[HN Gopher] Exodus Bitcoin Wallet: $490k swindle
___________________________________________________________________
Exodus Bitcoin Wallet: $490k swindle
Author : flexiondotorg
Score : 74 points
Date : 2024-02-20 20:41 UTC (2 hours ago)
(HTM) web link (popey.com)
(TXT) w3m dump (popey.com)
| ceejayoz wrote:
| A rather hilariously appropriate app name.
| redder23 wrote:
| Even the real version is the app is a software wallet right? If
| you have almost 500k in BTC and do not have it on a hardware
| wallet and use their official software for it, I have to say it's
| at least partially on you if you lose it.
| ramijames wrote:
| It wouldn't matter. If your seed phrase is exposed, you lose
| all funds.
| reisse wrote:
| Bitcoin "wallet" is just a pair of public and private keys.
| Honest question - what is the difference between a "hardware
| wallet" and a thumbdrive with the keys on it, except for the
| price tag?
| jstanley wrote:
| When you plug a hardware wallet into a computer it can't get
| the keys off the wallet. It can only ask the hardware wallet
| to sign a transaction, and the hardware wallet asks the user
| to confirm.
|
| When you plug a thumbdrive with keys on it into a computer
| the computer can just take the keys.
|
| It's the same as the difference between a YubiKey and a
| thumbdrive with GPG keys on it.
| lightweb wrote:
| Bitcoin wallets are collections of private keys and
| corresponding public keys. They may or may not also be linked
| together hierarchically using ECDSA math, and possibly
| encrypted as well.
| ravenstine wrote:
| If it's being used as a "savings account", there really isn't
| a meaningful difference, although it can be superior because
| a hardware wallet is more likely to be targeted for an
| exploit than some rando thumb drive that no one knows the
| location of or knows exists. This goes against everything
| that r/bitcoin would say, but lots of those users are similar
| to those infosec guys who consider all electronics
| "unacceptably compromised" while completely ignoring the
| actual risk level in reality and accepting certain tradeoffs.
|
| A hardware wallet can make sense for "checking" purposes, but
| if you're only moving around small amounts of money
| occasionally, then you have to ask yourself whether one is
| worth using over a wallet app on your phone when the latter
| is more convenient.
| popey wrote:
| Indeed, the victim, in this case, did mention on the linked
| 4chan thread that they realised their mistake. While we only
| see a small part of their world through text communication on
| forums, I suspect they're kicking themselves in the real world.
|
| Or perhaps not, and they have a ton of other wallets full to
| the brim with crypto-nonsense.
| renewiltord wrote:
| Well, that's really unfortunate. I would never just go download a
| random crypto app, not even from the Apple App Store. But the
| "Safe" marker is a massive UI risk. It makes me think it was
| signed and verified in some way.
| edent wrote:
| What I don't get about the Snap store is why there's no verified
| link back to a website?
|
| If you have the technical ability to create an app, you probably
| have the ability to upload something to /.well-known/ or to add a
| DNS TXT record.
|
| That way the Snap store could say "This app came from this
| website."
|
| OK, it doesn't help if someone goes to the trouble of registering
| a homograph address, but it would at least give normal users a
| chance to check out who the author is.
|
| That seems to be how Flathub works. It shows a verified domain,
| or prominently says that it is a community released app.
| popey wrote:
| Back in the day, we had long internal conversations about doing
| verification 'properly' with government-issued IDs, third-party
| verification agencies and the like. But that never amounted to
| anything, sadly.
|
| They might consider it further if the store got to a decent
| scale (like the contemporaries like iOS, Play and Microsoft).
| But with "only" 6K applications published, and the money canon
| being pointed in other directions, I can't see it happening any
| time soon.
| KomoD wrote:
| This assumes the user would actually pay attention to that.
| (spoiler: they won't)
|
| > OK, it doesn't help if someone goes to the trouble of
| registering a homograph address
|
| Doesn't even have to be homograph, it can just be something
| that has "exodus" in it (coming back to users not paying
| attention, this would work, and is also the reason phishing and
| other fake sites work), if "exodus-wallet.com" was verified
| then many people would still fall for it.
|
| The entire thing would've been avoided if users paid attention
| and going to the official website instead of blindly trusting
| the Snap Store (and following VERY common advice, such as don't
| enter your secret phrase or password anywhere)
| __MatrixMan__ wrote:
| DNS isn't quite as adversary resistant as the crypto space
| likes to have things.
|
| I'm not sure what Bitcoiner's preference would be exactly, but
| I'm sure they've got something involving signed wallet hashes
| published on the chain.
|
| The hard part, as with anywhere else, is getting users to check
| it.
| bagels wrote:
| How would someone know what the right url to expect would be in
| this case? It's just moving the trust problem elsewhere.
| ndiddy wrote:
| I suppose the problem is that Canonical wants to make the Snap
| store the default place for users to get GUI programs, so
| they've been willing to take the risk of letting random
| community members maintain Snaps of popular software so the
| store looks more active.
| Atotalnoob wrote:
| Off topic, but I wish /.well-known/ was used more often.
|
| Right now, the only real usage for apis is in oauth2.
|
| There are dozens of tiny use cases we could use a standard uri
| for ease of use in corporate environments...
|
| .well-known/documentation - redirects to the docs
|
| .well-known/health - health check
|
| .well-known/specificiation - api contracts
|
| Etc...
| jstanley wrote:
| One point I would make:
|
| > it connects to some API at https://www.exchangerate-api.com/
|
| This is not necessarily right. The exchangerate-api.com site is
| hosted behind Cloudflare, so I don't know where it's actually
| hosted, but the IP addresses shown in bandwhich could be
| unrelated.
|
| You also said:
|
| > Visiting one of those IPs redirects to
| https://www.exchangerate-api.com/
|
| It is common for malicious sites to redirect to legitimate sites
| to help evade detection, so it is possible that exchangerate-
| api.com is an unrelated and legitimate site.
| popey wrote:
| Sure, there was a bit of guesswork on my part. I could analyse
| the traffic in more detail, but when I wrote this all up, it
| was Sunday evening, and I wanted to do the minimum analysis to
| get a response to the unlucky rube.
|
| I still have the snap, and could test further, but I suspect
| the endpoint linode boxes will disappear and popup somewhere
| else sometime.
| jstanley wrote:
| What I mean was your wording implied that exchangerate-
| api.com was somehow implicated, but in my opinion that is too
| much of a leap to make.
|
| The only thing implicating that site is a redirect that you
| got from a site that you know you don't trust.
| popey wrote:
| Yes, I understood your point.
| codetrotter wrote:
| This is scary and even a hardware wallet might not help.
|
| When I create a transaction with Electrum on my computer, I use a
| hardware wallet to sign the transaction. When I sign the
| transaction, the hardware wallet shows the amounts, and the
| output addresses.
|
| But if my copy of Electrum was backdoored and smart about what it
| did, it could use an output address for the remaining amount that
| went to another wallet. And since I and most people mainly check
| the address we are sending to but don't pay close attention to
| the change address, we could end up having our funds stolen that
| way.
|
| I've been thinking about moving to a multisig setup instead, that
| would have multiple computers independently used for checking and
| signing the transactions.
|
| So far I've been putting it off because a single wallet and being
| diligent about checking the output address that you send to
| seemed sufficient. But now I think moving to a multisig setup is
| something me and more people should do sooner rather than later.
| woah wrote:
| So many of these exploits boil down to "hardware wallets not
| providing enough/the right information".
|
| The screen is tiny, and protocol devs don't usually put a lot
| of thought into making stuff easily human readable. Ideally a
| transaction can be fully understood and verified from the
| hardware wallet but we still have a ways to go.
| popol12 wrote:
| No, you're wrong. The issue you're describing can't be
| exploited on Ledger devices at least. (Source: I'm a
| contributor to their bitcoin transaction parsing code) Their
| hardware wallet checks if the provided change output's address
| is actually owned by the device owner:
|
| - if it does, then the change output is simply hidden from the
| user validation flow
|
| - if it doesn't it will appear as a second bitcoin transfer to
| approve, which require a second physical approval on the
| device. this is highly unusual and should trigger the user's
| suspicion.
|
| I can't say for other vendors but this is pretty standard
| security practice I'm sure, hardware wallets are fighting
| against attacks that are way more elaborate than this one.
| stouset wrote:
| Reading this, it is bonkers to me that people think
| cryptocurrencies are ready or appropriate for mainstream use,
| either as a currency or as an investment.
|
| Line could go up, but if you aren't _extremely_ careful with
| processes that most people don't and won't comprehend--and
| don't even realize are something you need to do--you can just
| straight up lose everything.
| RobertRies wrote:
| The claim is that some day innovations, and checks, and some
| other technologies will fix this and do all of this
| automatically, somehow.
|
| That's why it's still early days.
| ipython wrote:
| Early days... 15 years later. To quote spaceballs, When
| exactly will "then" be "now"?
| GauntletWizard wrote:
| The history of finance is as long as recorded history,
| perhaps the reason for it[1]. That said, these kinds of
| crazes[2] are almost as old.
|
| [1]https://en.wikipedia.org/wiki/Complaint_tablet_to_Ea-n
| %C4%81... [2]https://en.wikipedia.org/wiki/Tulip_mania
| legutierr wrote:
| In 1980 packet switching had existed for 20 years
| already. The public Internet wouldn't emerge for more
| than a decade after that--and it would take yet another
| 20 years for the true power of packet-switched networks
| to be realized, in the form of mobile Internet.
|
| In 2000 neural networks had existed for more than 50
| years. More than 20 years later their full potential is
| finally being realized, and many would say it is still
| early days.
|
| It's naive to think that you can predict the future
| course of a technology simply based on the fact that it
| has already existed for a certain amount of time.
| mplewis wrote:
| How long will it take before cryptocurrency finds a use
| case that isn't illegal activity? When do you think it
| will happen?
| kikokikokiko wrote:
| So, some day a parallel financial system will be developed
| that caters to the bitcoin ecosystem, and then finally
| every average senior citizen will be able to keep a bitcoin
| savings account and be able to have transactions rolled
| back in case of fraud etc... so we reinvented banks, and in
| the end it wasn't your money, again? Crypto cultists are
| laughable.
| Scoundreller wrote:
| > if my copy of Electrum was backdoored
|
| While it's not foolproof, it's a good reason to compile things
| yourself from source instead of using the binaries. Unless
| someone trusted is validating build reproducibility, but that
| isn't as common as we'd all like.
|
| Some 4y old discussion of how some OSs for electrum are built
| reproducibly:
| https://old.reddit.com/r/Bitcoin/comments/dcz0my/what_is_not...
| t_mann wrote:
| Assuming the hardware wallet is safe, and that you indeed check
| all the recipient addresses and make no mistakes there, I don't
| see how the software should be able to fool you, though? I
| would assume that the hardware wallet is built to never leak
| your private key, at least not when signing a transaction, and
| the signature that it produces would always be for the exact
| transaction (recipient, amount, data,...) that you checked
| (since we assume the hardware wallet to be safe). Can you
| explain?
| zepton wrote:
| Ledger fixed that exact issue in 2019:
| https://sergeylappo.github.io/posts/ledger-hack/
| hsbauauvhabzb wrote:
| ' I'm writing this in the hope Canonical will fix its processes
| so reputation-damaging events like this don't keep happening.'
|
| That is such a poor attitude. Instead maybe hope that canonical
| may fix the lax vetting and security of their store, but to care
| directly about their reputation and not the user who was scammed
| due to their weak practices goes hand in hand with everything
| else I've seen from snap.
| popey wrote:
| Maybe I could have worded that sentence better. Thanks for the
| feedback. It wasn't intended the way you took it. But I
| appreciate you mentioning it anyway.
| neilv wrote:
| > _They likely saw a button like this in the "App Centre", which
| gave them some confidence in the application. [...] Furthermore
| the title of the Snapcraft web frontend says "Snaps are
| containerised software packages that are simple to create and
| install. They auto-update and are safe to run."_
|
| Sounds like assurances made by UX and Marketing, which
| engineering might've been able to tell them they can't make.
|
| If it ends up costing them $490K plus legal fees, that's still a
| relatively inexpensive way to learn this lesson.
| ElijahLynn wrote:
| However, the app is already installed on many other devices,
| and likely affected many others too.
| shuntress wrote:
| If only there were some kind of system or network of long-
| standing institutions with a deep commitment to paper-trails and
| accountability that was overseen by some kind of community-
| managed regulation to control this type of thing.
| lyu07282 wrote:
| The takeaway is to avoid using Snap. In case you needed another
| reason to.
| gjsman-1000 wrote:
| I'm still not exactly sure, to be honest, why Snap exists.
|
| The desktop on Linux has gone Flatpak.
|
| If I'm running a server, why the heck would I trust Snap, a
| platform that until recently didn't even let me control updates,
| over Docker? If something goes wrong, who do I call? If I need a
| custom storage arrangement, who do I call? If I need a custom
| network arrangement, who do I call? If I need to scale up, who do
| I call? Why would I subject myself to this?
|
| Is it IoT? Maybe it has a market there - but why doesn't it focus
| on being the best it can be, solely for that market, then?
|
| One more note: Snap even allowing unapproved repackaging of apps
| was, in my opinion, a very bad idea in the first place. Case in
| point: Even the Snap homepage is advertising a community
| repackage of a password manager ("NordPass" - developer not
| verified). Why the heck should Snap be proud of that?
|
| (Edit: Apparently NordPass's website does point to it - but the
| developer remains unverified. What's the point of
| verification...)
| codedokode wrote:
| Canonical should not have displayed a "safe" icon at scam app
| page. The proper text should be something like "Not verified.
| Review the code and check the publisher before using the app.".
|
| The same should be at Google Play and Apple Store. Scam apps and
| sanctioned apps are regularly passing through reviews.
| nntwozz wrote:
| On a tangent, my neighbor came to me about a month ago and asked
| if I was a "hacker"?
|
| He's around 75 and has known me for maybe 20 years, we're not
| close friends but we run into each other every now and then and
| he knows I work with IT; I'm about half his age.
|
| Long story short, I find out he needs help to retrieve his
| bitcoin wallet because he's lost $300k. I spend an hour looking
| around his devices and find out he's been buying bitcoin from a
| young hip instagram lady in Florida.
|
| Wait for it...
|
| ...they shared access to the wallet.
|
| He had a chat log stretching back one year on whatsapp with her,
| he was now paying her smaller sums to cover the cost for some
| "hacker" to retrieve his wallet.
|
| -\\_(tsu)_/-
| Pxtl wrote:
| Reminds me of this old Xkcd:
|
| https://xkcd.com/1200/
|
| when they said that these Snap packages were "safe" they probably
| meant from a "linux is secure" and "properly sandboxed" meaning,
| not "we've verified that this person isn't trying to scam you".
___________________________________________________________________
(page generated 2024-02-20 23:00 UTC)