Bitcoin Forum
November 17, 2018, 12:18:37 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What if digital-wallet creators hack users bitcoins?  (Read 115 times)
JoshKulot
Newbie
*
Offline Offline

Activity: 112
Merit: 0


View Profile
April 19, 2018, 05:50:57 AM
 #1

Trust issues anybody?
1542457117
Hero Member
*
Offline Offline

Posts: 1542457117

View Profile Personal Message (Offline)

Ignore
1542457117
Reply with quote  #2

1542457117
Report to moderator
1542457117
Hero Member
*
Offline Offline

Posts: 1542457117

View Profile Personal Message (Offline)

Ignore
1542457117
Reply with quote  #2

1542457117
Report to moderator
1542457117
Hero Member
*
Offline Offline

Posts: 1542457117

View Profile Personal Message (Offline)

Ignore
1542457117
Reply with quote  #2

1542457117
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
mocacinno
Legendary
*
Offline Offline

Activity: 1400
Merit: 1251


https://unblur.ninja =>lightning network testsite


View Profile WWW
April 19, 2018, 05:52:39 AM
 #2

Trust issues anybody?

Well, this is a justifiable fear... I personally don't trust wallets that aren't open sourced... If you download a binary from an unknown company, they can potentially use a bad RNG, or have backdoors... Don't even get me started on online wallets, you have no controll over their sourcecode whatsoever (and usually, you don't have controll over your private keys either).
This is why it's important to only use wallets that are 100% open source and have been vetted by senior dev's. If a wallet's sourcecode has been read by dozens of developers, and nobody finds a backdoor or a flaw in the RNG, you can be reasonably sure your private keys are safe. But even then, bugs CAN always exist (look at electrum < v3).
This is why it's also important to check the signatures before using a wallet, or even better: compile the vetted sourcecode yourself Smiley

If you're really paranoid you can always use a dice to generate your private key offline

mjglqw
Sr. Member
****
Offline Offline

Activity: 756
Merit: 427


⭐ https://coinsources.io/


View Profile WWW
April 19, 2018, 06:01:57 AM
 #3

That's why you should stay away from wallets that don't give you access to your private keys, especially when you're holding big amounts of bitcoin or crypto in general. Even though some services like Coinbase are pretty secure, there's always a chance of them getting hacked as exchanges are always a hot target for hackers.

Don't let history repeat itself.
Relevant reads:

Pursuer
Legendary
*
Offline Offline

Activity: 1316
Merit: 1092


Where is my ring of blades...


View Profile
April 19, 2018, 06:15:56 AM
 #4

Relevant reads:

I wouldn't say these are "relevant" because none of these incidents have anything to do with a "wallet", these are all exchange platforms for trading cryptocurrency not storing them.
a better example (which may not be as relevant either) would have been the blockchain.info incident where they were using random.org for their RNG which led to many users having the same private key when random.org change that specific webpage and that meant big fund loss. I say it is irrelevant because it is more like bug than a hack.

SuperD007
Member
**
Offline Offline

Activity: 280
Merit: 12

Treat People How You Would Like To Be Treated.


View Profile
April 19, 2018, 06:18:12 AM
 #5

Yep, this is a very real possibility. As the price of BTC goes up the chances of stuff like this happening would increase.

I'm sure by now, most people who have a fair amount of BTC know better than to store them on exchanges or any wallet that doesn't give you the private keys.

People need to adopt the same mentality as they do when it comes to protecting their physical assets. I mean would you leave a solid gold bar in the glove compartment of you car, assuming it's safe because your car is locked and it has an alarm system?  Nope, most sane people probably won't do that. Leaving your BTC in an exchange wallet or in a wallet that you dont have the private keys for is about as safe as the gold bar in the car example.  Grin
lzby2000
Full Member
***
Offline Offline

Activity: 380
Merit: 100



View Profile
April 19, 2018, 06:24:10 AM
 #6

This assumption is possible. I think that with the expansion of the digital currency community and the increase in prices, there are security factors in two places in the wallet and the exchange. Try not to use the new open purse service without open source. If you have a lot of bitcoins, you are also buying a hardware Wallet as soon as possible. This is the safest scheme.

--►Telegram --►Twitter
--►Ann Thread              PIPSCHAIN - HYBRID EXCHANGE
Bringing you fiat & crypto currency in one platform!     --►Whitepaper--► Website 
--►Medium
Sar elok
Jr. Member
*
Offline Offline

Activity: 182
Merit: 2


View Profile
April 19, 2018, 06:26:00 AM
 #7

Trust issues anybody?
I hope it will never become a reality. If they later it happened, I think it would be a crime of the century.
JoshJelly
Newbie
*
Offline Offline

Activity: 98
Merit: 0


View Profile
April 19, 2018, 06:29:19 AM
 #8

What a freaking and dangerous act that will ever happen. Million dollar worth if a creator/s assumes to hack all the bitcoin that was his/her sites carrying. Possibility? Yes ofcouse but hope so not happen.
followmenot
Sr. Member
****
Offline Offline

Activity: 537
Merit: 251


Streamity Decentralized cryptocurrency exchange


View Profile
April 19, 2018, 06:47:53 AM
 #9

Yeah shit may happen. I really don't understand how people easily believe online wallets and put their money. I generally love to save my bitcoins on wallet installed to my computer with backed up private keys on physical paper at home.

                ▄▄  ▄▄                
            ██  ▀▀  ▀▀   ██           
        ██                   ██
       
                ██  ██  ▄▄            
     ██    ██           ▀▀  ▄▄        
                  ███       ▀▀        
   ██    ██   ███      ███     ██     
                          ███         
  ██   ██   ██    ███ ███    ▄▄   ██  
               ███           ▀▀       
  ██   ██  ███           ███  ██   ██ 
                     ███              
    ▄▄  ██    ███ ███     ▄▄  ██   ██ 
    ▀▀    ▄▄              ▀▀          
      ▄▄  ▀▀          ███    ██   ██  
      ▀▀      ██  ███                 
         ██              ███    ███   
             ██  ██  ███              
       ██                    ██       
           ███  ▄▄▄  ▄▄  ███          
                ▀▀▀  ▀▀               
 
STREAMITY
 

 

  Twitter
Facebook
Instagram
  Telegram
LinkedIn
Medium
ivakar
Hero Member
*****
Offline Offline

Activity: 714
Merit: 506



View Profile
April 19, 2018, 07:51:21 AM
 #10

If you have some trust issues, then hardware wallet the only wallet you can trust, imho.
If we are speaking about software wallets, the open sourced one is a preferable, but there is a risk of a hat attack from hackers...

.
       ▄▄█████████▄▄
    ▄█████████████████▄      ██████████▄▄     ████▄      ▄████  ███████████▄▄   ████████████████     ▄▄███████▄▄
  ▄███████▀▀   ▀▀███████▄    █████████████▌    ████▄    ▄████   ██████████████  ████████████████   ▄█████████████▄
 ▄█████▀           ▀█████▄   ████    ▀█████     ████▄  ▄████    ████     ▀█████       ████        ████▀▀     ▀▀████
▄█████    ▄▄▄▄▄▄     █████▄  ████     ████▌      ████▄▄████     ████      █████       ████       ████▀         ▀████
▀▀▀▀▀    ████████▄▄▄▄██████▄▄████▄▄▄▄████▀        ████████      ████▄▄▄▄▄█████▀       ████       ████           ████
        ▐██████████████████████████████▄           ██████       █████████████▀        ████       ████           ████
▄▄▄▄▄    ████████▀▀▀▀██████▀▀████▀▀▀▀████           ████        ████▀▀▀▀▀▀▀           ████       ▀████         ████▀
▀█████    ▀▀▀▀▀▀     █████▀  ████     ████▄         ████        ████                  ████        ▀█████▄▄▄▄▄█████▀
 ▀█████▄           ▄█████▀   ████      █████        ████        ████                  ████          ▀███████████▀
  ▀███████▄▄   ▄▄███████▀    ▀▀▀▀       ▀▀▀▀▀       ▀▀▀▀        ▀▀▀▀                  ▀▀▀▀             ▀▀▀▀▀▀▀
    ▀█████████████████▀
       ▀▀█████████▀▀
      ▄██████████████████████████████████████████████████████████████▄
     ▐████▀▀▀▀▀▀▀▀▀▀▀███▀▀▀▀█████████▀▀▀▀▀▀█▀▀▀▀▀▀███████▀▀▀▀▀▀███████
     █████           ███    █████████      ██▄     █████     ▄████████
    ▐█████    ▄▄▄▄▄▄▄███    █████████▄    ▄███▄     ███     ▄████████▌
    ██████    ██████████    ██████████    █████▄     ▀     ▄█████████
   ▐██████    ██████████    ██████████    ███████         ██████████▌
   ███████           ███    ██████████    ████████       ███████████
  ▐███████           ███    ██████████    ██████▀         ▀████████▌
  ████████    ██████████    ██████████    █████▀     █     ▀███████
 ▐████████    ██████████            █      ███      ███      █████▌
 █████████    ██████████            █      █▀      █████      ▀███
▐████████████████████████████████████████████████████████████████▌
 ▀██████████████████████████████████████████████████████████████▀
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄████████████████▀▀█████▄
▄████████████▀▀▀░░░░██████▄
████████▀▀▀░░░▄▀░░░████████
█████▄░░░░░▄█▀░░░░░████████
████████▄░█▀░░░░░░█████████
▀████████▌▐░░░░░░░████████▀
▀████████░▄██▄░░████████▀
▀█████████████▄███████▀
▀█████████████████▀
▀▀█████████▀▀
▄▄█████████▄▄
▄█████████████████▄
▄████████░██░█████████▄
▄█████▀▀▀▀░▀▀░▀▀████████▄
▄███████▄░░░▄▄▄▄░░▀███████▄
█████████░░░████░░░████████
█████████░░░░░░░░░▀████████
█████████░░░████░░░░███████
▀███████▀░░░▀▀▀▀░░░▄██████▀
▀█████▄▄▄▄░▄▄░▄▄▄███████▀
▀████████░██░█████████▀
▀█████████████████▀
▀▀█████████▀▀
  .JOIN ICO..
April 15th
jseverson
Hero Member
*****
Offline Offline

Activity: 784
Merit: 646


View Profile
April 19, 2018, 09:16:58 AM
 #11

One thing to consider is that they can't "hack" you, if they don't get access to your private keys whether or not you use their software. There are plenty of tools that you can use to generate your private keys offline, and if you take special care that they're never exposed online, you're pretty much hack-free.

One easy example I can think of is an air-gapped PC with an Electrum wallet. You generate your keys offline, and make sure the PC doesn't ever go online again. Setting one up correctly means you're virtually hack-proof, except in cases where hackers have had physical contact with your device.

There are also open source projects, but other than that, yeah, you will have to trust developers.

mocacinno
Legendary
*
Offline Offline

Activity: 1400
Merit: 1251


https://unblur.ninja =>lightning network testsite


View Profile WWW
April 19, 2018, 09:24:03 AM
Merited by jseverson (1)
 #12

One thing to consider is that they can't "hack" you, if they don't get access to your private keys whether or not you use their software. There are plenty of tools that you can use to generate your private keys offline, and if you take special care that they're never exposed online, you're pretty much hack-free.

One easy example I can think of is an air-gapped PC with an Electrum wallet. You generate your keys offline, and make sure the PC doesn't ever go online again. Setting one up correctly means you're virtually hack-proof, except in cases where hackers have had physical contact with your device.

There are also open source projects, but other than that, yeah, you will have to trust developers.

Well, that's 99% true, but you're forgetting a botched RNG... If i would write a wallet that picks a random integer between 1 and 10000, then calculates the sha256() hash of this integer and uses this hash as a private key, it does not matter if my wallet's users use my wallet only in an airgapped scenario... The private keys they generate could only be one of the 10000 possibility's.

Even without using a GPU, it would only take me less than an hour to bruteforce all possible keys, calculate the public key, generate the address and check for unspent outputs funding this address...

Now, this is not the case for electrum, but it *could* be the case for other, closed source, wallets (you never know)...

mjglqw
Sr. Member
****
Offline Offline

Activity: 756
Merit: 427


⭐ https://coinsources.io/


View Profile WWW
April 19, 2018, 11:05:54 AM
 #13

Relevant reads:

I wouldn't say these are "relevant" because none of these incidents have anything to do with a "wallet", these are all exchange platforms for trading cryptocurrency not storing them.
a better example (which may not be as relevant either) would have been the blockchain.info incident where they were using random.org for their RNG which led to many users having the same private key when random.org change that specific webpage and that meant big fund loss. I say it is irrelevant because it is more like bug than a hack.

I totally get your point. I just think they're "relevant" enough due to exchanges like Bitfinex, Mtgox, etc and wallet services like coinbase, xapo, etc both sort of hold the private keys, instead of the wallet user.

hoamoclan
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
July 06, 2018, 09:45:20 AM
 #14

This is impossible. You should know what blockchain is before entering into this market.
jademacoy
Jr. Member
*
Offline Offline

Activity: 224
Merit: 8


View Profile
July 06, 2018, 09:56:23 AM
 #15

No digital wallet are having some block chains where in it is you only who can access your account. Event the team could not access your account and that you should trust on it. If not then basically no one will put their money in exchange to crypto to these digital wallet. How ever there are phishing sites that could scan the transactions online and could be able to phished out even your private key to your wallet so this is the problem for digital wallet especially to those who are not that establish digital wallet. ANyway we should wait for AL Finney's digital wallet whom he is working. I bet that one could be good.
jademaxsuy
Jr. Member
*
Offline Offline

Activity: 294
Merit: 5

"DOMINIUM - Decentralised property"


View Profile
July 06, 2018, 09:59:06 AM
 #16

IT could be possible but you can have an offline wallet where you can store your bitcoin. These could not be accessed by anybody even the team developer. And also they should not forget that they should maintain the credibility of the digital wallet being made by the team in fact they should do the opposite and that is to secure their digital wallet being made and earn more clients as to let them earn more also in a good way.

http://DOMINIUM.me
Decentralised, regulated, property financing, property listing and property management platform
NavI_027
Full Member
***
Offline Offline

Activity: 462
Merit: 111


View Profile
July 06, 2018, 10:28:40 AM
 #17

Actually the wallet I am using right now is online based but I'm not worried at all to be honest. Even though my private key is not in my hands, I'm still confident that they will not steal the money of all of its users simply because they don't want to be imprisoned and I'm very sure of that; they might face embezzlement or even estafa for doing such act. I don't know about the punishment for those violations but it was a tough one for sure and besides what's the point of stealing if in return you will lose more money (by not able to gain profits any longer) and have a miserable life Grin.

I know that the tendency of getting robbed by the company who runs the digital wallet we used is always there. To avoid this, make sure that the wallet you are will use is legal and trustworthy before investing in Smiley.

SetupMasternodes.com - Full Setup and VPS Masternode Management - Choose a masternode coin to get started in as little as 1 hour...
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!