Author

Topic: You Can't Be Too Careful Over Private Keys, Can You? (Read 361 times)

sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
I didn't know anything about OWNR wallet either. I just searched about it and found this article on their official website. The article says that the wallet is close source and the funny thing is that they somehow say that being close-source is better.

Trustwallet, OWNR and any other close-source wallet should be avoided.
This website https://walletscrutiny.com/ is helpful to check summary reviews on Bitcoin and cryptocurrency wallets like is a wallet open-source (reproducible) or not.

Some queries for checking Trust wallet and OWNR wallet.
https://walletscrutiny.com/?platform=allPlatforms&page=0&query-string=Trust
https://walletscrutiny.com/?platform=allPlatforms&page=0&query-string=OWNR

A quick view can give No Source information for both Trust wallet and OWNR wallet.
hero member
Activity: 1428
Merit: 653
Leading Crypto Sports Betting & Casino Platform
There should be a better way of choosing a staff maybe they should have a complains form to fill if they violate any of these rules either by stealing funds or revealing someone else information they should pay for it.
Even if such a form existed, I highly doubt a potential staff member with a track record as a rogue employee would fill this kind of form [it'd jeopardize their chances of getting the job]!
Yeah but even as that there should be a better way, most times we can say trust and record can be broken or we don't know what they are suffering at there end to tarnished there trust which people had on them. For instance this doesn't happen immediately they go employed but after years they should up their devil in them so at this point there should be something to bind there employment with this there could be some what a lasting trust.
legendary
Activity: 994
Merit: 1089
The article says that the wallet is close source and the funny thing is that they somehow say that being close-source is better.
Thank you for sharing, but i don't know why i cannot access the article, maybe it is a problem from my end though. However, i am certain the person who wrote that article knows that they are lying about a closed source wallet being better than one that is open source, and that is another reason not to use this wallet, because it is one that tries to deceive their customers who don't have so much knowledge about crypto wallets.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
Put the Private Keys in the hand of the most respectable and well known man for being honest.  Make them all sign an NDA.  Promise harsh punishments for those who steer away from the morality they signed up for.  And still, Custodial Wallets are nothing but a head ache we do not deserve.

It is all that easy and simple.  If you ever use a Custodial Wallet, EMPTY IT OUT AS SOON AS POSSIBLE.  But the smartest and best idea still remains NOT using a Custodial Wallet at all.  Is comfort really this tempting that these guys choose it over the Security of their own Money?  I find it so mind bubbling.  Secure your own Money, it is easy to do it.

And who did we really think were handling these Private Keys anyway?  People, and people are often vulnerable to a lot of things.  Including to becoming vile all of a sudden.
legendary
Activity: 2380
Merit: 5213
You have just mentioned two wallets that i would not recommend, Trust wallet is closed source, and i don't know much about OWNR wallet, neither have i read reputable members recommend it in it
I didn't know anything about OWNR wallet either. I just searched about it and found this article on their official website. The article says that the wallet is close source and the funny thing is that they somehow say that being close-source is better.

Trustwallet, OWNR and any other close-source wallet should be avoided.
legendary
Activity: 994
Merit: 1089
I'm always concerned about the security of my crypto. I believe that it's best to use well-established non-custodial wallets, such as OWNR or Trust Wallet. We will never be completely safe from hacking and other cyber threats, but we can make sure we've done everything we can to protect ourselves.
You have just mentioned two wallets that i would not recommend, Trust wallet is closed source, and i don't know much about OWNR wallet, neither have i read reputable members recommend it in it forum. Doing everything you can do to protect your funds starts by using a well reviewed open source wallet and running it in an airgapped wallet that will never be connected to the internet, as anything online is always prone to hacking.
legendary
Activity: 1890
Merit: 1537
I wouldn't say that this is hacking or that the owners of those wallet was careless with their private keys. It was an intentional act by Zhank because he wanted to steal their funds that was why he made a back door to have access to people's private keys.

This is why open source wallets are the best wallets for storing bitcoin because it is open for all to look into the source code and improve the security. It is only a closed source wallet that a back door can be created unknown to the users. An open source wallet can not be compromised only if you expose your private keys or malware and Spyware attack your system unknown to you, because there is no back door.
They were mistaken in trusting the use of the Houbi wallet or any wallet managed by centralized authorities. Indeed, since the wallet was a closed source, this is what made the unethical employees succeed in this heinous fraud by placing the backdoor in it, which gave them unauthorized access to its users' seed phrases and private keys. I agree with you that with open-source wallets, security vulnerabilities can be examined, discovered, and fixed, and they receive continuous updates; the mistake that may expose the user of these wallets to hacking is downloading fake wallets from unknown sources.

The fact that they have now closed this wallet and launched iToken might be better. Still, I personally only trust well-known, open-source Bitcoin wallets recognized by the crypto community, avoiding any other untrusted wallets.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
There should be a better way of choosing a staff maybe they should have a complains form to fill if they violate any of these rules either by stealing funds or revealing someone else information they should pay for it.
Even if such a form existed, I highly doubt a potential staff member with a track record as a rogue employee would fill this kind of form [it'd jeopardize their chances of getting the job]!

Checking the wallet you are using is what makes your assets safe and there will be no loophole if it's open source.
You have a point, but just because certain software is open-source, it doesn't mean it can't suffer from zero-day vulnerabilities and exploits.

Done.
For some reason, it's not working on my side.
member
Activity: 210
Merit: 31
3 years prison and a fine of 30,000 RMB (converted to $4,200 USD), is a small price to pay to access that many private keys. Seems they actually got a deal.
jr. member
Activity: 61
Merit: 6
I'm always concerned about the security of my crypto. I believe that it's best to use well-established non-custodial wallets, such as OWNR or Trust Wallet. We will never be completely safe from hacking and other cyber threats, but we can make sure we've done everything we can to protect ourselves.
hero member
Activity: 1442
Merit: 775
Sometimes, this problem can come from downloading fake wallets; scammers have already created a clone wallet that looks exactly like the original wallets with just a few unnoticeable things that not everyone will understand, and they will gain access to your private key once you input it in the wallet.
While trying to invest, make sure you use a reputable wallet, and be sure you downloaded the wallet from their official website.
The key is download Bitcoin wallet softwares from official websites. It is a first step but not enough.

A next step is very important, verify what you download, and when it is confirmed as a legit one, you can start use it for storing your bitcoin.

The next step is creating your wallet properly like write down mnemonic seed for back up, test your back up as if you write down mnemonic seed words inaccurately, you can not use it for wallet recovery later.

How to back up a seed phrase
hero member
Activity: 994
Merit: 744
It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.
It is a wallet issue because I don't think I have heard of similar cases in any reputable wallets like Electrum, Bluewallet, and other open source wallets.

Sometimes, this problem can come from downloading fake wallets; scammers have already created a clone wallet that looks exactly like the original wallets with just a few unnoticeable things that not everyone will understand, and they will gain access to your private key once you input it in the wallet.
While trying to invest, make sure you use a reputable wallet, and be sure you downloaded the wallet from their official website.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino

And now after reading the article, I can say again, if you don't own the keys, then you don't own the crypto.

It doesn't help to have your own keys if someone else has access to them too. Did you read the article? This isn't a case of custodial versus non-custodial wallets. The issue is about security breaches and compromised private keys through backdoors created by rogue employees. Even with your own keys, if they're compromised, your crypto is at risk.
hero member
Activity: 1414
Merit: 513
Payment Gateway Allows Recurring Payments
Wow, authorities are saying on-chain data helped them a lot in catching these bad actors. I thought the government never appreciated crypto technologies. I guess I was wrong hehe. Speaking of private keys, I was always skeptical about Houbi products when the last time the community found a phishing link on their sites and the team was unaware of it. Some members from this forum reported that issue to the team and they said we would look into it.

And now after reading the article, I can say again, if you don't own the keys, then you don't own the crypto. Always prefer dexs although people are using CEXs all the time so if they want to, then I prefer to use a good one like OKX, Binance, ByBit, etc. These are doing good at the moment Robinhood and Bitstamp are also good
legendary
Activity: 2380
Merit: 5213
That is the problem with custodial wallets, they are the check and the balance with their own codes and internal processes.
You are right about custodial wallets and how insecure they can be, but huobi wallet (now known as itoken wallet) is a non-custodial wallet and gives users access to their private keys.
The problem with huobi wallet is that it's close-source and there was a backdoor which made some of their employees gain access to users private keys.
hero member
Activity: 770
Merit: 538
Leading Crypto Sports Betting & Casino Platform
Well, the possibility of your private key leaking depends on you and the kind of wallet you are using. When choosing a Bitcoin wallet to use, it has to be a reputable and open-source wallet. Also, I think that a crypto enthusiast should understand the need to have a cold wallet and a hot wallet because if you have your wallet in your device (like a phone or laptop) and you are always using those devices to browse the internet, chances that you might get attacked are there, so for you to prevent such, you need to have a cold wallet that doesn't go online all the time. You can get a hardware wallet to be safer. Keep your private keys offline and in a safer place, and then you will not be compromised. 
full member
Activity: 2184
Merit: 184
Hire Bitcointalk Camp. Manager @ r7promotions.com
It depend the kind of wallet you are using to hold your coins, because there are some wallet you will use to store your coins for long term other people can have access to your coins without your permission, which you need to make use of safe and solid wallet to store your coins. I make use of electrum wallet to store my Bitcoin and all my seeds phrase are been written down and kept in a secret place which only me can have access to it for now, and it will be difficult for scammers or friends to have access to my Bitcoin wallet, because I know electrum wallet is among the best Wallet to hold Bitcoin for long term. If you look at the incident very well, you will discovered that the Wallet they use to stored the coins are not a safe wallet, because there are many cases like that for Court to help some people to get their coins back from scammers because the evidence was very clear, that his friends or relative stole the coins from him.
hero member
Activity: 1148
Merit: 796
Although it's happened to iToken wallet, but this should be a warning for people who're use blockchain wallet, Trust wallet, Atomic wallet, Exodus wallet, and any other closed source wallets.

If you want to invest in Bitcoin only, use Electrum or Blue wallet.

If you looking for multi crypto wallet, use Unstoppable wallet.
legendary
Activity: 2282
Merit: 3014
After having gone through some serious shit myself thanks to the fckn scumbags at AT&T who don't believe in investing in proper security to keep their clients data safe, I've come to realize that security and privacy are not something to get lazy about what damn bit.  I'm operating in a way I never have and still have a long way to go.  Personally I'm buying new computers for single use task..one for this, one for that, etc. 

It's crazy but hacking hasn't /malware/spyware etc has gotten so much more advanced and in an extremely quick fashion..gotta keep up!  So yes, you really can't be too careful.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
That is the problem with custodial wallets, they are the check and the balance with their own codes and internal processes. Overly lax or colluding employees can always insert backdoors into any of their software and collect malicious data. There is simply nothing that our consumers can do if we choose to use a custodial wallet.

Not always. This is exactly one of the main reasons why we prefer open source wallet solutions. While no system is completely immune, open source allows for extensive scrutiny by the community, making it harder for vulnerabilities or exploits to hide.
If anything xz backdoor has taught us not to just trust open source projects blindly. Just because it is open source, doesn't mean someone is vetting the program and software for you. Wallets like Bitcoin Core are signed and vetted by multiple people which reduces the chances of this happening.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
I think it's not custodial wallet since there are private keys that are accessed by those people so it is more likely a wallet provider that isn't open source.

Yeah, it was non-custodial and huobi's actually --"iToken (the original Huobi wallet)"

I noticed there has been a rise of CEXs making their own non-custodial wallet as well and promotions are launched as well to get more people to install it. Let this be a reminder not to as they are closed source. Don't give in to promotions lol.

Good thing the police were able to caught the perps before they use the drained funds. Perps were being careful and wanted to wait for 2 years before they use it so victims are likely to get their money back.

Although we're not exactly talking about their custodial exchange service. This also says a lot about how malicious people can always linger around CEXs so let's not use them as a storage.
legendary
Activity: 2380
Merit: 5213
The best way to have enough security is to have a low profile because if you become a target of hackers they will find a way to access to your coins, there are a lot of ways to do this with some advanced tools or even with social engineer. So, while you are not a target you can feel in the safe zone.
Generate your keys using a trustworthy open-source tool on a safe air-gapped device, never let your private keys connect to the internet and your wallet will be completely safe.
It's not that hackers will definitely find a way to access your wallet. If that was true, all users who hold big fund would have been hacked and bitcoin would have failed.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Checking the wallet you are using is what makes your assets safe and there will be no loophole if it's open source. This is why many experts recommend people to use open source walletd rather than the closed source wallet providers.

Your topic title suggests that there's always a loophole regardless of how careful one is, but that's not the case here. The wallet was already flawed from the get go, so storing your bitcoins there puts you at a huge risk and means they are not YOUR bitcoins anymore.
If not this employee someone else could have attempted this and maybe someone has at a lower scale done so successfully.

Use non-custodian wallets which doesn't access your keys so can't create backdoors and make sure the wallet is open source.
I think it's not custodial wallet since there are private keys that are accessed by those people so it is more likely a wallet provider that isn't open source.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
Your topic title suggests that there's always a loophole regardless of how careful one is, but that's not the case here. The wallet was already flawed from the get go, so storing your bitcoins there puts you at a huge risk and means they are not YOUR bitcoins anymore.
If not this employee someone else could have attempted this and maybe someone has at a lower scale done so successfully.

Use non-custodian wallets which doesn't access your keys so can't create backdoors and make sure the wallet is open source.
legendary
Activity: 3346
Merit: 3130
Done. It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.

The best way to have enough security is to have a low profile because if you become a target of hackers they will find a way to access to your coins, there are a lot of ways to do this with some advanced tools or even with social engineer. So, while you are not a target you can feel in the safe zone.

And security is not only about Bitcoin, is important to have good security practices in life, like not having the same password on different services, or using complex passwords with special chars, upper case letters and numbers.
legendary
Activity: 1526
Merit: 1359
Yeah, its getting pretty obvious that people are the weakest link when it comes to securing these exchanges.  The people running them have millions of dollars worth of other people's money on their hands and  you would think they would all go through some hardcore screening - personality tests, background checks, lie detectors... the works.  Just one sketchy dude can sink everything.

But even if you lock it all down, the exchanges themselves make too nice a target.  Essentially massive online vaults begging to get cracked.  Keeping your own keys is the only real protection.
hero member
Activity: 1428
Merit: 653
Leading Crypto Sports Betting & Casino Platform
Now from this news it shows that most of the hack and security bridging are from internal worker or staff who happens to have all details at their end side making it too vulnerable to steal people's information and personal savings in the exchange.
There should be a better way of choosing a staff maybe they should have a complains form to fill if they violate any of these rules either by stealing funds or revealing someone else information they should pay for it. Note: this is another case that could you (us) not to leave our funds in centralized exchange where we don't have access to our private keys.
hero member
Activity: 896
Merit: 586
Leading Crypto Sports Betting & Casino Platform
I wouldn't say that this is hacking or that the owners of those wallet was careless with their private keys. It was an intentional act by Zhank because he wanted to steal their funds that was why he made a back door to have access to people's private keys.

This is why open source wallets are the best wallets for storing bitcoin because it is open for all to look into the source code and improve the security. It is only a closed source wallet that a back door can be created unknown to the users. An open source wallet can not be compromised only if you expose your private keys or malware and Spyware attack your system unknown to you, because there is no back door.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.

Not always. This is exactly one of the main reasons why we prefer open source wallet solutions. While no system is completely immune, open source allows for extensive scrutiny by the community, making it harder for vulnerabilities or exploits to hide.

Besides, this case has nothing to do with hacking. Adding a backdoor to wallet software with the intent of stealing user funds is clearly a criminal activity, but not hacking.
sr. member
Activity: 336
Merit: 365
The Alliance Of Bitcointalk Translators - ENG>PID
It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.
So long there aren't standard wallets, they will always have issues. And I will go with what @Charles-Tim said. Use only standard wallets to store your coins. All these social media were meant for entertainment and anything relating to funds or cryptocurrency should be avoided. They don't give you total control over them. It's just like a Centralized system, controlled by people. If you must use a wallet use the well known ones and store your keys in a place where you alone will know about and offline.
member
Activity: 70
Merit: 11
I report crypto news and write gambling articles
Why not add the link of the news? It is better to add the link because some people may prefer to read the news in full so that they can understand it better.

Advice:
Use a reputed wallet that is completely open source like Electrum, Sparrow and Bluewallet

Done. It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Why not add the link of the news? It is better to add the link because some people may prefer to read the news in full so that they can understand it better.

Advice:
Use a reputed wallet that is completely open source like Electrum, Sparrow and Bluewallet
member
Activity: 70
Merit: 11
I report crypto news and write gambling articles
Jump to: