tl;dr: A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time, and if nothing changes, it likely won’t be the last.
Dang
reply
Wow. Your distro's package manager is supposed to be fairly trustworthy. That's real bad.
reply
No one should use shitcoin wallets like Exodus.
No one should download wallets from any source besides the devs repository (GitHub/GitLab).
No one should input their seedphrase on a internet conected device, specially a computer.
He got what he deserve.
reply
No, people don't deserve to lose their life savings for acting rationally, using the recommended method of installing apps in their OS. Get off your high horse. This is an obvious failure on Canonical's part.
reply
I think we miss the main point when we start talking about what they deserve.
Canonical should not state apps are safe. Users should not do all of the things that Juan says but that could be ignorance.
Bottom line, a hard lesson was learned. When you trust others, you are depending on them. That is risky. Canonical should either do a much better job vetting apps or remove this safe language. False security is VERY dangerous.
reply
Put another way. I personally feel bad for this person. I'm not saying others should. I don't care if Juan believes this person deserves this. Point is this person made some choices that resulted in losing 9 BTC. These are choices that most stackers would not make. If they asked me I would have told them pretty much what Juan writes. People have a false sense of security in general. It would be nice if you could trust package managers for bitcoin but really you can't.
None of that excuses Canonical. I wasn't using snaps and I never will.
Stuff like this scares the average non-technical person away from self custody. I hesitate to blame the user because Canonical is presenting a false sense of security. I think all these app stores are doing that. Other side of this is that once again bitcoin will force companies to do a better job with security.
reply
33 sats \ 2 replies \ @Fabs 21 Feb
Man, I'm pretty darn sure that I've did the deed "according to the books", but I still find myself paranoid at times, then again: if there'd be a loophole, they would've drained my wallet already.
reply
I know what you mean.
reply
Thanks.
reply
Bro, it's entirely the user's fault. He's holding 9 Bitcoins yet using a shitcoin wallet like Exodus, and he doesn't even download the software through the developer's official repository (such as GitHub or GitLab).
Somehow in 2024 people are still inputting their seed phrases on internet-connected devices, absurd...
reply
Oef, these fake Bitcoin wallets are so scary, it makes me think twice about shilling a wallet because you're not there to view the experience of the user and they end up on a phishing ad or link, or worse they get a fake app from the app store and then get rekt like this,
reply
as someone playing with Ubuntu for the first time, the impression that I got was that Snap apps were vetted. Is that not the case?
reply
Vetted is another word for trust. Honestly, this kind of thing makes me want to NEVER trust these types of apps stores. Download from source and verify the gpg keys if at all possible. I've used flatpaks for a while but never for anything bitcoin or serious. You are trusting whoever compiles and uploads the binaries that they aren't doing anything nefarious.
One problem with app stores is the idea that they vet stuff. They may attempt to do so but that is just it. Its an attempt. You are trusting they did it and that the did a good job vetting. Apple and Google do this as well. Could happen on their platforms as well. For bitcoin, I would not trust any app store for apps touching any kind of real money. To much to risk for the convenience.
reply
33 sats \ 1 reply \ @Atreus 21 Feb
Apple and Google do this as well. Could happen on their platforms as well.
RIP your Bitcoin if you ever write your keys into a fake wallet downloaded from those platforms.
reply
Yup
reply
Hope it was a Boating Accident.
reply
ah we must beware of the app stores
reply
I'm very careful and would never use an app like Exodus and for sure not via a Snap install but man this is a great warning to be VERY careful. Losing 9 bitcoin. Oooof. 9 bitcoin is a lot more than $490k regardless of market price. I can't imagine.
reply
the snap store was always shit, even for installing Bitcoin Core.
do not recommend.
reply
Ouch
reply
Snap makes it easy to get careless.
reply