Addressing Vulnerabilities with Software-Based Wallets
If you’ve had the opportunity to speak with Exodus about the security of your wallet, you have more than likely heard us state that:
“Exodus is only as secure as the computer it is running on.”
Let’s look at what can happen if your computer is compromised by a virus or malware. A video, recently posted on Youtube, demonstrates this problem:
The video highlights something extremely important that everyone must understand when storing crypto assets on their computer: if your PC is compromised by a virus or malware, any software wallet is no longer secure. This is because your PC uses your private keys to sign all transactions leaving your wallet. Your 12-words should be considered compromised and you should move your funds immediately!
Exodus is no different in this regard. When the wallet is open, its data is stored in memory in order to send transactions and initiate exchanges from within the wallet’s built in exchange feature. If malware makes it onto your computer, scripts in the background can capture data from memory or input devices, such as your keyboard, which means your Exodus wallet is only as safe as the computer you’re using it on.
An attacker who has access to your computer will find a way to access your wallet’s private information one way or another. It is therefore necessary to take additional security measures to ensure your computer and wallet are protected.
Protecting customers’ funds is our top priority. We are continuously working toward solutions to improve the security of your Exodus wallet.
There are two security features on our roadmap:
- Two-factor authentication
- Hardware wallet support
However, 2FA is by no means a “silver bullet” against such exploits and even hardware wallets are not invulnerable to hackers, so being proactive about protecting your assets is of the utmost importance.
There are a number of steps you can take to do so, including:
- Keep your operating system up to date.
- Update your antivirus and firewall when new versions are released.
- Do not use a computer with Exodus installed on untrusted networks (coffee house, public venue, etc).
- Never click links from untrusted sources.
- Do not download pirated software including movies, music, etc.
- Only download wallet updates from the official Exodus website at exodus.io/releases/.
- Finally, and most importantly, if you are storing large amounts of crypto assets do not use Exodus.
What’s considered a “large amount” is subjective — only you will be able to determine what this means for your particular situation. For storing assets outside of Exodus we recommend, and personally use, hardware-based wallets such as a Ledger, Trezor, or KeepKey.
We are very candid about the strengths and weaknesses of Exodus and realize the wallet will not be appropriate for everyone’s needs. If you feel your assets are not secure in Exodus, we wholeheartedly encourage you to find another solution.
We’d like to thank this vlogger for taking the time to help educate the community, spreading awareness of the differences between software and hardware wallets, and providing insight on proactive ways to keep your funds safe.
Remember, software wallets are only as safe as the computer they are running on. If your computer becomes compromised, your wallet will also be compromised. If you would like any more information about improving the security of your wallet you can follow the links below or email our support team, support@exodus.io for more information.
- Exodus Safety and Security Tips
- The Do’s and Don’ts of 12 Words and Private Keys
- Can Exodus Safely Store Large Amounts?
- How Can I Verify my Exodus Download is Authentic?
Please reserve the Medium comments section for lively and honest discussion about the article! If you have technical issues with Exodus, our Community Support team will be happy to speedily assist you if you send a descriptive email to: support@exodus.io
