Altcoins Talks - Cryptocurrency Forum
Cryptocurrency Ecosystem => Crypto Wallets => Topic started by: EnergyFather on May 16, 2024, 02:32:24 AM
-
Many of you are likely aware of the Atomic wallet breach that occurred in June 2023, when over 100 million dollars was stolen from its users. Almost a year has passed, but the Atomic developers still haven't revealed what actually happened. May be they don't know at all.
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
-
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
This happened to electrum wallet last year or few months ago. That's the reason i don't update eventually my electrum and other wallet, unless a vulnerable was detected and was announced through their official social media handles, websites and some other news outlets. Other than that, i still do that practice more often.
It's also good to note that atomic wallet is not open source, yet they call themselves as non-custodial wallet and there's no way to tell that it really is. In this case you will need to trust the software that it won't save your private keys on their server. But were here in crypto open source software are the foundation of the tech so better to use it instead of the closed ones. And equip yourself with knowledge on how to do good practice to make transaction, how to secure your device and how to keep yourself safe from any attackers online.
-
Many of you are likely aware of the Atomic wallet breach that occurred in June 2023, when over 100 million dollars was stolen from its users. Almost a year has passed, but the Atomic developers still haven't revealed what actually happened. May be they don't know at all.
And i speculate they want people to forget or give up about it altogether.
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
This happened to electrum wallet last year or few months ago. That's the reason i don't update eventually my electrum and other wallet, unless a vulnerable was detected and was announced through their official social media handles, websites and some other news outlets. Other than that, i still do that practice more often.
Do you mean when malicious server send message to Electrum user to update their software from fake website? If yes, then it's somewhat different from Atomic Wallet case. Anyway, i agree not immediately update software could reduce risk mentioned by OP.
-
But were here in crypto open source software are the foundation of the tech so better to use it instead of the closed ones.
Though open source is usually safer than proprietary software, it is not 100% immune to the presence of malicious code. While the open nature allows for code review and contributions from a diverse group of developers, this very openness can also be exploited by malicious actors who may introduce harmful code subtly. The sheer volume of code can make comprehensive auditing challenging.
Additionally, not all code changes are thoroughly reviewed due to time constraints, resource limitations, or trust in well-known contributors. Even with rigorous review processes, sophisticated malicious code can be obfuscated to evade detection. Therefore, the open-source model, despite its many advantages, does not provide an absolute safeguard against the infiltration of malicious elements.
The question stands - what steps one may take to make crypto assets storage safer? What precautions do you take?
-
Though open source is usually safer than proprietary software, it is not 100% immune to the presence of malicious code. While the open nature allows for code review and contributions from a diverse group of developers, this very openness can also be exploited by malicious actors who may introduce harmful code subtly. The sheer volume of code can make comprehensive auditing challenging.
Additionally, not all code changes are thoroughly reviewed due to time constraints, resource limitations, or trust in well-known contributors. Even with rigorous review processes, sophisticated malicious code can be obfuscated to evade detection. Therefore, the open-source model, despite its many advantages, does not provide an absolute safeguard against the infiltration of malicious elements.
The question stands - what steps one may take to make crypto assets storage safer? What precautions do you take?
We cannot guarantee that everything will be perfect, we can only choose the best within our ability. In addition to the risks inherent in the code of crypto wallets, users also face cyberattacks, scam Dapps or risks when storing their private keys themselves. It is really difficult to achieve absolute security, but for the time being, I think we can trust the most reputable crypto wallets on the market such as Exodus, SafePal, Blockchain...
To minimize risks, I think hardware wallets are the best solution because they have a special chip to protect users assets. As long as users do not connect their hardware wallets to Dapps, the only remaining risk is the process of self-protecting their private keys.
-
This happened to electrum wallet last year or few months ago. That's the reason i don't update eventually my electrum and other wallet, unless a vulnerable was detected and was announced through their official social media handles, websites and some other news outlets. Other than that, i still do that practice more often.
~snip~
I am not aware that something bad happened with Electrum a couple of months ago or last year - so I ask the same question as @ABCbits - do you mean the exploited vulnerability that happened at the end of 2018? Unfortunately, this was something that misled many users, but only those who were not aware that such a thing cannot be a legitimate action - and those who do not know that every Electrum file can be verified before installation.
As for the security of each wallet, always choose those that are open source and always verify the file before installation - that way you can avoid any malicious update. For serious amounts of BTC or large values of any coin, a good hardware wallet or creating a cold wallet is of course recommended.
-
We cannot guarantee that everything will be perfect, we can only choose the best within our ability. In addition to the risks inherent in the code of crypto wallets, users also face cyberattacks, scam Dapps or risks when storing their private keys themselves. It is really difficult to achieve absolute security, but for the time being, I think we can trust the most reputable crypto wallets on the market such as Exodus, SafePal, Blockchain...
To minimize risks, I think hardware wallets are the best solution because they have a special chip to protect users assets. As long as users do not connect their hardware wallets to Dapps, the only remaining risk is the process of self-protecting their private keys.
Trusting reputable crypto wallets like Exodus is a sound approach. However, Atomic Wallet was also considered reputable until it was hacked. It was no less reputable than Exodus. So, you never know until something goes wrong.
And you are right, hardware wallets are generally more secure. But there was a breach of the Ledger wallet on December 14, 2023, resulting in $484K being stolen. The attack was carried out via Ledger's Connect Kit, a piece of code that allows DeFi protocols to connect to crypto hardware wallets. Ledger later confirmed that one of their employees had been targeted in a phishing attack, after which the attacker published a malicious version of the Ledger Connect Kit. Some users installed this malicious version during updates.
I agree that nothing is perfect. That's why I asked what additional steps can be taken to further secure crypto assets.
-
I agree that nothing is perfect. That's why I asked what additional steps can be taken to further secure crypto assets.
For the average joe I think some tips have been mentioned already. Verifying files before you download them, double checking the website, creating a cold wallet, etc. If you still want more tips then you probably need to get technical, such as learning the program used to write the wallet that you used, building it on your own, making your wallet from scratch, etc. That being said, I believe being a little bit afraid that something can go wrong regardless of what we do is a good thing since it keeps us on our toes. CMIIW.
-
I agree that nothing is perfect. That's why I asked what additional steps can be taken to further secure crypto assets.
So many member already mention that. If you think those aren't enough, how about using airgapped/cold wallet? Here's a brief guide on how to do it with Electrum wallet, https://electrum.readthedocs.io/en/latest/coldstorage.html (https://electrum.readthedocs.io/en/latest/coldstorage.html).
-
- If you have a large fund hidden in software wallets, for sure you will also feel worried. Who is the holder of crypto assets who does not fear when his fund is lost in a software wallet? Anyone can feel anxious.
That's why the use of software wallets depends on us if we trust the wallet 100%, because whatever we do in this field of crypto business, we must always be risk-takers and willing to take risks whatever we do, right?
-
<✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂>
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
There is definitely a little fear in my mind when using software wallet and I am very careful when I browse the internet on the device where I have my funds, and in 2021 I lost my important information and some funds due to phishing. Still keeps me in awe.
And I think if we are careless browsing then there is a possibility of losing your funds while it is in our software wallet. And that's why users use hardware wallets for peace of mind.
-
And I think if we are careless browsing then there is a possibility of losing your funds while it is in our software wallet. And that's why users use hardware wallets for peace of mind.
I think the first thing you need to do is make sure you never visit a malicious website. A phishing website can affect your PC in various ways, such as installing a keylogger, screenshotting your screen, etc. There's no guarantee your HH won't get attacked. I remember reading news about malware targeting Ledger or Trezor wallet files and logging user input before. I believe there will be more variants in the future. But yeah, using a browser extension or insecure software is also a terrible idea to secure your money. CMIIW.
-
I think the first thing you need to do is make sure you never visit a malicious website. A phishing website can affect your PC in various ways, such as installing a keylogger, screenshotting your screen, etc. There's no guarantee your HH won't get attacked. I remember reading news about malware targeting Ledger or Trezor wallet files and logging user input before. I believe there will be more variants in the future. But yeah, using a browser extension or insecure software is also a terrible idea to secure your money. CMIIW.
Yes, you are right I got that phishing trap because of only negligence about the browsing, Actually I am a game lover and on that time the spider man 2 remastered was released and because of much interested on that game and zero fund for games I jumped for the cracked that that was my biggest fault in my life I downloaded the malicious file and it steal my browser saved all pass and data.
My purpose in explaining the whole incident is that I only admitted it for entertainment. So I think separate devices are very important for safe browsing as well as entertainment and work
-
Many of you are likely aware of the Atomic wallet breach that occurred in June 2023, when over 100 million dollars was stolen from its users. Almost a year has passed, but the Atomic developers still haven't revealed what actually happened. May be they don't know at all.
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
I was one of the Atomic wallet users as well but luckily I did not have any funds in my atomic wallet when the hack occurred. I must say I was lucky because I already found out how Electrum works and I had already started using Electrum to store my Bitcoin. But the question you asked is tricky! It can happen with any wallet users if they reveal their seed phrases and their private key get compromised. But what if it was the problem from the wallet side?
What we can do actually? I don't know actually. Electrum is the best Software wallet with a good reputation. But unfortunately, I cannot give a guarantee that something like this won't happen with Electrum wallet users. So, what is the solution? Using a hardware wallet? But it is not available everywhere.
-
The question stands - what steps one may take to make crypto assets storage safer? What precautions do you take?
If you are not a developer, don't expect to get extra security on your own. What you can do is follow general wallet security tips such as managing your wallet offline, reducing interaction with dapps that require a connected wallet, not flexing your wealth wherever you are, etc.
-
Atomic wallet is a closed source wallet, just like the popular trust wallet and others, they are not recommended because they are closed source and it is impossible to verify their code. Wallets like Electrum is open source and well reviewed, so everything is open and can be verified, it is a software wallet, but safer than Atomic wallet and trust wallet.
However, if you are going to store a large amount in BTC, you should run your Electrum wallet in an airgapped device that will be completely disconnected from the internet, because anything online is prone to hacking.
-
Atomic wallet is a closed source wallet, just like the popular trust wallet and others, they are not recommended because they are closed source and it is impossible to verify their code. Wallets like Electrum is open source and well reviewed, so everything is open and can be verified, it is a software wallet, but safer than Atomic wallet and trust wallet.
However, if you are going to store a large amount in BTC, you should run your Electrum wallet in an airgapped device that will be completely disconnected from the internet, because anything online is prone to hacking.
If a investor have a large amount of BTC, I think he should use a hardware wallet instead of Electrum. Hardware wallets protect the private key of the user's account from all network attacks using a dedicated chip, which helps to isolate the private key from risks.
If trader is not yet able to own a hardware wallet, choosing a reputable software wallet is essential to minimize risk. We all work hard, put our investment capital into the market and trade to make a profit, we should not let hackers attack and steal those fruits! The market has many open source crypto wallets for us to choose and use.
-
If a investor have a large amount of BTC, I think he should use a hardware wallet instead of Electrum. Hardware wallets protect the private key of the user's account from all network attacks using a dedicated chip, which helps to isolate the private key from risks.
Electrum is good wallet too especially if user prioritize the security of the device where it was installed. Using electrum in an airgapped device, either a very old computer or laptop instead of buying new will be a good choice.
Well, hardware wallet is indeed a good investment for greater security, i'll go for cheaper one like the safepal s1 and trezor model one.
-
Atomic wallet is a closed source wallet, just like the popular trust wallet and others, they are not recommended because they are closed source and it is impossible to verify their code. Wallets like Electrum is open source and well reviewed, so everything is open and can be verified, it is a software wallet, but safer than Atomic wallet and trust wallet.
However, if you are going to store a large amount in BTC, you should run your Electrum wallet in an airgapped device that will be completely disconnected from the internet, because anything online is prone to hacking.
If a investor have a large amount of BTC, I think he should use a hardware wallet instead of Electrum. Hardware wallets protect the private key of the user's account from all network attacks using a dedicated chip, which helps to isolate the private key from risks.
You're right, although @Z-tight specifically mention usage of airgapped device which should prevent all network attack or attack using internet connection.
If trader is not yet able to own a hardware wallet, choosing a reputable software wallet is essential to minimize risk. We all work hard, put our investment capital into the market and trade to make a profit, we should not let hackers attack and steal those fruits! The market has many open source crypto wallets for us to choose and use.
If they have money to perform trading, i expect they should able to spare some money for hardware wallet. Although there's exception if the trader live on country which ban cryptocurrency or the one who sell the hardware wallet can't ship to their country.
-
Aside from Software wallets, I am afraid of losing money when I use Defi wallets like Metamask, Rabby, or Rainbow. It is too easy to get hacked these days. So, people must be careful before they allow connecting a wallet to a website. Especially, when you hunting for airdrops, sometimes you rush and do not check the URL properly and don't check what you are signing for!
I did the mistake a couple of weeks ago and I lost over $300 I guess. When you use a Defi wallet, it's always connected to internet. The only way to prevent hack is, always be careful and examine the URL and check what you are signing for!
-
If a investor have a large amount of BTC, I think he should use a hardware wallet instead of Electrum. Hardware wallets protect the private key of the user's account from all network attacks using a dedicated chip, which helps to isolate the private key from risks.
A large amount of BTC should be stored in cold storage, and like i said Electrum run in an airgapped device that is completely disconnected from the internet is cold storage, and offers the same protection as a hardware wallet. In an airgapped wallet, your keys are stored offline, and you create and broadcast tx's in your complementing watch-only wallet.
-
I did the mistake a couple of weeks ago and I lost over $300 I guess. When you use a Defi wallet, it's always connected to internet. The only way to prevent hack is, always be careful and examine the URL and check what you are signing for!
Sorry about you loss. I remember when I wanted to try some new projects, many people were sending me telegram message, they gave me different links which I knew what their plan was. Thanks to Bitcointalk good users and Bitcointalk that we have discussed about something like that which made me know that they are scam. It is worth knowing that checking the URL of web3 wallet is not the only solution to avoid your wallet not to be compromised. Most of the wallet are still online and it is better you have small amount of money an online wallet and use offline for the big amount of money.
On online wallets, it is also good to avoid ads and other means we can download malware which are the main cause of hack.
-
Sorry about you loss. I remember when I wanted to try some new projects, many people were sending me telegram message, they gave me different links which I knew what their plan was. Thanks to Bitcointalk good users and Bitcointalk that we have discussed about something like that which made me know that they are scam. It is worth knowing that checking the URL of web3 wallet is not the only solution to avoid your wallet not to be compromised. Most of the wallet are still online and it is better you have small amount of money an online wallet and use offline for the big amount of money.
On online wallets, it is also good to avoid ads and other means we can download malware which are the main cause of hack.
I know buddy. I shouldn't keep a lot of money on those Defi wallets. But as you may know, I have been participating in Airdrops lately and I made some money from it. So, I need some funds to participate in airdrops. Sometimes I had to swap a good volume of money on DEX's to farm airdrops. As you may know, debridge and orbiter.finance are trending again and I don't want to miss their Airdrops. This is another reason I have to keep some ETH on different chains to try these exchanges to farm points. Now, all I can do is, just be careful when I connect my wallet.
-
Hackers are chronic programmers being more studious than the legal developers. They could be professionals looking into breaking of protocols and privacies with their best know malicious tricks of invading users through legal updates of platforms developers.
So it is hard to say either the Dev are to be trusted in a software because you can nti attest to believe a required update is coming from a genuine source.
The software source is just being a World of threats and bullies. But staying careful and living on research and enquiries would always give us that privilege to staying safe.
-
The software source is just being a World of threats and bullies. But staying careful and living on research and enquiries would always give us that privilege to staying safe.
I am having a really hard time understanding anything you said here, however, open source and well reviewed software wallets are recommended, if the community can review the code, then they can detect bugs and vulnerabilities in it. Closed source wallets are not recommended by the way, because it is impossible to verify if something malicious is added to the code.
-
We need to know about the right and appropriate wallet to use, then also the way to maintain the practice of that same wallet for our security and privacy, if you like make use of any kind of cold storage for your bitcoin or any crypto of your choice, if you expose your private keys information to the public then you will be attacked and the coins you have will be stolen from you, also, some wallet could bear a vulnerability of getting hacked easily when we still don't maintain a secured practice on its security.
-
if you like make use of any kind of cold storage for your bitcoin or any crypto of your choice, if you expose your private keys information to the public then you will be attacked and the coins you have will be stolen from you,
Operational security is very important in the network, if you have good opsec and in addition use good and recommended wallets, your funds cannot be stolen. This is what makes BTC different from centralized fiat, you are in control of your funds and your security depends on you, some people fail to understand this and that's why they have problems and lose their funds.
-
So it is hard to say either the Dev are to be trusted in a software because you can nti attest to believe a required update is coming from a genuine source.
If you're saying that updating software is risky because some phishing/malware disguises themselves behind an app update, then you can always verify the downloaded files. You can also verify the websites you're downloading the app from, and so on to make sure you aren't downloading fake apps. Most software wallets provide a hash and a secure website to compare the signature of the files you've downloaded, it doesn't take too much time to verify them either.
-
Most software wallets provide a hash and a secure website to compare the signature of the files you've downloaded, it doesn't take too much time to verify them either.
I must add that you can only verify the codes of open source software wallets and that is why they are recommended, if it is closed source wallets, you simply have to trust and believe what the developers tell you, because you cannot review the code yourself.
-
Why won't I be afraid. But online wallets are vulnerable when you open doors yourself to malware. If you are the only one that is using your device and avoid the malware which can be through downloading, you device will be safe. But if you have high amounts of coins, get yourself a cold wallet.
Most software wallets provide a hash and a secure website to compare the signature of the files you've downloaded, it doesn't take too much time to verify them either.
I must add that you can only verify the codes of open source software wallets and that is why they are recommended, if it is closed source wallets, you simply have to trust and believe what the developers tell you, because you cannot review the code yourself.
I think he is referring to PGP key of the wallet file that is downloaded. To verify it to know that it is not a fake one.
-
I am that's why I keep long term holdings in hardware wallet.
can this happen with any software wallet? Does it mean we can't trust anyone?
Yes, it can happen to any software wallet, and you shouldn't trust anyone. Using HW wallets is safest option i can think of.
-
Why won't I be afraid. But online wallets are vulnerable when you open doors yourself to malware. If you are the only one that is using your device and avoid the malware which can be through downloading, you device will be safe. But if you have high amounts of coins, get yourself a cold wallet.
If anyone can afford to invest a thousand dollar into any coin, it will be an insult to them if they save that coin on online software wallet. It's risky to do such a thing even though you try to avoid malware at all cost, you never can tell which app you will download one day that will contain malware that is going to specifically target your wallet.
Sometimes, some hacker just randomly spread malware through some website and hidden ads that tell you to download an app and you may not even know when you download it on your laptop device or phone device. It's better get a hardware wallet than cry later.
-
Sometimes, some hacker just randomly spread malware through some wwebsitesand hidden ads that tell you to download an app and you may not even know when you download it on your laptop device or phone device. It's better get a hardware wallet than cry later.
I know hardware wallets are the best solution at this moment. But I have been storing my Bitcoin on Electrum for years without any problem. That is because I do not download whatever apps, software I need from online. I do not browse websites much which shows ads. Forums, Social media do not show that many ads. I mostly spend my time on forum and sometimes on social media. I know hackers spread malware everywhere. But you have to be careful before you download something.
People who watch porn often downloads whatever they want and they download malware without knowing what they downloaded. Often people comes to me with their mobile device saying they get adult notifications on their mobile through chrome. That is because they browser porn website and subscribe for anything they see. These people won't learn their lesson till they pay the price of their mistakes.
-
I am that's why I keep long term holdings in hardware wallet.
HW wallets are good if it's open source but we can't certainly know for 100% and the classic example is what Ledger did by spreading false information about being open source when they intentionally pushed different codes for their app and their Ledger recovery service secretly collected user's seed phrases so ultimately we can only trust ourselves so try to keep the seeds to ourselves is the only possible solution for absolute certainity.
-
I am that's why I keep long term holdings in hardware wallet.
HW wallets are good if it's open source but we can't certainly know for 100% and the classic example is what Ledger did by spreading false information about being open source when they intentionally pushed different codes for their app and their Ledger recovery service secretly collected user's seed phrases so ultimately we can only trust ourselves so try to keep the seeds to ourselves is the only possible solution for absolute certainity.
I'm not sure if Ledger collected seed phrases cause if they did I would be wiped by now, or are they waiting to wipe?
-
I'm not sure if Ledger collected seed phrases cause if they did I would be wiped by now, or are they waiting to wipe?
Ledger provided a service called recovery service so if user lost their seed then they can retrieve it from the Ledger which is an additional subscription so yeah they have seeds who opted to and it means they can wipe anyone's at anytime if they want to.
It's proven that Ledger Live has the ability to extract the recovery seeds from the Hardware wallet also they admitted that they share the details with the third party which isn't right when you expect complete security for your crypto assets.
Discussion : Ledger Recovery Service. (https://bitcointalk.org/index.php?topic=5453531.0)
Also, they lied about their status being open source : Ledger Open Source Fakery?! (https://bitcointalk.org/index.php?topic=5467841.msg62891890#msg62891890)
So whoever wants to keep their crypto now should boycott Ledger as well as Trezor.
Here's my response regarding this from bitcointalk which may explains it though why we can't trust them absolutely.
-
^ Afaik the recovery service didn't support Ledger Nano S (which I have), and even if they did I wouldn't have opted to use such service; if they are extracting private keys without user's consent then it's fishy.
Quoted statement mentions, boycott trezor as well, why is it so?
-
^ Afaik the recovery service didn't support Ledger Nano S (which I have), and even if they did I wouldn't have opted to use such service; if they are extracting private keys without user's consent then it's fishy.
Quoted statement mentions, boycott trezor as well, why is it so?
It's true Ledger Recover service isn't available for Ledger Nano S. But i think the point is it's possible to extract private key from Ledger HW, even though in past they claim it's impossible.
I don't know exactly about boycott trezor as well, but i would speculate it's due to fact you can extract private key from older Trezor HW, assuming you have physical access and bring electronics tool.
-
HW wallets are good if it's open source but we can't certainly know for 100% and the classic example is what Ledger did by spreading false information about being open source when they intentionally pushed different codes for their app and their Ledger recovery service secretly collected user's seed phrases so ultimately we can only trust ourselves so try to keep the seeds to ourselves is the only possible solution for absolute certainity.
Open source doesn't mean that the wallet is actually the safest since any other developers can go through the source code and review and recheck every line of codes written about such wallets but how many people do check this wallets cods, not everyone is even knowledgeable enough to know this things on how safe they are or not.
However, the catch is that when you want to use an open source wallet, make sure it's a popular one that everyone use like the Electrum, a lot of developers used them because it has been long the wallet has been working fine with out any comprise or complications.
-
However, the catch is that when you want to use an open source wallet, make sure it's a popular one that everyone use like the Electrum, a lot of developers used them because it has been long the wallet has been working fine with out any comprise or complications.
Electrum had vulnerabilities too in the past but the reason for being open source is it can be inspected who are competent and I am sure crypto enthusiasts are pretty much capable of doing it so as long as it's open source we can always see the actual feedback somewhere.
HW is more convenient on the other hand we can install electrum wallet on an airgapped device that is most secured than HW, however it's not user-friendly and people need enough technical skills to make sure their wallet is actually a cold storage.
-
~snip~
I don't know exactly about boycott trezor as well, but i would speculate it's due to fact you can extract private key from older Trezor HW, assuming you have physical access and bring electronics tool.
It is an irreparable vulnerability in the Model T and One that allowed the seed to be extracted from the device in a relatively short period of time with equipment worth some $100. However, this could be avoided by setting a passphrase or using an SD card.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets
-
There are security measures in which we are admonished to take and use as well whenever we are making use of a wallet, but the moment we fail to realize how we can maintain the safety use of such wallet, then it becomes a vulnerable thing for us and that could be an entry route for us to have our asset stolen by the smart ones, just as you have seen with electrum wallet, despite it security level, if you joke with your wallet keys then you will be under attack, that is one of the reasons why privacy is very important in crypto.
-
I am that's why I keep long term holdings in hardware wallet.
can this happen with any software wallet? Does it mean we can't trust anyone?
Yes, it can happen to any software wallet, and you shouldn't trust anyone. Using HW wallets is safest option i can think of.
What kind of hardware wallets are you using, dude? Can I know I'm actually using only Trustwallet, Bitget wallet, Metamask, and Electrum right now and add the Phantom wallet as well.
So far, I don't have any problems with them as long as I hold the backup seeds, and the others are CeX platforms that have been in this field for a long time.
-
^ I use Ledger Nano S for long holds, and Metamask as hot wallet, and to hold other random coins which are not available on aforementioned two wallets, their respective wallets.
I'm aware of fiasco regarding Ledger recover service, but Nano S wasn't part of it, so I continue to use it.
-
--snip--
What kind of hardware wallets are you using, dude? Can I know I'm actually using only Trustwallet, Bitget wallet, Metamask, and Electrum right now and add the Phantom wallet as well.
So far, I don't have any problems with them as long as I hold the backup seeds, and the others are CeX platforms that have been in this field for a long time.
4 wallets? That's a lot, where AFAIK both Bitget and Metamask offer similar feature and coin/token support.
^ I use Ledger Nano S for long holds, and Metamask as hot wallet, and to hold other random coins which are not available on aforementioned two wallets, their respective wallets.
I'm aware of fiasco regarding Ledger recover service, but Nano S wasn't part of it, so I continue to use it.
Yeah, Ledger Nano S isn't supported by controversial Ledger Recover feature and it seems it'll remain supported for some time.
-
~snip~
I'm aware of fiasco regarding Ledger recover service, but Nano S wasn't part of it, so I continue to use it.
Officially they say it is not possible to extract the seed from Nano S, but over the years that company has proven that they should not be trusted. The very fact that such an option exists at all and that they present it as something positive is a signal for alarm.
If the crypto community was aware of the risk it was exposed to, that company would have failed long ago and only a few would still be using that HW. However, everyone has obviously decided for themselves what is best - and on the other hand, some new, safer solutions are within our reach for $100 less or more.
-
If anyone can afford to invest a thousand dollar into any coin, it will be an insult to them if they save that coin on online software wallet. It's risky to do such a thing even though you try to avoid malware at all cost, you never can tell which app you will download one day that will contain malware that is going to specifically target your wallet.
Sometimes, some hacker just randomly spread malware through some website and hidden ads that tell you to download an app and you may not even know when you download it on your laptop device or phone device. It's better get a hardware wallet than cry later.
I totally agree with you dear. Putting a lot of money into cryptocurrency and storing it online is big risk. Even if you are careful you can still accidentally download bad app or visit bad website that can steal your money.
This can be very bad for you. Instead you should use special kind of wallet called a hardware wallet. It's safer and worth the extra money. You will feel better knowing your money is protected. It is always better to be safe than sorry so getting hardware wallet is a good idea to keep your money safe.
-
~snip~
I'm aware of fiasco regarding Ledger recover service, but Nano S wasn't part of it, so I continue to use it.
Officially they say it is not possible to extract the seed from Nano S, but over the years that company has proven that they should not be trusted. The very fact that such an option exists at all and that they present it as something positive is a signal for alarm.
If the crypto community was aware of the risk it was exposed to, that company would have failed long ago and only a few would still be using that HW. However, everyone has obviously decided for themselves what is best - and on the other hand, some new, safer solutions are within our reach for $100 less or more.
Mention those?
-
-snip-
If the crypto community was aware of the risk it was exposed to, that company would have failed long ago and only a few would still be using that HW. However, everyone has obviously decided for themselves what is best - and on the other hand, some new, safer solutions are within our reach for $100 less or more.
What is the solution?
I haven't heard anything about the new solution at the moment, I'm not a Ledger user, but I'm a safe user who is still quite secure without seed storage in the cloud or anything like Ledger.
Companies like Ledger and Trezor are now becoming more successful and Ledger is also constantly updating its devices and security is always updated.
But of course there are concerns about the extraction of seeds from Ledger devices in the future, whether it will still survive or not.
-
Software wallets are internet based and only require a private key or security phrase to access them. So since there are a lot of hacking incidents in the online world, it is normal to be worried about keeping crypto in a software wallet because your wallet can be hacked due to a wrong action or clicking on a phishing link. No matter how secure and trusted wallet you use, if someone gets hold of your private key, you will lose all your funds. So in the field of using software wallets, remember that not your key not your crypto
-
Software wallets are internet based and only require a private key or security phrase to access them. So since there are a lot of hacking incidents in the online world, it is normal to be worried about keeping crypto in a software wallet because your wallet can be hacked due to a wrong action or clicking on a phishing link. No matter how secure and trusted wallet you use, if someone gets hold of your private key, you will lose all your funds. So in the field of using software wallets, remember that not your key not your crypto
Yes Software wallets are internet based and only require a private key or security phrase to operate this wallet. But we need very alert to oprate this wallet. Because it is very risky. I have a bad experience with this wallet. I do not know why it happened but I lost my all fund from this is wallet. I think it happened for fishing link which I was clicked. Near about $1000 I lost. So my advice who will use software wallet he need to very conscious about it.
-
Software wallets are internet based and only require a private key or security phrase to access them.
Even if your funds are stored in a hardware wallet, if you expose your seed phrase or private keys, your funds would be stolen, the difference here is that a hardware wallet stores your keys offline, so it is safer. However, you can also use your software wallet in an airgapped device which will be completely disconnected from the internet, this will give you a similar protection like a hardware wallet.
-
~snip~
I'm aware of fiasco regarding Ledger recover service, but Nano S wasn't part of it, so I continue to use it.
Officially they say it is not possible to extract the seed from Nano S, but over the years that company has proven that they should not be trusted. The very fact that such an option exists at all and that they present it as something positive is a signal for alarm.
If the crypto community was aware of the risk it was exposed to, that company would have failed long ago and only a few would still be using that HW. However, everyone has obviously decided for themselves what is best - and on the other hand, some new, safer solutions are within our reach for $100 less or more.[/b]
Mention those?
It is not difficult to find an alternative if you want it, there are topics on BTT, and maybe also on this forum, where hardware wallets are discussed.
I personally refrain from recommendations because it should be a personal choice, but I think that maybe Trezor could be a good choice for a multicurrency wallet, and it also has firmware for those who just want to use Bitcoin. For those who want even greater security and are ready to pay a little more, the first choice according to many is the Foundation Passport HW, a cold wallet for Bitcoin.
-
I have a bad experience with this wallet. I do not know why it happened but I lost my all fund from this is wallet. I think it happened for fishing link which I was clicked. Near about $1000 I lost. So my advice who will use software wallet he need to very conscious about it.
so it is not really the wallet’s fault but more on you
of course there are really some wallets unsafe for use and sketchy but if it is a reliable platform and it was you who clicked on a fishy link and got your wallet somehow compromised then this would be on you there are definitely plenty of ways that scammers would try and get you and luckily a lot more ways to protect yourself
first by being alert and vigilant second having extra protection from the internet through vpns or detection services of any virus or malware on your device
-
Software wallets are internet based and only require a private key or security phrase to access them.
--snip--
It's generally true that software wallet are internet based, but FYI there are few software wallet which can be used on offline/airgapped device.
-
Of course, this actually makes many people even more suspicious of wallets like Atomic... the truth about that amount of money should be revealed as soon as possible, whether it was theft by hackers or maybe taken away by developers... no one knows... Sometimes it makes some people start to think twice so that something scary doesn't happen to them.
Software wallets are currently still a matter of debate, whether it's the custodial or non-custodial type, because both have their own weaknesses and advantages... to be able to get the perfect wallet, honestly it's very difficult... because even exchanges that have better security than us, can be hacked too... let alone us who may only save with a basic strategy.
-
~snip~
Software wallets are currently still a matter of debate, whether it's the custodial or non-custodial type, because both have their own weaknesses and advantages... to be able to get the perfect wallet, honestly it's very difficult... because even exchanges that have better security than us, can be hacked too... let alone us who may only save with a basic strategy.
If we talk about CEXs, it is true that they are exposed to a great risk because they are constantly the target of hackers, but it is also important to keep in mind that the attack can also come from the inside (rotten employee). The biggest CEXs claim that they keep more than 90% of coins in cold wallets (even 98%), so the risk should be minimal, but theory is one thing, and what happens in real life is something completely different.
The basic strategy is not less safe at all, because if you know what you are doing, it is very unlikely that someone will hack or rob you. In most cases, those who lose their coins are themselves to blame for what happened to them.
-
Software wallets are internet based and only require a private key or security phrase to access them. So since there are a lot of hacking incidents in the online world, it is normal to be worried about keeping crypto in a software wallet because your wallet can be hacked due to a wrong action or clicking on a phishing link. No matter how secure and trusted wallet you use, if someone gets hold of your private key, you will lose all your funds. So in the field of using software wallets, remember that not your key not your crypto
Does this actually cut it ? Is it just me that's a little bit skeptical about the Op's choice of words? Software wallets or hot wallets? My point is in the process of creating an airgapped wallet say with an old PC or something, you would still have to install a wallet software (open source preferably ) so you are actually literally still making use of a software which obviously is the wallet software.
On the other hand I believe the right choice of words should be making use of a hot wallet. That's because they are the ones that are constantly connected to the internet. A software could probably could not be connected to the internet. Even hardware wallets have their own softwares thats because both software and hardware are mutually beneficial in a computer setup.
-
Is it just me that's a little bit skeptical about the Op's choice of words?
I've seen in other places "software wallet" term being used, so OP is not the only one and by that they simply mean a wallet that is not a hardware wallet.
But yeah, I agree that "hot wallet" seems like a more apropriate wording.
-
Is it just me that's a little bit skeptical about the Op's choice of words?
I've seen in other places "software wallet" term being used, so OP is not the only one and by that they simply mean a wallet that is not a hardware wallet.
But yeah, I agree that "hot wallet" seems like a more apropriate wording.
Please don't get me wrong I'm not actually not trying to be an error finder if that's a thing , not like you said I am though but most times when it comes to technical things relating to crypto currency , bitcoin or the ecosystem at large, using the appropriate word matters a lot. Sometimes of course it can be overlooked but in this case I really had to spot it out since it seemed a little misleading.
Anyways right from time since I was a newbie I've been reading about airgapping hardware wallets and stuff and I am pretty much used to using the correct term . It may be a thing though I really haven't come across any nice article that referred to hot wallets as software wallets hence my concern for OP's choice of words.
-
Not all wallets are the same, though. Some have better security practices, and open-source options can offer more transparency. Personally, I use a mix of software and hardware wallets to enhance security. It’s all about finding a balance between convenience and safety. While trust is hard to come by, doing thorough research and taking precautions can help protect our funds.
-
Once it comes to the use of wallet, then its more appropriate that we understand the need to why we must make use of a particular wallet, even though some will made mention that they had prefer the use of an open source wallet to close source, some will also give their own reason why they think software wallet is the best, but in every decision we are taking, we must know what we are doing and why we are taking such a step.
-
It can be intimidating for beginners to dive in without understanding the importance of storage. They unknowingly select all the bad wallets due to which they quickly fall prey to scamming. Applications that can be downloaded to a computer or mobile device. They are also called hot wallets because they work online and have more vulnerabilities than cold wallets Software wallets are encrypted and require a password to access the keys they store, but they are vulnerable to malware attacks.
Due to its offline status to investors, hardware wallets seem more secure than software wallets. But software wallets are connected to the Internet so theoretically there is a risk of potential hacking or attacks. However, this software wallet offers convenience for those who make frequent transactions and need quick access to their assets.
-
Once it comes to the use of wallet, then its more appropriate that we understand the need to why we must make use of a particular wallet, even though some will made mention that they had prefer the use of an open source wallet to close source, some will also give their own reason why they think software wallet is the best, but in every decision we are taking, we must know what we are doing and why we are taking such a step.
Being very careful and cautious is a better substitute than being scared. Infact being scared when making use of a hot wallet even puts you at a higher risk of losing your coins to hack or scam. Both cold wallets and hot wallets are alternatives for different situations and there is literally no point being scared instead of choosing the right one.
Hot wallets are usually used by people who are likely business persons or constantly transact with bitcoin on the contrary to cloud wallet ms that are preferably used for hodling some coins. The difference is simply connection to the internet and that's the more reason hot wallets users need to be careful since they have a higher chance of coming across internet scams or phishing attempts.
-
I actually am. My ledger nano s screen is done, and I wanted to make a transfer from it, but I was feeling unsafe importing seed into software wallets, so haven't proceeded with transfer yet, and going to buy new HW and import seed there.