Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Merits 1 from 1 user
Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20
by
eXch.cc
on 14/11/2023, 18:37:12 UTC
⭐ Merited by Z-tight (1)
Quote from: Z-tight on Today at 10:57:02 AM
Your detailed response is great, as usual. I just wanted to point out that Trust Wallet is no longer open source, but closed source, and they have been closed source for a long time now. Their Github repositories are archived, and they have not be updated in years:

[1] https://trustwallet.medium.com/why-open-sourcing-android-app-could-be-a-harm-to-the-crypto-community-fb3ae1707dc6
[2] https://github.com/trustwallet/trust-wallet-ios
[3] https://github.com/trustwallet/trust-wallet-android-source


Good to know. Last time I visited their official website it was mentioning they were *fully open-source* but this wording was removed from their site recently it seems, however I wasn't up-to-date on this since I don't personally use such wallets.

Them stopping being open-source adds even more weight to my previous words about bad coding practices in Trust Wallet. I've mentioned Trust Wallet in a negative context because we were recently called to assist some investigation of a user who *trusted* that wallet and got their funds drained in the way that even a notorious security firm who investigated their case wasn't able to tell how exactly the private key was leaked. We have pointed out that they shouldn've used that wallet in a first place because it has a bad track history of its security, exposing users to funds drain.

Here is some quote from our response sent to them in regards to Trust Wallet:

Quote from: eXch

[..]

I would argue you weren't following the best security practices in this case, considering the wallet you are/were using has a history of critical security incidents in the past:

https://hacked.slowmist.io/?c=Wallet (search for "Trust" on this page)

https://www.archyde.com/trust-wallets-private-key-vulnerability-has-been-hacked-170000-mg-official-victims-will-be-compensated/

https://cointelegraph.com/news/trust-wallet-to-reimburse-users-after-170-000-security-incident

Normally, it's best to change your wallet provider immediately in a such event, to avoid any further incidents of a software with such bad security practices, because the team behind that wallet has proven they couldn't provide adequate security to their users.

[...]


And of course the funds trace was lost right after it reached eXch.


Quote from: Randomxuser444 on Today at 12:56:23 AM
Ironically, I learnt about eXCH from a reply on that tweet indicate that eXCH is been using to launder money (https://nitter.cz/fsvltt/status/1723786963247824975#m)

This is surprising, indeed Good to know.