search

cake-tech / cake_wallet

The open source repository for Cake Wallet, a noncustodial multi-currency wallet, and Monero.com, a noncustodial Monero-only wallet. Need help? Check out https://guides.cakewallet.com
https://cakewallet.com
MIT License
686 stars 184 forks source link

[Question] Are wallet seeds stored encrypted? #331

Closed VampireSilence closed 2 years ago

VampireSilence commented 2 years ago

Just a quick question, i guess the subject says it all. The question came up because of a virus on my phone.

juanpc2018 commented 2 years ago

hackers use different method of stealing seeds / private keys.

for example: Monerujo XMR wallet, has the most strong encryption method, keys are combined with hardware id when stored. even if hackers steal the keys, cannot decode, because hardware id keys dont match...

BUT.... that makes hackers more aggressive, for example: they hacked all github servers last year, and replaced the .apk of monerujo with a malicious code that decrypts the keys inside each phone as txt, but only does a few months later, so the attack goes unnoticed., phone sends private keys as login and password to the sync servers, hackers had servers listening the passwords...

but failed, because didnt had enough servers around the world to lower ping

Conclusion:

1. if you connect to unknown servers you increase your risk. "hackers can know how much you have..."

you are easy to phish.

2. phone wallets are just that,

wallets, Not bank vault safe deposit boxes.

you don´t put all your money in a mobile wallet. also don´t put all your money in a online centralized virtual vault that can be hacked, because they know where it is.... see bitfinex hack.

private keys, can be secured off-line, there are many different methods... analog & digital. No matter how good the hacker is, cannot have access. unless you get drunk in a party and scream how much coins you have.

SamsungGalaxyPlayer commented 2 years ago

Thank you for your question. Yes.