Altcoins Talks - Cryptocurrency Forum
Cryptocurrency Ecosystem => Crypto Wallets => Topic started by: EnergyFather on May 16, 2024, 02:32:24 AM
-
Many of you are likely aware of the Atomic wallet breach that occurred in June 2023, when over 100 million dollars was stolen from its users. Almost a year has passed, but the Atomic developers still haven't revealed what actually happened. May be they don't know at all.
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
-
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
This happened to electrum wallet last year or few months ago. That's the reason i don't update eventually my electrum and other wallet, unless a vulnerable was detected and was announced through their official social media handles, websites and some other news outlets. Other than that, i still do that practice more often.
It's also good to note that atomic wallet is not open source, yet they call themselves as non-custodial wallet and there's no way to tell that it really is. In this case you will need to trust the software that it won't save your private keys on their server. But were here in crypto open source software are the foundation of the tech so better to use it instead of the closed ones. And equip yourself with knowledge on how to do good practice to make transaction, how to secure your device and how to keep yourself safe from any attackers online.
-
Many of you are likely aware of the Atomic wallet breach that occurred in June 2023, when over 100 million dollars was stolen from its users. Almost a year has passed, but the Atomic developers still haven't revealed what actually happened. May be they don't know at all.
And i speculate they want people to forget or give up about it altogether.
Consider this scenario: imagine an update is pushed to a software wallet with a malicious code. If hackers gain access to the update process or the wallet developer's infrastructure, they could inject malicious code into a seemingly legitimate update. Users who download and install this update could unknowingly expose their wallet's private keys or seed phrases to the attackers which would lead to loss of their funds.
This raises the question: can this happen with any software wallet? Does it mean we can't trust anyone?
This happened to electrum wallet last year or few months ago. That's the reason i don't update eventually my electrum and other wallet, unless a vulnerable was detected and was announced through their official social media handles, websites and some other news outlets. Other than that, i still do that practice more often.
Do you mean when malicious server send message to Electrum user to update their software from fake website? If yes, then it's somewhat different from Atomic Wallet case. Anyway, i agree not immediately update software could reduce risk mentioned by OP.
-
But were here in crypto open source software are the foundation of the tech so better to use it instead of the closed ones.
Though open source is usually safer than proprietary software, it is not 100% immune to the presence of malicious code. While the open nature allows for code review and contributions from a diverse group of developers, this very openness can also be exploited by malicious actors who may introduce harmful code subtly. The sheer volume of code can make comprehensive auditing challenging.
Additionally, not all code changes are thoroughly reviewed due to time constraints, resource limitations, or trust in well-known contributors. Even with rigorous review processes, sophisticated malicious code can be obfuscated to evade detection. Therefore, the open-source model, despite its many advantages, does not provide an absolute safeguard against the infiltration of malicious elements.
The question stands - what steps one may take to make crypto assets storage safer? What precautions do you take?
-
Though open source is usually safer than proprietary software, it is not 100% immune to the presence of malicious code. While the open nature allows for code review and contributions from a diverse group of developers, this very openness can also be exploited by malicious actors who may introduce harmful code subtly. The sheer volume of code can make comprehensive auditing challenging.
Additionally, not all code changes are thoroughly reviewed due to time constraints, resource limitations, or trust in well-known contributors. Even with rigorous review processes, sophisticated malicious code can be obfuscated to evade detection. Therefore, the open-source model, despite its many advantages, does not provide an absolute safeguard against the infiltration of malicious elements.
The question stands - what steps one may take to make crypto assets storage safer? What precautions do you take?
We cannot guarantee that everything will be perfect, we can only choose the best within our ability. In addition to the risks inherent in the code of crypto wallets, users also face cyberattacks, scam Dapps or risks when storing their private keys themselves. It is really difficult to achieve absolute security, but for the time being, I think we can trust the most reputable crypto wallets on the market such as Exodus, SafePal, Blockchain...
To minimize risks, I think hardware wallets are the best solution because they have a special chip to protect users assets. As long as users do not connect their hardware wallets to Dapps, the only remaining risk is the process of self-protecting their private keys.
-
This happened to electrum wallet last year or few months ago. That's the reason i don't update eventually my electrum and other wallet, unless a vulnerable was detected and was announced through their official social media handles, websites and some other news outlets. Other than that, i still do that practice more often.
~snip~
I am not aware that something bad happened with Electrum a couple of months ago or last year - so I ask the same question as @ABCbits - do you mean the exploited vulnerability that happened at the end of 2018? Unfortunately, this was something that misled many users, but only those who were not aware that such a thing cannot be a legitimate action - and those who do not know that every Electrum file can be verified before installation.
As for the security of each wallet, always choose those that are open source and always verify the file before installation - that way you can avoid any malicious update. For serious amounts of BTC or large values of any coin, a good hardware wallet or creating a cold wallet is of course recommended.
-
We cannot guarantee that everything will be perfect, we can only choose the best within our ability. In addition to the risks inherent in the code of crypto wallets, users also face cyberattacks, scam Dapps or risks when storing their private keys themselves. It is really difficult to achieve absolute security, but for the time being, I think we can trust the most reputable crypto wallets on the market such as Exodus, SafePal, Blockchain...
To minimize risks, I think hardware wallets are the best solution because they have a special chip to protect users assets. As long as users do not connect their hardware wallets to Dapps, the only remaining risk is the process of self-protecting their private keys.
Trusting reputable crypto wallets like Exodus is a sound approach. However, Atomic Wallet was also considered reputable until it was hacked. It was no less reputable than Exodus. So, you never know until something goes wrong.
And you are right, hardware wallets are generally more secure. But there was a breach of the Ledger wallet on December 14, 2023, resulting in $484K being stolen. The attack was carried out via Ledger's Connect Kit, a piece of code that allows DeFi protocols to connect to crypto hardware wallets. Ledger later confirmed that one of their employees had been targeted in a phishing attack, after which the attacker published a malicious version of the Ledger Connect Kit. Some users installed this malicious version during updates.
I agree that nothing is perfect. That's why I asked what additional steps can be taken to further secure crypto assets.
-
I agree that nothing is perfect. That's why I asked what additional steps can be taken to further secure crypto assets.
For the average joe I think some tips have been mentioned already. Verifying files before you download them, double checking the website, creating a cold wallet, etc. If you still want more tips then you probably need to get technical, such as learning the program used to write the wallet that you used, building it on your own, making your wallet from scratch, etc. That being said, I believe being a little bit afraid that something can go wrong regardless of what we do is a good thing since it keeps us on our toes. CMIIW.
-
I agree that nothing is perfect. That's why I asked what additional steps can be taken to further secure crypto assets.
So many member already mention that. If you think those aren't enough, how about using airgapped/cold wallet? Here's a brief guide on how to do it with Electrum wallet, https://electrum.readthedocs.io/en/latest/coldstorage.html (https://electrum.readthedocs.io/en/latest/coldstorage.html).