Bitcoin Forum
June 17, 2024, 06:08:48 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Discussion] Exodus and Neon Wallets: “Quite Vulnerable”  (Read 161 times)
hugeblack (OP)
Legendary
*
Offline Offline

Activity: 2548
Merit: 3769


View Profile WWW
March 26, 2018, 03:47:01 PM
Last edit: May 13, 2019, 09:20:45 PM by hugeblack
 #1

I have watched this video from youtube: https://www.youtube.com/watch?v=VU3Zfrvsm8k&feature=youtu.be
and read this from this site " that the Exodus wallet can be hacked fairly easily. This can be done by just running a simple script written using the Python programming language in the background and dumping the memory onto a notepad. The script was run after the user logged into the Exodus wallet, and to our surprise, we were able to see the 12-word recovery phrase.

These malicious scripts can infiltrate a computer system through malware or a bot installed secretly on browsers. If we search through the system memory for a recovery phrase, we will be able to get them very quickly and easily. An experienced hacker can retrieve the keys even faster than us, since only very basic scripts were used in this example."[1]

Is this information true/correct or is it just a trick in video design?

Source:
#1 https://cryptocoremedia.com/exodus-neon-wallets-hackable/
TryNinja
Legendary
*
Offline Offline

Activity: 2870
Merit: 7113


Crypto Swap Exchange


View Profile WWW
March 26, 2018, 04:58:32 PM
 #2

The guy from the video is the founder of a gaming dev company called TeamSalvato. I doubt he would create a fake video just to FUD cryptocurrencies.

IMO this looks like the vulnerability that Jaxx has, where anyone can get your seed by having access to your device. So it's only a problem if you get infected or someone gets physical access to your device.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
buwaytress
Legendary
*
Offline Offline

Activity: 2842
Merit: 3530


Join the world-leading crypto sportsbook NOW!


View Profile
March 27, 2018, 01:53:53 PM
 #3

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3514
Merit: 6162



View Profile
March 27, 2018, 04:18:19 PM
 #4

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Agreed. Coinomi, Jaxx and now Exodus. These wallet providers seem to focus more on earning money through supporting more coins that can be exchanged with Changelly/ShapeShift then the security of the users funds.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
LTU_btc
Legendary
*
Offline Offline

Activity: 3094
Merit: 1338


Slava Ukraini!


View Profile WWW
March 27, 2018, 11:26:28 PM
 #5

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Agreed. Coinomi, Jaxx and now Exodus. These wallet providers seem to focus more on earning money through supporting more coins that can be exchanged with Changelly/ShapeShift then the security of the users funds.
Did I missed something about Coinomi? Or you talking about that privacy issue where app broadcasting addresses in plain text over the network? But it's not security vulnerability where our coins are in danger, it's more about privacy. Correct me if I'm wrong.
Hardware wallets like Ledger Nano S is solid and secure option for multi-coin wallets. The problem that you can use very limited number of coins on this wallet.

mobnepal
Legendary
*
Offline Offline

Activity: 1218
Merit: 1006


View Profile
March 27, 2018, 11:56:34 PM
 #6

Did I missed something about Coinomi? Or you talking about that privacy issue where app broadcasting addresses in plain text over the network? But it's not security vulnerability where our coins are in danger, it's more about privacy. Correct me if I'm wrong.
I also think its just that privacy issue rose by @lukechilds and it came into light after dev reacts to him in harshly manner.
https://www.dashforcenews.com/coinomi-vulnerability-discovered-developers-react-harshly/

I am still using coinomi because couldn't find any other better alternative.

I wasn't aware of exodus vulnerability before, looks similar to jaxx one.
Patatas
Legendary
*
Offline Offline

Activity: 1750
Merit: 1115

Providing AI/ChatGpt Services - PM!


View Profile
March 29, 2018, 11:25:20 AM
 #7

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.
Before using Exodus people should have a fair idea what it does,it's not natively written in any Desktop Development Environment but built on top on GitHub's Electron Api which is nothing but another instance of the browser running on your desktop.Speaking technically,you are just using a browser which have the capabilities to diirectly/indirectly  manipulate the data on your computer.Do you see any red flags now ? You should !

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.
Since the Exodus files will reside on the client's computer,the wallet is always vulnerable to other viruses/throjans.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!