Mycelium BTC Wallet Recovered From Dead Android Phone

[DooKey]

Jason, over at Micro Soldering Supply, has successfully recovered a Mycelium BTC wallet from a dead Android phone. He managed to do this after removing the EMMC chip from the phone. After that, he put it in an EMMC reader and copied the wallet database to another phone. Apparently he was able to do this because Mycelium doesn't encrypt the private keys even with a PIN set on the app. His advice is to keep your device up to date and don't root it either. My advice would be that you shouldn't carry your cryptocurrency wallet around in a mobile device. Thanks, cageymaru.

While it is less of a problem now that Android encypts the filesystem by default since Nougat, if a root exploit was to be released today then it would be extremely easy to extract the database from a victim’s device and copy it over to an attacker’s device, even with a PIN set in the app. Therefore I would caution all Mycelium wallet users to keep their devices up to date with security patches and don’t root them either.

 

[Galvin]

was worth it to recover around 7000 dollars

 

[Spidey329]

Few things you shouldn't do with a crypto-wallet. Each I've learned.

1) Put it on one device and only one device. If you need a spending wallet on your phone, be sure it has a limited amount of coins. Have paper wallets for each.

2) Leave your coins in an online wallet holders. Last night I found some old altcoins I had mined to a few cryptsy addresses and forgot about (it's easy when using an auto-switching multipool). They were wiped out in the Cryptsy hack. I couldn't stomach to look at all of them, but yesterday's street value for the two I looked at was $10k. Mind you, when these were mined, the value was so low you'd care less about them.

3) Leave your wallet or addresses unencrypted. If you're going to rely on a program to encrypt, be damn sure it's actually encrypting the wallet. Many apps simply change the extension (this goes for those "Private Gallery" phone apps too .. your dick picks aren't really encrypted!). I like to use an encrypted pristine VM for live wallets. You can use KeePass or VeraCrypt or even 7zip/Rar (at the least). Don't store it as wallet.*, malware scans for that name.

 

[Retronym]

I still like warp wallet a lot.

Encrypt your passphrase in one location (another vote for VeraCrypt) and the salt in another. Or store the salt in your brain.
Brute force is impossible.