n0nce
|
|
December 15, 2022, 09:26:35 PM |
|
Binance (or any similar centralized entity in control of a closed source wallet) doesn't have to be malicious itself, their code could contain backdoors and they could never see it while it is being exploited by hackers, etc. On top of that the other issue with closed source software like this is that they usually rely on a centralized server which means the user has 0 privacy.
I'm still hostile to believe that it will be the case for closed source for having backdoors, or malicious codes. Especially for such business running financial apps, QA and other quality control will always be followed before releasing the app in production. For privacy matters, indeed its always be the case for most closed source apps. It's not as if professional businesses running financial services have ever done the morally wrong thing, acted negligently, purposefully stole people's money or exit scammed users... riiiight..... ? I don't think I have to remind anyone of the track record of such companies, especially after the recent events (since people seem to forget that this happens on a yearly basis). Coinomi has been always a popular wallet and considered safe by many people, but it had a vulnerability sending users seed phrase to google servers.
It's simply a fact that we can't spot such vulnerabilities if the code is closed. It is more work for companies, but open-source applications end up better and more secure in the long run.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
|
December 16, 2022, 04:44:57 AM |
|
Binance (or any similar centralized entity in control of a closed source wallet) doesn't have to be malicious itself, their code could contain backdoors and they could never see it while it is being exploited by hackers, etc. On top of that the other issue with closed source software like this is that they usually rely on a centralized server which means the user has 0 privacy.
I'm still hostile to believe that it will be the case for closed source for having backdoors, or malicious codes. Especially for such business running financial apps, QA and other quality control will always be followed before releasing the app in production. For privacy matters, indeed its always be the case for most closed source apps. You have a very high (and unrealistic) opinion of these centralized services that doesn't seem true based on the history. All the hacks and weaknesses in their platforms in the past aside, we have also seen them be too incompetent in implementing new features like accepting SegWit addresses that most CEXes took years to do something very simple! Besides when it comes to backdoors the best case scenario is to have them unintentionally. These companies are not bigger than Microsoft and we know their product (Windows) is the mother of all backdoors and it is closed source!
|
|
|
|
PX-Z
|
|
December 16, 2022, 07:05:24 AM |
|
You have a very high (and unrealistic) opinion of these centralized services that doesn't seem true based on the history. All the hacks and weaknesses in their platforms in the past aside, we have also seen them be too incompetent in implementing new features like accepting SegWit addresses that most CEXes took years to do something very simple!
Besides when it comes to backdoors the best case scenario is to have them unintentionally. These companies are not bigger than Microsoft and we know their product (Windows) is the mother of all backdoors and it is closed source!
Oh, yeah, right that's why most open source wallets are the most targeted apps of any hacks, scams and phishing, e.g. Electrum. I remember millions was lost and got phished not once [1] but twice [2]. Well, there are lot of hack cases happened in an open source apps too including the smart contracts [3]. Also, i bet there is no way you can verify that the code published publicly as open source are the same actual codes that were deployed on their live servers. Unless it was compiled by you to build the application from being open source, or from github it self. And talking about the coinomi, the lost amount of money were too little compared to electrum. Well, it is still hacked, and i don't justify any kind of hacked, scam or anything to money theft. See, either its open source or closed source, hacks and scams happen. While being open source has huge advantage, but the fact that people still need to trust the developers who make the code and conduct the code audit because not everyone can read source codes, so you still need to "trust" someone/developer for your safety and fund security while most people who conduct this scams, hacks, phishing are developers as well. Same on a closed source apps, you need to trust the people/business behind of those codes. So who should people trust? Unknown or/and known developers from open source community, or those developer paid by these businesses running those apps or just the business. Where later on you can sue the business for what incident happen, while you can't to open source developers because they are excluded if people read open source license particularly the MIT, ISC and other no liability open source licenses. [1] https://www.zdnet.com/article/users-report-losing-bitcoin-in-clever-hack-of-electrum-wallets/[2] https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/[3] https://4irelabs.com/articles/top-17-smart-contract-hacks/
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7543
Playgram - The Telegram Casino
|
|
December 16, 2022, 09:05:26 AM |
|
A good example is coinomi. Coinomi has been always a popular wallet and considered safe by many people, but it had a vulnerability sending users seed phrase to google servers. To be fair, I think that was only the case with the desktop version of the application and not the mobile one. The problem is, there is no way to verify it for ordinary people because the software is closed-source and we can only trust/distrust the developers who obviously have an incentive to defend their product and show it off to be as good as possible. They seem to have disappeared from Bitcointalk. I can't remember the last time I saw a post by them. Besides that one user who says he lost a significant sum of money because they sent seed words to Google for spellchecking, were their other exact cases with the same types of claims? Oh, yeah, right that's why most open source wallets are the most targeted apps of any hacks, scams and phishing, e.g. Electrum. I remember millions was lost and got phished not once[1] but twice[2]. That was very unfortunate and you are right, it shouldn't have happened. But that happened in combination with several mistakes made by the victims. - They downloaded fake software from fake Electrum websites. - They installed these fake apps without realizing they were fake. - They never verified the signatures of the applications they downloaded before installing them on their computers. Had they done that, they would have noticed that the binaries weren't signed by an Electrum developer and aren't official Electrum releases.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
Oh, yeah, right that's why most open source wallets are the most targeted apps of any hacks, scams and phishing, e.g. Electrum. I remember millions was lost and got phished not once[1] but twice[2]. Well, there are lot of hack cases happened in an open source apps too including the smart contracts[3].
It is not impossible to see any vulnerability in open source software. The difference is that such vulnerabilities are extremely rare and are almost never in security critical parts. For example the example you used about Electrum was not a vulnerability in Electrum that led to any funds being lost by Electrum itself, it was a mistake by users who installed another malicious software from elsewhere and lost their coins to that scam. Your smart contract example is also a bad one because from day one we knew that Ethereum protocol is flawed and can be exploited. So there was no surprise there. And we knew that because it is open source! We also know that they never really fixed it either. Also, i bet there is no way you can verify that the code published publicly as open source are the same actual codes that were deployed on their live servers. Unless it was compiled by you to build the application from being open source, or from github it self.
Good projects like Electrum and bitcoin core are using deterministic builds which means whoever compiles the source code will get the same exact binaries. So we can be sure that the binary that they publish is the same as the source code. And talking about the coinomi, the lost amount of money were too little compared to electrum.
You should also consider that Coinomi is far less popular with a lot less number of users. See, either its open source or closed source, hacks and scams happen. While being open source has huge advantage, but the fact that people still need to trust the developers who make the code and conduct the code audit because not everyone can read source codes, so you still need to "trust" someone/developer for your safety and fund security while most people who conduct this scams, hacks, phishing are developers as well.
That's true but based on popularity of the project you can be more sure that enough number of people have looked at the code to not have any backdoors. Regardless of how popular a closed source software is, you can never reach the same level of certainty. Where later on you can sue the business for what incident happen, while you can't to open source developers because they are excluded if people read open source license particularly the MIT, ISC and other no liability open source licenses.
I don't think you can sue any of them. There is always some sort of Terms of Services that protects them from being liable. For example Trust wallet that is closed source is released under GPL! See Liability part of TrustWallet or Limitations of Coinomi.
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
December 16, 2022, 12:49:58 PM |
|
Exporting the seed from Trust Wallet and importing it it into Blue Wallet or anywhere else doesn't make that seed more secure because it got created by a wallet you don't trust.
What an ironic way to put things. . Regardless, the open source core of Trust Wallet should be safe to use, because anybody can audit the code, and it certanly doesn't look like there are any back[trap]doors or anything risky coming from Binance's side.
|
|
|
|
n0nce
|
|
December 16, 2022, 06:49:08 PM Last edit: December 16, 2022, 07:46:12 PM by n0nce |
|
You have a very high (and unrealistic) opinion of these centralized services that doesn't seem true based on the history. All the hacks and weaknesses in their platforms in the past aside, we have also seen them be too incompetent in implementing new features like accepting SegWit addresses that most CEXes took years to do something very simple!
Besides when it comes to backdoors the best case scenario is to have them unintentionally. These companies are not bigger than Microsoft and we know their product (Windows) is the mother of all backdoors and it is closed source!
Oh, yeah, right that's why most open source wallets are the most targeted apps of any hacks, scams and phishing, e.g. Electrum. I remember millions was lost and got phished not once [1] but twice [2]. Well, there are lot of hack cases happened in an open source apps too including the smart contracts [3]. Also, i bet there is no way you can verify that the code published publicly as open source are the same actual codes that were deployed on their live servers. Unless it was compiled by you to build the application from being open source, or from github it self. First of all: if / when an open-source product is successfully attacked, due to its nature, it becomes more secure and all other open-source projects can learn from that vulnerability, too and use the same countermeasures or fixes. Since fixes are pushed to public repositories, users are also informed of this automatically. Meanwhile, if it happens to a closed-source product, not only may users never know about it, but fixes could get rolled out slowly and other wallets will never learn about this vulnerability; preventing the industry as a whole to become more secure, faster. Regarding code verification: you should absolutely compile software yourself, and if you can't, at least inquire services like https://walletscrutiny.com/ to check that published builds match the source code. Server software doesn't matter in a Bitcoin wallet. You should either connect to your own Bitcoin full node or use random nodes through Tor; whether this is actually happening, can absolutely be verified in an open-source application. Meanwhile a closed-source wallet may still continue using the manufacturer's (potentially rogue) server, even if you enter your own node's connection details.
|
|
|
|
virasog
Legendary
Offline
Activity: 3150
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
|
|
December 16, 2022, 11:30:13 PM |
|
What they are saying is that Trust wallet is not opensource wallet which could mean Binance may have altered something to the codes that are not known to users. Who knows maybe they put some backdoors to it.
Even though this is a "thing" for a closed source application, i think this is not possible "right now" considering binance is the one behind the continuous development of the wallet. Well, unless they become like FTX which will be the worst to happen in crypto considering how the market was affected previously, or those shitty exchanges, anyway that's a different topic already. But of course, being security cautious will keep you away from related danger better safe than never. Binance (or any similar centralized entity in control of a closed source wallet) doesn't have to be malicious itself, their code could contain backdoors and they could never see it while it is being exploited by hackers, etc. On top of that the other issue with closed source software like this is that they usually rely on a centralized server which means the user has 0 privacy. When you have opted to put the funds in your personal non-custodial wallet, why not make a step further in selecting an open-source wallet such as an unstoppable wallet and save yourself from any possible issues? A decentralized non-custodial wallet is nothing but an interface given to you on the blockchain where you can see and control your funds and you are given a 12 or 24 words key to access that wallet. Now, when you use a closed-source wallet, there is always a risk of malicious activity at the backend which no one knows. Suppose we're using trust wallet and someday binance become bankrupt and they exploit that code which they have hiddenly deployed in their wallet. So why take the risk of closed source wallet? I didn't know it existed unless theymos mentioned it(not a vouch). He was also asking if someone has checked/used the wallet. It doesn't sound to be a vouch/recommendation Well, unstoppable wallet sounds to be a decent one so far for multi coin but personally, I haven't used that wallet as I don't feel it necessary so far. Not many people knew about unstoppable wallet, as they can't match the marketing which Binance owner CZ can do for trust wallets. You can see the number of trust wallet downloaded are way higher than the number of unstoppable wallet being downloaded and used. This also shows the ignorance of the bitcoin and crypto holders and investors.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
|
December 17, 2022, 05:16:03 AM |
|
When you have opted to put the funds in your personal non-custodial wallet, why not make a step further in selecting an open-source wallet such as an unstoppable wallet and save yourself from any possible issues?
Exactly. It may make some sense to use a closed source wallet like Coinomi for certain altcoins or claiming airdrops that don't have any decent open source wallets specially light weight wallets but there is simply no justification for choosing a closed source wallet when we already have good open source wallets for bitcoin.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7543
Playgram - The Telegram Casino
|
|
December 17, 2022, 08:07:00 AM |
|
It may make some sense to use a closed source wallet like Coinomi for certain altcoins or claiming airdrops that don't have any decent open source wallets specially light weight wallets but there is simply no justification for choosing a closed source wallet when we already have good open source wallets for bitcoin. Good point. virasog asked why use Trust Wallet or a similar closed-source wallet when you can use the open-source Unstoppable Wallet? One reason is coin support. When I was looking at AtomicDEX and Unstoppable Wallet last month when there was some discussion about these two apps in a different thread, I noticed that these two pieces of software don't support a particular coin on one blockchain the OP of that thread was asking about. However, several closed-source wallets do. Add Bisq to that mix as well because they didn't support it either. If I am someone that wants to use that particular token on that specific network on an open-source wallet, I simply can't. My choices are either not to use that token or accept the fact that I can only do it with a closed-source wallet. I doubt there are standalone light clients for that coin that are open-source, but that's a discussion for the altcoin section.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
UmerIdrees
|
|
December 18, 2022, 03:16:50 AM |
|
It may make some sense to use a closed source wallet like Coinomi for certain altcoins or claiming airdrops that don't have any decent open source wallets specially light weight wallets but there is simply no justification for choosing a closed source wallet when we already have good open source wallets for bitcoin. Good point. virasog asked why use Trust Wallet or a similar closed-source wallet when you can use the open-source Unstoppable Wallet? One reason is coin support. When I was looking at AtomicDEX and Unstoppable Wallet last month when there was some discussion about these two apps in a different thread, I noticed that these two pieces of software don't support a particular coin on one blockchain the OP of that thread was asking about. However, several closed-source wallets do. Add Bisq to that mix as well because they didn't support it either. If I am someone that wants to use that particular token on that specific network on an open-source wallet, I simply can't. My choices are either not to use that token or accept the fact that I can only do it with a closed-source wallet. I doubt there are standalone light clients for that coin that are open-source, but that's a discussion for the altcoin section. Well, no one is saying that we cannot use a trust wallet (or any closed source wallet) in case the coins we need to store are not available in open source software like Unstoppable wallet. The best way to deal with this situation is to store your funds in open source wallets and for those few coins which can't be stored in the Unstoppable wallet, we can use a trust wallet only for those coins.
|
|
|
|
GigaBit
|
|
December 18, 2022, 05:14:06 AM |
|
I think the reason for the popularity of this wallet is that it is invited by....
The same people who believe that the CEX you mention is something they should trust, surely believe that they should trust the Trust wallet just because it has "trust" in its name. If some kind of research were done, I have no doubt that a large percentage of those who use this wallet would probably admit that they use it because of the name, which is of course absurd in every way. Trust wallet is also promoted by CZ. This isn't originally developed by Binance team, they just bought Trustwallet and further developed it with a TWT token which has been tanking that's why its popularity increases. Trust is a close source project, it wouldn't be surprising that there is a backdoor to the wallet where the team has a copy of our seed. It's possible. You can't fully trust a team. Trust wallet is steadily growing in popularity based on users. Trust wallet is basically a non-custodial digital wallet that uses hot storage for cryptocurrencies. Trust Wallet essentially connects individual blockchain networks through a bridge. Each blockchain has a set of public addresses known as public keys. One thing to note here is that Trust Wallet does not store any cryptocurrency on the server. It only gives users access to its wallet. No earning can be generated using Trust wallet but the gas fees are distributed among the valid miners. Since Trust Wallet is a software wallet, it cannot offer the same security as a hardware wallet. They always try their best to provide security to its users but considering all the things we can not completely believe in it.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
erep
|
|
December 18, 2022, 05:14:39 AM |
|
Exactly. It may make some sense to use a closed source wallet like Coinomi for certain altcoins or claiming airdrops that don't have any decent open source wallets specially light weight wallets but there is simply no justification for choosing a closed source wallet when we already have good open source wallets for bitcoin.
Several closed source wallet apps launched programs to attract new users and airdrop feature not available in open source wallet apps, Safepal wallet launched Wallet Holder Offering (WHO) airdrop program for holders to have SFP tokens in wallet for certain time to get new potential tokens. But I just want to say that users can participate for WHO but they are not advised to use Safepal to store wallet assets after the airdrop program ends and have distributed tokens, all assets from Safepal wallet must be transferred to open source wallet, I only use Metamask for wallet altcoin assets and Electrum for Bitcoin wallets.
|
|
|
|
Accardo
|
|
December 20, 2022, 03:19:43 PM |
|
Trust wallet is only keeping things balanced as it'll be bad to have all open source wallets in the market regarding the cloning or mimicking of wallets which led them to opt-in for closed source. The open source wallets is risky and could get hacked too though as @nonce said that it opens room for more security Unlike closed source. Everybody can check the codes for bugs which tightens the security of the wallet; but these people are unknown to users and it doesn't guarantee security since users depends on developers to check the code. I read on medium that someone downloaded the code of Bread wallet and worked a similar wallet and named it breadwallet and scammed people of their money. This is the faith of open source wallets despite being the best wallets as it's not centralized its open and easy for hackers to test their work. I'd say that Closed source shouldn't be considered completely bad, they're actually protecting their wallets from attackers.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
I'd say that Closed source shouldn't be considered completely bad, they're actually protecting their wallets from attackers. I know this is the reasoning Trust wallet give for being closed source, but I don't buy this reasoning at all. The only part of a wallet which 99.9% of users pay attention is the GUI. It is trivial to clone a GUI even without access to the source code. Being closed source might keep all the back end, the wallet generation process, the signing transaction processes, etc., hidden from attackers, but attackers do not care about any of that in the slightest. All they need is a wallet which looks the same as Trust wallet, which sends any generated or entered seed phrases to their server online. So they can use any bare bones code which generates seed phrases, add in their malicious code to send those seed phrases to a server, copy the GUI just by looking at it, and release it to the app store as "Trust Wallet". Being closed source does nothing to protect against this.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
|
December 21, 2022, 04:26:41 AM |
|
Trust wallet is only keeping things balanced as it'll be bad to have all open source wallets in the market regarding the cloning or mimicking of wallets which led them to opt-in for closed source. ~ that someone downloaded the code of Bread wallet and worked a similar wallet and named it breadwallet and scammed people of their money.
This has always been a very weak excuse that closed source developers use to justify their shady behavior. Otherwise as Leo pointed out, it is very easy to create a fake wallet and fool newbies into downloading it. I'd argue that you don't even need to clone the UI because newbies who download these fake and malicious wallets only seek the "name". The scammer could clone the UI from an open source project (eg. Electrum) call it breadwallet 2.0 and then claim that they had reworked/improved the UI in the "new" version! The newbies would still fall for it.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7543
Playgram - The Telegram Casino
|
|
December 21, 2022, 09:42:38 AM |
|
Trust wallet is only keeping things balanced as it'll be bad to have all open source wallets in the market regarding the cloning or mimicking of wallets which led them to opt-in for closed source. If that was the case, Electrum would be a bad piece of software where many users would lose their bitcoin due to their vulnerable open-source code. But despite being open-source from the beginning, that isn't happening. The cases of people losing their coins on Electrum are self-inflicted: phishing, clipboard malware, fake apps, etc. The open source wallets is risky and could get hacked too though as @nonce said that it opens room for more security Unlike closed source. There will always be a battle between good and bad no matter if the software is open or closed-source. Software and hardware can be reverse-engineered even if it's closed-source. I read on medium that someone downloaded the code of Bread wallet and worked a similar wallet and named it breadwallet and scammed people of their money. This is the faith of open source wallets despite being the best wallets as it's not centralized its open and easy for hackers to test their work. Those scams happened because the users downloaded and installed the wrong software from the wrong websites. If they didn't do that, they wouldn't have had their coins stolen. BRD wasn't hacked. Scammers didn't look at the open-source code and found vulnerabilities that allowed them to steal coins. They created a fake wallet and tricked people into using it.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
virasog
Legendary
Offline
Activity: 3150
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
|
|
December 21, 2022, 05:33:22 PM |
|
Trust wallet is only keeping things balanced as it'll be bad to have all open source wallets in the market regarding the cloning or mimicking of wallets which led them to opt-in for closed source. ~ that someone downloaded the code of Bread wallet and worked a similar wallet and named it breadwallet and scammed people of their money.
This has always been a very weak excuse that closed source developers use to justify their shady behavior. Otherwise as Leo pointed out, it is very easy to create a fake wallet and fool newbies into downloading it. I'd argue that you don't even need to clone the UI because newbies who download these fake and malicious wallets only seek the "name". The scammer could clone the UI from an open source project (eg. Electrum) call it breadwallet 2.0 and then claim that they had reworked/improved the UI in the "new" version! The newbies would still fall for it. I would not call it a drawback of open source wallets, but it is more of carelessness from the people who download the fake wallets. To be very straightforward, if a person cannot detect a fake wallet and does not know from where to download an open source wallet, or how to verify it then I am afraid he deserves to lose his funds. The scammer can clone or do whatever he wants to do, the crypto investors should first learn on how to stay away from phishing attempts.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
erep
|
|
December 22, 2022, 06:39:55 AM |
|
I would not call it a drawback of open source wallets, but it is more of carelessness from the people who download the fake wallets.
To be very straightforward, if a person cannot detect a fake wallet and does not know from where to download an open source wallet, or how to verify it then I am afraid he deserves to lose his funds.
The scammer can clone or do whatever he wants to do, the crypto investors should first learn on how to stay away from phishing attempts.
I never read any news open wallet apps can be hacked except user carelessness can't tell the difference between cloned apps and downloading unofficial wallet apps, phishing and others. All those faults are possible that the wallet can be hacked and all the assets will be stolen, the phishing statistics have increased drastically in the first half of 2022. So it is important that users should use the official wallet application and avoid all the mistakes that are vulnerable to hacking.
|
|
|
|
virasog
Legendary
Offline
Activity: 3150
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
|
|
December 31, 2022, 08:13:00 PM |
|
I would not call it a drawback of open source wallets, but it is more of carelessness from the people who download the fake wallets.
To be very straightforward, if a person cannot detect a fake wallet and does not know from where to download an open source wallet, or how to verify it then I am afraid he deserves to lose his funds.
The scammer can clone or do whatever he wants to do, the crypto investors should first learn on how to stay away from phishing attempts.
I never read any news open wallet apps can be hacked except user carelessness can't tell the difference between cloned apps and downloading unofficial wallet apps, phishing and others. All those faults are possible that the wallet can be hacked and all the assets will be stolen, the phishing statistics have increased drastically in the first half of 2022. So it is important that users should use the official wallet application and avoid all the mistakes that are vulnerable to hacking. Phishing attempts can be done on trust wallet, open source, and closed source wallets. If anyone loses funds because of Phishing, it is not the loophole in the open/closed source wallets. As i told earlier, the crypto investors need to educate themselves more if they want to stay safe from scammers. Using trust wallets for altcoins can be an option but a better one is an unstoppable wallet. Using different wallets including an electrum wallet for bitcoin is the best approach in my point of view.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|