Is there malware that can grab your recovery seed when you show or type it?

19 replies 51 views
yield_forkFull Member
Posts: 162 · Reputation: 728
#1Oct 18, 2023, 09:24 AM
So when you set up a wallet, you're usually given a mnemonic code that lets you restore your wallet if you need to import it somewhere else. The big issue is, anyone who gets their hands on those initial words can access everything in your wallet linked to that recovery seed. Just think about it what if there’s a Trojan on your computer or phone that’s designed to find recovery seeds, WIF private keys, extended private keys, or any sensitive info that can give full or partial access to your funds in a deterministic wallet? How can we trust that these things aren’t watching your clipboard or logging what you type when you randomly input those 12 to 24 words? Maybe there's a screenlogger that captures a screenshot when it spots a seed on your screen and sends it straight to the attacker's server. We know this kind of stuff can be made. I’ve always kept this in mind when creating my wallets, and yeah I know you’re probably gonna say that a hardware wallet is the best option I get that too. We’re aware that clipboard hijacking is a real thing. If anyone has reports or proof of any malware related to this, throw them in here so we can keep everyone informed and protect our funds as best as we can. Check out what the dev of the airbitz wallet (now Edge) has said about mnemonics and how he believes it’s not a secure backup method. I’m with him on this one. While mnemonics do make things a lot easier, they can leave you wide open to theft if there’s malware that captures those phrases or checks your clipboard when you copy them.
6 Reply Quote Share
anonSenior Member
Posts: 259 · Reputation: 1557
#2Oct 18, 2023, 12:01 PM
Well, I really dont know about that but it seems you are making us aware of clipboard virus or Trojans and I know very well that most people on this forum are ware of such so what then are you trying to relate through this thread?. As a Bitcoiner, the security of your funds should be your max priority since you don't depend on third parties on storing them.for long these clipboard virus, malwares, Trojans have been a thing in the crypto space and so many investors had lost their funds to such. Once they find a way into your device, you might not be aware since these scammers designs them in a way to remain completely under detectable for a normal person who knows nothing about them or his security. They are designed to steal your password, monitor your transactions and your activities unknownly and gradually they key into your personal life until they finally get you reaped. Well, it  depends on how well you store either of them. storing wallet files encrypted on an external drive provides a layer of security, but it may still be susceptible to potential risks such as drive failure, loss, or unauthorized access if the encryption passphrase is compromised. Mnemonic phrases, if stored securely, offer a more resilient and versatile backup solution for cryptocurrency wallets. But just as I said before, the security of your seed phrase or wallet dat files purely depend on how well your store either of them.
3 Reply Quote Share
fullnodeSenior Member
Posts: 222 · Reputation: 1515
#3Oct 20, 2023, 04:19 PM
Exposing our private keys to malicious software like keyloggers and screen capture malware is a valid concern. Whenever I create a new wallet on my computer I will disconnect it from the internet so no data can be sent out in that moment. I will carefully write the mnemonic on a piece of paper instead of copying it to the clipboard and saving it to a text document. If you need to verify your seed phrase it is best to use the autocomplete feature if it is supported by your wallet instead of typing the entire words. Whatever precautions you take, there will always be a higher level of vulnerability when using a software wallet which stores your private keys on an internet connected device. You should keep a majority of your funds in a hardware wallet or another form of cold storage like an air-gapped device with Electrum.
4 Reply Quote Share
im_apeHero Member
Posts: 629 · Reputation: 3824
#4Oct 20, 2023, 06:33 PM
That is why the concept of air gap system exists and we always recommend it in Bitcoin world to those who want to create a wallet with the term Cold Storage. By being on a clean system that has no connection to outside world, you eliminate "contamination" risk where for example a malware could access and steal your seed phrase. The same rules apply here too, if your system can be infected by a malware, that malware can also access the wallet file (encrypted or not) and steal the secrets inside it too. Additionally the flaw in using the wallet file as your only backup (aka digital storage) is that in this type of storage the data can be lost for different reasons, from physical/electrical damage to the device it is stored on (eg. a USB disk) to data decay. This makes digital storage bad for long term storage.
4 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#5Oct 20, 2023, 10:21 PM
By avoiding malware completely. Example is the use of a cold wallet like wallet on airgapped device that pooya87 has already talked about. If the wallet remains on the airgapped device and the airgapped device remain airgapped, no malware can be able to steal from such wallet. Due to privacy reasons, and the safety of wallet on airgapped device which is equivalent to hardware wallet, I will recommend airgapped device. What that is needed is for the person that wants to use it is to learn about it. It is the best for someone that wants to hold just bitcoin and no altcoin. He is wrong. Seed phrase are secure because no one can steal your coins unless the seed phrase or part of the seed phrase is seen. If you are concerned about possible offline attack, you can use passphrase to extend the word. If the passphrase is lost, just like the seed phrase, the coins will be lost.
4 Reply Quote Share
gwei_minerSenior Member
Posts: 197 · Reputation: 966
#6Oct 21, 2023, 12:25 AM
It all boils down to the same thing "do not backup your wallet seed phrases online".[1] it's never an option to backup whatsoever that has to do with your wallet security online no matter how you have been assured security it's always risky knowing fully well that as days goes by that is the stronger hackers develop their traps. [2] Using an airgapped devices [3] reduces every chance of your wallet getting hijacked by any hacker, air gap here mean not have connections to the outside world. to maintain this one could disable every connectivity of the devices to prevent virus attacks. What gives better security is always any offline events, if you back up your seed phrases offline like using the crypto steel [4] type of backup you have more security than back up your recovery seed phrases online even with encryption. [1] https://www.reddit.com/r/ledgerwallet/comments/16qxdfh/curiosity_do_not_store_your_seed_phrase_online_on/ [2] https://www.graphus.ai/blog/hackers-are-constantly-evolving-their-attack-strategies-are-your-security-tools-keeping-up/ [3] https://electrum.readthedocs.io/en/latest/coldstorage.html [4] https://bitcointalk.org/index.php?topic=5278839.msg55281477#msg55281477
3 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#7Oct 22, 2023, 05:33 PM
Even using something similar to encryption which is word extension can make the backup very secure and no need to depend on encryption. Also as the wallet is on airgapped computer, alternative backup like encrypting the seed phrase or the wallet file on a new and yet formated USB stick is also an option. There are 100% ways to security and safety if you wish for one as long as it is bitcoin.
1 Reply Quote Share
CalmNonceMember
Posts: 25 · Reputation: 204
#8Oct 23, 2023, 04:24 PM
You won't believe it, but there are things like this, some are called "keyloggers". Don't ask how I know about it, it was a very expensive and painful experience for me. All this is fine, but for an ordinary user, it is too much work and additional devices. There is always an additional risk of losing a file or deleting files on the USB flash drive... Some of the hardware wallets should always be the first recommendation.
3 Reply Quote Share
davealphaSenior Member
Posts: 257 · Reputation: 975
#9Oct 23, 2023, 10:25 PM
There is any sort of malware out there, there are also hardware backdoors, even sounds from your hard disk drive can be used to steal a PC's data. Everything depends on who you are, what you do and where you do. If you want to feel secure, you have to use an air-gapped device because what can malware do if your computer has no access to the Internet? You generate seeds or keys and never connect your computer to the internet, malware doesn't affect you. By the way, my opinion is that if you bought a clean computer, didn't download pirate games and softwares, didn't visit any infected website (i.e. only visit youtube, google and similar websites), your seeds or keys won't be compromised but I suggest this if you want to have a hot wallet, for cold wallet, you definitely need an air-gapped computer or air-gapped hardware wallet.
4 Reply Quote Share
john.cobraHero Member
Posts: 408 · Reputation: 2145
#10Oct 25, 2023, 11:23 AM
If your computer/smartphone is infected with some malware/virus, sometimes there are signs that can point to it, such as increased consumption of RAM or processor, opening of programs that you did not start, redirection to random pages in the browser... However, the only way to be sure that you really have a problem is the hard way, which means that you create a wallet, send some BTC to it and you are left without everything. However, there is a difference in whether the malware is programmed to automatically steal every small amount that appears in your wallet, or whether the hacker will monitor your balance and empty your wallet only when a larger value is stored in it. HWs are definitely a higher level of protection, although we can discuss their security protocols and shortcomings here - but also emphasize that even such devices are not immune to human carelessness and stupidity. The most common way for people to be "hacked" while using HW is to be fooled by clipboard malware or to fall for the cheap trick of fake support that asks them to enter their seed in something that looks like the original interface. If someone cannot afford a hardware wallet or make an airgapped wallet from an old computer, then the best way to avoid exposure to online dangers is to stay away from all those things that are risky, which means no porn sites, downloading torrents and clicking on any suspicious links. Also, forget about inserting USB sticks and portable HDDs that come from external sources (friends, family members) because they can be infected even without their knowledge. Also, turn off Bluetooth when you are not using it, and protect your wireless home network well and do not connect to any public networks.
3 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#11Oct 25, 2023, 01:30 PM
If you are concerned on screen recording malware during seed generation and keyloggers during seed recovery, then create an airgapped device. I really don't see how seed phrases are less secure on an Internet connected device. Less comparably to what? A Bitcoin Core wallet file? A malware affected device can compromise Bitcoin Core itself. That is unnecessarily complicated. Just back the seed phrase up in a piece of paper, or if secured for the long term, use washers. Encrypting the seed phrase just adds an additional private key that you need to be aware of.
4 Reply Quote Share
HumbleBullFull Member
Posts: 54 · Reputation: 378
#12Oct 25, 2023, 04:34 PM
The best option from my point of view is to use Linux, that's the secure way to deal with sensitive data and to avoid paranoia. The main problem with security on Windows is that anyone can install a program or software without asking, but that doesn't happen in Lunix, it always asks you for root access to install software, which makes us feel more secure with our OS.
3 Reply Quote Share
yield_forkFull Member
Posts: 162 · Reputation: 728
#13Oct 25, 2023, 08:24 PM
Is encrypting mnemonic codes with aes-256-cbc or any sensitive data still safe, using Linux? A few years ago I used to do this, but stopped, 'cause using bip39 passphrase made more sense.
1 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#14Oct 25, 2023, 08:36 PM
Why would you want to do that? They are meant to be written on paper. Storing them on a computer, even encrypted, is almost certainly asking for trouble since the mnemonic has to be decided at some point.
0 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#15Oct 26, 2023, 01:37 AM
"Safe"? Yes. "Safer than simply writing down on paper"? No. AES-256 is pretty strong, but it provides no single benefit. It's obviously safer than storing the seed phrase in plain text on a hard drive, but you shouldn't be storing the seed phrase anywhere digitally in the first place. It's also more complex, and complexity is the enemy of security. Forget the mnemonic. You still have to store the AES-256 private key somewhere in plain text. It's just like the standard method of writing down the phrase but with extra steps.
2 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#16Oct 26, 2023, 05:35 AM
Yes. Although in this case, you better ensure your device is secure. If malware exist on your device, your mnemonic would be compromised when you create new wallet or perform encryption over plain text/file. Or remember password used for AES-256 encryption. And yes, i'm aware the password is hashed into 256-bit data which used as encryption key.
3 Reply Quote Share
yield_forkFull Member
Posts: 162 · Reputation: 728
#17Oct 26, 2023, 11:29 AM
Of course, at the moment I don't see the need to encrypt mnemonics with AES-256-CBC, but some wallets export backups in this standard like the Bitcoin Wallet for Android (Schildbach), which I think would be good if other wallets provided this backup option encrypted.
1 Reply Quote Share
Posts: 11 · Reputation: 183
#18Oct 26, 2023, 12:40 PM
I would use a cheap new laptop, install only the software needed for Bitcoin transactions from a USB Stick or so and connect it to the internet when really needed to perform transactions. Means NO surfing or installing something else. That should keep your exposure very limited to catch any kind of malware......
4 Reply Quote Share
the_matrixSenior Member
Posts: 313 · Reputation: 1887
#19Oct 26, 2023, 06:47 PM
Take note that if you want an airgapped wallet, it has to be completely disconnected from the internet, connecting it 'occasionally' to the internet means it is no longer an airgapped wallet and your wallet can be compromised in that way. After setting up your airgapped wallet, you would need a complementary online watch only wallet for creating and broadcasting tx's, all your airgapped wallet does is sign tx's, which you would do offline.
4 Reply Quote Share
Posts: 11 · Reputation: 183
#20Oct 27, 2023, 12:00 AM
Thanks , I see your point.... If I get it right, you need to move data like signing tx to an internet connected device to pass it on to the Blockchain. To avoid any kind of infection here I think the best option is to use a CD writer on the airgapped laptop, to write the data to a CD and then read the CD on the internet connected device.  If you use a USB Stick, you run the risk that the USB Stick is infected and affects your air gapped device when plugging it in there....A blank CD is likely more safe....
4 Reply Quote Share

Related topics