So I had my 2.0 BTC and their corresponding BCC stolen from my wallet while it was stored offline.
This was due to a foreseeable weakness in the Exodus offline wallet.
I am not really posting this to bitch, moan or vent... though it is doubling as those things. I am writing this to warn others like me, to avoid being put in this depressing situation in an exciting environment.
So, I changed my various altcoins to BTC and ETH the other month. I had it stored offline since mid 2014.
I wanted a savings for our 7 month old boy and home we are saving for... BTC seems like a logical medium to long term investment.
I did a bit of research and found Exodus, it seemed slick and could hold both the BTC and the ETH I had in an exchange that I got from my MEC.
Perfect, put the coins on there, back up the wallet. Store the words in a couple of places in different countries on paper and on a usb stashed and well hidden in encrypted cloud storage elsewhere for use anywhere in the world. Clean the computer remove any wallets and any trace of crypto...
Safe, right?
An important thing to note at this stage is that I followed their procedures, but when I had written down the words etc and when you go to the next stage on their system, it asks you to enter an email address for a back up link. I found this bizarre as I was about to erase any existence of my crypto trading off my computer and out of the internet and onto paper, but they are sending a backup link. Well they need to know my password too, right? So I went along with it, stashed the email deep on a sub folder in my email.
Anyway, that was before the recent BTC fork and before the fork I contact Exodus to see what the ramifications of keeping them stored offline on their wallet was, if a fork happened. I was assured it was ok and in fact it was so I left everything there as it was.
Forward to the 28th of August 2017 just a few days before writing this...
My computer starts going slow, and crashing... then it crashes and I cannot even start it...
So reboot with a USB, reinstall windows, format the disk etc...clean and running again.
But while I am doing this I start thinking about BTC etc. and I learn of these new salt tokens, interestingly watching an interview with one of the exodus developers, and get interested to put a $1000 into them for their potential.
So I restore my wallet, and the BTC is gone...
My 4.5 ETH were there, but the BTC was gone. At first, probably denial, I didn't notice the transactions out from the day earlier. When it had been stored offline for months...
But after discussion with the assist team from exodus, I had come to face the reality that my Bitcoins had been taken from my wallet while I had it stored offline and had no traces of it on this computer.
None.
The only way that anyone had access to my wallet was either with these keys that were near impossible to get, unless they came through me, or that damned link.
So the only logical conclusion, using Occam's razor, is that the virus or attacking software that shut down my system had a keyboard tracker, worked out my several passwords and used the link in my email to access my wallet.
It is very strange that the $1700 odd in ETH was not stolen at the same time, which tells me it was an automated process...
But now I have worked out that very simple hacking can access an exodus wallet.
Access to email and a keyboard tracker is entry level hacking , no?
Why they have the backup link emailed through a third parties servers is beyond me. I trusted their system, and the very sad and true reality is that if I had have used any other wallet, any, or just left it all on an exchange. I would still have them.
They are not acknowledging that this weakness is a problem, and many (inducing myself) will call me an idiot for leaving that email in my folders on my email storage.
So if you use Exodus, delete or remove that storage link from the internet!! Or your coins will be taken at some stage.
It just takes simple hacking to get into someones email and then work out their passwords, we all know this. I felt the caution when I was entering my email into the exodus system to back up my wallet, but I went against my intuition and trusted their system. New fancy wallet for the mainstream, right? they must be onto it.
Those two BTC were the result of a couple of years of research, investment and my entire enthusiasm for the crypto scene. They were the deposit to my family's house in a couple of years and my sons education plan. He is 6 months old now.
Gone.
I cried.
In such exciting times I felt I was on board, and would not feel the FOMO, I had my 2 whole bitcoins, and some ether. But now I have just some Ether and if I invest more I will feel silly, If I don't I will feel silly.
what to do, meanwhile BTC and BCC grow fast.
I will not rant on any more, but be it a warning to those like me that are interested enough and avid enough to put our toes into this scene, but not the experts.
This is what the BTC scene needs now to gain mass adoption. I feel this weakness is bad for the community as a whole, it gives hackers incentive to attack, it waters down the security of BTC that is built in. I had my numbers I cleaned everything off my computer and I still got hacked. Because their dumb email.
I wrote to the developer of Exodus that is responsible for this aspect of the project 24 hours ago, no reply.
Be careful and just because the startups look all kind, caring and into it... tread carefully.
Just download the block chain and use a core wallet.
Fuck the fancy shit, it will just bite you in the ass.
Devistated.
