Chia forks - warning

I see a few early Chia forks being promoted to farm your existing solo plots in parallel. Yes the tech allows this but it also requires you to give access to your private keys to these new GUI/forks.

Be careful, as any one of these projects can steal your private keys. Then you’ll be replotting ALL your plots to avoid being compromised.

They will tell you to simply change your rewards to an air gapped wallet to avoid losing rewards. This does not change the fact they have access to your main private key you spent many hours plotting to.

Just heads up and be careful. Don’t risk all of your time investment in Chia plots to some cheap fork with no extra use case with a rebrand of the same broken GUI.

5 Likes

FOP, Fear of Pre-farm
This seems to be the main reason for these forks to get created, not really sufficient reason for me to give any of them much attention right now.

But, it would be good if there would be a good method to double farm without compromising your private keys. Very possible that it will become interesting and Chia Team also said they will support Forks. But I have no idea how I can farm on two chains with the same plots and stil keep my private key safe.

3 Likes

Yeah agreed, if I didn’t need to give my private key and risk a replot, I would be running all of these in parallel, even if they’re worthless now - why not? I mean, people bought DOGEcoin, value is very much in the eye of the beholder.

But, I don’t have the time, and possibly not the expertise to verify every line of new code in these forks, and am not sure I trust anyone else to, worst case I miss something that ends up being worth something, but I have a fair chunk of investment in Chia plots now, and still on track for 12 month ROI, so not prepared to risk that.

2 Likes

Can you show a use case where your chia can be compromized? I don’t get all that fear

2 Likes

Install code from untrusted repo, input your private key mnemonic to farm your existing plots, some obfuscated code sends your key to a server.

If starting with 0 plots it doesn’t seem as risky at all, just use a new private key and airgap the PCs running the fork node(s) from your Chia nodes, but the whole proposition here is that you can farm these coins with your existing plots.

1 Like

I think the risk is not with the Chia master key itself unless you are dumb and farm your Chia rewards to that key. The main risks are:

  • They can side farm your plots in Chia and steal your rewards. This is very unlikely, high tech and unprofitable, as rewards are very spaced anyway and will be more likely that you get the rewards over them as you will have better latency.

  • The main risk is introducing malware through binary installers, backdoors, trojans that steal crypto from other wallets, bank trojans, keyloggers, clipboards hijackers, ransomware and all that crap. Maybe the initial release is clean to gain some confidence, and then a later update is compromised. Can be made actively by rogue developers or involuntarily if the repository is compromised by third parties.

2 Likes

Is it possible then to have one of these forks farming my existing plots - without ever entering my existing private key into their software? I could change the reward address sure, but doesn’t that still require me to provide the farmer with my private key?

Agreed. Resolving the private key issue opens up a huge opportunity for parallel farming plots in the near future. But right now I see forks on Twitter saying they are “open sourced” but no GitHub access until AFTER they launch. Offering a precompiled binary for download before hand.

This is highly suspicious.

2 Likes

No. In fact, their GUI will just access your private keys upon launch. Everyone knows where they are located. So installing any software on your machine that has your private keys is a huge security risk.

1 Like

You’re spot on. I know there are a lot of new people to crypto farming Chia so hopefully they understand the risks.

That is if you provide the key, but you need to provide it in order to farm them with any other blockchain. So if you are going to do that at least be sure no XCH will ever reach addresses created with the wallet associated to that key.

The recommendation in case of doubt is of course not sharing keys unless you know exactly what you are doing.

You do not give your private key to Chia or a Chia fork. Your client’s use of your key allows you to sync your wallet and farm. Your private key is not broadcast to Chia.

If an open source Fork can steal your key then so can Chia.

Stealing your key or any of the other exploits described in this thread would have to be coded into the open source and reviewed code.

If they are not open source then beware, but it is very difficult to pull such stunts in an open source environment.

Even if open source, do the cold wallets and virtual machines and other good security practices as always.

I don’t get the fear spreading.

There will be many forks of Chia and many will be able to use Chia plots. Why not get more mileage out of your plots? The new coins may fail, but some will blossom. After my already spent Chia investment it costs me nothing to try. Some of these new coins address issues Chia users have fumed about. Coins with little or no pre-mine, a coin limit, etc.

I feel good working with a smaller venture. The big corporate start-ups are less concerned and less appealing to me. No dis on Chia. Chia introduced a brilliant new concept. Now others follow in their footsteps and I choose to follow some of them.

Winning coins that have almost zero if any value at this time is still more a lot more fun than winning 0 XCH or watching the flow of pennies from my pool diminish every week. Farming a second coin does not stop or negate my Chia farming. It just adds another possible source of income. (and some fun)

Everybody take proper security precautions and enjoy yourself. Don’t let fear mongers sway you from having a good time and expanding your income potential.

Do your research. Understand how they have forked and what this means to you. Hang around in their forums, discords, reddits, github, etc. If they pass muster, take proper security measures and go for it!

Working with the little guys and actually chatting with the devs is fun! Farming your already made plots simultaneously for other coins is a bonus and pads your Chia bet.

Be well! :smiley:

2 Likes

You don’t find a reason to fear them? I don’t find any reason to trust them. They are created so people can essentially farm over top of existing Chia plots and or create new plots on the fork. For what? I really have no idea yet. I have peanuts compared to most Chia farmers and I have only been in the game 2 months and I am done plotting and I am not willing to take a loss on a bet that farming a fork along side regular Chia could pay off. I won’t even hpool yet.

3 Likes

No disrespect, but cool for both of us.

You stick to Chia alone and are happy. I choose to explore other options and am not in competition with you or other peeps who believe as you do. This makes me happy.

As I watch Chia price dive and network space head for space I don’t have much Chia investment left to protect. I expect zero ROI and start to wonder about the long term health of Chia itself. Chia’s Proof of space and time and Chia plots may live longer than the coin itself.

My thinking is different than yours and I choose to cautiously explore my options.

1 Like

Honestly, and people may call me stupid for thinking this way. I spend little and expect $0 ROI. I expect my Chia stuff to outlive Chia itself, just like you do. I expect Chia to outlive it;s forks. Do I expect Chia to last till 2022? If 2020 has taught me anything, it’s not to expect anything, it’s to just take it as it comes and that’s exactly what I am doing.

As the price of Chia goes down, what do I have to protect? Nothing. I have no Chia yet. I am just having fun messing with farming and plotting and wasting time fiddling with my systems in my spare time. That is all this is to me. If I make a few HCH, so much the better.

4 Likes

Enter private key to a third party program is always a risk. What the community could do is to come up with an open-source project to distribute a trusted zero-knowledge software for public key authentication.

For pool operators, or whoever, they only need your public key. The problem is for them to authenticate that you are indeed you. With a trusted zero-knowledge software, you’ll have the comfort to type in your private key knowing the personal info is protected.

A zero knowledge authentication should be able to serve the purpose. It got to be open source, so you can compile and build yourself, or get the binary from a trusted outlet.

1 Like

Warning new farmers about a potential risk isn’t fear mongering.

1 Like

I said spreading, not mongering

but your use of the word is appropriate.

Warning is when you point out possible dangers.

Fear mongering is when you tell people not to try at all due to a danger that does not exist.

If I give you my private key, you cannot farm my plots. You cannot access my other cold wallets. You cannot steal from the wallet you do have a key for because there is nothing in it 99% of the time. If you did manage to do so on a mass scale your theft would be noted and halted. These days it’s not so easy to retrieve stolen coin.

If you were the coin start-up that tried to steal from your clients your coin would fail. Sorta counter-productive to mount a scam that wont work on any large scale anyways.

Lastly, we are talking about open source projects. The fraud you warn of is very difficult to pull off on an open source project and again, totally counter productive to the coin itself.

Can you please point out an instance of an open source coin stealing it’s users keys and using them to steal coin? If you cannot then you are warning of something that has never happened.

You are just arguing over semantics here.

You are too involved with one of the forks to acknowledge the risks.

Sometimes you mention the risks in your posts, and then two-faced start arguing that because something hasn’t happened yet it won’t happen.

You sir are simply not credible.

Hello ChiaMax. Why am I not suprised to see you?

This argument will cost you $20.00

And I mute this repeat thread just like the last one.