Bitcoin Forum

So I have someone who I personally introduce to Bitcoin few years back, he is married and living well for himself, he got a inheritance money from his grandma before she passed and he used all that money to buy Bitcoin.

The mistake he made was storing half of one Bitcoin in Exodus wallet, and I could have fought for him that he is a very careful type, the BTC was moved not very long ago and it is been sitting in his wallet for few years, he haven't tell this to his partner because they have planned to buy a house with the money.

I did told him to go for a hardware wallet that 0.5 Bitcoin is too much to be stored in an exodus wallet, I though he listened, later he succumb to the likely of getting phished because the only thing he remembered installing is a browser extension.

Exodus could not even be the bad wallet here but his own stupid mistake, if this Bitcoin was in a hardware wallet it could still be here. No Bitcoin is safe on your PC, even if they are sitting in the wallet for years one silly mistake can claim it all.

He hates Exodus now but this company security has nothing to do when a desktop is compromised.

It could be the browser extension. There are many fake browser extensions now. But maybe it is because of another thing if he is using his laptop to download apps, extensions and files.

0.5 BTC today is around $60000. To get a hardware wallet or a cold storage set up will be cheap as low as $50 to $300. Some people will think nothing will happen until it has happened.

It's never very safe to store a big amount of money in a hot wallet, even on a mobile wallet. Your friend was just careless, but then again, have you tried to investigate and see if your friend's wallet got hacked through phishing or if he spent the money and gave it to scammers? Things happen these days, and all blame goes to hackers.

I feel sorry for your friend, I really do. 0.5 BTC is a life-changing amount of money and would do a lot for some persons in some countries. I don't know why he didn't take your advice, whether it was stinginess or what, but I'm sure he regrets it. Spending a few dollars to get a good hardware device would have averted this mess.

It is to the prevention of this messy situation that may ignite the movement of old bitcoin from their wallet old address (perhaps, hot wallet) to other new addresses which could be they're move their bitcoins to some hardware wallets for tighter security.

Tough how your friend had to lose such a big sum of funds in the process of getting extra functionality from his web browser.  Just to think outside the box, have you asked your friend if he was the only person with knowledge of the wallet keys. Does his wife has idea of the keys.

A brutal lesson indeed, but something that happens to us all too often. Speaking of browser extensions, they are very poorly moderated, and can even send malicious scripts, fake signature requests, or steal your seed word.

Exodus has a reputation as a strong, non-custodial software wallet afaik. In fact, the security of any software depends on how well your CPU is protected. No matter how powerful the software is, if the CPU is not malware-free, nothing on your computer is safe. So, if your PC is infected, even the best software wallet will be vulnerable.

if you are serious BTC hodler then air gapped or hd wallet are the best solution for you. if your friend had practiced hodling by using rigid & cold approach, his 0.5 BTC would still exist, so sad..

This particular situation has happened multiple times and it won't actually stop happening any time soon the problem is people online are very quick to trust any random app or extension basically because most of them do not have a good understanding of how privacy works and security too.

I can still vividly remember when telegram wallet was still very new, Alot of persons were very quick to trust it and currently even if people still use it you hardly hear about it plus it was never open source or decentralized.

I'm curious how that could happen. I'm somewhat cautious when installing something on my PC. It's more of a precautionary measure, just because. Even if there are things that offer airdrops or something, it's still somewhat suspicious to me.

Doesn't Exodus have increased security features, such as two-factor authentication (2FA) or something similar? So that there would be another layer of protection? Would that even save your seed or wallet?

I mean, having 0.5 BTC on a hot wallet now is very dangerous. Get a small amount of BTC, buy a hardware wallet, and consider purchasing an antivirus if possible. It's better than losing your coins.

So he got scammed by a phishing link, he stored funds in a extension, for him the amount won't be that much because when someone gets free money they don't care much unless they have earned it, but if you are sure he is a careful kind person, still he should have stored funds and kept the keys somewhere safe, he did not had to keep the extension even.

Just the phrase should be kept safe, he must be using that browser regularly and thought he can click any link he want, hmm well what I can say now, if he have already lost the funds, but the best as a friend we should suggest them to be active in forums like this, and learn more, about security, it is not about extension or other things, it was his own mistake, this can happen with his bank accounts as well.

Well, I feel sorry for him. I confess that I used Exodus for many years, but I learned early on that I shouldn't use the Exodus extension. I was robbed once. It wasn't a big deal, but it taught me a lesson. I started using only the Exodus wallet on my desktop, without installing the browser extension.

Honestly, I can't understand why he didn't just keep the Exodus wallet on his computer, with a password and secure private keys somewhere outside of his computer, and didn't install the Exodus extension in his browser. That way, he wouldn't have lost everything. Why not? The guy wasn't trading, so why put the Exodus wallet in his browser? I don't understand

I am curious to know, is the browser extension an exodus wallet? Because there have been similar attacks in the past where a fake exodus wallet appeared on the ad store, and many people downloaded it thinking it was the real exodus wallet.

Maybe your friend inserted his recovery seed into the extension thinking it is the real exodus app and they wipe his Bitcoin? Please ask him this question because this is the only way this makes sense.

The other way I can think about is him trying to send BTC from the wallet but the PC was already compromised, infected with a powerful malware that's good at swapping copied BTC Address to another address. Only him can know where it all went wrong.

Sometimes when you tell people some things from experience and the exposure you have,  they choose the one to listen to and ignore others. They later learn from their own experience because they think that whatever situation or danger that you tell them about concerning the risk they are taking will never happen to them for some reasons best known to them. For persons like these who were warned of the risks they are taking, I share no sympathy for them because they are the reason of their problems.

To others, it should a note of caution to avoid installing random extensions to a browser you use on a device that has important documents and information. It may not be you loosing bitcoins per say, but there are some other sensitive informations on your device that can be stolen if you install an extension to your browser that you cannot verify the source.

He doesn't even know how exactly he lost his coins, but I know he made a bunch of mistakes.
First, he probably used wind0ws OS, and with that it is much easier to get malware installed.
Than he used closed source wallet like exodus, and installed unknown extensions in his browser.
This is recipe for disaster  :P

Sometimes people are reluctant to buy cheap hardware wallets because they think that storing their coins in a hot wallet is sufficient, or they think that instead of buying a hardware wallet for around $100, it would be better to invest the money elsewhere.

This way of thinking is wrong—if they lose their funds, they will regret it.

They did not store their funds in the Exodus desktop wallet but in a browser extension wallet that is only secured by a password.
It is possible that the OP's friend visited a phishing site and connected to their Exodus wallet.

Other OS can also be vulnerable to malware, even the commonly used Linux OS can still have malware but just that people that are using it are pros. To stay away from malware, it is better to use a cold wallet but your advice is also good because people will still want to leave small amount of money on online wallet.

A few years ago I tried moving funds from Kraken to Binance. When I tried copy/pasting the deposit/withdrawal addresses the tabs would crash and were glitchy. Unfortunately, I didn't think much of it and proceeded with my deposit on Binance. I waited, and waited, and nothing was showing, not even on pending deposits where it would show almost immediately the second a transaction was broadcasted. I contacted their live support and they told me that this isn't their address and I likely had a malware on my computer. No anti-virus showed any results back then, so I was likely one of their first victims, since a few months later, it was all over Google's results.

This here is my thread, Fake browser extension (https://bitcointalk.org/index.php?topic=5409045.msg60710062#msg60710062). However, in my case, I highly doubt that this extension would be able to change or do much on an offline basis, meaning, outside of the browser. Can you elaborate more on the extension? Perhaps it was an executable that was disguised as one?

I'm sorry for your friend's loss.

He is not the first person to lost Bitcoin and he will not going to be the last to lost Bitcoin for unsafe wallet. The mistake you made is that you forget to recommend him to standard and safe wallet to hold Bitcoin for long years, but you teach him cryptocurrency to have the wisdom that make him to use his inheritance money to invest Bitcoin, now that he has lost the Bitcoin do you think he will be happy with you, because there is electrum and other good wallet that would have protect his Bitcoin for long. This is a lesson to other newbies that is in hurry to use any how wallet to save their Bitcoin or other coins for long years before marketing the coin to show up new cars or new houses.

As long as the device is connected to the internet, it is always at risk.  It is sad for your friend to learn the lesson the hardway. If only he listen to you and bought a hardware wallet, this thing would never have happened.


Yeah, he should have learned from so many reports about a pc getting infected by installing browser extension.  If I am the one holding that huge amount, I would never be relaxed until I got that fund stored in an air-gapped device to be sure that no matter what happen to my pc my BTC funds won't be affected.

No. Exodus has something to do with it, based on the previous vulnerability of the wallet and hacking experience of some people who have used the wallet.
If the Bitcoin is kept in a hardware wallet, your friend will still have it, and I was surprised he was stingy enough to keep half a Bitcoin in Exodus, which was said to have some security flaws and vulnerabilities over the years due to the software used to build it.
Yes, the issue occurs through the extension, but from what I see, he also didn't have good internet security

If you have "enough" bitcoin (whatever that is to you), having some type of cold storage is key.  Whether it is a computer that never is online or a hardware wallet, just do it.  A Chromebook isn't expensive, put electrum or something on it and never go online with it. 

If you're storing 0.5 Bitcoin for future reference, what could be more secure than a hardware wallet? That's $60,000 in today's money. In this internet world, where malicious attackers are rampant, a hardware wallet is a lifesaver. It's a good reminder, but I feel sorry for your friend.

You are correct. The issues isn't from Exodus but the point  is that the wallet was in a device that is compromised. Software wallets on personal computer or phone carries risk always as a single phishing link, extension or even malware is able to drain them out.
A hardware wallet may not be exposed in like manner as the private keys don't touch the PC. It is misplaced to put the blame on Exodus, because it did its job, yet security breaks at tr point of weakness, and in such it happened in the users environment.
Conclusively, the loss was from human mistake, rather than wallet brand.
When he needs peace of mind in the near future, he will be having the need for a hardware wallet and well arrange security habits.

Just like a physical wallet you carry in your pocket, a hot wallet is for storing your spending money only,
not your life savings. That's like walking around with $60 thousand dollars cash in your pocket instead of
keeping it in a bank.

Why was your friend using a web3 wallet to store bitcoin of all things? Shitcoin wallets like Exodus and Metamask
are not very secure. They are a hacker's paradise. That's why I don't mess around with shitcoins.

There's just so many many ways you can get your data stolen in a PC where it's connected to the internet.

A newly generated wallet in air gapped PC is thousand times more secure than a browser extension, I've seen countless people getting drained left and right and even got phished.

This should be a great lesson for people. If we want a truly secure wallet without flaw, we need an air gapped wallet.

Some people need to learn their lesson when they've already experienced the consequences of their carelessness. If your friend had considered switching to a hardware wallet from the start, he might have avoided this unfortunate incident. However, he underestimated the risk and chose to store it on a device, which is quite vulnerable to malware or virus infections.

The internet is full of viruses and malware, and we never know when they will infect our devices. Therefore, the best course of action is to separate our Bitcoin holdings from the devices we frequently use. A hardware wallet shouldn't be expensive, especially if you hold a significant amount of Bitcoin. Alternatively, store your assets on an air-gapped device, so they are completely isolated and inaccessible online.

If you frequent Twitter, you will see many people who have 7 figures in a browser extension and without a hardware wallet. We at Bitcointalk are different because we all have been hacked before and we are careful and use Cold storage or hardware wallets. But many of these new users have never experienced that and they just risk it.

When watching the streams of them buying meme coin you can see that they are not using any type of hardware wallet. Just $500,000 or so sitting in an extension and using Windows which is the most unsecure OS out there and you just know something will happen and those coins will be stolen.

Actually, a wallet is essentially an interface for accessing the blockchain. With exactly the same degree of security, you can store BTC for a long time on a cold wallet as on a hardware one. And you should prefer wallets in the form of an application, but you need to be very careful with browser extensions.

Exodus is a non-custodial wallet and we can hold our keys to the wallet.
So how come a browser extension can get his funds lost while he was holding the keys to his wallet ?
Is it possible that he was holding the keys to the wallet on his desktop PC itself, may be in a plain text file ?
Otherwise, I don't think it would be that easy to lose funds using Exodus.

It seems people forget things too fast in this space, I don't forget that Exodus was vulnerable some years back and that vulnerability make many users lost their funds, I am surprised that no one remembers again.

Exodus is a crap Bitcoin wallet and it should be avoided at all cost, and also this is a wallet that functions online, it is a bad idea to use similar wallet to store your Bitcoin, a non custodial wallet that works like a cold storage is always the best, I hope he learnt his lessons but don't tell him that Exodus is innocent, they are not.

If you make him believe that Exodus isn't the problem he could go back and download Exodus again thinking he just have to keep his recovery seed more safer.

How can you have 0.5BTC and store it in a device connected to the internet? That is the highest level of carelessness. Assuming he even want to dedicated one laptop to that if he does not like a hardware wallet, he can comfortably buy a laptop to store that Bitcoin, instead he choose to play with it and therefore lost it. Well, its possible that is just small money for him or Bitcoin he got without stress else he would have been more careful with it.

Ohhhh! This is sad but necessary lesson which is showing crypto security is very important and your friend lost his Bitcoin not because Exodus wallet was bad but because he installed bad browser extension on his computer which is common way so with this thieves steal private keys. This is showing that no amount of Bitcoin is truly safe on internet connected computer no matter how long it was there because one simple mistake can destroy everything. This tragic event is showing why many people right to recommend cold means hardware wallet as it store private key offline it means thieves could not have stolen money without friend physically approving transfer.

It is impossible to say what would have happened if your friend had a hardware wallet, because there are many cases where people are "hacked" even when they keep their private keys with HW. If you're wondering how this is possible, then I'll give you at least two reasons why this happens.

The first consists of the victim receiving a phishing email that appears to have been sent by the company that sold him the hardware wallet, and in which he is warned about some critical vulnerability that can be patched by clicking on a link in the email and on that link the victim is instructed to type in his seed to verify something, which is of course nonsense.

The second way people most often lose their coins is to save their seed on their computer as plain text, or save it in an email or cloud that someone can then hack and steal everything from them.

A hardware wallet is definitely something everyone should have, but it can't protect against people's stupidity in doing something they shouldn't.

Although there are already numerous threads about crypto asset hacking on this forum, I think it's good to see another case arise and create a thread, as it serves as a reminder for us all to remain cautious when storing our assets. Thank you to the OP as this thread will be a learning experience for us all.

We also need to emphasize that as crypto grows, threats to the security of our assets will increase. Therefore, everyone especially beginners must be concerned about wallet security because crypto is inherently vulnerable to attacks such as hacking and phishing. If you underestimate security, you can lose access to your assets in a short time. Cryptocurrency has no central authority that can help recover your lost assets. So if your assets are stolen or lost, they cannot be recovered. Therefore the condition of your wallet is entirely your own responsibility. Losing 0.5 BTC is painful, especially if it's due to your own carelessness using a browser extension. Therefore you must be aware of the need to improve your wallet security in the future to prevent further financial losses.

Keeping 0.5 Bitcoin on an online wallet is a ridiculous mistake. He has learned his lesson, but at what cost? Around $60,000, and that money is A LOT, not matter which part of the world you live in. For some countries, it's a life-changing amount because you can literally do everything if you have an amount like that; such as buying a house, a car, and every other luxury, and on top of that, you can even start a business of your own, but he lost it all, only because he was too lazy or confident that his funds are safe.

His first mistake was to keep the funds in an online wallet, and his second mistake was to have that wallet in a device which he uses for normal stuff. I mean, if you can easily afford to buy a new device, since you have that much money, you should at least have a separate device for your financial holdings or financial operations, so that you don't have the risk of getting phised or have your funds stolen through some malware, etc.

0.5 Bitcoin is half a thousand American dollars, you mean to tell me that your friend doesn't have the money to buy $200 dollar hardware wallet. The $200 is even an estimation, most often high end hardware wallet are $180 and low as $70, so that amount is too high. Let's even say the person have a phone, why not use phone only to keep the Bitcoin or you want to tell me he doesn't know much about after owing 0.5 Bitcoin, I'm sad and angry on his behalf to be honest.

In case people don't know about extension, there are some extension that can read your copy and paste, there are some that can even read everything on your computer page anytime you are interacting with another extension. So, when you copy a sensitive thing on your keyboard, it possible the extension was able to copy the private keys or modified something on his laptop unaware, all this can make your Bitcoin to disappear over a night.

You either stay out of the Web with the info to secure the access and custody to your wallet / wallets, or you suffer in the process to understand it, simple as that.

Yeah man, at that point it's whether the OP's old friend willing to shell out $100 for a hardware wallet or losing the entire $60k.

If it were me, of course i'd just prefer to shell out $100 no brainer decision for me. But i'm not surprised, there are people out there saving millions in BTC with just exodus wallet ;D.

I don't think there are many; I think this case is going to be the exception rather than the rule. An example of the saying, “A fool and his money are soon parted.”  That's assuming the story told by the OP is true. I'm not saying it is or isn't, but we have no way of knowing for sure. Obviously, anyone with a modicum of intelligence would prefer to spend $100 to ensure that they cannot be robbed of $60K. Although, given how clever the guy seems to be, it would not be surprising if, had he purchased the hardware wallet, he had stored the seeds online, in iCloud, or similar.

That's is a whole lot of money for someone to lost at of carelessness it is very painful and frustrating, I just hope he possess the heart in bearing such huge lost.

People's fails to attend to sensitive issues till something bad happened before they will realize. That's one bad thing in procrastination, we keep prolonging important and sensitive matters that ought to have been attended to long time ago, assuming he did the needful by storing such huge assets on any of the hardware wallet these wouldn't have happened, perhaps it will serve as a lesson to others.

I do not really encourage using of extension because they are really dangerous and prone to hack. Just as you said it’s good to get a hardware wallet or a non custodial wallet to store their assets than using an external attached wallet to the browser to store their assets. From how I understood it, they have no control of their asset because the developer could phish their funds from there end.

Many of these programs come with AppImages too. So you can just download one and make it executable and just run it.

I know for one thing that there are Bitcoin and Monero wallets like that. Coins like Ethereum less so because of "web3" and their insistence of you storing your crypto on either a browser extension, mobile app (yuck!) or hardware wallet.

Some people are like this normally, they have thousands of dollars with them but they can't buy small things out of the money to benefit themselves, I am very sure that the person OP is talking about is a very stingy person who worship money that life itself, there are unfortunately many people like this.

I was shocked the day I found out that a close relative is worth more than 100k in dollars, I argued with my sibling, because the way he looks and that of his age there is no point keeping money and avoiding to spend it, even on himself, until one day he was sick and everyone who running around to gather money for the hospital bill, I immediately invalidated my siblings mindset that how can a man be dying and not use his money to safe himself, then the money was not enough and this relative added the rest amount, his wife got mad and shouted on him for keeping money and not want to spend, she exposed him on that day, we all took our money back and his money was used to settle the bills, I can't write the whole story here but on that day onward I started to believe that some people are slaves to the money they make.

The amount he lost is a big amount. Who has around $60K in his wallet? I'm just wondering why he hasn't bought a hardware wallet. I don't store any funds in a web wallet or software wallet, even if it's more than a thousand dollars. Comparing $60K to a hardware wallet, which just costs a couple of dollars, but it would save all of his money. Sorry to hear your friend lost his funds and didn't hear what you said. I really don't compromise with my fund's security at all, because if I can't afford to buy a hardware wallet, then I have to afford lost funds.

However, it has gone and will never be recovered. But we can take a lesson from here and apply it to us. I don't trust even a centralised exchange. I don't store funds there since I have multiple hardware wallets. After trading, just move funds into the hardware wallet, and whenever you need to sell, then move it again to the exchange. I'm really not a fan of installing any extension to my browser. Right now MetaMask is my only extension; there is nothing else there.

Exodus wallet is not a good wallet. Let's check why.

https://walletscrutiny.com/?platform=allPlatforms&page=0&query-string=Exodus
From Desktop to mobile application store, the wallet software is close source as it is shown as "No Source" in the reviews.

$60,000 is too much for a hot wallet and I agree with you on this. With $60,000 fund, it is important to spend some hundreds of dollars for a hardware wallet and store bitcoin securely.

Choose an open-source hardware wallets, and avoid close-source hardware wallets.
[LIST] Open Source Hardware Wallets (https://bitcointalk.org/index.php?topic=5288971.0)
[GUIDE] How to buy a Hardware Wallet the right way (https://bitcointalk.org/index.php?topic=5288201.0)

I have no prior experience using Exodus wallet because I have never used it before. Bitcoin is a very valuable asset so it must be taken care of. Your friend did not take care of the Bitcoin due to which such an incident happened to him. For a large Bitcoin holding, you must use a secure wallet that will always keep the Bitcoin safe. For this, I should use Electrum wallet as a software wallet and there are several hardware wallets. If you do not take care of Bitcoin, Bitcoin will not take care of you. And once you lose Bitcoin, it is never possible to get it back.

Mind sharing what this extension was? So we could all also avoid it. Maybe it was a replica of another legit extension he was trying to download.
Exodus is actually a pretty decent wallet. I have heard great reviews and only very few bad ones. But if you are not careful yourself, the wallet can only do so much to protect your coins. Remember to double check what you are downloading and if possible do not use the devices where you have bitcoin in to download links from the internet.

It's my impression that often the same mistakes are made, be it out of ignorance, no security knowledge or whatever else makes people do risky setups.

This isn't a complete list and isn't ordered by severity:

• Avoid Windows as the host OS for your wallet(s) and crypto stuff.
  It's has (still) major market share and is therefore commonly the most targeted OS by malware.
• Avoid your daily driver device for your wallet(s) and crypto stuff.
  You don't want to put your coins at risk on the device where you do all your daily internet shit with. You likely know yourself what I'm talking about.
• Too much value in a hot software wallet. Don't need to say more, you're simply asking for trouble and desaster.
  Hot wallets should only contain amounts you can afford to loose. YMMV.
• Avoid closed-source wallets.
  You can't easily put those under scrutiny compared to open-source wallets. Bugs and security issues usually fly under the radar for closed-source stuff.
• Store your mnemonic recovery words strictly offline and on analog storage media like paper and stamped metal for hazard resistance. No digital pictures, screenshots or files on online devices of your recovery words or similar valuable secrets.
• There's usually no reason at all to expose your recovery words on an online website, especially when you're asked by another party to do so (this is a big red flag and usually a scam or trick to part you of your coins).
• You can still make mistakes with a hardware wallet, if you're not careful. Always and in every single case carefully inspect ALL details of a transaction BEFORE you sign it with your hardware wallet. Your hardware wallet should have an own and independant display to check and verify EVERY detail of a transaction BEFORE you finally sign it. Make this a habit without exceptions.
• Personally, I avoid my mobile phone for wallets larger than some little pocket money values.
  Mobile phones are easy to loose, could easily be stolen and you basically have no chance to assess the security of the device. Not to mention how much internet shit people do on a daily base with their mobile phones.
• NOT checking and verifying that your wallet software or hardware wallet firmware downloads (or similar files) are genuine.
• Using questionable browser extensions and browser wallets.
  Check the reputation of a browser extension with great scrutiny. Why do you need a browser extension for your crypto stuff anyway?
  Browsers are very complex software behemoths and commonly your primary software that's heavily exposed to the internet's evil. They are full of bugs and quite a target. I find the idea of a browser wallet a very risky approach.

I've surely missed something, above is just what quickly got off the top of my head. Feel free to add more to it.

This is a sad story to hear, half a f Bitcoin is a very huge amount of money that worth anything.

I am still wondering why extension, and why didn’t he have a seed phrase? Or is it that the Exodus wallet is like an exchange that didn’t give you private key or seed phrase? And even if it is an exchange I think since it is not a general problem, you are supposed to recover your funds in another device if you have your login details, but I don’t know why this wallet in question is different because even phantom wallet, MetaMask, and others that support extension do give seed phrase or private key depending on either the wallet is an open or close-source.

Nevertheless, this is a lesson learned the hard way, I am sure your friend will never leave his Bitcoin in even a central exchange or any wallet that he will not be in control of his coin.

I would also like to hear more about this case.  As far as I know, there is no browser extension that can simply "steal" coins from your desktop wallet.  Or is there?
In any case, it would be useful for all of us to know more information about how the theft actually happened.  Though, I kinda doubt the original poster will give us an update.


Right, I havent heard anything awful about Exodus wallet either, except its closed source, which bugs some people, me included.  If the user messed up here, its not really the wallet fault.  It boils down to what went wrong – like a phishing scam or nasty malware.  But if you are not paying attention, that same bad stuff could still happen even if you used a hardware wallet.

It is not just the extension, it is not just the wallet, it is not just the operating system, it is the device which connected to internet then there will always be a risk for compromise. And yes hardware wallet brings better security by eliminating the contact of the wallet with the device combined with not losing the convenience. But no wallet is safe 100%, if there is something happened to the wallet backup then it will end in a disaster too.

I don't think not using a a hardware wallet is too much of an issue. Although hardware wallets are safer, this doesn't mean that wallets such as Electrum aren't safe. The users are who ultimately sabotage themselves, either by downloading something they shouldn't have, or being careless in general. Metamask is also a wallet that is prone to scams, but ultimately, it's the users fault. Unfortunately, the internet is full of phishing links, scammers and fake extensions or applications in general. If you're using your computer and storing bitcoin at the same time, it's way safer to isolate your wallet completely.

He didnt understand the risks and people dont bother to take the time to research and find the right solutions for this. He definitely should have put on his own hardware wallet, wish he could have learned this lesson with a very small amount .5 BTC is a nice chunk of sats

This is why Bitcoin users always have to be aware. Currently, the value of 0.5 BTC is not very high, but not low too. Therefore, since investing in Bitcoin gives you the freedom to safeguard your own assets. Therefore, it was necessary to use a hardware wallet for the sake of secure security. Although not all Exodus wallets are hacked like this. Still, it should have been done for the sake of security. Because no one can predict in advance when hackers will hack or when they will be hacked. Therefore, it is important to use a hardware wallet for maximum security. Since internet is essential for hacking, and Ledger and Trezor work like offline wallets and do not require internet all the time, it is more secure than any other wallet.

A person can lose all his wealth in life due to lack of awareness. Therefore, it is best to take maximum security on his part. In the mentioned incident, it has been seen that the person who lost 0.5 BTC was not very careful. If he had not neglected the storage of Bitcoin and had kept it in a hardware wallet, then there would have been no possibility of his Bitcoin being stolen. Due to not paying attention at that time, he had to lose his permanent property. I think it wasn't because of using the Exodus wallet, but rather negligence was the main reason for the loss.

That was most likely a wallet drainer, but I don't know how a wallet drainer could successfully drain his wallet through a browser extension.
Wallet drainers require the user to connect his wallet to the drainer and grant permissions regarding his own wallet.
Where did he download the browser extension from? I thought that browser extensions installed from Chrome webstore and Firefox App-store are supposed to be safe.
Putting the blame on Exodus is pointless. I know that many people don't like Exodus. I've never had any problem with Exodus in the last 3 years, but I might be switching to another wallet.