Earn merit by telling us about the dangers in using 3rd party wallets.

[Jet Cash]

I need to give away some more merits, so I'm going to award merits to new and junior members who post in this thread about the dangers in using 3rd party wallets, and how you can minimise them. Don't copy previous posts, and don't plagiarise.

I've made this thread self-moderating, and I'll delete any references to bounties, airdrops or other spammy topics. This isn't a thread to push the benefits of any specific wallet either, so please keep topics to a general format.

[1713495644]

1713495644

[1713495644]

1713495644

[1713495644]

1713495644

[1713495644]

1713495644

[poptok1]

Certainly not a new member here but I think there will be no harm in bumping this topic.
My advice regarding the usage of third party wallets will be super simple, avoid android based devices as your main wallet.
I think that there is no need for a prove of how many malware applications this system is currently vulnerable to.
So, should anyone be worry about cell-malware? With a little bit of awareness, some basic anti-bugs tools on your phone and by your side, you can keep malware and other mobile threats at bay. Better safe than sorry so I would recommend not to install Bitcoin themed apps, such as price tickers, live charts, wallet monitors etc.

[Strufmbae]

Based on what i understand is that, third party wallet are web wallets, and web wallet is also an exchange wallet. and most of the time third party wallet is usuable and free.

But the danger i see is, there are local user,  who wants to access the wallet in public places like what do we call computer/cafe shop,( i'm not sure what that is but it's near to it. ) some users don't know that the information they log in can be seen through cookies. And most local users don't know how to use  incognito mode, they always leave history.  
 
The only way to minimize them is to use private networks or use incognito tab.  Sorry new to it.  

-----
Edit.

What you said  is what i want to say, you just made it clear.  Thanks.

~

[harryvnn]

The dangers in using 3rd party wallets:
+ Trusted: How you can trust a 3rd party wallet ? Are they legal ? Its not 100% of safety wallet from 3rd party. You shouldn't give all your money to other who is not legalize themself to community and public law.
+ Control: As a bank, your money will be control by them in their wallet not your wallet because you use their wallet so they also need an official wallet to store all token/coin.
+ Securitt: What happen if 3rd party wallet get hacked ? Are you sure they get hacked ? Or its what they say to you. Its hard to identify it.
+ Transparent: Normally, 3rd party wallet is created by private company, so it isn't allowed to public what is behind their wallet. You don't know its safe or not.

Minimise the dangers in using 3rd party wallets:
+ You should use 3rd party wallet that is created and built by community not a private company, so all code/data are public and show to everyone. You can contribute your knowledge to build wallet more safety and trusted.
+ Don't put all your coin/token in one place.

As a newbie, its what i know about using 3rd party wallets. But i wonder why people use 3rd party wallet when official wallet is available to everyone

[Jet Cash]

But the danger i see is, there are local user,  who wants to access the wallet in public places like what do we call computer/cafe shop,( i'm not sure what that is but it's near to it. ) some users don't know that the information they log in can be seen through cookies. And most local users don't know how to use  incognito mode, they always leave history.  
 
The only way to minimize them is to use private networks or use incognito tab.  Sorry new to it.  

I'm going to give you a merit for that. I think that the point you are making is that if you use public WiFi to access a 3rd party wallet, you should make sure you clear cookies, and you logout, and don't leave your password stored in a public computer.

I'd also add that you should log out if you go to the 'loo. Leaving the computer logged in to your account is the same as leaving your open wallet on the table.

@poptok1 I'm really trying to show new and junior members that they aren't ignored when it comes to awarding merits, but you make some valid points, so I gave you a merit as well.

[bitcoinmee]

I think using 3rd party wallet is like having a gatekeeper to your coins.
It is best to have total control of your asset than having a third party doing it for you.
The danger I can think is that the data you stored in third party can be hack and there's nothing that could protect you from that.  Many online wallets & app wallet are fakes it is dangerous especially for beginners.
Your wallet is like your own bank and you should have a total control over it

[CottonGuy]

As far as I know about it, third party wallets are centralized wallets. Most of them needs KYC for you to be able to withdraw/deposit certain amount. Since 3rd party wallets is an exchange as well,there's a higher risk that your hard earned crypto will go down the drain if the exchange is hacked. We all know that there are lots of money in an exchange so it is vulnerable to certain attacks and the possibility of them selling your personal information is also some risk that you'll encounter in using such wallets. There's also the risk of not being able to withdraw from your wallet if they've found out that the coins that you are using came from gambling sites. Really depends on the country where you live in if gambling online is illegal or not.   

[clover12]

Since this is the forum for beginners, maybe start by defining what a 3rd party wallet is...  

[RAMSHIVDEEPAK]

risk:

1.there is no transparency in using the third-party wallet.
2.High transaction fee,
3.they can know about your personal details (KYC REQUIREMENT), they can be misused,
4. If you secure wallet with Google Authenticator other, if you lost your phone, then difficult to recover the account.
5. Volatile to hack

suggestion...

1.keep your coins in the Pvt wallet or hard wallet,
2. Use the third party only for the trading time, trade and send to the pvt wallet,
3. Never use autosave password for login,

[PsylockReborn]

Your private key is stored online and you lose your money if the exchange/wallet is compromised. If you can't access your private key then the coins that you store in a 3rd party wallet is not your money. Worst case, they'll gonna declare bankruptcy and your funds will be gone in seconds.

[AdolfinWolf]

Your private key is stored online and you lose your money if the exchange/wallet is compromised. If you can't access your private key then the coins that you store in a 3rd party wallet is not your money. Worst case, they'll gonna declare bankruptcy and your funds will be gone in seconds.

Didn't knew Electrum stored my private key online  . (They don't, obviously.)

Also, isn't every bitcoin wallet a third-party wallet? (With the exemption of Bitcoin core maybe..)

I doubt many of us here have compiled/compile/code their own wallets.

[Cryptosandy1987]

1.3rd party wallet are vulnerable to being hacked,and at that time nobody take the responsibility and there is no proper reason,

2.your key is not only with you like Pvt wallet,it is also with exchange,so it is risky,

Way forward,

Use hard or paper' or Pvt wallet....

[vphasitha01]

I think if we choose a 3rd party wallet for storing cryptocurrency means we are giving away security liability for a 3rd party. Also centralized wallets are more desirable to hacking and can be theft whole funds by wallet provider itself. The best solution I believed is the enabling some system which requires multi - signature and two factor authorization for wallet transactions.

Btw "mitigation is better than adaptation" so I would rather go for cold storage wallets rather giving sole authority of my funds to any 3rd party wallet provider.

[napsterz]

First of all, thank you for this discussion and opportunity to earn merits.

I would like to start off with the definition of third party wallets. I see them as digital wallets that are created by developers who are not part of an official team of a project. Hope that brings us on the same page.

Now, the dangers of using such third party wallets that are created by a non-official team member is:

1) Data Leak

Given the recent personal data protection movement on EU GDPR, data is a very important asset nowadays. There have been many cases where personal data was misused and not properly handled, even to the extent of selling off for profit. So, when using a third party wallet, we need to be cautious what information we're actually providing to the developer. The worst case is when your password is being collected in plain text and given "voluntarily" to the developer. It may be used against you as a form of identity theft.

2) Misappropriation of funds

If you're dealing with large amount of digital money, you should most definitely choose to work with official wallets. Because third party wallets may not be who we thought they should be. What if our funds that are transferred to "our" third party wallets are re-directed to someone else's wallets. We don't know how it works behind the scenes unless the third party wallets are open-source, and we can audit the code somehow. If not, that's a risky move.

3) Compromised System

The worst that can happen is when the third party wallet is actually running some sort of malware that compromise your system and stealthily monitor your activity and every surfing habits including your digital login and transactions, then sending all that information to the developer or in this case, most likely a hacker.

There are lots of problems and risks involved when dealing with third party wallets. But, these are the three dangerous things that could ever happen to someone. Therefore, I suggest to minimise and mitigate such risks, it's better to use official wallets that the project team announced. At least, we know the team is going to take responsibility on what's going to happen.

Of course, as humans we always need to take one step further in ensuring our safety, if not who would bother helping us except ourselves? I always use a VPN whenever I'm connecting to the Internet. This protects my traffic data by encrypting it before sending out of my devices over the network. Certainly encryption can be decoded, but at least that adds another layer of protection that's better than sending plain data that attackers can sniff over a public network.

Hope it helps.

[Jet Cash]

Here are some of my opinions, and please correct me if I am wrong.

I consider anything other than a core wallet to be a 3rd party wallet.
Not all wallets offer exchange facilities.
Not all wallets are stored on the web, but obviously you will need web access to make and receive payments.
Some wallets store balances like a bank, and you don't own specific Bitcoin transactions with them.

[Retty]

Anyone using 3rd party wallets wants to be very careful indeed.

Cyber crime is getting more sophisticated by the day. Trying not to repeat the other guys on here by the way.

I seen something a while back about how theres HUNDREDS OF MILLIONS of people worldwide have downloaded supposedly friendly apps like Emoji keyboards and other 'cute' looking apps that we all think are harmless are just infact riddled with spyware/malware. This is just to spy on peoples everyday activities! so when Bitcoin rose in price this is effectively a cyber criminals lottery!

When some unsuspecting poor soul types in their most precious characters into their phone- the ones that hold the keys to their BTC/crypto- whoosh- keyloggers have grabbed your precious data and your Bitcoin sits on the proverbial lap of a cyber crook! Don't want to start an Android vs Iphone debate here...but Androids are more prone to this sort of thing! 

ANY crypto exchange you have funds on is essentially a 3rd party wallet and at risk of an attack, and although i'd expect an exchange like Binance to be Super-secure, if they were to lose everyones funds (worse case scenario) would you be getting reimbursed? Possibly- but I'm not so sure! On a smaller exchange i'd say its little to no chance.

I'd say this is one of the reasons a LOT of people are yet to dip their toe into the crypto waters, and perhaps one of the reasons i'd not be so sad to see some form of regulations come into place where the exchanges/wallets are held accountable. Until that happens crypto will be like the Wild West as criminals exploit the vulnerabilities.

I'd like to see multi layer security - way beyond 2FA. I think the first company/product who simplifies this and makes the UI super user friendly (for anyone with basic knowledge of tech) are in for a very bright future! 

[Avalonist]

Had a bad experience using Jaxx wallet on my iPhone.
First of all i didnt write down my secret phrase somewhere, cause didnt think
ill be using it constantly (yeah, i know how stupid i am). Specified it as one of the wallets on my GPU Farm pool.
After 2 months, when i had about 1 ETH on it, my phone was stolen.
Ive purchased a new one and installed a backup of previous phone with Jaxx wallet on it.
To my surprise backup didnt contain my wallet, so all my crypto was completely lost..
So, write down your secret phrase if you dont want to be on my place and dont rely on
phone backups

[Cashi]

Using 3rd party wallets seems to be secure at the first view but if you dig a bit deeper you will recognize more the technical thing about it.

The basics are about the blockchain. If you have Bitcoins they aren't stored "at your wallet". This is not possible, it's about the blockchain where everything ist saved. So it's only the way you access your Bitcoins at the blockchain. For getting access to your coins you need the public key and the private key. You can use different ways to do this, one of them is to use a 3rd party wallet. A 3rd party wallet means they held the private keys of you and if the 3rd party gets hacked, you will be affected. Most services offer a cold-storage wallet to secure this (private keys are held offline by the exchange) but after all you have to trust the 3rd party.

Another risk is to get phished, when you log in and if your account is compromised, the hacker can access your Bitcoins - you can't do anything.

It's better to use your own, private Bitcoin address, a 1st party wallet. Here only you know about your private keys. Keep them secure and don't tell anyone about it. Save them on a piece of paper and please don't store them at your computer, especially when you are online. A first party wallet can be a desktop wallet, a hardware wallet or a paper wallet. If you do no mistakes these options are very secure. For a long term-storage a 3rd party wallet is not recommended. Remember the hack of Mt.Gox. The best option is to use a 1st party wallet for this - be your own bank  

If you use a 3rd party wallet (like an exchange for trading (Binance) ord to buy Bitcoins (coinbase)) please keep the amount you held there as low as possible and send coins you don't need there to a 1st party wallet.

Another thing is about ICOs and if you participate in an ICO please don't use an ETH wallet you have no private keys from. You can only access your tokens if you have the private keys. If you use a 3rd party wallet you won't have access to your ICO token. The private keys are held by the exchange and the only possibility is to contact them to send your tokens to another wallet (what is very unlikely because of the cold storage). In 99% of all cases they won't do anything. For ICOs please avoid using a 3rd party wallet, where you won't have access to your private keys.

[DarkStar_]

My advice regarding the usage of third party wallets will be super simple, avoid android based devices as your main wallet.

I disagree. Android phones are cheap, and plentiful. If you're an Android user, chances are, you have a spare Android phone lying around somewhere (I currently have two alongside). You can fairly easily wipe it, and install Bither/Mycelium/BreadWallet/Your Android Wallet of choice and keep it as an offline/airgapped wallet. Yes, there are many malware applications, but I don't believe any are persistent, and you can keep the phone permanently offline.

[CryptoPowerL]

Many people use MEW to participate in the bounty. Everyone knows that there is a private-key for using the wallet. Since this topic is about security, I think it would be appropriate to show my article how to make an encrypted volume for storing important data: https://bitcointalk.org/index.php?topic=3361608.msg40745892