Don’t Trust the Wallet in Apartment 23: What Bitcoin Wallets Have Worst Reputation and Why

29.01.2020

Choosing a crypto-wallet is usually one of the first challenges that a rookie cryptocurrency user has to face. Of course, the internet is full of guides on how to make the choice. Those guides can be good or bad, reasonable or silly, free or sponsored, and so forth. Still, while such reviews are abundant, there are much fewer pieces speaking about what NOT to choose.

We asked Jeff Fawkes, a cryptocurrency investigator, to take a look at the wallets that he believes people should avoid. In this piece, he speaks about the bad seeds and explains in great detail what is wrong with them and why rookies should keep away. Even though it’s Mr. Fawkes’ personal opinion that we not necessarily share, his investigation shows that at least part of the crypto-community does. And this fact alone makes it worth the attention.

Exodus

Having funds stolen is sadly a typical complaint on Exodus. The story is usually the same: people say that they have lost the money from their Exodus wallet and they don’t know how it happened. Then, some very attentive support officer helps the user to conduct an “investigation.” But the result is usually the same: the user can kiss their money goodbye. But why does this happen?

When you have installed the wallet and launched it for the first time, it writes the seed phrase on the hard drive without encrypting it first. The seed file is pretty important since it contains the key that allows spending your assets. Since the seed file is only encrypted with the user’s password, the wallet will remain largely unprotected for a while after the first launch. Exodus probably uses this as a psychological trick to make new users stay with the wallet. The app waits until the first deposit and only then gives the user a chance to encrypt the wallet’s seed file with a password and store the backup.

Since the wallet file remains unencrypted for some time while the user “considers” using the wallet, malware on your PC can read the seed phrase in it. This is a huge security hole in the wallet because a hacker can theoretically access your wallet long before you send money there.

Another point of concern is the fact that Exodus uses closed-source code, which is generally not typical for the crypto-industry. Cypherpunks who love Bitcoin tend to check the code of the apps before storing coins in them. A closed-source app is a joke for the researcher. You cannot compile the binaries by yourself or study the code. The Exodus team’s explanation is that making closed-source crypto wallets is a business model to them, and their code needs protection.

There is also a high chance that Exodus stores seed files of all users on its servers. How else can it use the “E-mail Backup Feature” to restore the private keys from the Internet link pointing to Exodus servers?

Exodus’ e-mail backup setting

If so, the seed files again remain available for any hacker who manages to crack your wallet and e-mail. Since the wallet sends the recovery link to your mail, it looks convenient but is a fantastically large security hole. If a hacker obtains your wallet password, e-mail password, or both, they control your coins as well. Without taking the seed phrase off from the link itself or from the Exodus servers, the “backup feature” will not work.

So if you had a password like 54321 or terminathr999, it’s very easy to brute-force it, and take control over the coins. The official website, however, claims that the user should maintain password complexity. Meanwhile, the app itself gives no warnings that this exact password will be used to encrypt the wallet file containing private keys and then to send it over to some servers. Presumably, Microsoft AZURE ones.

We still don’t know the format in which Exodus servers store wallet files. Is it comfortable for hackers to brute-force them or not? What is the encryption method that the wallet itself uses? Some Reddit users are not happy about it.

Additionally, in 2018, Exodus twitted that they “generally do not recommend storing the seeds online.”

Hi Andreas! You're not forced to save the email backup link, it's fine to skip that part of the backup process if you wish. We generally don't recommend storing seed phrases (especially unencrypted) online. Keeping multiple copies offline in secure areas should help with that -KC

— Exodus (@exodus_io) September 24, 2018

So, in fact, Exodus wallet creators advised not to do the exact thing that their wallet has been presumably doing for more than 3 years.

The release v. 19.2.1 where e-mail backup feature was finally disabled doesn’t even mention this fact.

Atomic Wallet

The developers of the wallet seem to hide behind fake names, and their CEO, Konstantin Gladych, appears to have several different nicknames in the community.

So, what’s wrong with it? Atomic doesn’t seem to be affiliated with the Exodus wallet but has almost the same GUI as Exodus. The Atomic one didn’t even replace the logo situated in the upper left corner, just like in the Exodus. It looks like not only the graphic interface but also the layout of the buttons is at very least heavily inspired by Exodus.

The wallet is not open-source as well. It possibly shares the same mysterious closed-source business model with Exodus. Atomic justifies the closed code by preventing bootleg versions of the wallet from appearing.

Meanwhile, the developers of classic open-source Bitcoin wallets usually consider developing their own GUI. Nobody really wants to do their “bootleg” versions. On the contrary, it’s the closed-source Atomic that mysteriously resembles another closed-source wallet.

They also lie about the Telegram’s TON support on their main page. They have a featured image convincing visitors that the wallet supports TON blockchain.

Atomicwallet.io web page advertising Atomic TON Wallet

In fact, the wallet has no such support, which I have personally checked. You can check it too if you download it and run on a separate PC (since it’s a closed-source). This fact alone makes the wallet quite dubious.

Ledger Wallet (Hardware)

Leger uses its native app to operate, but it certainly has nothing to do with the Ledger Secure software and any other such app. Always check that you use proper apps when picking them from the Chrome app store or iOS/Android marketplaces. They do not really check what is published in their software stores, as exemplified by the MetaMask fake app story from February 2019.

☠️ Malware Chrome extension alert ☠️

If you have "Ledger Secure" installed – REMOVE IT.

The @ChromeExtension "Ledger Secure" contains malware that passes your seed phrase back to the extension's author.

This is *not* a @Ledger product.
Successfully used against @hackedzec ?

— WizardofAus ??⚡? [Jan3?] (@BTCSchellingPt) January 2, 2020

Also, there’s malware that can compromise the wallet into sending all the funds to the external address controlled by the hacker. There are three most interesting cases of the wallet’s breach.

The first trick uses a flaw in old firmware found by Sergey Lappo and highlighted by Twitter user Ruben Somsen.

2/4 @LappoSergey from @MyceliumCom found the bug, with some help from @LeoWandersleb. He quietly released a blog post detailing the bug, and it's VERY serious.

The Ledger can be fooled into sending away ALL funds from ALL your accounts, with NO warning from the device…?

— Ruben Somsen ⚡️??️2️⃣❎ (@SomsenRuben) February 27, 2019

“Change outputs would go into a different account depending on which address you pay to. As can be seen in this issue, that was a real problem on Trezor, less a problem on KeepKey but no problem at all on Ledger Blue and Ledger Nano S. The Ledger would simply accept that change was sent to the hardware wallet and thus did not ask the user about confirmation thereof. We were a bit surprised and decided to check which derivation paths would be accepted without warning the user, assuming there was some protection to prevent what this pull request claims to fix. But things went in much more interesting ways: The wallet did not care if the change went on a change address at all!”

DocDroid found a security hole in Ledger which allows the malware to force the wallet to display the hacker’s receiving address (on the Receiving tab) instead of your own.

Even worse, users have no way of knowing whether the wallet is giving the correct receiving address, so they’ll have to push an additional button to find out.

this cannot be solved in the absolute. A malware can always change what you see on your computer screen. The only solution is prevention and building an UX to make the user check on its device. On device verification feature has been added 6 month ago already

— Ledger (@Ledger) February 3, 2018

DocDroid informed the team about the bug a month before the general public. But the wallet’s team has decided to fix the bug by throwing it off to the crowds. Replying to buyers on Twitter, Ledger said that the issue “cannot be solved in the absolute.”

“Malware can always change what you see on your computer screen. The only solution is prevention and building a UX to make the user check on its device.”

DocDroid’s report additionally shows that Ledger software could be exploited and transformed by unprivileged malware. In other words, attackers can hack the system without using administrative rights.

“Ledger wallets generate the displayed receive address using JavaScript code running on the host machine. This means that malware can simply replace the code responsible for generating the receiving address with its address, causing all future deposits to be sent to the attacker.”

The third case was shown by standalone researcher Saleem Rashid. He demonstrated the attack vector where hackers break the Ledger Nano S and steal the coins that you own, acting both locally and remotely. Saleem’s blog post reads:

“The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element. An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.”

All in all, it looks like Ledger is not a good choice.

KeepKey (Hardware)

Kraken Security Labs found a way to extract seeds from a KeepKey cryptocurrency hardware wallet. All that is required is physical access to the wallet for about 15 minutes. Till the next big release, please refrain from buying the wallet. From the official post on the matter:

“This attack relies on voltage glitching to extract your encrypted seed, which can require specialized hardware and knowledge. We estimate that a consumer-friendly glitching device could be created for about $75.

“We then crack your encrypted seed, which is protected by your 1-9 digit PIN but is trivial to brute force. The attack takes advantage of inherent flaws within the microcontroller that is used in the KeepKey.

“This, unfortunately, means that it is difficult for the KeepKey team to do anything about this vulnerability without a hardware redesign.”

Even though the developers seem to be perfectly honest, you should postpone using the wallet until further announcement. Still, even if the wallet itself is faulty, its developers’ reputation is much better than in the cases above.

Coinomi

Coinomi used Google to check the seed phrases entered by the users.

One user claimed that the developers allowed the wallet to transfer his whole seed phrase plain text to Google servers. There, somebody from Google allegedly took the coins, and the user lost $70,000.

After the victim’s active posting on forums, Coinomi said they’ve fixed the “bug,” adding that the seeds were transferred in an encrypted way and weren’t used by Google. They did not provide any suggestions regarding the technical proofs presented by the user.

Ironically, Exodus has a “spell-check” enabled for seeds too. One can only wonder how many seeds both wallets could have dumped into Google servers.

Online Wallets and Exchanges

Holding assets on an exchange account is not recommended at all. An exchange may fail, it may be hacked, it may be seized by the government. But here’s another reason why you should never use an exchange as your online wallet. And online wallets per se as well.

Suppose you hold an asset on an exchange together with other people. One day, the developers plan a hard fork. However, this time a group of rebel miners promise to create a new “hard forked” asset from this hard fork.

In this case, you need to move that asset away from all exchanges or online wallets to a trusted PC wallet. If you won’t do it, then anyone having the access to your online account or its seed phrase could restore the coins if you had not done that yourself back in the fork days. Even if the original coins on that addresses/accounts were spent, the forked coins are still available on the corresponding blockchain via private keys.

The forked coins would appear not on exchange balances, but on the new blockchain with your old private keys attached to the new addresses and coins. And, as we all know, if you do not own the keys, you do not own the coins.

There are notable examples of this situation. For instance, Bitstamp still has not distributed Bitcoin Gold and Bitcoin SV among its clients after both forks.

There’s also a user who claims that Bitstamp stole his money with a 50% additional profit.

Interestingly, Bitstamp “took a snapshot” of all the user balances during both forks, but said they will decide where the coins will reside. In any case, why would you take a snapshot of all the balances if you don’t plan to support the coins?

Bound by the User Agreement and the Terms of Use, the affected traders cannot go and complain to the law enforcement, because they “agreed” on any of the Bitstamp’s moves.

So, once again: if you keep your coins at an exchange or online wallet, you don’t own them. The exchange and the online wallet own them on your behalf.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter

Tags: cryptocurrencies, security, wallets