Bitcoin Forum
November 16, 2024, 06:53:00 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Open source wallet and closed source wallet discussion  (Read 599 times)
Tamedbeast (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 8


View Profile
September 26, 2022, 05:26:06 PM
 #1

We all appreciate open source wallets, they are the best around but have we ever thought that being closed source is security? If Binance Trust wallet could be a closed source maybe they did this because they don't want malicious people to find out how they run things which could make their wallet become a target?

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?

open source says > see this is how we run things, we are transparent and we have nothing to hide

Closed source says > we don't want you to see how we run the codes, you can target us or something
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3668
Merit: 6451



View Profile
September 26, 2022, 05:31:05 PM
Last edit: September 26, 2022, 05:42:12 PM by OmegaStarScream
Merited by hugeblack (4), pooya87 (2), ABCbits (1), Pmalek (1), DdmrDdmr (1), dkbit98 (1)
 #2

We all appreciate open source wallets, they are the best around but have we ever thought that being closed source is security?

There should be nothing (serious).to target if everything is stored on the user's device locally. If I remember correctly, they were afraid people would create similar copies of the wallet (same design) and add malicious code to it...which by the way, is something that scammers still do.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
September 26, 2022, 06:01:58 PM
Merited by hugeblack (4), pooya87 (2), ABCbits (1)
 #3

There should be nothing (serious).to target if everything is stored on the user's device locally. If I remember correctly, they were afraid people would create similar copies of the wallet (same design) and add malicious code to it...which by the way, is something that scammers still do.
Exactly, and they could even turn out to be very shady like Safepal hardware wallet that is closed source but they still used bunch of open source code and they breached original license they used.
Both of this wallets (safepal and trust wallet) are supported by binance exchange, so you can understand why I don't trust both of them with their lame excuses.
I am sure they didn't built anything from scratch, they cloned and forked other code, made few changes and than made it closed source so they could hide all the bugs in code from public.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DireWolfM14
Copper Member
Legendary
*
Offline Offline

Activity: 2352
Merit: 4583


Join the world-leading crypto sportsbook NOW!


View Profile WWW
September 26, 2022, 06:04:26 PM
Merited by hugeblack (4), Pmalek (1)
 #4

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?

It might make things harder on scammers, but if they're determined enough that's just a small obstacle.  Many malicious wallets aren't even that sophisticated, and in large part they don't need to be.  In some cases they only need to look like the original, and obviously the code is going to differ somewhat for the scam to occur.

On the other hand, of course, is the trust issue:  How do we know that a rogue employee doesn't imbed some malicious code into Binance's wallet?  Without being open-source, verifiable, and reproduceable by the general public something like that may months before it's caught.

Open source is especially critical in the crypto world, where we are expected to operate without the need to trust anyone.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1708
Merit: 8343


Fiatheist


View Profile WWW
September 26, 2022, 07:30:14 PM
Merited by hugeblack (4), pooya87 (2), ABCbits (2), Pmalek (1)
 #5

That's a fallacy.

Closed-source software is nowhere close to better than reputable open-source software in terms of security. Being open-source doesn't mean more vulnerable than closed-source. Most attacks, from dynamic which work as a black-box (push inputs, observe outputs) to static which use pattern matches against binaries require no source code. Even if source code is necessary for an attacker, they can use disassemblers to reverse engineer part of the source code they want.

All in all, even if the entire source code is required, and the attacker can't reverse engineer the entire thing, revealing the source code, if reputable, can attract more defenders than attackers. If the software is not open-source, there can't be defenders. Only the centralized entity of developers that are responsible for it.

So, if somebody ever tells you this:
we don't want you to see how we run the codes, you can target us or something

You should respond them that if they rely on closed-sourceness for their security, they are benighted. And that's before we even mention that I'm not indulged to trust a random developer's coding skills and intentions.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
vv181
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
September 26, 2022, 08:24:59 PM
 #6

A closed-source wallet does more harm than good on many levels. Being a free and open source wallet invites those who can comprehend the code and the ones who are interested in the wallet itself, to collectively monitor how the codebase behaves. It gives them more eyes, rather than a fixated number of people that work on the closed source wallet, whose solely controlled by a centralized entity. It gives complete freedom to the users, in which it does not make sense if the underlying system(Bitcoin) itself is free and open-sourced.

And I bet a closed source wallet adds an unnecessary burden of a closed system where it is also designed for surveillance/tracking in mind. How can we be sure that the wallet key generation process is secure? What we do within the application isn't being tracked identifiably? or simply we just don't want the generated address being "processed" as what Trust Wallet does[1].

If we take an example of the recent aftermath of closed source Slope Wallet hacks, it is not so conceivable. It seems closed source wallets add their own unnecessary complexities and even the true root causes of the vulnerability can't be conclusively identified, after conducting an audit with 2 security firms.

[1] https://trustwallet.com/privacy-policy

sheenshane
Legendary
*
Offline Offline

Activity: 2506
Merit: 1232



View Profile WWW
September 26, 2022, 11:26:50 PM
 #7

open source says > see this is how we run things, we are transparent and we have nothing to hide
This is how decentralized works on open-source coding, you can even follow the developer's progress which means the code itself can be checked by anyone who wanted to know the progress.  So there is more advantage to open-source than the close source wallet.  The reliability, security, and decentralization were open-source.

However, closed-source reduced the increase of imitators wallet or exchange but this isn't a problem if you know how to verify the legitimate one.

█████████████████████████████████
████████▀▀█▀▀█▀▀█▀▀▀▀▀▀▀▀████████
████████▄▄█▄▄█▄▄██████████▀██████
█████░░█░░█░░█░░████████████▀████
██▀▀█▀▀█▀▀█▀▀█▀▀██████████████▀██
██▄▄█▄▄█▄▄█▄▄█▄▄█▄▄▄▄▄▄██████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀███████████████████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀██████████▄▄▄██████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
 Crypto Marketing Agency
By AB de Royse

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████████████████████████████████████████████████████████████████████████████████████████████████
WIN $50 FREE RAFFLE
Community Giveaway

██████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████
██
██████████████████████
██████████████████▀▀████
██████████████▀▀░░░░████
██████████▀▀░░░▄▀░░▐████
██████▀▀░░░░▄█▀░░░░█████
████▄▄░░░▄██▀░░░░░▐█████
████████░█▀░░░░░░░██████
████████▌▐░░▄░░░░▐██████
█████████░▄███▄░░███████
████████████████████████
████████████████████████
████████████████████████
pooya87
Legendary
*
Offline Offline

Activity: 3640
Merit: 11039


Crypto Swap Exchange


View Profile
September 27, 2022, 04:06:47 AM
 #8

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?
The answer is pretty simple the most popular projects are open source and they are very secure. From Linux to bitcoin core and Electrum. Everyone sees "how things are run" and they are still secure.

In some cases they only need to look like the original, and obviously the code is going to differ somewhat for the scam to occur.
They actually don't need to look like the original at all. All they need is the name.
Think about their target victims. They are either people who have never used the software before so they already don't know how it looks like. Or they are people who want to upgrade to a newer version, in which case all the malicious software has to do is to tell them "it's a new version where UI was changed!".

Besides it is trivial to look at the UI and create something that looks similar.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
mindrust
Legendary
*
Offline Offline

Activity: 3444
Merit: 2539



View Profile WWW
September 27, 2022, 04:22:03 AM
 #9

We all appreciate open source wallets, they are the best around but have we ever thought that being closed source is security? If Binance Trust wallet could be a closed source maybe they did this because they don't want malicious people to find out how they run things which could make their wallet become a target?

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?

open source says > see this is how we run things, we are transparent and we have nothing to hide

Closed source says > we don't want you to see how we run the codes, you can target us or something

You can get scammed by either of them if you are not careful with what you are doing. However, opensource will act like a safety belt in most situations preventing the dev from doing silly stuff. With the closedsource wallets, you simply have no idea what is going on behind the scenes and this is China we are talking about. They will collect and use every information about you. They may not steal your funds directly but they will find a way to make up for it.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
Pmalek
Legendary
*
Offline Offline

Activity: 2954
Merit: 7561


Playgram - The Telegram Casino


View Profile
September 27, 2022, 08:26:06 AM
Merited by pooya87 (2)
 #10

If Binance Trust wallet could be a closed source maybe they did this because they don't want malicious people to find out how they run things which could make their wallet become a target?
It's possible, but it's guesswork. That could be the reason why the wallets are closed-source or because there is something there they don't want you to know about.

Close-source is saying trust me it's good. I promise.
Open-source is saying take a look and make up your own mind. Don't trust me just because I am telling you it's good.

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?
Yes, but the coin has two sides. You mentioned one. The other is if someone is a security expert who understands coding, they could tell the developers what to improve based on what they see in the codebase. If there is nothing to see, no one can make corrections. And attacks could still happen with or without a public codebase.     

Closed source says > we don't want you to see how we run the codes, you can target us or something
Again, it's guesswork. It can also say we don't want you to see our code because we are targeting you.

The answer is pretty simple the most popular projects are open source and they are very secure. From Linux to bitcoin core and Electrum. Everyone sees "how things are run" and they are still secure.
Open-source does not mean secure by default. Although after years of testing, improving, and probably being thoroughly put under the microscope by those with bad motives, it's pretty safe to say that the brands you mentioned are all secure. But we have also seen some open-source Ethereum smart contracts being breached and hacked for reasons that could be bad code, exit scams, lack of knowledge how to secure them properly, etc. It's very important who looks at the code and tags it as verified. If I am not wrong, some hacks occurred even though the projects were called audited and secure.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
n0nce
Hero Member
*****
Offline Offline

Activity: 896
Merit: 5919


not your keys, not your coins!


View Profile WWW
September 27, 2022, 10:01:51 PM
 #11

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?
That's wrong. We still see it; we need to get a binary of some sort to run after all, right.
Hackers can look at either the binary directly or its disassembly, it's possible to fuzz test a binary and do all sorts of static and dynamic program analysis.

How else do you think jailbreaks and Windows exploits are created?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3640
Merit: 11039


Crypto Swap Exchange


View Profile
September 28, 2022, 03:41:21 AM
 #12

But we have also seen some open-source Ethereum smart contracts being breached and hacked for reasons that could be bad code, exit scams, lack of knowledge how to secure them properly, etc. It's very important who looks at the code and tags it as verified. If I am not wrong, some hacks occurred even though the projects were called audited and secure.
Well because Ethereum was open source we knew from day one that the protocol is very buggy and has a lot of room for hacks like the ones you mentioned. The fact that nobody listened is their own fault so we can't really mention those breaches in this context since they were already expected.

The audits were also mostly fake, basically they created a business of auditing smart contracts and in the end they ended up getting paid (or bribed) to publish fake results.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
hugeblack
Legendary
*
Offline Offline

Activity: 2702
Merit: 3993



View Profile WWW
September 30, 2022, 07:13:24 AM
Merited by OmegaStarScream (2)
 #13

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code, otherwise the security of the central platforms is considered higher than the closed source wallets.

The same applies to the open source wallet. If you have not reviewed every line or trust someone who has reviewed each line, there will be no difference between it and the closed source wallet.

The only essential difference is that in the open source wallet, bugs can be identified and fixed without anyone losing their money, but this rarely happens in closed source wallets.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3640
Merit: 11039


Crypto Swap Exchange


View Profile
September 30, 2022, 08:03:22 AM
Merited by OmegaStarScream (2)
 #14

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code, otherwise the security of the central platforms is considered higher than the closed source wallets.
The "promise" alone is not enough, having a way of enforcing that promise is what matters. Otherwise there has been many centralized exchanges (that people used as wallets) that promised their users that their funds are safe and yet when they scammed people or got hacked, they never compensated the users for their losses. Nobody could make them answer for it either.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
September 30, 2022, 10:25:46 AM
Merited by pooya87 (4), hugeblack (4)
 #15

Well because Ethereum was open source we knew from day one that the protocol is very buggy and has a lot of room for hacks like the ones you mentioned. The fact that nobody listened is their own fault so we can't really mention those breaches in this context since they were already expected.
And they keep advertising some fake decentralization now that they fully switched to Proof-of-stake model, and on top of everything they are not censorship resistant blockchain.
Ethereum is now mostly controlled by few individuals, corporations and exchanges, with 25% of their blocks being OFAC compliant, as everyone can see on website mevwatch.info.
This number is constantly growing, and it doesn't really matter anymore if they have wallets and everything else open source, when they have protocol level censorship.

Let's learn some lesson from this shitshow fiasco, and let's not allow something similar to happen with Bitcoin.

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code, otherwise the security of the central platforms is considered higher than the closed source wallets.
Nobody in the right mind would do that, and closed source is sadly pretty much the norm in the normie world.  Tongue

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
n0nce
Hero Member
*****
Offline Offline

Activity: 896
Merit: 5919


not your keys, not your coins!


View Profile WWW
September 30, 2022, 05:23:43 PM
 #16

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code, otherwise the security of the central platforms is considered higher than the closed source wallets.
Is there such a wallet? That promises to compensate lost coins? I've never heard of something like that.
Even if it does, for one, it's not good enough as pooya87 said, and also how do you enforce it?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3668
Merit: 6451



View Profile
September 30, 2022, 05:52:55 PM
 #17

Is there such a wallet? That promises to compensate lost coins? I've never heard of something like that.
-snip-

Noncustodial wallets? Not as far as I know. It wouldn't make sense if they would do that anyway. For exchanges, I believe there is a couple of them.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
n0nce
Hero Member
*****
Offline Offline

Activity: 896
Merit: 5919


not your keys, not your coins!


View Profile WWW
September 30, 2022, 07:12:10 PM
Merited by xandry (2)
 #18

Is there such a wallet? That promises to compensate lost coins? I've never heard of something like that.
-snip-
Noncustodial wallets? Not as far as I know. It wouldn't make sense if they would do that anyway. For exchanges, I believe there is a couple of them.
Yeah, he mentioned 'closed-source wallets'; I suspect he meant closed-source, but non-custodial wallets. Something like Ledger hardware wallet, Trust Wallet or Coinomi.

Exchanges probably just have to comply with deposit insurance laws.
https://en.wikipedia.org/wiki/Deposit_insurance

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pmalek
Legendary
*
Offline Offline

Activity: 2954
Merit: 7561


Playgram - The Telegram Casino


View Profile
October 04, 2022, 08:35:12 AM
Merited by n0nce (1)
 #19

I have no problem with closed source wallets if the developers pledge to compensate any coin that is stolen if there is a problem with the code...
Yeah right, of course they will. Two Playboy models will deliver the lost coins in physical form on a red pillow to your doorstep. You get to pick which models.
 
The only essential difference is that in the open source wallet, bugs can be identified and fixed without anyone losing their money, but this rarely happens in closed source wallets.
No one knows what happens with closed-source wallets except what they tell us.

I found a GitHub research report from December 2020. It is not directly related to Bitcoin but open-source projects in general. The report claims that the average detection of vulnerabilities is not that good and that over 4 years can pass (on average) before certain code vulnerabilities are detected. But once they are, they are fixed in a month or so. Another interesting find is that over 80% of the bugs aren't malicious in nature, they are mostly mistakes made by the developers.

Quote
On average, vulnerabilities can go undetected for over four years in open source projects before disclosure. A fix is then usually available in just over a month, which GitHub says "indicates clear opportunities to improve vulnerability detection."

However, the majority of bugs in open source software are not malicious. Instead, 83% of the CVE alerts issued by GitHub have been caused by mistakes and human error -- although threat actors can still take advantage of them for malicious purposes.

In total, 17% of vulnerabilities are considered malicious -- such as backdoor variants -- but these triggered only 0.2% of alerts, as they are most often found in abandoned or rarely-used packages.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
NotATether
Legendary
*
Offline Offline

Activity: 1792
Merit: 7388


Top Crypto Casino


View Profile WWW
October 10, 2022, 02:54:43 PM
 #20

We all appreciate open source wallets, they are the best around but have we ever thought that being closed source is security? If Binance Trust wallet could be a closed source maybe they did this because they don't want malicious people to find out how they run things which could make their wallet become a target?

If you can't see how things are running (coding) wouldn't that make it harder to attack such code or network?

open source says > see this is how we run things, we are transparent and we have nothing to hide

Closed source says > we don't want you to see how we run the codes, you can target us or something

It's easier to make a phishing/scam copy of an open-source wallet than a closed-source one, but if people are financially motivated enough (like NK's Lazarus Group) then they will go out of their way to make a scam clone of the closed-source wallet as well.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!