Altcoins Talks - Cryptocurrency Forum
Crypto Discussion Forum => Cryptocurrency discussions => Technical Discussion => Topic started by: yhiaali3 on February 26, 2024, 10:55:25 AM
-
Hello. Greetings to everyone.
On the occasion of the opening of the technical Section, I had a question that I would like to raise here for discussion
Some time ago, my laptop was hacked and the hacker was able to steal the Electreum wallet data file, and after that he was able to open the wallet. I do not know how, but he was able to open the wallet and steal the balance.
Several questions come to mind:
1 - How was the hacker able to open the wallet file even though I was using a very strong password?
2 - Are there other ways to encrypt the wallet file other than the password so that it makes things more difficult for the hacker to open the file?
3- Is it possible to access the private key in such a case? I mean, can a hacker access the private key through the wallet's data file?
4 - The last question is hypothetical: I know that there is a possibility of creating an Electreum wallet with two-factor authentication 2FA. In such a case, if I enable two-factor authentication, can a hacker access the wallet even if he manages to obtain the password?
-
Several questions come to mind:
1 - How was the hacker able to open the wallet file even though I was using a very strong password?
2 - Are there other ways to encrypt the wallet file other than the password so that it makes things more difficult for the hacker to open the file?
3- Is it possible to access the private key in such a case? I mean, can a hacker access the private key through the wallet's data file?
4 - The last question is hypothetical: I know that there is a possibility of creating an Electreum wallet with two-factor authentication 2FA. In such a case, if I enable two-factor authentication, can a hacker access the wallet even if he manages to obtain the password?
Short answer to your questions.
1. Usually it's due to keylogger where the hacker wait for you to open Electrum and enter password.
2. Yes, such as using yubikey. But you still need to perform decryption twice which makes it not practical.
3. Theoretically possible, assuming he has access to your computer.
4. Yes, but he can't steal your Bitcoin without 2FA code.
-
Several questions come to mind:
1 - How was the hacker able to open the wallet file even though I was using a very strong password?
A few years ago, I had the misfortune of being hacked, most likely via a keylogger. It was quite painful.
Here is an interesting fact. One secondary wallet, where I was testing something and in the meantime, I forgot the password for it. Well, the hacker also knew that password and cleared that address as well.
-
Short answer to your questions.
1. Usually it's due to keylogger where the hacker wait for you to open Electrum and enter password.
I also think so, as I think the hacker was able to record the password via a keylogger after I opened the wallet to make a transaction.
2. Yes, such as using yubikey. But you still need to perform decryption twice which makes it not practical.
Do you mean encrypting the data file itself using yubikey? So you need to decrypt every time you want to enter the wallet, annoying but more secure?
Short answer to your questions.
4. Yes, but he can't steal your Bitcoin without 2FA code.
So this is the most secure option although it costs an additional fee per transaction when two-factor authentication is enabled.
A few years ago, I had the misfortune of being hacked, most likely via a keylogger. It was quite painful.
Here is an interesting fact. One secondary wallet, where I was testing something and in the meantime, I forgot the password for it. Well, the hacker also knew that password and cleared that address as well.
Really unfortunate, this is what happened to me as well. I expect that the hacker was able to steal the password via a keylogger and then open the wallet and withdrew the balance.
-
2. Yes, such as using yubikey. But you still need to perform decryption twice which makes it not practical.
Do you mean encrypting the data file itself using yubikey?
To be exact, storing password or encryption key on YubiKey with using encryption software which support YubiKey. Here's an example, https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP (https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP).
So you need to decrypt every time you want to enter the wallet, annoying but more secure?
Yes.
Short answer to your questions.
4. Yes, but he can't steal your Bitcoin without 2FA code.
So this is the most secure option although it costs an additional fee per transaction when two-factor authentication is enabled.
I don't think it's most secure when other option (such as using Electrum on airgapped laptop) exist. And FYI, you pay for every 20 or 100 transaction these days. See https://trustedcoin.com/#/faq (https://trustedcoin.com/#/faq).
-
1 - How was the hacker able to open the wallet file even though I was using a very strong password?
hackers may records the screen if you try to avoid using the keyboard to enter the password. This all depends on the access permissions that hackers can gain.
I know that there is a possibility of creating an Electreum wallet with two-factor authentication 2FA. In such a case, if I enable two-factor authentication, can a hacker access the wallet even if he manages to obtain the password?
It is better create a multi-signature wallet to avoid a single point of failure, You can have 2-of-4 Multisig Wallet, where you will need two signatures from 4 devices, or 3-of-4, all of which are solutions that will increase the complexity of the sending process, but there will not be a single point of failure.
-
Some time ago, my laptop was hacked and the hacker was able to steal the Electreum wallet data file, and after that he was able to open the wallet. I do not know how, but he was able to open the wallet and steal the balance.
Sorry for your loss.
How were you hacked? Can you share some of the lessons you learned? What did you do wrong?
99% of my coins are in a hardware wallet, but I was never hacked AFAIK.
-
Sorry for your loss.
How were you hacked? Can you share some of the lessons you learned? What did you do wrong?
Thank you
Actually, I don't know exactly, but I think the main mistake was downloading crack from the Internet. I used Windows 10 and downloaded the crack for a video converter program, and then the problems started.
Although I know the danger of cracks, unfortunately I live in a country that is banned from most services and we do not have legal programs, so I am forced to download cracked programs, and although I downloaded many cracks before, I did not have any problems, and the site from which I downloaded the crack seemed safe to me. It has nothing to do with Crypto, but the incident occurred after downloading the last file, so I guess it is the reason.
Several days after downloading the file, I opened the wallet, made a transaction, and sent some Bitcoin to the exchange, and the balance was still there, but after a few days, I opened the wallet to check the balance and was surprised that my balance was 0, and about $750 of Bitcoin that was in the wallet had been transferred to an unknown address.
I expect that the hacker was able to inject the keylogger program into my device, and after I opened the wallet, he was able to obtain the password, open the wallet, and steal the balance.
Of course, after the incident, I repartitioned the hard drive, erased everything, reinstalled a new system, and increased security, but it was too late. Although the amount was not very large, it was a harsh experience for me, and the most important lesson I learned is not to trust any file on the Internet and not to be complacent with safety procedures.
-
Although I know the danger of cracks, unfortunately I live in a country that is banned from most services and we do not have legal programs, so I am forced to download cracked programs, and although I downloaded many cracks before, I did not have any problems, and the site from which I downloaded the crack seemed safe to me. It has nothing to do with Crypto, but the incident occurred after downloading the last file, so I guess it is the reason.
That is probably the cause.
I used to download a lot of cracked software in the past, but I do not anymore. Basically all software that I have in my computer are genuine now... even Microsoft Office (which is very cheap nowadays, and were basically all cracked few years ago)
-
That is probably the cause.
I used to download a lot of cracked software in the past, but I do not anymore. Basically all software that I have in my computer are genuine now... even Microsoft Office (which is very cheap nowadays, and were basically all cracked few years ago)
I wish I could get paid programs. My problem is not with payment, but my main problem is that I live in Syria, where, as you know, all online payment services are banned.
I tried to find a way to buy the original software through Crypto, but I could not find it. I tried the free, open source software, but it was not as efficient as the paid software, so I was forced to download cracked software.
Of course, after what happened to me, I decided to use open source programs, even if their efficiency was less.
-
-snip-
I tried to find a way to buy the original software through Crypto, but I could not find it. I tried the free, open source software, but it was not as efficient as the paid software, so I was forced to download cracked software.
Of course, after what happened to me, I decided to use open source programs, even if their efficiency was less.
If you can't switch to open-source software for your main work, You can use Tails OS and install Electrum on that OS in a portable way (I recommend manually installing the latest version of Electrum).
- https://tails.net/ (https://tails.net/)
- https://electrum.readthedocs.io/en/latest/tails.html (https://electrum.readthedocs.io/en/latest/tails.html)
There is a charge for using the 2FA wallet option on Electrum. Alternatively, you can use a multi-signature wallet on two different devices.
-
I wish I could get paid programs. My problem is not with payment, but my main problem is that I live in Syria, where, as you know, all online payment services are banned.
Can't you buy digital software in Amazon using visa.?
Wow, I was not aware of this situation in Syria. Bitcoin is even more important to you.
I think you might be able to get some softwares using this bitrefill or similar services.
-
I wish I could get paid programs. My problem is not with payment, but my main problem is that I live in Syria, where, as you know, all online payment services are banned.
Why don't you just switch to some good Linux OS like Fedora, Debian or Mint?
This are all free open source operating systems and most of the software is very good and free, but important thing is that you won't have any more problems with malware and hackers.
Most bitcoin and crypto related stuff is working fine, and there are plenty alternatives for general purpose software, there is even Adobe software package that works perfectly in Linux.
-
If you can't switch to open-source software for your main work, You can use Tails OS and install Electrum on that OS in a portable way (I recommend manually installing the latest version of Electrum).
- https://tails.net/ (https://tails.net/)
- https://electrum.readthedocs.io/en/latest/tails.html (https://electrum.readthedocs.io/en/latest/tails.html)
Thank you for the links, this is really cool. I installed Linux on a flash drive to use electrum, but I did not know about tails. It looks very cool and safer to use electrum, I will try it.
Can't you buy digital software in Amazon using visa.?
Wow, I was not aware of this situation in Syria. Bitcoin is even more important to you.
I think you might be able to get some softwares using this bitrefill or similar services.
Amazon and Visa completely ban Syria. I cannot use Visa or any electronic payment card, but I have not tried bitrefill before. I will try it and tell you the result.
Of course, Bitcoin is the best and most important option for me, but the problem is with third-party services that block Syria due to the American embargo.
Why don't you just switch to some good Linux OS like Fedora, Debian or Mint?
This are all free open source operating systems and most of the software is very good and free, but important thing is that you won't have any more problems with malware and hackers.
Most bitcoin and crypto related stuff is working fine, and there are plenty alternatives for general purpose software, there is even Adobe software package that works perfectly in Linux.
Frankly, I have been accustomed to the Windows system for a long time, but after the incident I tried installing Debian Linux on a flash drive and working on it when using Electreum or things related to Crypto that require more security. Now I think I will try tails and if I like it I will always use it.
Thank you all for the tips
-
If you can't switch to open-source software for your main work, You can use Tails OS and install Electrum on that OS in a portable way (I recommend manually installing the latest version of Electrum).
- https://tails.net/ (https://tails.net/)
- https://electrum.readthedocs.io/en/latest/tails.html (https://electrum.readthedocs.io/en/latest/tails.html)
Thank you for the links, this is really cool. I installed Linux on a flash drive to use electrum, but I did not know about tails. It looks very cool and safer to use electrum, I will try it.
Tails OS provides built-in Electrum, but I recommend installing the latest version of Electrum yourself.
The following is an example of Electrum on Tails OS that I have tried:
(https://talkimg.com/images/2023/05/17/blobf0cf546d721928ad.jpeg)
Considering that the storage media uses a flash drive, it is also necessary to consider several shortcomings that generally occur in flash drives.
However, the main thing is to ensure you save the seed phrase properly for the recovery process if there is a problem with the device.
-
Hello. Greetings to everyone.
On the occasion of the opening of the technical Section, I had a question that I would like to raise here for discussion
Some time ago, my laptop was hacked and the hacker was able to steal the Electreum wallet data file, and after that he was able to open the wallet. I do not know how, but he was able to open the wallet and steal the balance.
Several questions come to mind:
1 - How was the hacker able to open the wallet file even though I was using a very strong password?
2 - Are there other ways to encrypt the wallet file other than the password so that it makes things more difficult for the hacker to open the file?
3- Is it possible to access the private key in such a case? I mean, can a hacker access the private key through the wallet's data file?
4 - The last question is hypothetical: I know that there is a possibility of creating an Electreum wallet with two-factor authentication 2FA. In such a case, if I enable two-factor authentication, can a hacker access the wallet even if he manages to obtain the password?
Electrum wallet data file contain your private key, which is used to access your crypto. Very necessary for you to protect your file from unauthorized access.the way to do this is to encrypt file with a strong password. You can also keep the file on a highly protect device like hardware wallet.Most important notice Keep your software and operating system up to date to prevent malware from accessing your wallet.
-
~snip~
I tried to find a way to buy the original software through Crypto, but I could not find it. I tried the free, open source software, but it was not as efficient as the paid software, so I was forced to download cracked software.
I use only original software, and I mostly buy licenses on the BTT forum (Digital goods), and they are mostly very affordable. I believe you are also a member there, so I suggest you look at that board, but always be careful who you trade with because there are a lot of scammers.
I think that considering the situation in your country, cryptocurrencies offer the only possible solution to use legal software.
Maybe you can find something on this page -> https://spending-bitcoin.com
-
I use only original software, and I mostly buy licenses on the BTT forum (Digital goods), and they are mostly very affordable. I believe you are also a member there, so I suggest you look at that board, but always be careful who you trade with because there are a lot of scammers.
I think that considering the situation in your country, cryptocurrencies offer the only possible solution to use legal software.
Maybe you can find something on this page -> https://spending-bitcoin.com
Thanks for the advice
Of course, I am a member of the BTT forum and I once searched in the (Digital Goods) section to buy a Microsoft Office license and found a discounted license, but I was skeptical because the price is cheap and the member providing the service is Newbie.
As you mentioned, there are a lot of scammers, so I will search again, and if I find a reliable member with reasonable prices, I will buy immediately, especially a Windows and Office license.
Maybe you can find something on this page -> https://spending-bitcoin.com
I will try this site if I can find something that interests me
-
~snip~
As you mentioned, there are a lot of scammers, so I will search again, and if I find a reliable member with reasonable prices, I will buy immediately, especially a Windows and Office license.
I think you will find licenses for these products without any problems, just avoid new accounts and check trust feedbacks. There are members who have been selling for a long time and it is certainly not in their interest to scam someone for $5.
-
~snip~
I tried to find a way to buy the original software through Crypto, but I could not find it. I tried the free, open source software, but it was not as efficient as the paid software, so I was forced to download cracked software.
I use only original software, and I mostly buy licenses on the BTT forum (Digital goods), and they are mostly very affordable. I believe you are also a member there, so I suggest you look at that board, but always be careful who you trade with because there are a lot of scammers.
I think that considering the situation in your country, cryptocurrencies offer the only possible solution to use legal software.
Maybe you can find something on this page -> https://spending-bitcoin.com
Have you tried bitrefil?
You can buy some amazon gift cards there and use legal software
https://www.bitrefill.com/
-
-snip-
2 - Are there other ways to encrypt the wallet file other than the password so that it makes things more difficult for the hacker to open the file?
-snip-
Electrum wallet data file contain your private key, which is used to access your crypto. Very necessary for you to protect your file from unauthorized access.the way to do this is to encrypt file with a strong password. You can also keep the file on a highly protect device like hardware wallet.Most important notice Keep your software and operating system up to date to prevent malware from accessing your wallet.
The Electrum wallet can be stored in a non-default Electrum folder directory, for example, on a separate hard drive, which is only used when making transactions.
Another alternative is that if the goal is only to back up the wallet, the wallet file can also be encrypted using PGP.
Electrum itself has two separate levels of encryption:
https://electrum.readthedocs.io/en/latest/faq.html#how-is-the-wallet-encrypted (https://electrum.readthedocs.io/en/latest/faq.html#how-is-the-wallet-encrypted)
~snip~
I tried to find a way to buy the original software through Crypto, but I could not find it. I tried the free, open source software, but it was not as efficient as the paid software, so I was forced to download cracked software.
I use only original software, and I mostly buy licenses on the BTT forum (Digital goods), and they are mostly very affordable. I believe you are also a member there, so I suggest you look at that board, but always be careful who you trade with because there are a lot of scammers.
I think that considering the situation in your country, cryptocurrencies offer the only possible solution to use legal software.
Maybe you can find something on this page -> https://spending-bitcoin.com
Have you tried bitrefil?
You can buy some amazon gift cards there and use legal software
https://www.bitrefill.com/
In my opinion, further discussion about this could make the discussion go off-topic.
-
The Electrum wallet can be stored in a non-default Electrum folder directory, for example, on a separate hard drive, which is only used when making transactions.
Another alternative is that if the goal is only to back up the wallet, the wallet file can also be encrypted using PGP.
Thank you, I liked this method.
I created a new wallet and saved the file on an external flash drive, so I can use it only when I want to open the wallet.
Also, in order to increase security, I extended the seed by adding a custom word to the seed:
(https://www.talkimg.com/images/2024/03/09/y5Zmg.jpeg)
In this case, even if the hacker is able to obtain the private key, he will not be able to open the wallet without this custom word.
-
In this case, even if the hacker is able to obtain the private key, he will not be able to open the wallet without this custom word.
Adding a passphrase is a very good layer of security, and you are right that even if the wallet gets compromised, the attacker would only be able to steal from the base wallet, as long as they do not know what the passphrase is. It can also be used for plausible deniability, in cases of a $5 wrench attack.
-
Make sure you store your seeds and extended words in a secure place. I've seen some posts from people who lost access to their wallets because they forgot to store the extended words, seeds, or both. Sometimes they use a complicated backup method that they eventually forget because it is a one-time use and they never try to recall it again, so I'd suggest using something that is easy to access but not that obvious anyone can know it is your backup.
-
In this case, even if the hacker is able to obtain the private key, he will not be able to open the wallet without this custom word.
Adding a passphrase is a very good layer of security, and you are right that even if the wallet gets compromised, the attacker would only be able to steal from the base wallet, as long as they do not know what the passphrase is. It can also be used for plausible deniability, in cases of a $5 wrench attack.
Plausible deniability only works if you have a lower amount wallet without the passphrase. So you can give your secondary wallet (without the passprahse) to the attacker... Then, you can save your main wallet funds that are secured under the passphrase
-
Adding a passphrase is a very good layer of security, and you are right that even if the wallet gets compromised, the attacker would only be able to steal from the base wallet, as long as they do not know what the passphrase is. It can also be used for plausible deniability, in cases of a $5 wrench attack.
Plausible deniability only works if you have a lower amount wallet without the passphrase. So you can give your secondary wallet (without the passprahse) to the attacker... Then, you can save your main wallet funds that are secured under the passphrase
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
-
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
When this happened to me, the first thing I did was buy a new SSD and start from scratch. Changing passwords, wallets, etc...
-
Adding a passphrase is a very good layer of security, and you are right that even if the wallet gets compromised, the attacker would only be able to steal from the base wallet, as long as they do not know what the passphrase is. It can also be used for plausible deniability, in cases of a $5 wrench attack.
Plausible deniability only works if you have a lower amount wallet without the passphrase. So you can give your secondary wallet (without the passprahse) to the attacker... Then, you can save your main wallet funds that are secured under the passphrase
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
Yeah but if someone gets into your house and say " I will smash your head unless you give me your bitcoin" a secondary wallet will work. A hardware wallet with a single wallet won't.
-
-snip-
-snip-
In this case, even if the hacker is able to obtain the private key, he will not be able to open the wallet without this custom word.
Maybe you mean the seed phrase.
Because even if the hacker doesn't get the custom word but manages to get the private key, then he will still have access to transact Bitcoin at the address associated with the private key.
There are many ways to secure the seed phrase. At least pay attention to the basic warnings listed on Electrum when generating the seed phrase.
-
Maybe you mean the seed phrase.
Because even if the hacker doesn't get the custom word but manages to get the private key, then he will still have access to transact Bitcoin at the address associated with the private key.
There are many ways to secure the seed phrase. At least pay attention to the basic warnings listed on Electrum when generating the seed phrase.
Sorry, yes of course I mean the seed phrase, because as you mentioned if hacker gets the private key he won't need anything else to access the wallet.
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
Why if the wallet file is stored on an external SSD or flash drive? I mean, if the wallet file is stored on a medium that is not connected to the computer, how will the hacker be able to access it even if he hacks the computer?
-
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
Why if the wallet file is stored on an external SSD or flash drive? I mean, if the wallet file is stored on a medium that is not connected to the computer, how will the hacker be able to access it even if he hacks the computer?
The problem is that you will need to sign transactions in that "offline device".
Then you need to insert a pen drive or something like that to transfer the signed transaction to an online computer.
At this point you have a potential breach in your setup which a small mistake can be fatal.
You won't see people saying that they were hacked using a hardware wallet properly. But using offline computer it is very common
-
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
Why if the wallet file is stored on an external SSD or flash drive? I mean, if the wallet file is stored on a medium that is not connected to the computer, how will the hacker be able to access it even if he hacks the computer?
In this case, storing wallet files separately from the Electrum app is only an initial precaution in case of a PC hack so that wallet files are not directly affected.
Of course, when making transactions and connecting the drive where the wallet files are stored to your PC, you should ensure that the PC is not hacked and is free from viruses.
Hardware wallets can minimize the incident even if they are connected to a PC affected by malware that the user is unaware of. The hardware wallet will have a confirmation process during the transaction, so hackers will not pass this stage easily.
Another example is that you can cancel the transaction if it turns out that the destination address is different from the desired one, for instance, because the PC is affected by clipboard malware.
Or, even if you don't use a hardware wallet, You can use the multi-signature wallet type in the Electrum.
-
I would argue that none of this works at all if your computer is hacked. In that case, all of your wallets will be broken into, unless they are hardware wallets.
Why if the wallet file is stored on an external SSD or flash drive? I mean, if the wallet file is stored on a medium that is not connected to the computer, how will the hacker be able to access it even if he hacks the computer?
In this case, storing wallet files separately from the Electrum app is only an initial precaution in case of a PC hack so that wallet files are not directly affected.
Of course, when making transactions and connecting the drive where the wallet files are stored to your PC, you should ensure that the PC is not hacked and is free from viruses.
Keeping the wallet file in a separate drive may give better security but whenever we need to access the wallet we have to connect the wallet file which can potentially compromise the wallet file if the device is affected by a malware.
It is better to prefer an airgapped wallet using electrum or installing tails on memory stick just to access the electrum can be better option.
-
-snip-
Keeping the wallet file in a separate drive may give better security but whenever we need to access the wallet we have to connect the wallet file which can potentially compromise the wallet file if the device is affected by a malware.
It is better to prefer an airgapped wallet using electrum or installing tails on memory stick just to access the electrum can be better option.
Suppose you look at the discussion on the previous page in this thread. In that case, I have also suggested another option, such as using TailsOS (I have tried Electrum on Tails OS, https://www.altcoinstalks.com/index.php?topic=318368.msg1510362#msg1510362 (https://www.altcoinstalks.com/index.php?topic=318368.msg1510362#msg1510362)), a multi-signature wallet, to save wallet files in different places.
The last option is still too vulnerable, and you must always ensure that the PC you are using is truly safe, even though this should be the security standard for each user when he uses it to install wallet software.
-
Hello. Greetings to everyone.
On the occasion of the opening of the technical Section, I had a question that I would like to raise here for discussion
Some time ago, my laptop was hacked and the hacker was able to steal the Electreum wallet data file, and after that he was able to open the wallet. I do not know how, but he was able to open the wallet and steal the balance.
Several questions come to mind:
1 - How was the hacker able to open the wallet file even though I was using a very strong password?
2 - Are there other ways to encrypt the wallet file other than the password so that it makes things more difficult for the hacker to open the file?
3- Is it possible to access the private key in such a case? I mean, can a hacker access the private key through the wallet's data file?
4 - The last question is hypothetical: I know that there is a possibility of creating an Electreum wallet with two-factor authentication 2FA. In such a case, if I enable two-factor authentication, can a hacker access the wallet even if he manages to obtain the password?
- First of all, I'm sorry about the hacker hacking your laptop. It just means that you have to be more careful now. You know that nothing is impossible for a hacker once they find an opportunity to get into your account.
I have been using electrum for a long time, but I have never tried activating 2FA in electrum because it has not been explored 100% as long as I only have the seed and the password is the private key. But it is better if there is a 2FA.
-
(not very timely but since I just remembered that you got infected by a crack, I have some opinions to share about that.)
Actually, I don't know exactly, but I think the main mistake was downloading crack from the Internet. I used Windows 10 and downloaded the crack for a video converter program, and then the problems started.
Although I know the danger of cracks, unfortunately I live in a country that is banned from most services and we do not have legal programs, so I am forced to download cracked programs, and although I downloaded many cracks before, I did not have any problems, and the site from which I downloaded the crack seemed safe to me. It has nothing to do with Crypto, but the incident occurred after downloading the last file, so I guess it is the reason.
That's why you should only download cracked software via BitTorrent protocol, if you absolutely have to. Not from random HTTPS websites.
Most cryptostealing malware is created for Windows by very experienced malware developers who find ways to bypass the security controls on those computers due to the fact that updates are not frequently issued for it.
-
That's why you should only download cracked software via BitTorrent protocol, if you absolutely have to. Not from random HTTPS websites.
Thanks for the advice, but is there a difference between downloading cracked software via BitTorrent or random HTTPS sites?
I mean, after you download the crack and install it on the device, the malicious program will run regardless of the download source, right?
Or do you mean that cracks downloaded via the BitTorrent protocol are clean?
-
That's why you should only download cracked software via BitTorrent protocol, if you absolutely have to. Not from random HTTPS websites.
Thanks for the advice, but is there a difference between downloading cracked software via BitTorrent or random HTTPS sites?
Ofc. If the torrent has 5000 seeders, it has thousands of users who didn't noticed any malware.
I mean, after you download the crack and install it on the device, the malicious program will run regardless of the download source, right?
What are the chances of thousands os seeders sharing a malware? Very low.
Or do you mean that cracks downloaded via the BitTorrent protocol are clean?
If you see just a few seeders, avoid it.
Thousands of seeders is usually clean. But you can't be 100% sure.
It is nice to check reddit/r/piracy first too.
-
That's why you should only download cracked software via BitTorrent protocol, if you absolutely have to. Not from random HTTPS websites.
I don't think cracked software should be downloaded from anywhere.
It doesn't matter if it's done by torrent or normal link download, they can always have hidden code inside.
And most software alternatives are already available for free if you are using some good Linux OS, risk of malware is much lower that way.
Ofc. If the torrent has 5000 seeders, it has thousands of users who didn't noticed any malware.
Or scammers (maybe even government) paid 5000 people in poor countries to spread the malware :P
Code for that is certainly closed source.
-
-snip-
The last option is still too vulnerable, and you must always ensure that the PC you are using is truly safe, even though this should be the security standard for each user when he uses it to install wallet software.
It is possible to install some additional antivirus apart from Defender if we use Windows.
I installed an additional premium antivirus to make the security of the PC device better because the wallet activity installed really has to be safe because it will determine the next security.
and also the security of the phone installed in the Electrum wallet also needs to be considered.
Usually people who are too careless will not think about the security of their own devices, when it is very important.