Bitcoin Forum
October 14, 2019, 10:21:34 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How popular cryptocurrency wallets completely expose your private keys  (Read 157 times)
yazher
Sr. Member
****
Offline Offline

Activity: 518
Merit: 277


CryptoTalk.Org - Get Paid for every Post!


View Profile
May 01, 2019, 10:55:34 AM
Merited by pawanjain (1), DdmrDdmr (1)
 #1

When I was searching the internet about things on how to protect your cryptocurrency assets. I landed on this video, he shows How popular cryptocurrency wallets completely expose your private keys. so know we really need to have extra care when using our crypto wallets on our computer. as he said it is important to use another computer for our crypto wallet different from the computer we used to surf the internet.







Quote
In this video I demonstrate how unsafe it is to run cryptocurrency wallets on vulnerable PCs. Simply by having the wallet running, your private key is exposed in plaintext and can be stolen by malware in a matter of seconds.

Although it is the responsibility of the user to keep their private keys secure, I think it is very unfortunate that developers don't take even basic security measures to prevent this from happening so easily.


Source:
https://youtu.be/VU3Zfrvsm8k

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org|
MAKE POSTS AND EARN BTC!
🏆
1571091694
Hero Member
*
Offline Offline

Posts: 1571091694

View Profile Personal Message (Offline)

Ignore
1571091694
Reply with quote  #2

1571091694
Report to moderator
1571091694
Hero Member
*
Offline Offline

Posts: 1571091694

View Profile Personal Message (Offline)

Ignore
1571091694
Reply with quote  #2

1571091694
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571091694
Hero Member
*
Offline Offline

Posts: 1571091694

View Profile Personal Message (Offline)

Ignore
1571091694
Reply with quote  #2

1571091694
Report to moderator
1571091694
Hero Member
*
Offline Offline

Posts: 1571091694

View Profile Personal Message (Offline)

Ignore
1571091694
Reply with quote  #2

1571091694
Report to moderator
1571091694
Hero Member
*
Offline Offline

Posts: 1571091694

View Profile Personal Message (Offline)

Ignore
1571091694
Reply with quote  #2

1571091694
Report to moderator
mjglqw
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 860


https://coinsources.io/bitcoin


View Profile WWW
May 01, 2019, 01:43:11 PM
 #2

Though I'm not sure if this is still the case with Exodus today, whereas the seed is actually in plaintext(was expecting a bit of encryption), take note that these types of wallets shouldn't be used for long-term storage in the first place, unless you definitely know what you're doing(with the usage of an air-gapped device). These wallets should be used only as hot wallets in the first place.

TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1557



View Profile
May 01, 2019, 01:47:47 PM
 #3

That was Exodus' answer to the video: Addressing Vulnerabilities with Software-Based Wallets

Basically, they didn't think this is a major issue and that "Exodus is only as secure as the computer it is running on" (thus, it's your job to keep your wallet secure). AFAIK, they didn't change anything after the video.

pawanjain
Sr. Member
****
Offline Offline

Activity: 1022
Merit: 278


★Bitvest.io★ Play Plinko or Invest!


View Profile
May 01, 2019, 02:41:40 PM
 #4

Thanks for sharing this info. I never knew that these wallets store the data (private key) in the memory and that such data can be retrieved from the memory so easily.
It's obvious that anybody who has access to the computer would then be easily able to hack in to the wallets. I am glad I don't use any wallets on my PC.
If the vulnerability is so severe how come there is no solution to it.



BIG WINNER!
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░▄███
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████
██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░
▀██░▄▄▄▄░████▄▄██▄░░░░
▄████████████▀▀▀▀▀▀▀██▄
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄
▀██░████████░███████░█▀
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████
▀████████████████████▀




Rainbot
Daily Quests
Faucet
gentlemand
Legendary
*
Offline Offline

Activity: 2156
Merit: 2024


Your dearest bum chum


View Profile
May 01, 2019, 03:30:26 PM
 #5

I do not understand why any person ever uses a PC to host a wallet. It does not make the slightest sense and I find it really weird that they're still considered a viable option. The only time I'd use a PC in that capacity is if it had its wifi card ripped out and was never hitting the internet ever again.

mjglqw
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 860


https://coinsources.io/bitcoin


View Profile WWW
May 01, 2019, 03:45:15 PM
 #6

I do not understand why any person ever uses a PC to host a wallet. It does not make the slightest sense and I find it really weird that they're still considered a viable option. The only time I'd use a PC in that capacity is if it had its wifi card ripped out and was never hitting the internet ever again.

From my experience based on people I know, it's 90% due to ignorance in terms of information security. One person I know's reason was "I have an antivirus so I am safe", while using his very outdated Windows 7 device. Yikes. For every person that I know that holds bitcoin, I had to school every. single. one. of them.

Bountyhonter
Jr. Member
*
Offline Offline

Activity: 350
Merit: 8


View Profile WWW
May 01, 2019, 08:22:10 PM
 #7

Most wallets store the private key on your device storage so asking them not to use such wallets means they only have the option of a hardware wallet or exchange wallet and storing your funds on an exchange wallet is even more dangerous and only people with very huge funds would want to go for the hardware wallet.
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1564



View Profile WWW
May 01, 2019, 10:20:42 PM
 #8

This is quite old already.

Exodus is not a wallet which is very security-orientated. And neither is jaxx.



[...] only people with very huge funds would want to go for the hardware wallet.

Anyone who can afford it should go for a hardware wallet.
They cost around 60$. That's not too much considering the security and convenience it combines.

If you have BTC worth 200$+, i would spend 60 of them for a hardware wallet.
Better have 120$ worth of BTC protected, than risking losing all 200$ equivalent of BTC.

gentlemand
Legendary
*
Offline Offline

Activity: 2156
Merit: 2024


Your dearest bum chum


View Profile
May 01, 2019, 10:33:42 PM
Last edit: May 01, 2019, 11:15:03 PM by gentlemand
 #9

Most wallets store the private key on your device storage so asking them not to use such wallets means they only have the option of a hardware wallet or exchange wallet and storing your funds on an exchange wallet is even more dangerous and only people with very huge funds would want to go for the hardware wallet.

What of phones? They're nowhere near as secure as a hardware wallet obviously but they're not the gaping open door a PC is. I don't think I've ever read on here anyone who had one of the decent phone wallets hacked remotely.

pooya87
Legendary
*
Offline Offline

Activity: 1792
Merit: 1966


Remember tonight for it's the beginning of forever


View Profile
May 02, 2019, 04:44:45 AM
 #10

What of phones? They're nowhere near as secure as a hardware wallet obviously but they're not the gaping open door a PC is. I don't think I've ever read on here anyone who had one of the decent phone wallets hacked remotely.

that doesn't make them any safer though. for example the most common case these days specially with a popular wallet such as Electrum is people downloading a fake version from somewhere else and losing their coins after installing that malicious software. that can easily happen for "phone wallets" too!
the difference is that people don't usually use phone wallets in first place and if they do, they don't store that much on them. so the "potential victim count" is much smaller so hackers prefer to spend their time target the larger audience hence more PC related attacks.

coinlocket$
Hero Member
*****
Online Online

Activity: 700
Merit: 1105


One of the world's leading Bitcoin-powered casinos


View Profile WWW
May 02, 2019, 08:20:58 PM
 #11

This can be shocking but hey is you job to keep you keys on a safe place and if the PC you using is not safe than is your fault if they steal your coins.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!