Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
We do often include affiliate links to earn us some pennies. See more here.

Not the first time this has happened, but recently the Snap store from Canonical hosted a scam bitcoin app that claimed to be "Exodus wallet" that caused a user to lose money.

Posting on the Snapcraft forum an unfortunate user noted their wallet has been emptied after using it, and a day later a Canonical staffer mentioned it had now been removed and they were investigating the incident.

Mark Shuttleworth, CEO of Canonical, has now jumped into the discussion in another forum post to note that while "cryptocurrency is largely a cesspit of ignoble intentions even if the mathematics are interesting", Shuttleworth doesn't think that "banning cryptocurrency apps helps" as "If anything, it would make using Linux much worse.".

Additionally, Shuttleworth also opened an additional forum post to discuss requiring "more comprehensive proof of publisher identity for every publisher" for Snaps. So if you have good ideas for them to implement, to make Snap publishing more secure - drop a reply in the linked post.

Hopefully Canonical come up with a good solution, because repeating issues like this reflect pretty poorly on Snap, Canonical and Ubuntu.

Alan Pope (formerly of Canonical, now Axiom) wrote up two blog posts on it "Exodus Bitcoin Wallet: $490K Swindle" and the follow-up "Exodus Bitcoin Wallet: Follow up 2.0" that you may want to read for a little more background.

Article taken from GamingOnLinux.com.
Tags: Security, Misc, Ubuntu
12 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
20 comments
Page: 1/2»
  Go to:

Szkodnix Feb 23
Oh no!

Anyway speaking of Flatpak...
Pengling Feb 23
Uhh, I usually don't have anything to say about these "issues with Snaps" things, but, well...

QuoteAdditionally, Shuttleworth also opened an additional forum post to discuss requiring "more comprehensive proof of publisher identity for every publisher" for Snaps. So if you have good ideas for them to implement, to make Snap publishing more secure - drop a reply in the linked post.
... Shouldn't they have thought of this before letting randoms publish to a store?
ShabbyX Feb 23
Happy to say I finally switched to Debian last week, no more Canonical nonsense for me thank you very much.
Poor Canonical. Love them or hate them, Ubuntu has been a vitally important part of the Linux ecosystem, and they're a core part of many distros I hope they get this sorted out, or, better yet, swallow their pride and let us have Flatpaks, because they are (or at least they were) one of the better distros.
sudoer Feb 23
$490K wow... please keep using Ubuntu and snaps, they are so perfect, also please help Shuttleworth in these tough times, after all snaps is a community project.
Crypto wallets and currencies aren't going anywhere. These things have to be dealt with not banned or blocked. They still need to be available. What Shuttleworth said makes perfect sense.

"I don’t however think that banning cryptocurrency apps helps. If anything, it would make using Linux much worse.

At least snaps have good, and over time increasingly good, mechanisms for technical confinement. Projects like Ubuntu and Debian and RHEL have relatively rigorous know-your-contributor processes, but apps can’t all be in the distro archives. The other Linux app distribution mechanisms (such as PPAs, Github builds and releases, OBS, or even the containerised ones like Flatpak) don’t have nearly the same technical measures for confinement that snaps do. If we ban cryptocurrency apps from the snap store then those users will simply get apps from those unconfined sources - and then the attacks will be even worse because the apps can go trawling all over the system, or do things like keylogging."

https://forum.snapcraft.io/t/should-unverified-cryptocurrency-apps-be-banned/38919/4

They are adding a high risk category to the store for starters. AI, crypto, fediverse... These newer are here to stay with their challenges and should nor could not be hidden away from. This has very little to do with snaps particularly but i'm sure many want to make it look like that. Things would have been the same with flatpak too.
Tuxee Feb 23
Quoting: ShabbyXHappy to say I finally switched to Debian last week, no more Canonical nonsense for me thank you very much.

Does Debian have a crypto wallet app in its core repositories? If no (and given that you need such one) - how would you evade a potential scam? The dude entered his 12-word super secret recovery key...
I'm not sure I understand the problem. Was this not the behaviour he was expecting? Is the problem that the crypto app stole his money instead of the exchange doing it?


Last edited by Purple Library Guy on 23 February 2024 at 4:56 pm UTC
M@GOid Feb 23
If Google and Apple, with all that power, cannot keep their stores clean all the time, how is that a surprise that a malicious app got into Canonical's app store?
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register


Or login with...
Sign in with Steam Sign in with Google
Social logins require cookies to stay logged in.