When I started looking to make the move from bitcoin to bitcoin and altcoins the biggest hindrance was where to put all the different cryptos. I did not want to bother with 5 different wallets. Good multi-currency wallets are key to diversifying and decentralizing the crypto ecosystem.
I tried Exodus and within 5 minutes I could see the privacy and security were unacceptable. All the problems I mention are quite easy to fix and have minimal impact on ease of use.
Exodus forces address reuse
For each crypto you get 1 receiving address, that’s it. This goes against a basic crypto 101 privacy and security best practice. Don’t reuse address, use unique address for every transaction.
Using 1 address for all your receiving transactions makes it easy for anyone you get a payment from to look up all the other payments you have received and to see the total amount of funds you have in that currency on Exodus!
It makes it easier for spies, hackers, advertises, et cetera to see patterns, make a profile and connect your crypto transactions to your real world identity.
Exodus accepts insecure passwords
In Exodus’ own promotional video you can see the founder using what he and the software call a very strong password, “bob-the-fish”. Other password strength indicators grade it as weak and say a computer would crack it in about 1 day.
Exodus does not enforce what it calls very strong passwords. Here are examples of what Exodus allows as “okay” passwords.
9571 (any 4 characters that don’t make a word or pattern)
qwertyuio (top row of keyboard)
Password strength indicators rate these as very weak and estimate they would take less and 1 second to crack! Yet Exodus thinks this is acceptable security for a software that holds money with irreversible transactions and no recourse for theft!
Also note that passwords are displayed in plain text as you enter them as per the image above. All of this violates basic info security 101.
An adversary could use this password to take your funds if they had access to your machine or to your email, because Exodus email you a backup link.
Exodus is closed source
These obvious major flaws in basic privacy and security that I found in 5 minutes suggest Exodus either don’t care and/or are incompetent when it comes to privacy and security for their users.
That is why Exodus being closed source is such a problem. You have no way to know what other mistakes they have made. Given the above it’s reasonable to assume there are more mistakes hiding in the code and that they are potentially serious.
And another thing!
Also note that there is no 2 factor authentication available.
Exodus is a beautiful wallet with huge potential if they fixed these few issues.
A great multi currency wallet is Edge. It’s from the team that previously made Airbitz. It has ver y good security and is beautiful and easy to use. Unfortunately it is mobile only with no desktop version. This is the multi-currency wallet I recommend.
A multi-crypto wallet I tried on desktop is Jaxx. With Jaxx you can use unique addresses. Jaxx’s pin is weak but an adversary can only take advantage of that if they have access to your machine (with Exodus’ password it’s your machine or your email).
Have fun multi-coining!