top of page
Writer's pictureThe DigitalBank Vault

Crypto Hacking Alert : Fake wallets


Another cool option you have to answer how to hack Bitcoin wallets, this one gives you a more sophisticated way of achieving your goal. It also needs you to do some work on your part as these fake wallets are simply the apps which resemble genuine wallets but are meant to steal the Bitcoins away.


These apps typically use official logos and everything else of existing Bitcoin wallets for tricking the users and stealing the Bitcoins away. These fake wallets are a routine thing both on Apple and Android App Stores.


WASABI LEAD DEVELOPER EXPOSES FAKE WEBSITE

According to Wasabi developer nopara73 (the only confirmed identity he has), the site is only trying to assault Windows users. Only the Windows version of the wallet is actually non-legitimate. The rest of the download links on the site direct to Wasabi’s actual Github repository.


The first malware that pretends to be Wasabi: https://t.co/08VrjnrVsr


Notice only the Windows download link points to their own website, the rest is to our GitHub? pic.twitter.com/t7jKViESZ2


— nopara73 (@nopara73) March 21, 2019


An insecure or compromised Bitcoin wallet can cost someone thousands of dollars. Wasabi is not the first wallet to have a pretender emerge. Fake Electrum wallets have come out in the past, but the community is pretty quick to warn people.


PERHAPS THE ONLY DRAWBACK OF OPEN SOURCE SOFTWARE: ANYONE CAN REDISTRIBUTE

The nature of open source software is that anyone can create a clone and change it anyway they want. This is actually the intended effect. The terms of the GNU Public License, however, make it illegal to release a product of the same name.


Therefore, if an open source developer is able to identify someone who does this, they have an enforceable licensing agreement to sue based upon. Unfortunately, open source license based lawsuits are rare.


Nevertheless, open code is viewed as more secure. Vulnerabilities are found quickest when the widest number of people are able to look for them.


Wasabi wallet has grown in popularity. The official website for it is wasabiwallet.io. Wasabi implements native “coin joining,” a strategy to Bitcoin wallets. It is one of the first wallets to do this natively in Bitcoin. The concept is not unlike the privacy features implemented by Evan Duffield into DarkCoin, which later became Dash. According to the Wasabi website, the platform works best when a lot of people are using it.


WASABI IS POPULAR FOR ITS PRIVACY

An in-depth explanation of how Wasabi implements privacy can be found here.


Despite the transparency of the Bitcoin network, it’s difficult to know the actual distribution of wallet usage. Many wallets use a backend like bitcoind or connect remotely to a node, as is the case with most mobile wallets. However, Wasabi is reportedly one of the most popular wallets in Iran, a country where using cryptocurrency is technically illegal although the country launched its own blockchain.


A fake version of a reliable Bitcoin wallet is a serious financial risk, especially if someone is switching wallets and inadvertently imports an existing private key. The effect can be devastating and quick. Fortunately, the news of this fake Wasabi site has spread pretty quickly. It’s unlikely to be the last. The Internet, for all its safeguards and policing, remains very much the wild west.


If it turns out that the false Windows version of the wallet isn’t stealing coins, it could be something much worse: an attempt to de-anonymize Wasabi users.


Open source software has a history of being infected with malware or adware and redistributed.


The DigitalBank Crypto Vault : The World's Most Secure Crypto Storage Solution 

Impenetrable Crypto Wallet : private keys never stored , anywhere , at any given time  . The Private Key (PK) is safely generated by you , known only to you , and can be accessed only by you .  

The Device generating the PK, is not storing at any given time the PK generated . It is generated by you , on the spot , with a passphrase , when needed , for just a few milliseconds , just to sign in the transaction and then disappear permanently from the device .  


13 views0 comments

Comments


bottom of page