate your private keys offline, and if you take special care that they're never exposed online, you're pretty much hack-free.

One easy example I can think of is an air-gapped PC with an Electrum wallet. You generate your keys offline, and make sure the PC doesn't ever go online again. Setting one up correctly means you're virtually hack-proof, except in cases where hackers have had physical contact with your device.

There are also open source projects, but other than that, yeah, you will have to trust developers.
hero member
Activity: 756
Merit: 507
If you have some trust issues, then hardware wallet the only wallet you can trust, imho.
If we are speaking about software wallets, the open sourced one is a preferable, but there is a risk of a hat attack from hackers...
sr. member
Activity: 533
Merit: 251
Streamity Decentralized cryptocurrency exchange
Yeah shit may happen. I really don't understand how people easily believe online wallets and put their money. I generally love to save my bitcoins on wallet installed to my computer with backed up private keys on physical paper at home.
newbie
Activity: 98
Merit: 0
What a freaking and dangerous act that will ever happen. Million dollar worth if a creator/s assumes to hack all the bitcoin that was his/her sites carrying. Possibility? Yes ofcouse but hope so not happen.
jr. member
Activity: 182
Merit: 2
Trust issues anybody?
I hope it will never become a reality. If they later it happened, I think it would be a crime of the century.
full member
Activity: 379
Merit: 100
This assumption is possible. I think that with the expansion of the digital currency community and the increase in prices, there are security factors in two places in the wallet and the exchange. Try not to use the new open purse service without open source. If you have a lot of bitcoins, you are also buying a hardware Wallet as soon as possible. This is the safest scheme.
member
Activity: 322
Merit: 12
Treat People How You Would Like To Be Treated.
Yep, this is a very real possibility. As the price of BTC goes up the chances of stuff like this happening would increase.

I'm sure by now, most people who have a fair amount of BTC know better than to store them on exchanges or any wallet that doesn't give you the private keys.

People need to adopt the same mentality as they do when it comes to protecting their physical assets. I mean would you leave a solid gold bar in the glove compartment of you car, assuming it's safe because your car is locked and it has an alarm system?  Nope, most sane people probably won't do that. Leaving your BTC in an exchange wallet or in a wallet that you dont have the private keys for is about as safe as the gold bar in the car example.  Grin
legendary
Activity: 1638
Merit: 1163
Where is my ring of blades...
Relevant reads:

I wouldn't say these are "relevant" because none of these incidents have anything to do with a "wallet", these are all exchange platforms for trading cryptocurrency not storing them.
a better example (which may not be as relevant either) would have been the blockchain.info incident where they were using random.org for their RNG which led to many users having the same private key when random.org change that specific webpage and that meant big fund loss. I say it is irrelevant because it is more like bug than a hack.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
That's why you should stay away from wallets that don't give you access to your private keys, especially when you're holding big amounts of bitcoin or crypto in general. Even though some services like Coinbase are pretty secure, there's always a chance of them getting hacked as exchanges are always a hot target for hackers.

Don't let history repeat itself.
Relevant reads:
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
Trust issues anybody?

Well, this is a justifiable fear... I personally don't trust wallets that aren't open sourced... If you download a binary from an unknown company, they can potentially use a bad RNG, or have backdoors... Don't even get me started on online wallets, you have no controll over their sourcecode whatsoever (and usually, you don't have controll over your private keys either).
This is why it's important to only use wallets that are 100% open source and have been vetted by senior dev's. If a wallet's sourcecode has been read by dozens of developers, and nobody finds a backdoor or a flaw in the RNG, you can be reasonably sure your private keys are safe. But even then, bugs CAN always exist (look at electrum < v3).
This is why it's also important to check the signatures before using a wallet, or even better: compile the vetted sourcecode yourself Smiley

If you're really paranoid you can always use a dice to generate your private key offline
newbie
Activity: 112
Merit: 0
Trust issues anybody?
Jump to: