(Read the full story above)
A friend of mine Jason Gan, of MicroSolderingSupply.com has recently helped recover over $7,000 worth of BTC off a dead Android phone.
This story is one we all know, with an ending we all hope for. Someone forgetting to backup a wallet or lost the recovery and something happens... Like the device brakes or gets stolen.
Jason Gan is a trusted data recovery specialist in the repair community. What he found while trying to recover a customers lost bitcoin is haunting.
Mycelium (spoiler alert) doesn't encrypt the private key in recovery. This means any rooted Android device with a Mycelium wallet is vulnerable to being hacked. Wether it be by malicious 3rd party apps asking for permission to read data.files that could contain unencrypted private keys. Or, selling a phone that was factory reset. Even a novice tech can recover data from a factory reset device.
For example: if you have a Mycelium wallet on your Android device now, factory reset it, smash it, and sell it to Jason Gan... He could recover the data wiped by the factory reset and by removing 1 chip, recover the Mycelium wallet private key. Giving him access to the Bitcoin in the wallet. 😲
The lesson: Buy a freaking hardware wallet! 🍻
Seriously though, be careful. Selling a used, factory reset device, even broken is a new era risk factor. From nudes to keys, nothing private is secure.
Also if you need help recovering Crypto keys or photos, contact Jason Gan via MicroSolderingSupply.com
This story gave me mixed emotions. I was happy Jason was able to help recover lost Crypto. But, the double edge to this sword is hackers can exploit this just as easily. Please comment below with your own thoughts.