tl;dr: A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time, and if nothing changes, it likely won’t be the last.
No, people don't deserve to lose their life savings for acting rationally, using the recommended method of installing apps in their OS. Get off your high horse. This is an obvious failure on Canonical's part.
I think we miss the main point when we start talking about what they deserve.
Canonical should not state apps are safe.
Users should not do all of the things that Juan says but that could be ignorance.
Bottom line, a hard lesson was learned. When you trust others, you are depending on them. That is risky. Canonical should either do a much better job vetting apps or remove this safe language. False security is VERY dangerous.
Put another way. I personally feel bad for this person. I'm not saying others should. I don't care if Juan believes this person deserves this. Point is this person made some choices that resulted in losing 9 BTC. These are choices that most stackers would not make. If they asked me I would have told them pretty much what Juan writes. People have a false sense of security in general. It would be nice if you could trust package managers for bitcoin but really you can't.
None of that excuses Canonical. I wasn't using snaps and I never will.
Stuff like this scares the average non-technical person away from self custody. I hesitate to blame the user because Canonical is presenting a false sense of security. I think all these app stores are doing that. Other side of this is that once again bitcoin will force companies to do a better job with security.
Man, I'm pretty darn sure that I've did the deed "according to the books", but I still find myself paranoid at times, then again: if there'd be a loophole, they would've drained my wallet already.
Bro, it's entirely the user's fault. He's holding 9 Bitcoins yet using a shitcoin wallet like Exodus, and he doesn't even download the software through the developer's official repository (such as GitHub or GitLab).
Somehow in 2024 people are still inputting their seed phrases on internet-connected devices, absurd...
Oef, these fake Bitcoin wallets are so scary, it makes me think twice about shilling a wallet because you're not there to view the experience of the user and they end up on a phishing ad or link, or worse they get a fake app from the app store and then get rekt like this,
Vetted is another word for trust. Honestly, this kind of thing makes me want to NEVER trust these types of apps stores. Download from source and verify the gpg keys if at all possible. I've used flatpaks for a while but never for anything bitcoin or serious. You are trusting whoever compiles and uploads the binaries that they aren't doing anything nefarious.
One problem with app stores is the idea that they vet stuff. They may attempt to do so but that is just it. Its an attempt. You are trusting they did it and that the did a good job vetting. Apple and Google do this as well. Could happen on their platforms as well. For bitcoin, I would not trust any app store for apps touching any kind of real money. To much to risk for the convenience.
I'm very careful and would never use an app like Exodus and for sure not via a Snap install but man this is a great warning to be VERY careful. Losing 9 bitcoin. Oooof. 9 bitcoin is a lot more than $490k regardless of market price. I can't imagine.
Dang
Wow. Your distro's package manager is supposed to be fairly trustworthy. That's real bad.
No one should use shitcoin wallets like Exodus.
No one should download wallets from any source besides the devs repository (GitHub/GitLab).
No one should input their seedphrase on a internet conected device, specially a computer.
He got what he deserve.
No, people don't deserve to lose their life savings for acting rationally, using the recommended method of installing apps in their OS. Get off your high horse. This is an obvious failure on Canonical's part.
I think we miss the main point when we start talking about what they deserve.
Canonical should not state apps are safe. Users should not do all of the things that Juan says but that could be ignorance.
Bottom line, a hard lesson was learned. When you trust others, you are depending on them. That is risky. Canonical should either do a much better job vetting apps or remove this safe language. False security is VERY dangerous.
Put another way. I personally feel bad for this person. I'm not saying others should. I don't care if Juan believes this person deserves this. Point is this person made some choices that resulted in losing 9 BTC. These are choices that most stackers would not make. If they asked me I would have told them pretty much what Juan writes. People have a false sense of security in general. It would be nice if you could trust package managers for bitcoin but really you can't.
None of that excuses Canonical. I wasn't using snaps and I never will.
Stuff like this scares the average non-technical person away from self custody. I hesitate to blame the user because Canonical is presenting a false sense of security. I think all these app stores are doing that. Other side of this is that once again bitcoin will force companies to do a better job with security.
Man, I'm pretty darn sure that I've did the deed "according to the books", but I still find myself paranoid at times, then again: if there'd be a loophole, they would've drained my wallet already.
I know what you mean.
Thanks.
Bro, it's entirely the user's fault. He's holding 9 Bitcoins yet using a shitcoin wallet like Exodus, and he doesn't even download the software through the developer's official repository (such as GitHub or GitLab).
Somehow in 2024 people are still inputting their seed phrases on internet-connected devices, absurd...
Oef, these fake Bitcoin wallets are so scary, it makes me think twice about shilling a wallet because you're not there to view the experience of the user and they end up on a phishing ad or link, or worse they get a fake app from the app store and then get rekt like this,
as someone playing with Ubuntu for the first time, the impression that I got was that Snap apps were vetted. Is that not the case?
Vetted is another word for trust. Honestly, this kind of thing makes me want to NEVER trust these types of apps stores. Download from source and verify the gpg keys if at all possible. I've used flatpaks for a while but never for anything bitcoin or serious. You are trusting whoever compiles and uploads the binaries that they aren't doing anything nefarious.
One problem with app stores is the idea that they vet stuff. They may attempt to do so but that is just it. Its an attempt. You are trusting they did it and that the did a good job vetting. Apple and Google do this as well. Could happen on their platforms as well. For bitcoin, I would not trust any app store for apps touching any kind of real money. To much to risk for the convenience.
Not even a hypothetical https://i.gyazo.com/5b16658a469283a5145fec8285b9addd.jpg
RIP your Bitcoin if you ever write your keys into a fake wallet downloaded from those platforms.
Yup
Hope it was a Boating Accident.
ah we must beware of the app stores
I'm very careful and would never use an app like Exodus and for sure not via a Snap install but man this is a great warning to be VERY careful. Losing 9 bitcoin. Oooof. 9 bitcoin is a lot more than $490k regardless of market price. I can't imagine.
the snap store was always shit, even for installing Bitcoin Core.
do not recommend.
Ouch
Snap makes it easy to get careless.