What if digital-wallet creators hack users bitcoins?

[JoshKulot]

Trust issues anybody?

[1714770879]

1714770879

[1714770879]

1714770879

[1714770879]

1714770879

[1714770879]

1714770879

[mocacinno]

Trust issues anybody?

Well, this is a justifiable fear... I personally don't trust wallets that aren't open sourced... If you download a binary from an unknown company, they can potentially use a bad RNG, or have backdoors... Don't even get me started on online wallets, you have no controll over their sourcecode whatsoever (and usually, you don't have controll over your private keys either).
This is why it's important to only use wallets that are 100% open source and have been vetted by senior dev's. If a wallet's sourcecode has been read by dozens of developers, and nobody finds a backdoor or a flaw in the RNG, you can be reasonably sure your private keys are safe. But even then, bugs CAN always exist (look at electrum < v3).
This is why it's also important to check the signatures before using a wallet, or even better: compile the vetted sourcecode yourself

If you're really paranoid you can always use a dice to generate your private key offline

[mk4]

That's why you should stay away from wallets that don't give you access to your private keys, especially when you're holding big amounts of bitcoin or crypto in general. Even though some services like Coinbase are pretty secure, there's always a chance of them getting hacked as exchanges are always a hot target for hackers.

Don't let history repeat itself.
Relevant reads:

• Bitfinex hack: https://en.wikipedia.org/wiki/Bitfinex_hack
• The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster: https://www.wired.com/2014/03/bitcoin-exchange/
• BitGrail Cryptocurrency Exchange Claims $195 Million Lost to Hackers: http://fortune.com/2018/02/11/bitgrail-cryptocurrency-claims-hack/

[Pursuer]

Relevant reads:

• Bitfinex hack: https://en.wikipedia.org/wiki/Bitfinex_hack
• The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster: https://www.wired.com/2014/03/bitcoin-exchange/
• BitGrail Cryptocurrency Exchange Claims $195 Million Lost to Hackers: http://fortune.com/2018/02/11/bitgrail-cryptocurrency-claims-hack/

I wouldn't say these are "relevant" because none of these incidents have anything to do with a "wallet", these are all exchange platforms for trading cryptocurrency not storing them.
a better example (which may not be as relevant either) would have been the blockchain.info incident where they were using random.org for their RNG which led to many users having the same private key when random.org change that specific webpage and that meant big fund loss. I say it is irrelevant because it is more like bug than a hack.

[SuperD007]

Yep, this is a very real possibility. As the price of BTC goes up the chances of stuff like this happening would increase.

I'm sure by now, most people who have a fair amount of BTC know better than to store them on exchanges or any wallet that doesn't give you the private keys.

People need to adopt the same mentality as they do when it comes to protecting their physical assets. I mean would you leave a solid gold bar in the glove compartment of you car, assuming it's safe because your car is locked and it has an alarm system?  Nope, most sane people probably won't do that. Leaving your BTC in an exchange wallet or in a wallet that you dont have the private keys for is about as safe as the gold bar in the car example.  

[lzby2000]

This assumption is possible. I think that with the expansion of the digital currency community and the increase in prices, there are security factors in two places in the wallet and the exchange. Try not to use the new open purse service without open source. If you have a lot of bitcoins, you are also buying a hardware Wallet as soon as possible. This is the safest scheme.

[Sar elok]

Trust issues anybody?

I hope it will never become a reality. If they later it happened, I think it would be a crime of the century.

[JoshJelly]

What a freaking and dangerous act that will ever happen. Million dollar worth if a creator/s assumes to hack all the bitcoin that was his/her sites carrying. Possibility? Yes ofcouse but hope so not happen.

[followmenot]

Yeah shit may happen. I really don't understand how people easily believe online wallets and put their money. I generally love to save my bitcoins on wallet installed to my computer with backed up private keys on physical paper at home.

[ivakar]

If you have some trust issues, then hardware wallet the only wallet you can trust, imho.
If we are speaking about software wallets, the open sourced one is a preferable, but there is a risk of a hat attack from hackers...

[jseverson]

One thing to consider is that they can't "hack" you, if they don't get access to your private keys whether or not you use their software. There are plenty of tools that you can use to generate your private keys offline, and if you take special care that they're never exposed online, you're pretty much hack-free.

One easy example I can think of is an air-gapped PC with an Electrum wallet. You generate your keys offline, and make sure the PC doesn't ever go online again. Setting one up correctly means you're virtually hack-proof, except in cases where hackers have had physical contact with your device.

There are also open source projects, but other than that, yeah, you will have to trust developers.

[mocacinno]

One thing to consider is that they can't "hack" you, if they don't get access to your private keys whether or not you use their software. There are plenty of tools that you can use to generate your private keys offline, and if you take special care that they're never exposed online, you're pretty much hack-free.

One easy example I can think of is an air-gapped PC with an Electrum wallet. You generate your keys offline, and make sure the PC doesn't ever go online again. Setting one up correctly means you're virtually hack-proof, except in cases where hackers have had physical contact with your device.

There are also open source projects, but other than that, yeah, you will have to trust developers.

Well, that's 99% true, but you're forgetting a botched RNG... If i would write a wallet that picks a random integer between 1 and 10000, then calculates the sha256() hash of this integer and uses this hash as a private key, it does not matter if my wallet's users use my wallet only in an airgapped scenario... The private keys they generate could only be one of the 10000 possibility's.

Even without using a GPU, it would only take me less than an hour to bruteforce all possible keys, calculate the public key, generate the address and check for unspent outputs funding this address...

Now, this is not the case for electrum, but it *could* be the case for other, closed source, wallets (you never know)...

[mk4]

Relevant reads:

• Bitfinex hack: https://en.wikipedia.org/wiki/Bitfinex_hack
• The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster: https://www.wired.com/2014/03/bitcoin-exchange/
• BitGrail Cryptocurrency Exchange Claims $195 Million Lost to Hackers: http://fortune.com/2018/02/11/bitgrail-cryptocurrency-claims-hack/

I wouldn't say these are "relevant" because none of these incidents have anything to do with a "wallet", these are all exchange platforms for trading cryptocurrency not storing them.
a better example (which may not be as relevant either) would have been the blockchain.info incident where they were using random.org for their RNG which led to many users having the same private key when random.org change that specific webpage and that meant big fund loss. I say it is irrelevant because it is more like bug than a hack.

I totally get your point. I just think they're "relevant" enough due to exchanges like Bitfinex, Mtgox, etc and wallet services like coinbase, xapo, etc both sort of hold the private keys, instead of the wallet user.

[hoamoclan]

This is impossible. You should know what blockchain is before entering into this market.

[jademacoy]

No digital wallet are having some block chains where in it is you only who can access your account. Event the team could not access your account and that you should trust on it. If not then basically no one will put their money in exchange to crypto to these digital wallet. How ever there are phishing sites that could scan the transactions online and could be able to phished out even your private key to your wallet so this is the problem for digital wallet especially to those who are not that establish digital wallet. ANyway we should wait for AL Finney's digital wallet whom he is working. I bet that one could be good.

[jademaxsuy]

IT could be possible but you can have an offline wallet where you can store your bitcoin. These could not be accessed by anybody even the team developer. And also they should not forget that they should maintain the credibility of the digital wallet being made by the team in fact they should do the opposite and that is to secure their digital wallet being made and earn more clients as to let them earn more also in a good way.

[NavI_027]

Actually the wallet I am using right now is online based but I'm not worried at all to be honest. Even though my private key is not in my hands, I'm still confident that they will not steal the money of all of its users simply because they don't want to be imprisoned and I'm very sure of that; they might face embezzlement or even estafa for doing such act. I don't know about the punishment for those violations but it was a tough one for sure and besides what's the point of stealing if in return you will lose more money (by not able to gain profits any longer) and have a miserable life .

I know that the tendency of getting robbed by the company who runs the digital wallet we used is always there. To avoid this, make sure that the wallet you are will use is legal and trustworthy before investing in .