Perhaps move the forks posts to a new forum that isn’t chia related? Yup, great idea.
uh you run their program and it reads your keys and send it to them? BTW your keys are stored in the OS keychain. even if you previously had chia on it, and uninstalled it, and even deleted all contents of the .chia folder, your keys are still there…
I have another wallet on another totally isolated machine. And I set the harverster to send the rewards to that wallet anyway. I still don’t see the problem. They can’t steal my plot either since that is the point of proof of space. With my miserable upload speed, it would take days for them to upload a single plot. But I am monitoring network traffic and I don’t see any suspicious high bandwidth activity.
1 Like
Are you going to check their source code for every change they push out?
Are you going to build from source or use their compiled releases?
some people may… others are going in blind and may end up with a trojan on their PC.
a virtual machine can mitigate that, but we’re talking advanced stuff here… most of us simply won’t do either and are at risk.
Truth is the official Chia client could have stolen your private key as well . Did you run a due diligence code verification on that?
You are not wrong, but let’s face it… The Chia team after having invested many years, talent and money have a better reputation than the copy/paste fork guys that can’t event get it running properly.
1 Like
I agree. But then there’s that prefarm …
why are people always whining about the prefarm? it has been explained long and wide what it is for. my dear, this is supposed to be the first crypto to go stock market, you need some value as a company. if you don’t trust the devs or company, just leave.
2 Likes
If you don’t like it, go away. You knew what you signed up for.
They could be farming using your plots the same as the pools do right now. They could just hide it behind their interface.
1 Like
What you need to be careful is that:
You think you are farming ChainGreen and getting green coins, but what if:
behind the scene, your plots are used to farm on the mainnet of chia official so that the devs get real xches by using your plots (?).
2 Likes
lol, thx for warning actually
I gave up every sense of danger or risk on those forks. Why? I will never get profitable with my chia ventures so idgaf if some shady fork has access to my private keys (I still use a cold wallet though).
I know that I will never see a dime from farming useless projects. However, when thinking about your statement, this would be the only incentive I as a fork-“dev” would have. Why else should I run a useless fork? Speaking of it: watch out for my fork that will leverage your plots to be farmed on Hpool in the background 
Are you still maintaining Ploto? I only ask because of the attitude you seem to have towards Chia. Maybe I’m misreading it though
Hei there. No I’m still maintaining Ploto. It’s currently the only fun thing in my chia adventures 
However, as most people have plotted until now, efforts going on into are decreasing. This will propably change once portable plots are out (Ploto can replot and create them now, but it for sure will throw up some bugs when its used in a “productive environment” ) as people will be hand ons plotting again.
My attitude against chia has not changed. I see lot of potential for it. I just became very realistic (and maybe slightly pessimistic) with my expectations regarding myself as a farmer.
1 Like
- Easy, join an unofficial chia pool and farm with them. Thus, it does not matter if they use my plots to farm on the Mainnet or not. When an official pool is ready, I will plot new plots with a different machine with a new key and send all my rewards to a cold wallet.
Let me add, my warning is really for new people to crypto. Chia team chose to name the private keys “private keys” for a reason, and everywhere in crypto you teach people to protect their private keys. Chia is no different.
People should understand the risks involved and now they do if they find this thread 
One really important point though… a new person to crypto who just found Chia is not a security expert. They can’t go through source code and understand the risks easily. Even if they could, there may always be an instance or a bug that opens up the opportunity for someone with your private keys to do something unexpected in the future. Why take the chance?
I have a lot of confidence in the Chia team’s creation. But there are obvious things that were overlooked when it comes to security. The fact you can just walk up to a Chia machine, click on the gui and copy and paste the private keywords without entering any kind of password is really surprising. You never see this in crypto.
I think some things will need to change or a new way of harvesting chia forks on solo plots needs to exist so farms can rest easy and forks can proliferate in the ecosystem.
2 Likes
The attack could work like this.
You provide your mnemonic to farm new coin.
New coin creator copy pasted code , made few changes, and released it with little cost.
New coin creator sets up chia wallet on very fast server with your mnemonic.
That wallet is also set to payout to cold wallet.
Attackers server is faster than yours and coins go to their cold wallet not yours.
With low cost to setup, don’t need much return to roi, then profit.
You need to replot to new secure pvt mnemonic.
1 Like
afaik you can set your harvester to send the coins directly to another wallet.