Bitcoin Forum
March 29, 2024, 04:58:58 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Which wallets are the safest and what can go wrong?  (Read 454 times)
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
December 09, 2021, 11:13:25 AM
 #21

Basically everything you can imagine (and more) can go wrong.

Without any further information (e.g. what you define as "safe"), no one will be able to give you some useful advice for a specific software/hardware.
There are lots of attack vectors, it depends on which of them apply to you. Based on this, there are good and bad decisions for your case.

Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.

1711688338
Hero Member
*
Offline Offline

Posts: 1711688338

View Profile Personal Message (Offline)

Ignore
1711688338
Reply with quote  #2

1711688338
Report to moderator
1711688338
Hero Member
*
Offline Offline

Posts: 1711688338

View Profile Personal Message (Offline)

Ignore
1711688338
Reply with quote  #2

1711688338
Report to moderator
1711688338
Hero Member
*
Offline Offline

Posts: 1711688338

View Profile Personal Message (Offline)

Ignore
1711688338
Reply with quote  #2

1711688338
Report to moderator
"With e-currency based on cryptographic proof, without the need to trust a third party middleman, money can be secure and transactions effortless." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711688338
Hero Member
*
Offline Offline

Posts: 1711688338

View Profile Personal Message (Offline)

Ignore
1711688338
Reply with quote  #2

1711688338
Report to moderator
1711688338
Hero Member
*
Offline Offline

Posts: 1711688338

View Profile Personal Message (Offline)

Ignore
1711688338
Reply with quote  #2

1711688338
Report to moderator
1711688338
Hero Member
*
Offline Offline

Posts: 1711688338

View Profile Personal Message (Offline)

Ignore
1711688338
Reply with quote  #2

1711688338
Report to moderator
n0nce
Hero Member
*****
Offline Offline

Activity: 868
Merit: 5808


not your keys, not your coins!


View Profile WWW
December 12, 2021, 12:52:23 AM
Merited by Pmalek (2)
 #22

Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.
Agree with point 1, but point 2 is confusing.
A good hardware wallet is meant to reduce the need of trust in the OS and physical security of the device. So in my opinion, the safest wallets' security should not depend on the system it is running on / the building it is placed in.

That's their entire point: you stick that thing into an infected machine? Software can't do anything without you confirming a receiving address on the wallet's screen & entering some sort of passphrase. Someone breaks into your house or steals it from your bag? Can't do anything without passcode & reading out the memory isn't possible either.

Not all hardware wallets fulfill these requirements (e.g. ones without secure element can be read out), but any falling under the safest category should and do exist.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
December 13, 2021, 12:39:02 PM
 #23

Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.
Agree with point 1, but point 2 is confusing.
A good hardware wallet is meant to reduce the need of trust in the OS and physical security of the device. So in my opinion, the safest wallets' security should not depend on the system it is running on / the building it is placed in.

That's their entire point: you stick that thing into an infected machine? Software can't do anything without you confirming a receiving address on the wallet's screen & entering some sort of passphrase. Someone breaks into your house or steals it from your bag? Can't do anything without passcode & reading out the memory isn't possible either.

Not all hardware wallets fulfill these requirements (e.g. ones without secure element can be read out), but any falling under the safest category should and do exist.

A hardware wallet is not running on your computer. The sensitive data is only handled within the secure element (speaking about hardware wallets which actually have such a security mechanism).
Therefore the 2nd point still applies. It is a concept applying to every software/hardware.

Just because you use your PC to communicate with your hardware wallet, the keys are not handled by the PC. The crucial system here is the hardware wallet. I could have made that clearer.


A hardware wallet can be only as secure as the hardware is (e.g. vulnerabilities in the MCU or SE).
The same applies to a software wallet, taking hardware, software, network connectivity etc. into account.

n0nce
Hero Member
*****
Offline Offline

Activity: 868
Merit: 5808


not your keys, not your coins!


View Profile WWW
December 18, 2021, 03:59:45 AM
Merited by Pmalek (1)
 #24

Just because you use your PC to communicate with your hardware wallet, the keys are not handled by the PC. The crucial system here is the hardware wallet. I could have made that clearer.


A hardware wallet can be only as secure as the hardware is (e.g. vulnerabilities in the MCU or SE).
The same applies to a software wallet, taking hardware, software, network connectivity etc. into account.
Oh right, sorry, I thought you were trying to say 'Your wallet can only be as secure as the system it is running on [== the OS / computer used with it] / the building it is placed in.'

The way you put it now basically says 'Your wallet can only be as secure as the hardware & software it is directly running on'.
That's not even 100% correct, since you could have an infected device, but it's using heavy sandboxing and the virus can't reach the 'wallet sandbox' or something like that. But in most cases, I'd agree.

The cool thing about hardware wallets is that they're not powered on neither connected to networks constantly; thus even if we assumed the same 'system security' as your daily driver laptop, the attack success probability would be lower since the time windows during which attacks are possible, are shorter. Also these devices don't run third party software, unlike Windows PCs where many programs run as root ('admin') or other desktop OSes where 3rd party software simply runs on them directly (privileged or not); thus reducing the overall 'underlying system security' as well. This means exploits for attacking hardware wallets need to be more elaborate to bridge the 'device-device gap'.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
ibuddy122505
Sr. Member
****
Offline Offline

Activity: 1112
Merit: 261


View Profile WWW
December 18, 2021, 04:31:43 AM
 #25

I don't want to direct my criticism at any particular wallet. Despite all the protection you have, your wallet could be compromised. Whether or not you are negligent, we may fall victim to phishing. However, it appears that most of us used ETH tokens, where a Ledger setup with Metamask would be standard. Is there a universal (safe) wallet solution? This depends on your needs. It is common for web wallets to be breached, resulting in the loss of all contents. This is why a cold storage solution like those described above is needed. Maybe we need cold storage?
Pmalek
Legendary
*
Offline Offline

Activity: 2716
Merit: 7031


Farewell, Leo. You will be missed!


View Profile
December 18, 2021, 09:18:27 AM
 #26

The way you put it now basically says 'Your wallet can only be as secure as the hardware & software it is directly running on'.
That's not even 100% correct, since you could have an infected device, but it's using heavy sandboxing and the virus can't reach the 'wallet sandbox' or something like that.
Anti-sandbox and Anti-VM types of malware and password stealers have been around for years. I remember seeing them back in the days of pirated and warez software. Even then it was possible for certain malware to detect that a system is using a sandbox or virtual machine and break through its defenses to perform any kind of attack it was designed to perform. I wouldn't rely on a sandbox as an ultimate way of protection. Being careful and not opening and executing programs and scripts on your end is still the best protection.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Wind_FURY
Legendary
*
Offline Offline

Activity: 2870
Merit: 1799



View Profile
December 21, 2021, 08:22:25 AM
 #27

OP, for my hot wallet I have only used Electrum for my PC/laptop that both run Linux, and BlueWallet for my mobile phone.

Has anyone used HexaWallet, https://hexawallet.io/

A friend discovered it while looking for the most appropriate wallet for accepting donations.

██████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
██████████████████████
.SHUFFLE.COM..███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
████████████████████
██████████████████████
████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
██████████████████████
██████████████████████
██████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
.
...Next Generation Crypto Casino...
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
December 21, 2021, 09:17:30 AM
Merited by ABCbits (1)
 #28

Has anyone used HexaWallet, https://hexawallet.io/

A friend discovered it while looking for the most appropriate wallet for accepting donations.
I've never heard of it, but their website throws off a bunch of red flags immediately.

They don't use a seed phrase back up, but instead back up the wallet on the cloud. Big security risk.
Level 2 back up redirects you to a paper on using Shamir's secret sharing (which is immediately a bad idea: https://en.bitcoin.it/wiki/Shamir_Secret_Snakeoil), but it then goes on to suggest storing your shares on email addresses and cloud servers. Again, big security risk.
I can't find much information on how you would recover your wallet or extract your private keys should Hexa disappear or their servers go offline.

It seems a lot of their security also relies on answers to security questions, which in many cases are easy to guess, work out, or socially engineer by looking at someone's social media profiles.
dkbit98
Legendary
*
Offline Offline

Activity: 2184
Merit: 7020


SATOCHIP.io


View Profile WWW
December 21, 2021, 01:39:49 PM
 #29

I've never heard of it, but their website throws off a bunch of red flags immediately.
They are no-custodial wallet, but they use Amazon and Google Cloud Platform for their node and relay servers, and I wouldn't recommend this wallet to anyone.
Hexa team is not looking like that great and apps have only few installs and mixed reviews on App Store and Google play.
Looks like they are somehow connected with Swan Bitcoin, that is much more famous and advertised by Max Keiser all the time.

I can't find much information on how you would recover your wallet or extract your private keys should Hexa disappear or their servers go offline.
It's not like regular wallet recovery for sure, but they tried to implement some splitting scheme.
They have system of encrypted recovery keys that are split parts of seed words in five recovery keys, and you can gain access to your funds if you have any 3 recovery keys.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
December 21, 2021, 03:26:13 PM
Merited by ABCbits (1)
 #30

Looks like they are somehow connected with Swan Bitcoin, that is much more famous and advertised by Max Keiser all the time.
They list the CEO of SwanBitcoin as one of their team members.

They have system of encrypted recovery keys that are split parts of seed words in five recovery keys, and you can gain access to your funds if you have any 3 recovery keys.
The problem is that the paper they link to on their website regarding this back up system - https://hexawallet.io/wp-content/uploads/2019/07/Hexa-Wallet-Backup-Scheme-SSS-WP_-1.0.pdf - makes no mention whatsoever of how they are actually splitting up your back up and encoding the various shares. Every SSS implementation is different, and so without the knowledge of how they created the shares then you will be unable to recombine them and recover your coins. They say they will release an open source tool to allow users to recombine their shares, but I can find no links to this tool in this paper or on their website, and I can find no mention of this tool on their GitHub. That leaves you with the option ETFbitcoin gave above of trying to reverse engineer their process and writing your own code to recover your coins, which is not a possibility for the vast majority of users.

Not to mention they suggest storing your shares on your email or cloud storage, which is just plain bad advice.
Kakmakr
Legendary
*
Offline Offline

Activity: 3402
Merit: 1944

This space is availlable for advertising


View Profile
March 09, 2022, 11:24:19 AM
 #31

These are some of your contenders for safe wallets. https://www.cnet.com/personal-finance/crypto/the-best-bitcoin-and-crypto-wallets/ but as most Crypto currency enthusiast would say, your wallet is just as safe as you can secure your Private keys and/or Seed words.

You can buy a hardware wallet and it will be one of the safest wallets you will ever have, but if those Seed words for the recovery are not stored in a secure place.... it will be useless. (People will simply take that and restore the wallet onto say Electrum and your coins will be gone)

Also.... do not write down your password for the hardware wallet on a piece of paper and then store those together.  Roll Eyes

Signature space availlable -Just DM me if you need some advertising.
fasttimes
Newbie
*
Offline Offline

Activity: 24
Merit: 21


View Profile
March 09, 2022, 09:33:25 PM
Merited by o_e_l_e_o (4)
 #32

goal is to have deep cold storage and then use a software wallet (via phone) to accumulate more btc over time. as the amount builds up, send that to cold storage. then one day be able to access btc from cold storage (myself or other family).

is it possible to

1) load bitcoin core on a laptop not connected to the internet
2) create a new wallet for cold storage
3) remove the dat file or at lease the private key (make it a "watch only" type wallet)
4) get public key/address in order to send btc from software wallet
5) connect laptop to internet and DL blockchain/run node, monitor wallet balance

then if i need to move funds from that cold wallet, have another laptop that is not connected to the internet reinsert private key and move funds.

i know i must be missing something, but the hardware wallet/ multi sig stuff makes a semi complex procedure more complex, imo.
nc50lc
Legendary
*
Online Online

Activity: 2366
Merit: 5429


Self-proclaimed Genius


View Profile
March 10, 2022, 01:07:51 PM
Merited by o_e_l_e_o (4), fasttimes (1)
 #33

is it possible to

1) load bitcoin core on a laptop not connected to the internet
2) create a new wallet for cold storage
Yes.

Quote from: fasttimes
3) remove the dat file or at lease the private key (make it a "watch only" type wallet)
You can remove the wallet.dat from the data directory but not individual private keys from the wallet.

Quote from: fasttimes
4) get public key/address in order to send btc from software wallet
5) connect laptop to internet and DL blockchain/run node, monitor wallet balance
Yes, it is possible to create a watching-only wallet consisting of address(es) in Bitcoin Core.
All you have to do is to create a "blank wallet" (with "disable private key" option) then import the cold-storage's address using the command: importaddress

then if i need to move funds from that cold wallet, have another laptop that is not connected to the internet reinsert private key and move funds.
You should use that laptop in the first place when creating the cold-storage wallet.
Then use the other online laptop for the watching-only wallet.

If Bitcoin Core isn't a requirement, try Electrum cold storage setup: https://electrum.readthedocs.io/en/latest/coldstorage.html
If it is, try Armory (it uses Bitcoin Core in the background):  https://www.bitcoinarmory.com/cold-storage/ (old site | refer to the link in the main page for the latest url)

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
fasttimes
Newbie
*
Offline Offline

Activity: 24
Merit: 21


View Profile
March 11, 2022, 02:36:38 AM
 #34

is the only reason to use something other than bitcoin core to create a wallet to set up multi-sig?

im looking at a seedsigner and they recommend sparrow or specter desktop wallet. is it just "easier" to create a watch-only wallet with those?

im trying to understand better why someone would want to use something other than btc core for cold storage wallet set up and have to work with two different programs instead of one?

i want to make the best decision for my use but its hard to understand all the use case to determine that. appreciate you alls responses.
nc50lc
Legendary
*
Online Online

Activity: 2366
Merit: 5429


Self-proclaimed Genius


View Profile
March 11, 2022, 04:29:40 AM
Merited by fasttimes (1)
 #35

is the only reason to use something other than bitcoin core to create a wallet to set up multi-sig?
-snip-
im trying to understand better why someone would want to use something other than btc core for cold storage wallet set up and have to work with two different programs instead of one?
No, it's not a MultiSig wallet.
It's a standard single-sig, the online machine doesn't contain private keys, only the offline machine.
The goal is to isolate the private keys from online environment even when spending the funds.

In your case, you can just delete the offline laptop's wallet later since you won't be spending the funds for long
and use only the online watch-only wallet to receive funds and monitor the balance.
When you need to spend it, restore the offline wallet on the offline laptop to sign the transaction that you'll create using the online laptop.

im looking at a seedsigner and they recommend sparrow or specter desktop wallet. is it just "easier" to create a watch-only wallet with those?
I can't tell, used neither of those wallets.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
fasttimes
Newbie
*
Offline Offline

Activity: 24
Merit: 21


View Profile
March 11, 2022, 02:03:10 PM
Last edit: March 12, 2022, 03:50:20 AM by Mr. Big
 #36

is the only reason to use something other than bitcoin core to create a wallet to set up multi-sig?
-snip-
im trying to understand better why someone would want to use something other than btc core for cold storage wallet set up and have to work with two different programs instead of one?
No, it's not a MultiSig wallet.
It's a standard single-sig, the online machine doesn't contain private keys, only the offline machine.
The goal is to isolate the private keys from online environment even when spending the funds.

In your case, you can just delete the offline laptop's wallet later since you won't be spending the funds for long
and use only the online watch-only wallet to receive funds and monitor the balance.
When you need to spend it, restore the offline wallet on the offline laptop to sign the transaction that you'll create using the online laptop.

im looking at a seedsigner and they recommend sparrow or specter desktop wallet. is it just "easier" to create a watch-only wallet with those?
I can't tell, used neither of those wallets.

thank you



is it possible to tell from an xpub if a wallet is single sig or multi sig?
n0nce
Hero Member
*****
Offline Offline

Activity: 868
Merit: 5808


not your keys, not your coins!


View Profile WWW
March 11, 2022, 03:34:00 PM
 #37

The way you put it now basically says 'Your wallet can only be as secure as the hardware & software it is directly running on'.
That's not even 100% correct, since you could have an infected device, but it's using heavy sandboxing and the virus can't reach the 'wallet sandbox' or something like that.
Anti-sandbox and Anti-VM types of malware and password stealers have been around for years. I remember seeing them back in the days of pirated and warez software. Even then it was possible for certain malware to detect that a system is using a sandbox or virtual machine and break through its defenses to perform any kind of attack it was designed to perform. I wouldn't rely on a sandbox as an ultimate way of protection. Being careful and not opening and executing programs and scripts on your end is still the best protection.
That's true; I was slightly hinting at mobile malware, where the sandbox that individual apps run in is deeply embedded into the OS and such sandbox escapes are much harder than what we know from 'warez times' where VM escapes were a feature of many viruses. Of course, it's still possible today though, but can be pretty hard depending on the platform used.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BlackHatCoiner
Legendary
*
Online Online

Activity: 1470
Merit: 7064


Farewell, Leo


View Profile
March 11, 2022, 03:47:10 PM
 #38

is it possible to tell from an xpub if a wallet is single sig or multi sig?
No. An xpub is only used to derive public keys. You can use several xpub keys to form a hierarchical deterministic multi-sig wallet, just as you can with multiple public keys (but one address). Their existence alone doesn't reveal they come from a multi-sig or single-sig wallet.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18497


View Profile
March 12, 2022, 09:18:08 AM
Merited by BlackHatCoiner (1)
 #39

is it possible to tell from an xpub if a wallet is single sig or multi sig?
No. An xpub is only used to derive public keys. You can use several xpub keys to form a hierarchical deterministic multi-sig wallet, just as you can with multiple public keys (but one address). Their existence alone doesn't reveal they come from a multi-sig or single-sig wallet.
While you are correct in saying that an xpub can be used to create single-sig or multi-sig wallets and you can't tell what it was used for, note that this is only the case for legacy multi-sig. If you use nested segwit, then your master public key will generally be ypub for P2WPKH nested in P2SH but Ypub for multi-sig nested in P2SH, and for native segwit will be zpub for P2WPKH and Zpub for P2WSH.

You can see the different prefixes in SLIP 132: https://github.com/satoshilabs/slips/blob/master/slip-0132.md#registered-hd-version-bytes
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!