[Discussion] Exodus and Neon Wallets: “Quite Vulnerable”

[hugeblack]

I have watched this video from youtube: https://www.youtube.com/watch?v=VU3Zfrvsm8k&feature=youtu.be
and read this from this site " that the Exodus wallet can be hacked fairly easily. This can be done by just running a simple script written using the Python programming language in the background and dumping the memory onto a notepad. The script was run after the user logged into the Exodus wallet, and to our surprise, we were able to see the 12-word recovery phrase.

These malicious scripts can infiltrate a computer system through malware or a bot installed secretly on browsers. If we search through the system memory for a recovery phrase, we will be able to get them very quickly and easily. An experienced hacker can retrieve the keys even faster than us, since only very basic scripts were used in this example."[1]

Is this information true/correct or is it just a trick in video design?

Source:
#1 https://cryptocoremedia.com/exodus-neon-wallets-hackable/

[TryNinja]

The guy from the video is the founder of a gaming dev company called TeamSalvato. I doubt he would create a fake video just to FUD cryptocurrencies.

IMO this looks like the vulnerability that Jaxx has, where anyone can get your seed by having access to your device. So it's only a problem if you get infected or someone gets physical access to your device.

[buwaytress]

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

[OmegaStarScream]

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Agreed. Coinomi, Jaxx and now Exodus. These wallet providers seem to focus more on earning money through supporting more coins that can be exchanged with Changelly/ShapeShift then the security of the users funds.

[LTU_btc]

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Agreed. Coinomi, Jaxx and now Exodus. These wallet providers seem to focus more on earning money through supporting more coins that can be exchanged with Changelly/ShapeShift then the security of the users funds.

Did I missed something about Coinomi? Or you talking about that privacy issue where app broadcasting addresses in plain text over the network? But it's not security vulnerability where our coins are in danger, it's more about privacy. Correct me if I'm wrong.
Hardware wallets like Ledger Nano S is solid and secure option for multi-coin wallets. The problem that you can use very limited number of coins on this wallet.

[mobnepal]

Did I missed something about Coinomi? Or you talking about that privacy issue where app broadcasting addresses in plain text over the network? But it's not security vulnerability where our coins are in danger, it's more about privacy. Correct me if I'm wrong.

I also think its just that privacy issue rose by @lukechilds and it came into light after dev reacts to him in harshly manner.
https://www.dashforcenews.com/coinomi-vulnerability-discovered-developers-react-harshly/

I am still using coinomi because couldn't find any other better alternative.

I wasn't aware of exodus vulnerability before, looks similar to jaxx one.

[Patatas]

This is new to me. I left Exodus (yes, the irony) actually after they dropped support for Dogecoin with what I felt was inexcusable reasons for lack of developer response (despite getting contradictory responses from actual Dogecoin devs on reddit). Basically, there just doesn't seem yet to be a solid and secure option yet for multi-crypto wallets.

Before using Exodus people should have a fair idea what it does,it's not natively written in any Desktop Development Environment but built on top on GitHub's Electron Api which is nothing but another instance of the browser running on your desktop.Speaking technically,you are just using a browser which have the capabilities to diirectly/indirectly  manipulate the data on your computer.Do you see any red flags now ? You should !

As tryninja says though, you're really only at risk if your device is compromised... Would need a fellow developer to replicate that exploit though, the way the Jaxx exploit was.

Since the Exodus files will reside on the client's computer,the wallet is always vulnerable to other viruses/throjans.