Atomic Wallet exploited, users report loss of entire portfolios

troubled soul · Jun 4, 2023

https://cointelegraph.com/news/atomic-wallet-exploited-users-report-loss-of-entire-portfolios

troubled soul · Jun 5, 2023

https://www.bleepingcomputer.com/ne...o-stealing-malware-targets-50-crypto-wallets/

JohnnyDoe · Jun 5, 2023

That’s what happens when you open those cialis/single Russian lady/verify your info emails

void · Jun 5, 2023

JohnnyDoe said:
That’s what happens when you open those cialis/single Russian lady/verify your info emails

and not using hw wallet....

troubled soul · Jun 5, 2023

Well , I am not expert.......Please correct me If I mention something wrong.....Happy to learn things

As Far as I know ......Non custodial wallet are safe If you know how to properly use them....As there is no centralized server where wallet details is store...so server side hacking is impossible ....like in MT GOX, Bitfinex cases

The things that hack your Non custodial wallet

1) quantum computer
2) You do not download wallet from trusted source .....You download some wrong wallet
3) Your Mobile/Desktop has some sort of malware/spyware
4) You unintentionally leak your seed

except the quantum computer risk....all can be face easily ....If you are careful enough......

Expert comments are welcome

latindev · Jun 5, 2023

@azb1 as a developer I will say that no wallet is fully secure, you have more and less security based on how they work but even hw are not fully secure. Also your keys could be in a server and still be non-custodial depending on how it works.

Being honest number 2 and 3 are impossible to prevent if you are the target of a good attack and the wallet has bad security practices. For example if the wallet you are using isn't well protected to XSS attacks then even if you only download the wallet from the official source and your computer is not infected with malware, hackers can still take the seed from your wallet without you ever notice it. Even without the need of a hacker involved there has been bad practices from wallet creators where they even have logs for development purposes which by definition should never be in a wallet but yet we see them and an old massive hack with a Solana wallet was an example

I would never care about number 1 btw, people who are always making a big deal about it are just not looking where they need because if lets say pbkdf2, sha256 hashes and AES get broken because of quantum computer... Your bitcoins are the less important thing you should care about. This is similar to those saying the dollar and banking system imminent doom: In such situation there are more important things than where you buried your gold bars.

The safest way known today are hardware wallets, ledger being the safest one today.

PS: You also need to have good practices about how you backup your mnemonic phrase

JosephLL · Jun 5, 2023

azb1 said:
Well , I am not expert.......Please correct me If I mention something wrong.....Happy to learn things

As Far as I know ......Non custodial wallet are safe If you know how to properly use them....As there is no centralized server where wallet details is store...so server side hacking is impossible ....like in MT GOX, Bitfinex cases

The things that hack your Non custodial wallet

1) quantum computer
2) You do not download wallet from trusted source .....You download some wrong wallet
3) Your Mobile/Desktop has some sort of malware/spyware
4) You unintentionally leak your seed

except the quantum computer risk....all can be face easily ....If you are careful enough......

Expert comments are welcome

5) Wallet software uses compromized random number generator. Whole executable stack is a sueface of attack. If it's javascript, sone dependency was compromized.

latindev · Jun 5, 2023

JosephLL said:
5) Wallet software uses compromized random number generator. Whole executable stack is a sueface of attack. If it's javascript, sone dependency was compromized.

I would have phrased it: "Some Wallet Software" instead because not all of them fall into it and because no only wallet software does it, Kaspersky vulnerabilities because not using fully random generators and people saving seeds there for example.

troubled soul · Jun 6, 2023

latindev said:
@azb1 as a developer I will say that no wallet is fully secure, you have more and less security based on how they work but even hw are not fully secure. Also your keys could be in a server and still be non-custodial depending on how it works.

Being honest number 2 and 3 are impossible to prevent if you are the target of a good attack and the wallet has bad security practices. For example if the wallet you are using isn't well protected to XSS attacks then even if you only download the wallet from the official source and your computer is not infected with malware, hackers can still take the seed from your wallet without you ever notice it. Even without the need of a hacker involved there has been bad practices from wallet creators where they even have logs for development purposes which by definition should never be in a wallet but yet we see them and an old massive hack with a Solana wallet was an example

I would never care about number 1 btw, people who are always making a big deal about it are just not looking where they need because if lets say pbkdf2, sha256 hashes and AES get broken because of quantum computer... Your bitcoins are the less important thing you should care about. This is similar to those saying the dollar and banking system imminent doom: In such situation there are more important things than where you buried your gold bars.

The safest way known today are hardware wallets, ledger being the safest one today.

PS: You also need to have good practices about how you backup your mnemonic phrase

Thanks for details answer

Our valued sponsor

Atomic Wallet exploited, users report loss of entire portfolios

troubled soul

troubled soul

JohnnyDoe

Schrödinger's guy

void

freedom addicted ultra relativist

troubled soul

latindev

JosephLL

latindev

troubled soul

Forum Announcement

Latest Threads