Bitcoin Forum

The reason I dont worry too much of it and dont bother to put there.

Is because the chances of getting hacked by the company or other is extremely low.

Assuming the company start to scam people and do something nasty. do you know how many trustwallet users are? 10 Million +.


People quickly would report that their funds would dissapear and you would have enough time to transfer your funds to other wallet with your seed.

1 company cant empty 10 million wallets so fast.

Just do a google search about FTX, Luna, and MtGox and you will find your answer.


The block will be placed completely on their network and that simply means no one will be able to transact when they decide to scam. It only takes few seconds to place a block you won't have time to think too in such a situation.

It other technology i dont believe they have easy access to millions of wallets because its using seed.  They need to open seed every time to empty wallet.
FTX access to funds are different i believe due to its web application technology.

That's naive assumption. They have created a fully fledged software wallet, they can create script or similar which automatically wipes out user funds in minutes.

You seem to be so naive based on what you have just posted up there.

There are several reason close source wallets/service are not encouraged for use because as a user, you will be in the blind. A code could be planted in the source code, allowing the hacker to read your seed phrases and transfer funds out as soon as you make a deposit or even drain hundreds of thousands of addresses in just a second.

Welcome to the world of automation, don't think everything has to be done slowly and manually

People were saying the same thing about FTX, Cryptsy, MtGox, and a whole lot of other centralized services too (which is what closed source wallets like TrustWallet are like). They were saying "they have been running for X number of days, have Y number of users and Z million dollars go through them; it is impossible for them to run away". The rest is history...

Besides it is not always about the company itself scamming its users, or not all its users (ie. selective scamming), but another risk is a third party hacked exploiting the backdoors in the closed source software that the company has placed in it (intentionally or unintentionally) and stealing your funds. Kind of like Windows where the risk is not only Microsoft hacking you but other hackers exploiting the backdoors Microsoft has placed in their product to hack you.

What you say is untrue.

If they plan to scam their users, they would code an auto script to automatic do everything and with such bot, things will be done in a few seconds and minutes. You will have nearly zero chance to exit.

What you say is more relevant to attacks on blockchain which can be detected automatically by big exchanges which run their own nodes and after having detection, they can react to keep their funds safely. Example are reactions of Coinbase in Ethereum Classic attacks.

• The exchange and wallet firm, Coinbase, said it had detected a so-called “chain reorganization” in which nearly $500,000 worth of ethereum classic (https://www.cnbc.com/2019/01/08/coinbase-says-ethereum-classic-movements-halted-on-possible-attack.html)

You are right. Provided that the trustwallet is handled by CZ, however this does not guaranteed safety all the time. From the word itself its closed source means they still have an edge whatever goes wrong with their platform. Its not like Im saying they will ring any bells or what but always make cautious since its still a possible scenario for every big firms out there.

You are so naive.

By the time some body reports their funds are gone, yours may be gone as well.

If an app was maliciously made.  The app developer could have coded it so they own access to all their customers coins.  It is possible they do not even need a script or anything.  Just have everyone's funds in the same wallet and transfer all at once.

Say this is not the case and it takes a while until they empty all wallets.  You may be having a long poop and by the time you are done, everyone's funds are gone.  You had two hours.  But you do not pay attention to what happens in the Cryptocurrency space every single second of your life, do you.

Even worse.  If they are selectively emptying wallets.  Yours could be the first on the list.

Your post is exactly why you are going to be scammed one day.

-
Regards,
PrivacyG

A good example why you shouldn't use close-source wallets is Coinomi.
Coinomi has been always a popular wallet and many people have used it, but it had a vulnerability sending users seed phrase to google servers.

Visit the following topic and see how that vulnerability caused a user to lose all his money.
WARNING - Coinomi Wallet CRITICAL Vulnerability Made Me Lose My Life Savings (https://bitcointalk.org/index.php?topic=5114708.0)

To be fair both FTX and MtGox are centralized exchange while Luna is a shitcoin project, while @OP is discuss about wallet, so you need to give an example about which wallet has been hacked especially the closed source one.

---

@hosseinimr93 gave a good example how closed source wallet is bad even though it's non custodial, the fact is many users are still use Coinomi even though someone already make a report. So I wouldn't be surprised if there's a new user will make an accusation against this wallet again.

I don't feel sorry for you because it seems you don't understand why open source is very important when keeping your funds or assets in your crypto wallet, the only one I trust is Electrum and Trust wallet, you don't want to trust closed source wallets, do you even understand what that means? They are completely not transparent.

Don't come back here and start screaming that crypto is scam, you've been warned.

Provided you aren't slerk in safeguarding your keys, talking about open and close source, we have them both in using a cold storage but i will asdume you're referring to the exchanges here which can be centralized  exchange (custodial) or decentralized exchange (non custodial) but there are decentralized wallet that are either an open source or closed source wallet and this has to do with your preference, but advisably you should go for open source decentralized wallets, get more information from this Open Source Hardware Wallets (https://bitcointalk.org/index.php?topic=5288971.0)

It kinda sounds like it's because you're too lazy to do anything else. Which is an OK reason but you seem to be trying to hide it?

If you've checked your nmemonic works in other wallets too for recovering the funds then you have some extra safety (because that IS open source if it's using bip39).


They could empty the largest of the person who isn't related to them, then wait, then go for the next biggest and continue (if they wait enough time, people will keep trusting them before they empty a lot of users wallets - they can fairly easily track when you're online and just need to target a rolling attack for everyone they suspect won't be).

Your argument is flawed from the start, but why gamble with the perceived low risk when you can simply use an open source alternative at no extra cost?

Besides the fact that scripts can be created to simultaneously wipe user funds above xxxamount, If hypothetically, the situation you described above was correct, there is no certainty that your wallet would not be among those looted first.

You put your funds and privacy at risk when using such platforms this way and have no incentive to do so.

You're too confident until it happens to you but let's put it like this, what if it's not about the company but about you? On how you browse through your phone where the trust wallet is installed.

But even if you reverse the situation and stuff, you'll be ending up realizing that it's owned by a centralized company and things may go south at your least expected time if it will.

If the past situations weren't enough to learn, I guess a personal experience coming from you will change your perspective.

Well, anyway as they say, your money - your rules.

Not all users is checking there wallet most of the time because many newbie just leave there crypto on there wallet as savings and just check it occasionally. Those people doesn’t have time to react in case the wallet become scam. Lucky for you because you might have a lot of time to check but the majority of crypto user is using crypto as savings and not for daily transactions.

Why people need to worry about this company can turn scam eventually while there’s a lot of open source wallet available that will give a peace of mind to there savings?

You have the right to do with your assets as you wish and closed source doesn't mean 100% that there will be some trick with the wallet

But this chance is not 0%, which means that risks remain. Are you willing to risk your money?

Do you see a correlation between the number of users and the likelihood of a scam? The more users, the more money can be stolen. Profit.

I wouldn't be so sure about it. I think it's technically easy to implement.

And you're assuming that someone who gets ahold of bunch of seeds won't be able to access all the wallets generated by those seeds in one batch process? That's a very bad assumption, especially if you're risking your money.

It can be translated as, I do not worry about giving a stranger my money for a minute because even if they run away with it, I will notice just in time to start running after them and catch them up before they are gone.

The problem is OP already knows they can be scammed and yet continues thinking chances are low.  If OP has close to zero knowledge about Bitcoin and security in general.  Why even bother pretending to know better.  There are others who actually know better and will screw you up before you even know it.

-
Regards,
PrivacyG

I hope OP can wisely and understand what you have explained about the risks of closed source wallet.
He just needs to know that not all cases of loss of funds are done by the company itself, but in most cases it is third parties who do. Just like the hacking of user funds from Binance and other exchange, it wasn't CZ who did it but third party ^[hackers] through the back door managed to find a way.

I also wish the OP didn't bother replying after reading this one.

Sorry but that is the biggest nonsens i have readed long time ago.

First , its exactly the closed source code you should be worried about , there can be all in it that can make a big damage.
There would be not enough time for all the people that using the closed source wallet when there is something going on.

For example : A  a special code in the closed source code can open doors for malware and other programs.
Once active it takes only a few seconds that they get all they need and more.
Bank Account details , Wallet and the Keys , all your passwords and loggin details where you ever logged in and so on.
If you noticed what happens the magic is already made and your done.

Everyone here tells it nonesense without understading in secruity to back up your claims.

 give proper reasons. Back it uo with facts.

Keylogger work on a way that it sees what you typing.

If my trustwallwt pass  852852 and the i download conpronised virsus suddenly on their new update   it only see  what i type 852852
Not my seed.

It also need to see the  seed.



Bank accounts details and email have high security 2fa and ip match. Attackers cant do nothing without an access to my email and he will never have it eben he has password.


Maybe im wrong but youll give goofy explanations without knowledge about secruity amd compared app like trust to ftx when they have different technology.

Tell that to millions of people that lost money in FTX and Celsius. In the end, why take extra chance for losing your money when there are alternative open-source solutions on the market.



You think that those kind of things are done manually, one by one in order to give enough time to others to withdraw their money? If company performs exit scam, you probably won't have time to do anything and will only realize when its too late.

This is just ignorance compared web app like FTX to online wallet they work on different technology. if you dont know what you talk about just be quite and dont try to act smart.

Maybe only 1% of the people here know what they r talking. all the others just throw assumptions into the air.  


Give me real reasoning if you know backened .

It's fair to say that Trustwallet hasn't had any issues or complaints from users so far, it's still safe, but you shouldn't trust it too much just because it's a company and has 10 million users. You need to know that anything is possible, especially for centralized or closed-source products, it's a lot riskier because we don't know what they will actually do with our assets. Nowadays, most people tend to use open source software rather than closed software because of its transparency. You should learn more about the difference between these two concepts.

I wouldn't recommend exporting and importing your seed into multiple wallets. Each new software that holds your seed increases the possibility of an attack. If you have your seed in one software wallet, you lose your money if something happens to that one wallet, no matter if it's user inflicted or the result of a hack, exit scam, etc. But, if you have the same recovery phrase imported across three different wallets, you now have the security of three apps to think about. Each one could in theory be hacked, have vulnerabilities, have malicious developers, and so on. 

You need to read this [1] it's just one type of malicious attack while there's many kind of types and every year there's always a black hat hacker creating new malicious stuff [2]. I don't think everyone need to become a coder and can read every source to recommend someone to use a good thing, it's similar like you're not a victim of ponzi scheme, do you think ponzi scheme is legit and not scam? especially the one who said there's no risk.

---

[1] https://cointelegraph.com/news/hodlers-beware-new-malware-targets-metamask-and-40-other-crypto-wallets
[2] https://swgfl.org.uk/security/types-of-malware/

What matters is that behind both of are people and they can have malicious intent that might cause you lose your money and if we don't lack something in crypto, that's those kind of people.

Problem with a closed-source wallet is that no one outside of the company that made it can check the code, making sure that there are no hidden surprises waiting to be exploited unlike the open source one that are regularly checked by community.

If you already have a malware on your device that can record your passphrase, considering that we are talking about non-custodial wallets, it is trivial for it to also gain access to your storage disk and copy the wallet file and then use that passphrase to decrypt it to extract the seed phrase from that!