Can A Chrome app be a malwware and steal your private keys?

[dhru9]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?   

[Yogee]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    

There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so.

Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.

edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.

[TGD]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?   

We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.

I've been using Google drive to store my private key/recovery of my trezor for a very long time and so far my funds is untouchable.

[dhru9]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    

There is no need to answer that. You just have to understand that storing private keys online is a HUGE mistake. Avoid depositing to that wallet or immediately withdraw your funds in case you've already done so.

Buy a hardware wallet or use open-source non-custodial desktop or mobile wallets such as electrum. Store your seed phrase and private keys OFFLINE.

edit - I read your story about Trezor. I kind of get it now why you've chosen gmail but storing offline is still the best method. Maybe not under your bed.

I look for technical answer from security guy. Your answer is not what i am looking.  And I am a nomad in countries where robbery is common.
YES there is a reason to answer this.  !!  

[Question123]

Storing your private keys online is very risky because anytime possible that hacker will know it if they hack your device .

We are responsible for the security of our wallet just we make sure that we keep it safe from the hackers because they want to hack it to stole our coins .

You should write or keep your private key onlines or right it down so the hackers will never findout what is your private keys so they will not hack it and your funds is safe .

[witcher_sense]

I look for technical answer from security guy. Your answer is not what i am looking.  And I am a nomad in countries where robbery is common.
I live n the nature and the mountains.
 and it's definitely safer bet for me to have it on email in case of all my things robbed I will have another 3k in BTC.
So YES there is a reason to answer this.

It would be safer for you to hide your keys in the forest than trusting Google in keeping something valuable. Google Mail in no sense a secure place to store your keys. They have full access to the information you send and recieve in your emails, your keys will be stored as plaintext on their servers once you decide to put them in there. If there is a malicious admin at Google, for example, they can sweep all your private keys and you have no chance to prove you were robbed. Of course, you can encrypt your private keys before uploading them, but it requires you to store additional keys and still doesn't guarantee you are safe. Literally, it would mean you exhibit your personal information and wait for hackers to crack it for bounty.

[Leviathan.007]

When we are talking about security you should remember nothing is completely and 100% safe. Because there is always a way to steal your coins. But, regarding the question you asked, storing private keys online is a huge mistake no matter if you trust chrome or not. many people lost their coins saying 'my bitcoins are hacked' while bitcoin wallet was not hacked itself but the environment they used to store seeds/keys was not reliable. I would recommend you to use offline methods instead of trying any online services, including chrome. However, if you are using windows PC platform, the chrome apps won't have access to the passwords and keys unless you give them permission for that, the only way here is to bypass the user-side permission request.

[finaleshot2016]

Dude, it's a wrong move that you're putting private keys online. Imagine if all of your accounts got hacked by some anonymous hackers and they've noticed that there are private keys stored in Gmail, probably they will steal it. We can't say that it's safe because there are different ways of hijacking or hacking a specific account especially if hackers knew it stores valuable coins. The only thing you should do is be careful and don't disclose any information about where did you store your private keys.

We have same method of storing private key. LOL. Anything stored online can be hack and that's the cons of the cloud storage. But if we think about it, Everywhere we store it can be steal or destroy, It's either physically or virtually. So for safety precautions, Just encrypt your private key before you store it on Gmail if you really want to put it there.

Even putting encryption on private keys, it's gonna be easy to decrypt it especially when you're using free software for encryption.

[dothebeats]

I actually got this advice from a forum post in the internet and have actually used it ever since: always have an ounce of doubt on apps that came from unknown sources. If your app came from verified, reputable sources such as the App Store or Google Play Store (for mobiles) and verified websites for your PC apps, you're good to go. Then again, the issue here is not the app as you've mentioned that you're keeping your private keys on your email. You might want to take a look at the security of the passwords that you're using and whether or not you have other means to secure the account like two-factor authentication.

Any app created in this day and age can have the potential to be used against its user to snoop and collect data and inflict malware on your PC. Observing extra care when downloading apps online would be your first line of defense to ensure that you are not gladly taking in software that will harm you.

[milani]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?   

It is a pity, that you disregard the fact that every online app or service is not protected and too vulnerable for hack attacks. Of course you shoukd not keep your private information there - especially keys or passwords to wallets. You should remember this rule like your name or date of birth. Everything is good till nothing bad has happened. So it is better to to be safe than sorry about your lost assets.

[dhru9]

This forum useless no one answer I need.  I ask about random chrome extnetion abilities to read emails.

[barto123]

Malware is being written to find 12/24 words.

This is a terrible idea. Please level-up your security game.

Get a coldcard/seedplate & air gap that shit. Add some multi-sig or passphase too (aka 25th word)

There's going to be so many attacks on people who have this level of security.

Strive for the best security you can, Bitcoin is going to go up a lot - you definitely want to sort it out ASAP.

Also, CoinJoin/Lightning your BTC on TOR too using Wasabi. Privacy will only become more important as time goes on.

[Lucius]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?   

The only way for malware to read the information on your email is to have your email hacked. If you install malware that has the function of a keylogger (records everything you enter via the keyboard), then you will compromise your e-mail password, which will allow the hacker to access your e-mail and gain possession of all the information contained there. The way you store your private keys is definitely very risky, and you should consider at least encrypting sensitive information you store online.

Google Chrome is a very popular browser, which means that it is constantly targeted by hackers. Examples from the recent past testify to this.

https://www.cnet.com/news/google-gooligan-accounts-hacked-malware-trojan-horse-gmail-play-drive-photos-docs/
https://threatpost.com/500-malicious-chrome-extensions-millions/152918/
https://threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/

[DdmrDdmr]

<…>

In February of this year, Google has to remove around 500 Chrome extensions from the store. Many of them were Ad related, but others were malicious, and could redirect the traffic to a malware based site with phishing or rouge links to malware downloads.

A couple of months later, Google has to remove a batch of 49 Chrome extensions that were specifically targeting crypto wallets.

Chrome apps require you to give them certain permission to operate, but people tend to give them whatever they ask for without question. Consequently, it’s feasible for an extension to oversee your activity, log and resend information to a hacker.

See:
https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/
https://www.zdnet.com/article/exclusive-google-removes-49-chrome-extensions-caught-stealing-crypto-wallet-keys/

[blockman]

Yes, a chome app that contains malware can read or open your email. Delete it. Don't store your private keys into your gmail or another cloud service or provider. That's not a wise thing to do. And if you're a person that likes downloading extension apps to your browser, make sure that you know the source because they can contain malware which can access your entire personal computer. Just for your sake and private keys, it is best to store it and write it.

[Darkelf11]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?    

Why do you store your private keys in your gmail? First of all, aren't you aware that google have its own access with what we store in our google accounts? It is much better if you store it on a paper than storing it online which is obviously can be accessed by anyone. If you install from untrusted website it is possible that it contains malware that may access your private information like emails and passwords. Everything that is stored on your pc can be accessed by these malwares. I think it is a wrong move to store important information like that in an online platform like google mail.

[rodskee]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?   

never trust Online account to store any keys that has your cryptocurrencies because that is very prone to hacking mate,
Internet is an open place where experts can easily enters your accounts and find things that valuable to them without you even noticing this.

So much better to write it down in paper and leave in your room(of course in safe place and with no one knowing you are having those)
or put it in some place where no one will even know or expect that your keys are in there.

[bitbunnny]

I don't think that Chrome app itself can be malware but it can get infected with different types of malware. Private keys are very sensitive data and it's not recommended to be stored anywhere online, in any app or database that can be easily hacked or breached.
People very often go for solutions that are convenient for them but don't pay enough attention to security and that is why so many incidents happen.

[suzanne5223]

I store my privates keys in gmail is this possible that I installed a malware (chrome app) that can read it?   

Yes, there have been an issue of some on chrome webstores to be use for phishing attack and I want to understand that login your wallet on a connected computer have expose your wallet not to talk of saving your wallet private information in email or any online activities.
We have a high ranking user of this forum that once lost his holding doing the samething.

So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

[noorman0]

Malware can infiltrate your computer even if you are not a chrome user, including recording your activities when accessing Gmail using another browser. The threat of malware can also occur to Android users, where the virus attacks the Google account and remains active in a "background process".

I also remembered the problem of my yahoo mail account, where all old messages were deleted without notification. Although this has nothing to do with malware, it could happen to gmail.

In conclusion, storing PKs in Gmail is a bad choice and there is no reason to deny it.