Bitcoin Forum
November 21, 2017, 03:58:18 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin APIs and the dangers of revealing your private key.  (Read 681 times)
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 02, 2014, 03:14:36 AM
 #1

I wasn't going to post this until tomorrow but a certain publication decided to put a spotlight on a service that is using bad practices and I wanted to show why certain business that understand the protocol are unique and not just trying to be only first movers.

Quote
Don’t trust apis with your bitcoin private keys! It was brought to our attention that competitors of ours have built in functions to sign transactions for you, as long as you supplied the private key. I will not name them as this would take away from our post. I believe this extremely dangerous and a complete disregard for user’s safety. We take security extremely serious in our api and even if users don’t understand the protocol as well as us, we want to protect them from themselves.

Anytime a private key is exposed and sent over the internet unencrypted or even encrypted, it is dangerous and the private key should be treated as a compromised key. That means it should never be used again for any transactions. If a malicious actor got to that private key they could easily craft a transaction that could be confirmed before your intended transaction. It isn’t worth the risk, we understand that this is easier and probably more attractive but also bad standard practices for bitcoins.

This why I promote cold storage wallets, anytime I talk to anyone looking to use our api. Cold storage wallets are not something users learn about until it is usually too late but we need to change that.

https://apicoin.io/blog/2014/05/01/dont-trust-apis/

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511279898
Hero Member
*
Offline Offline

Posts: 1511279898

View Profile Personal Message (Offline)

Ignore
1511279898
Reply with quote  #2

1511279898
Report to moderator
bountygiver
Member
**
Offline Offline

Activity: 100


View Profile
May 03, 2014, 12:28:02 AM
 #2

Always follow this rule: Sign your transactions on your own device and your own device only

12dXW87Hhz3gUsXDDCB8rjJPsWdQzjwnm6
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 03, 2014, 01:15:44 AM
 #3

Always follow this rule: Sign your transactions on your own device and your own device only


Exactly why I built my api not ever handle private keys for users, we have protect them from themselves and teach them the correct way.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!