Can Bitcoin wallets be trusted?

[Anders]

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

[1714631891]

1714631891

[hilariousandco]

It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.

[joshraban76]

It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though.  hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.

[InwardContour]

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

[franky1]

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

typical geek answer. so this is what you would reply with if your grandma asked the question, just before she went and downloaded a wallet from a website she never personally heard of but had been told by a friend to go there...

[CEG5952]

It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though.  hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.

Checking the MD5 really just ensures that the file is the right size (data has not been lost/corrupted) and integrity maintained after download. Potentially, an attacker who hacks the site or executes a MITM attack could change the MD5 checksum to match the compromised file.

I prefer a PGP signature. MultiBit provides this, for instance.

[R2D221]

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?

[ar9]

Depends on the wallet.

Sometimes I wish I could change my username to CptObvious.

[CEG5952]

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?

This is why I would rely only on a PGP signature. In theory, it can only be generated by the owner of the corresponding private key. So if you trust the developer (of say, Multibit or Electrum), the signature verifies the integrity of the file and shows that the key owner vouches for the file contents. That's pretty much as good as it gets.

[pirsquared]

It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.

This is possible and has been done.

[DannyHamilton]

What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins?

Fraudulent wallets?  Certainly.

If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended.

Absolutely.

This is why it is important to be careful about ANY software that you install on your computer (not just bitcoin software).  It is entirely possible that you could install non-bitcoin software that has bitcoin wallet stealing programming hidden in it.  Install some "free game" that some friend on Facebook tells you about, and the next time that you log into your wallet, poof all your bitcoins are gone.

[Anders]

A similar problem could happen with for example web browsers. In practice for desktops the vast majority of people use one of the established browsers such as Internet Explorer, Google Chrome, Firefox, Safari or Opera. These browsers are sincere, unless someone downloads and installs a hacked version. And for mobile devices the situation is similar although a few less known web browsers are available there.

For Bitcoin something similar could happen, that only a few big and trusted Bitcoin wallets would be used in practice if Bitcoin becomes really huge and mainstream.

Still, the trustless innovation in Bitcoin is revolutionizing and it would be good to have that even for the wallets.

[EtherCoin]

Recap:

a) Download from trusted source
b) Check MD5 hash
c) Check PGP signature (if available?)
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet

With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.

Eth.

[hashman]

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

Short answer:  no.

Long answer:  if the wallet is running on an offline machine in a faraday cage then yes

[Gimmelfarb]

Recap:

a) Download from trusted source
b) Check MD5 hash
c) Check PGP signature (if available?)
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet

With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.

Eth.

PGP signature is a must for me. but i'm a stickler for security. this is also the reason why i miss out on all the altcoin pumps -- don't trust the developers or the software.

[Gimmelfarb]

Stick with the most common used walles and you should be fine.

bitcoin-qt, electum, multibit or armory.

Choices enough.

i agree -- i just think it's important to make sure you're getting the file that the developer intends. as another poster pointed out, an attack on the developer's site/man-in-the-middle attack could put you at risk if you don't confirm with a PGP signature.

[EtherCoin]

Stick with the most common used walles and you should be fine.

bitcoin-qt, electum, multibit or armory.

Choices enough.

Good point too, recap updated:

a) Download a well known, often used wallet from trusted source
b) Check MD5 hash
c) Check PGP signature
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet
f) Physically disconnect LAN cable when not in use for paranoia users.
g) Faraday cage... wait, wouldn't this also screw the HDD?

Eth.

[hhanh00]

With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.

Many malware apps are smart enough to go dormant when the network is off and will reactivate when it comes back.

For 40$, you could make a dedicated raspberry pi wallet entirely offline.
Download the official OS Image. Add the required packages. Then disconnect from the network forever. Install the rest from official tar balls. Create an encrypted wallet and you are good to go.

For backups, take a picture of the qr code from an old phone with no SIM card. Check that they can be decoded. Save to several micro SD. Hide them. Then wipe your phone. I hope that it's good enough.

[Light]

i agree -- i just think it's important to make sure you're getting the file that the developer intends. as another poster pointed out, an attack on the developer's site/man-in-the-middle attack could put you at risk if you don't confirm with a PGP signature.

This, I cannot stress how important it is to make sure that you are getting the version that the developer intended and not one that has been placed there with malicious intent thanks to some security hole on the site. The best thing would be to go through every line of code for the open source program and understand what each does, but this requires both a shit ton of time and a knowledge that a majority of people lack.

[ShakyhandsBTCer]

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?

This is why I would rely only on a PGP signature. In theory, it can only be generated by the owner of the corresponding private key. So if you trust the developer (of say, Multibit or Electrum), the signature verifies the integrity of the file and shows that the key owner vouches for the file contents. That's pretty much as good as it gets.

This is an important step to take if you truly want to be paranoid about your wallet. This would only prevent an attack if an attacker was able to get control over the domain, but not the dev's private PGP key, and the public PGP key is found somewhere outside of the domain. If a user finds the dev's public PGP key on the same website/domain that they are downloading the file from then the attacker could simply change the PGP key listed and sign a message saying that their (malicious) download is the most up to date and correct one.