You Can't Be Too Careful Over Private Keys, Can You?

[ContentWriter]

https://www.wublock123.com/index.php?m=content&c=index&a=show&catid=10&id=29686

[Charles-Tim]

Why not add the link of the news? It is better to add the link because some people may prefer to read the news in full so that they can understand it better.

Advice:
Use a reputed wallet that is completely open source like Electrum, Sparrow and Bluewallet

[ContentWriter]

Why not add the link of the news? It is better to add the link because some people may prefer to read the news in full so that they can understand it better.

Advice:
Use a reputed wallet that is completely open source like Electrum, Sparrow and Bluewallet

Done. It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.

[Hatchy]

It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.

So long there aren't standard wallets, they will always have issues. And I will go with what @Charles-Tim said. Use only standard wallets to store your coins. All these social media were meant for entertainment and anything relating to funds or cryptocurrency should be avoided. They don't give you total control over them. It's just like a Centralized system, controlled by people. If you must use a wallet use the well known ones and store your keys in a place where you alone will know about and offline.

[FatFork]

What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.

Not always. This is exactly one of the main reasons why we prefer open source wallet solutions. While no system is completely immune, open source allows for extensive scrutiny by the community, making it harder for vulnerabilities or exploits to hide.

Besides, this case has nothing to do with hacking. Adding a backdoor to wallet software with the intent of stealing user funds is clearly a criminal activity, but not hacking.

[Frankolala]

I wouldn't say that this is hacking or that the owners of those wallet was careless with their private keys. It was an intentional act by Zhank because he wanted to steal their funds that was why he made a back door to have access to people's private keys.

This is why open source wallets are the best wallets for storing bitcoin because it is open for all to look into the source code and improve the security. It is only a closed source wallet that a back door can be created unknown to the users. An open source wallet can not be compromised only if you expose your private keys or malware and Spyware attack your system unknown to you, because there is no back door.

[Adbitco]

Now from this news it shows that most of the hack and security bridging are from internal worker or staff who happens to have all details at their end side making it too vulnerable to steal people's information and personal savings in the exchange.
There should be a better way of choosing a staff maybe they should have a complains form to fill if they violate any of these rules either by stealing funds or revealing someone else information they should pay for it. Note: this is another case that could you (us) not to leave our funds in centralized exchange where we don't have access to our private keys.

[Stalker22]

Yeah, its getting pretty obvious that people are the weakest link when it comes to securing these exchanges.  The people running them have millions of dollars worth of other people's money on their hands and  you would think they would all go through some hardcore screening - personality tests, background checks, lie detectors... the works.  Just one sketchy dude can sink everything.

But even if you lock it all down, the exchanges themselves make too nice a target.  Essentially massive online vaults begging to get cracked.  Keeping your own keys is the only real protection.

[seoincorporation]

Done. It doesn't look as if those wallets had issues. What I'm beginning to see is that there's always a loophole only if the hacker looks closely enough or if the owner is careless enough.

The best way to have enough security is to have a low profile because if you become a target of hackers they will find a way to access to your coins, there are a lot of ways to do this with some advanced tools or even with social engineer. So, while you are not a target you can feel in the safe zone.

And security is not only about Bitcoin, is important to have good security practices in life, like not having the same password on different services, or using complex passwords with special chars, upper case letters and numbers.

[Upgrade00]

Your topic title suggests that there's always a loophole regardless of how careful one is, but that's not the case here. The wallet was already flawed from the get go, so storing your bitcoins there puts you at a huge risk and means they are not YOUR bitcoins anymore.
If not this employee someone else could have attempted this and maybe someone has at a lower scale done so successfully.

Use non-custodian wallets which doesn't access your keys so can't create backdoors and make sure the wallet is open source.

[nakamura12]

Checking the wallet you are using is what makes your assets safe and there will be no loophole if it's open source. This is why many experts recommend people to use open source walletd rather than the closed source wallet providers.

Your topic title suggests that there's always a loophole regardless of how careful one is, but that's not the case here. The wallet was already flawed from the get go, so storing your bitcoins there puts you at a huge risk and means they are not YOUR bitcoins anymore.
If not this employee someone else could have attempted this and maybe someone has at a lower scale done so successfully.

Use non-custodian wallets which doesn't access your keys so can't create backdoors and make sure the wallet is open source.

I think it's not custodial wallet since there are private keys that are accessed by those people so it is more likely a wallet provider that isn't open source.

[hosseinimr93]

The best way to have enough security is to have a low profile because if you become a target of hackers they will find a way to access to your coins, there are a lot of ways to do this with some advanced tools or even with social engineer. So, while you are not a target you can feel in the safe zone.

Generate your keys using a trustworthy open-source tool on a safe air-gapped device, never let your private keys connect to the internet and your wallet will be completely safe.
It's not that hackers will definitely find a way to access your wallet. If that was true, all users who hold big fund would have been hacked and bitcoin would have failed.

[Potato Chips]

I think it's not custodial wallet since there are private keys that are accessed by those people so it is more likely a wallet provider that isn't open source.

Yeah, it was non-custodial and huobi's actually --"iToken (the original Huobi wallet)"

I noticed there has been a rise of CEXs making their own non-custodial wallet as well and promotions are launched as well to get more people to install it. Let this be a reminder not to as they are closed source. Don't give in to promotions lol.

Good thing the police were able to caught the perps before they use the drained funds. Perps were being careful and wanted to wait for 2 years before they use it so victims are likely to get their money back.

Although we're not exactly talking about their custodial exchange service. This also says a lot about how malicious people can always linger around CEXs so let's not use them as a storage.

[ranochigo]

That is the problem with custodial wallets, they are the check and the balance with their own codes and internal processes. Overly lax or colluding employees can always insert backdoors into any of their software and collect malicious data. There is simply nothing that our consumers can do if we choose to use a custodial wallet.

Not always. This is exactly one of the main reasons why we prefer open source wallet solutions. While no system is completely immune, open source allows for extensive scrutiny by the community, making it harder for vulnerabilities or exploits to hide.

If anything xz backdoor has taught us not to just trust open source projects blindly. Just because it is open source, doesn't mean someone is vetting the program and software for you. Wallets like Bitcoin Core are signed and vetted by multiple people which reduces the chances of this happening.

[ChiBitCTy]

After having gone through some serious shit myself thanks to the fckn scumbags at AT&T who don't believe in investing in proper security to keep their clients data safe, I've come to realize that security and privacy are not something to get lazy about what damn bit.  I'm operating in a way I never have and still have a long way to go.  Personally I'm buying new computers for single use task..one for this, one for that, etc. 

It's crazy but hacking hasn't /malware/spyware etc has gotten so much more advanced and in an extremely quick fashion..gotta keep up!  So yes, you really can't be too careful.

[Apocollapse]

Although it's happened to iToken wallet, but this should be a warning for people who're use blockchain wallet, Trust wallet, Atomic wallet, Exodus wallet, and any other closed source wallets.

If you want to invest in Bitcoin only, use Electrum or Blue wallet.

If you looking for multi crypto wallet, use Unstoppable wallet.

[Sebas.tian]

It depend the kind of wallet you are using to hold your coins, because there are some wallet you will use to store your coins for long term other people can have access to your coins without your permission, which you need to make use of safe and solid wallet to store your coins. I make use of electrum wallet to store my Bitcoin and all my seeds phrase are been written down and kept in a secret place which only me can have access to it for now, and it will be difficult for scammers or friends to have access to my Bitcoin wallet, because I know electrum wallet is among the best Wallet to hold Bitcoin for long term. If you look at the incident very well, you will discovered that the Wallet they use to stored the coins are not a safe wallet, because there are many cases like that for Court to help some people to get their coins back from scammers because the evidence was very clear, that his friends or relative stole the coins from him.

[Dr.Bitcoin_Strange]

Well, the possibility of your private key leaking depends on you and the kind of wallet you are using. When choosing a Bitcoin wallet to use, it has to be a reputable and open-source wallet. Also, I think that a crypto enthusiast should understand the need to have a cold wallet and a hot wallet because if you have your wallet in your device (like a phone or laptop) and you are always using those devices to browse the internet, chances that you might get attacked are there, so for you to prevent such, you need to have a cold wallet that doesn't go online all the time. You can get a hardware wallet to be safer. Keep your private keys offline and in a safer place, and then you will not be compromised. 

[hosseinimr93]

That is the problem with custodial wallets, they are the check and the balance with their own codes and internal processes.

You are right about custodial wallets and how insecure they can be, but huobi wallet (now known as itoken wallet) is a non-custodial wallet and gives users access to their private keys.
The problem with huobi wallet is that it's close-source and there was a backdoor which made some of their employees gain access to users private keys.

[Faisal2202]

Wow, authorities are saying on-chain data helped them a lot in catching these bad actors. I thought the government never appreciated crypto technologies. I guess I was wrong hehe. Speaking of private keys, I was always skeptical about Houbi products when the last time the community found a phishing link on their sites and the team was unaware of it. Some members from this forum reported that issue to the team and they said we would look into it.

And now after reading the article, I can say again, if you don't own the keys, then you don't own the crypto. Always prefer dexs although people are using CEXs all the time so if they want to, then I prefer to use a good one like OKX, Binance, ByBit, etc. These are doing good at the moment Robinhood and Bitstamp are also good