Bitcoin Forum

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    ???

There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so.

Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.

edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.

We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.

I've been using Google drive to store my private key/recovery of my trezor for a very long time and so far my funds is untouchable.

I look for technical answer from security guy. Your answer is not what i am looking.  And I am a nomad in countries where robbery is common.
YES there is a reason to answer this.  !! >:(  

Storing your private keys online is very risky because anytime possible that hacker will know it if they hack your device .

We are responsible for the security of our wallet just we make sure that we keep it safe from the hackers because they want to hack it to stole our coins .

You should write or keep your private key onlines or right it down so the hackers will never findout what is your private keys so they will not hack it and your funds is safe .

It would be safer for you to hide your keys in the forest than trusting Google in keeping something valuable. Google Mail in no sense a secure place to store your keys. They have full access to the information you send and recieve in your emails, your keys will be stored as plaintext on their servers once you decide to put them in there. If there is a malicious admin at Google, for example, they can sweep all your private keys and you have no chance to prove you were robbed. Of course, you can encrypt your private keys before uploading them, but it requires you to store additional keys and still doesn't guarantee you are safe. Literally, it would mean you exhibit your personal information and wait for hackers to crack it for bounty.

When we are talking about security you should remember nothing is completely and 100% safe. Because there is always a way to steal your coins. But, regarding the question you asked, storing private keys online is a huge mistake no matter if you trust chrome or not. many people lost their coins saying 'my bitcoins are hacked' while bitcoin wallet was not hacked itself but the environment they used to store seeds/keys was not reliable. I would recommend you to use offline methods instead of trying any online services, including chrome. However, if you are using windows PC platform, the chrome apps won't have access to the passwords and keys unless you give them permission for that, the only way here is to bypass the user-side permission request.

Dude, it's a wrong move that you're putting private keys online. Imagine if all of your accounts got hacked by some anonymous hackers and they've noticed that there are private keys stored in Gmail, probably they will steal it. We can't say that it's safe because there are different ways of hijacking or hacking a specific account especially if hackers knew it stores valuable coins. The only thing you should do is be careful and don't disclose any information about where did you store your private keys.

Even putting encryption on private keys, it's gonna be easy to decrypt it especially when you're using free software for encryption.

I actually got this advice from a forum post in the internet and have actually used it ever since: always have an ounce of doubt on apps that came from unknown sources. If your app came from verified, reputable sources such as the App Store or Google Play Store (for mobiles) and verified websites for your PC apps, you're good to go. Then again, the issue here is not the app as you've mentioned that you're keeping your private keys on your email. You might want to take a look at the security of the passwords that you're using and whether or not you have other means to secure the account like two-factor authentication.

Any app created in this day and age can have the potential to be used against its user to snoop and collect data and inflict malware on your PC. Observing extra care when downloading apps online would be your first line of defense to ensure that you are not gladly taking in software that will harm you.

It is a pity, that you disregard the fact that every online app or service is not protected and too vulnerable for hack attacks. Of course you shoukd not keep your private information there - especially keys or passwords to wallets. You should remember this rule like your name or date of birth. Everything is good till nothing bad has happened. So it is better to to be safe than sorry about your lost assets.

This forum useless no one answer I need.  I ask about random chrome extnetion abilities to read emails.

Malware is being written to find 12/24 words.

This is a terrible idea. Please level-up your security game.

Get a coldcard/seedplate & air gap that shit. Add some multi-sig or passphase too (aka 25th word)

There's going to be so many attacks on people who have this level of security.

Strive for the best security you can, Bitcoin is going to go up a lot - you definitely want to sort it out ASAP.

Also, CoinJoin/Lightning your BTC on TOR too using Wasabi. Privacy will only become more important as time goes on.

The only way for malware to read the information on your email is to have your email hacked. If you install malware that has the function of a keylogger (records everything you enter via the keyboard), then you will compromise your e-mail password, which will allow the hacker to access your e-mail and gain possession of all the information contained there. The way you store your private keys is definitely very risky, and you should consider at least encrypting sensitive information you store online.

Google Chrome is a very popular browser, which means that it is constantly targeted by hackers. Examples from the recent past testify to this.

https://www.cnet.com/news/google-gooligan-accounts-hacked-malware-trojan-horse-gmail-play-drive-photos-docs/
https://threatpost.com/500-malicious-chrome-extensions-millions/152918/
https://threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/

In February of this year, Google has to remove around 500 Chrome extensions from the store. Many of them were Ad related, but others were malicious, and could redirect the traffic to a malware based site with phishing or rouge links to malware downloads.

A couple of months later, Google has to remove a batch of 49 Chrome extensions that were specifically targeting crypto wallets.

Chrome apps require you to give them certain permission to operate, but people tend to give them whatever they ask for without question. Consequently, it’s feasible for an extension to oversee your activity, log and resend information to a hacker.

See:
https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/
https://www.zdnet.com/article/exclusive-google-removes-49-chrome-extensions-caught-stealing-crypto-wallet-keys/

Yes, a chome app that contains malware can read or open your email. Delete it. Don't store your private keys into your gmail or another cloud service or provider. That's not a wise thing to do. And if you're a person that likes downloading extension apps to your browser, make sure that you know the source because they can contain malware which can access your entire personal computer. Just for your sake and private keys, it is best to store it and write it.

Why do you store your private keys in your gmail? First of all, aren't you aware that google have its own access with what we store in our google accounts? It is much better if you store it on a paper than storing it online which is obviously can be accessed by anyone. If you install from untrusted website it is possible that it contains malware that may access your private information like emails and passwords. Everything that is stored on your pc can be accessed by these malwares. I think it is a wrong move to store important information like that in an online platform like google mail.

never trust Online account to store any keys that has your cryptocurrencies because that is very prone to hacking mate,
Internet is an open place where experts can easily enters your accounts and find things that valuable to them without you even noticing this.

So much better to write it down in paper and leave in your room(of course in safe place and with no one knowing you are having those)
or put it in some place where no one will even know or expect that your keys are in there.

I don't think that Chrome app itself can be malware but it can get infected with different types of malware. Private keys are very sensitive data and it's not recommended to be stored anywhere online, in any app or database that can be easily hacked or breached.
People very often go for solutions that are convenient for them but don't pay enough attention to security and that is why so many incidents happen.

Yes, there have been an issue of some on chrome webstores to be use for phishing attack and I want to understand that login your wallet on a connected computer have expose your wallet not to talk of saving your wallet private information in email or any online activities.
We have a high ranking user of this forum that once lost his holding doing the samething.

Malware can infiltrate your computer even if you are not a chrome user, including recording your activities when accessing Gmail using another browser. The threat of malware can also occur to Android users, where the virus attacks the Google account and remains active in a "background process".

I also remembered the problem of my yahoo mail account, where all old messages were deleted without notification (https://help.yahoo.com/kb/SLN2552.html). Although this has nothing to do with malware, it could happen to gmail.

In conclusion, storing PKs in Gmail is a bad choice and there is no reason to deny it.

This is an extreme danger. Phishing, malware and if you are the type that want premium service for free on the internet, you might end up installing malware that will gain access to your account without your knowledge. The choice is yours, nothing is better than hardware wallet

You should be aware that any online platform can access your information. because you use their services for free so what they get back is your information :)
But if your money is little then don't worry, they won't trade your reputation just to hack a small amount of your money.
When you have a lot of money and want it to be safe, buy a cold wallet like Ledger Nano S or Trezor, it is the most prestigious key storage wallets I have ever used.

It's not a mistake if you know the internals of storing it online, rather than a mistake it is safe to call it risky since it is connected online the probability of being stolen is huge. It is highly suggested to store anywhere in cold or offline so you're the only person who can access it with to avoid any risk and harm. I store my keys in notepad, store it in folder with specific and special name.

Electrum will do as much as a hardware wallet, but if you got the bucks to buy I'll suggest you do have it.

Most softwares on the internet are very dangerous, as they are designed to specifically disrupt or damage our phones

But I don't think Chrome can be such because it's not designed that way. It's more like an app, use for browing

Lol, you don't wait for malware to read your private email, the service provider themselves can do that, Does Google Read Your Email? (https://securityboulevard.com/2019/11/does-google-read-your-email/).

And it is not really recommended to store your private key in an email, on cloud, on your android phone, self destruct private note apps, note taking apps. because it is always connected on the internet. You don't want to give hackers and criminals any window of opportunity.

Everyone must have already know the risks associated on storing your private keys online. Any sensitive or private matters that are noted or stored online is always at a big risk for it is vulnerable or prone into hacks. It is not always recommendable storing your private keys into any email such as gmail or even yahoo or cloud storage for those can still be accessed by intruders or known as hackers. If you do want to store your private keys, better store it offline for it is much safer on that manner compared to storing it online. No one or not anything is 100% safe and secured online for hackers and now even wiser and have their own ways to make impossible things become possible. Private keys is your private matter so better make it secure and safe on any way possible but not online storing.

There is no guarantee that it is 100% secure for private key storage whether offline or online. Therefore I prefer to store the coins
I have in many places, so if one of my wallets is successfully hacked, I didn't lose all the coins I had. But everyone has a different
way of keeping their coins, there is nothing wrong with saving private keys online or offline. Because every storage has its own risk.
So it is very possible that the chrome app could become malware. So the decision is in your own hands, if you feel more secure and
comfortable using gmail to store private keys just do it.

it is very risky, better you keep it in a private note or book, it could be your careless list to a phishing site or the like, because gmail is very easy to hack, because it is very important to protect your assets from unwanted things, keep your keys offline

I suggest you to save them either on an external HDD/USB where you keep your sensitive information or completely offline (paper for e.g). There are lots of browser extensions which are unregulated so yes, there's a huge possibility that you can get your PC compromised by having such extension installed.

Simply answering your question, yes, extensions can access your emails as long as a malware coded to do as such is contained in said extension. This is why I want to advise you to avoid installing, or if possible avoid using Chrome at all. Use Firefox if you can, Google Chrome allows extensions filled with malware at times, especially fake ones, so it isn't really a browser you can 100% trust. In fact, not only through extensions, any file you download that may contain malware could access not only your emails but also your entire pc, so do be careful about that.

The best thing to do is not to store your private keys in your gmail account or even any email accounts, it would be better if you will buy a ledger or hardware wallet in order for you to store your private keys and funds to your ledger and it would be probably more safe because you just need to take care of your ledger and avoid losing it because it would be hard to recover it again. I am not saying that this is a hundred percent safe but I guess it would be more secured.

Anything related to the internet could be hacked, you shouldn't store your private keys on your Gmail account or anything online, there would be a high possibility that your private key could be seen and your crypto wallet would be the next, if I were you, I will use a piece of paper for storing my private keys and keep it in a safe place, try to have two copies of it and put it in different places because there are still some chances that bad things might happen, for instance, your house will get burnt out or a disaster, having a back up will lessen the problem about that.

Why do you keep private keys in Gmail?
I think it is not a proper way to keep private keys in Gmail. You risk yourself by doing this. If I were you, I will keep private keys at safer places.  

Are you blind? There are already some people trying to help you. Why do you not give respect to people who try to help you? Even if their answers are still not to make you satisfied, but they really have tried to help you.

yes

you don't ask in on OP. Sure, if you don't understand the code of extension you had installed, possible malware inside in.

You don't need many wallets for storing it all if Using Shamir's Secret Sharing method for your seed.

Absolutely yes. There is always a chance that chrome will steal your private key. Nothing guarantee that they will not do that. And no one has the power to stop this big guy from stealing your private information. Therefore, dont store valuable asset on the internet. You think you can sue Google for stealing anything from you? Do you even have a proof of that action? Be your own boss of your money.

Why dont you buy a hardware wallet which can help you to resolve this problem? There have been a huge development in this industry. Thus, you can easily find a cheap wallet for yourself. I currently store my private key in my pc but Im still scared of hacker. Maybe you dont know but they might watching you from the back of their computer without letting you see their footprint.

The number one rule for me is to store your private keys where you have sole access, means you have to store it locally, Gmail account can be hacked
or what if you forget your password and the alternate email address email is gone, your keys are lost forever, it's not that we don't trust Google, but what if those happen, best is store it locally the safest for me

This is never been talkable because this already happen many times and still can happen because malware is very dangrous for any computer and this can create many issue so stealing your private keys is very easy with this all and its already happen many times with many different peoples because they fail to check this before instalation and lost some good amount of funds so never try this if you never want to lost your funds very quickly and easily if someone want to download app or any software first try to check its security and availability and try to have recomended because now scammers using many ugly methods for stealing funds from peoples.

For sure you must be careful about the chrome extensions you install, i have reported in the past some extension that has malware and it stole your bitcoins,

And is a terrible idea to store your private keys in Gmail, if you do that is a matter of time to lose your coins. If you want to do a bad practice like that at least save the Privatekeys in a text file and then put that in a zip with password. This will not make you totally secure, but at least is better than just send the PK's as a mail.

It will help us if you can explain more details about your question so that we can find the solution.
Basically, if you don't install any plugin or add-on in your chrome browser, you are safe from the malware because google will not add something suspicious in their chrome browser.
So when you open your Gmail using the chrome browser, you don't have to worry about malware or any suspicious add-on.
But if you have unknown software installed on your computer or mobile phone, you need to be careful because you don't know if that software contains malware or virus or something like that.
Each app or software on the computer or inside the mobile phone will be related to the OS for a computer or mobile phone, and we can not say that we are safe before we check what is inside our devices.
But to store your private keys in Gmail will be a mistake because we never know if we will always be safe or not.

I remember I have a friend  hacked his main email and stored his private keys there and all of the balance is stolen by the hackers , not secure way though.

Its not recommended to use email for storing important document such as private keys . But it's up to you to decide it's depend how will you secured your email for any other attempt that hackers will do.  But I suggest if you have other alternative to stored keys it's better to use that than having a copy in your email.

If you already have coins/token to that private keys, you should transfer it to other new wallets you have then store your new private keys to an offline storage device.
Gmail is not secured for your private keys so don't store your keys again or you might get a problem with your private keys.

Judging by the actions of the OP, the loss of keys will be a consequence, not a cause. You have been given a lot of safety tips, and I think one of the effective tips would also be to completely separate business and entertainment on one computer. There are thousands of key loggers out there that can track every keystroke. They control all the sites you visit. And at a certain moment, they wake up and start sending information about you to their servers.
It is very risky to keep anything on the network, even if it is encrypted, without a duplicate outside the computer.
Speaking specifically about Google, it’s ridiculous to doubt that it doesn’t follow you. Look at the popularity of all the extensions you add to your browser. Stay tuned for updates and reviews. It is generally recommended adding a minimum of extensions to the browser, because yes, a rogue extension can know absolutely everything about you and your browsing history.

Well, probably yes but just like you, I also use my Gmail to store my passwords, private keys, and such because no matter what we do there's a risk of if getting hack or being destroyed. I mean even if you store it physically like on a piece of paper something natural disaster (which I hope will not happen) this could be either destroy. While storing it online could be prone to be hacked or something. But still, I choose to store it online, as long as you were computer literate like not clicking or downloading on a random link I think you'll be fine.
Recently, I find another way of storing your keys and that is through a password manager. I've been using KeePass right now the database where your data stored can be only accessed by you, locked up by your master key. So far I haven't encountered any issue yet and it is pretty convenient I'd say.

There will always be a consequence when you start downloading malware or a cracked application on your pc because most of them have trojan or virus inside them. So if you have installed a malware chrome app on your device, I think your private keys aren't safe anymore on your Gmail and any online storage. I suggest avoiding storing all of your private keys and passwords on any online storage devices and try to keep them in a piece of paper or an offline document such as a notepad. Also, If you download a malware chrome app on your device, avoid singing in your primary Google account to avoid getting hacked.

I would be very careful with installing too many Apps on your browser. You never know what kind of information is going sent away without your permission. In general I never use Apps if there are not at least 100k people who downloaded the app and if the reviews are not above 4 Stars. This of course won't guarantee if there are fishing or scam Apps among them. It's better have more security in my opinion.

Yes, it's possible IMO. suppose you have downloaded a extension which can access your desktop display. So during that time you are visiting the google drive and watching the private keys, or you are trying to log in google account, the extension may notice your private keys or copy the keys if the malware running key logger. (I don't know much about technical but I guess in this way you could be hacked)

*Don't save your private keys, password in online.

I am using metamask chome extension which I have import my MEW wallet to it using the privatekey and whenever I login to this metamask chome extension, the wallet is also connected. Does it mean I'm risking my funds?

I'm quite not very sure about what I did because I kept betting on casino using it and it's needed to make transactions on Uniswap. There is just no way else for me to do it but on metamask extension.

Anything is possible online mate

1. Don't store private keys or recovery seed in your Gmail
2. Don't use add-ons on your PC browsers, they can install malicious invisible spywares or malwares too
3. Get a paid version of antivirus on your PC .
4. Write your recovery seeds in a book or paper or carve the words on a stainless steel

I know it might have its own advantage but I think one address one private should be improved in the future. We should be able to change our private keys if we think are no more safe, exposed or can be compromised. Transferring asset at any exposure may not be always easy. It is also difficult to cram the private keys and caused the lost of some assets, people would have preferred to never document it which could be responsible for the use of exchanges by some people.

Browsers extensions or addon are dangerous if they aren't from official sources, don't just head into extension search engine and search for any add ons, there are some with trojans or hijacking malwares, honestly I don't use any extension since I had a very bad experience using on in 2018, I had to format the whole PC without taking any file out

It is too risky to save any important files in e-mail because they are vulnerable to being hacked, it is like storing gold in glass so that it is easily stolen by simply breaking glass with stones. I store private keys on the hard disk and it is safer to use when there is a need to access the wallet.

Chrome itself a spyware but officially from the Google to steal the data about every people legally, well most people aware of it. Installing an extension which contains malware can surely act as spyware or take control of your device to get the data and most of the extensions are not really safe,so better avoid them using.

I heard that chrome is spying on its users, the best browser for PC is brave browser, anyways, forward to your question, browsers extension is like a decentralized exchange where anyone can list any token for trading, extension stores is also a place where you can add any add ons for free, meaning scammers can add malicious add-ons and once you download to try out the trojan starts it's journey

If it's a must to download extensions find the official website of the extension and download through the website, don't trust chrome store or mozilla add on store, they claim they've removed all bad add ons but it's a lie, they only removed those that antivirus can detect

Google drive is ok as long as you know how to encrypt and secure you, I have mine in my gmail and I am using an encryption and authentication to fully secure my private keys but these are disposable wallets where i kept a small amount for trading purposes, my coin storing wallet are on a desktop versions, you need to have different wallets for different usage.