Pages:
Author

Topic: Cold Wallet Myth (Read 307 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
September 04, 2023, 06:13:53 AM
#21
Look here, you said "potential vulnerabilities". if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.

Nobody can be sure there's no vulnerability in system, when new vulnerability keep discovered as time progress. For example, there were 11 new CVE (based on published date) for Windows 10 and 15 new CVE for Linux Kernel[2] in last month.

Anyhow, reading all of the replies and none agreeing with my point of view, i have started to feel scared.

I assume that's because people who replied either unable to afford to lose their coins or being far more cautious, especially for saving all your coins.

[1] https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-32238/Microsoft-Windows-10.html?page=1&order=7&trc=3070&sha=4103294ea69ab71338d175f3bb08afe8bd275db0
[2] https://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/Linux-Linux-Kernel.html?page=1&order=7&trc=3306&sha=7f81e0da0504619b76358c8c584bb5679247de89
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
September 04, 2023, 05:34:12 AM
#20
2- If we are sure that there is no malware or something in the computer
Allow me to quote Under Siege 2: "Assumption is the mother of all fuckups".

I just want to know that in an IDEAL WORLD, the Electrum wallet on the computer with an internet connection is safe if there is no Malwares, no hacker's attempt etc
In an ideal world we'd have unicorns everywhere. There's not really a point discussing something that doesn't exist.

In June, 2016, I accidentally copied the private key for 1foreverDArUNEX2gVD26vautcx3b8zTZ in my Google search bar. That's been bugging me ever since. It still holds a small balance (~), which isn't what I worry about (and I still use it for tips).
I've downloaded my data from Google, and it confirms Google still knows the private key. It's not something I worry about that much, but it's a loose end to tie up.

if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.
The whole reason of using cold storage is because you can't know all vulnerabilities. For laughs:
I consider TAILS safe enough for me.
Are you talking about cold or hot storage? It's easy to have 2 USB sticks, paint tape one blue and the other red. The blue cold one doesn't have internet and holds your private keys, the red hot one has internet and a watch-only wallet.

There are millions of things to account for your computer's security.  One of them is the net.  Never connecting to the net, and to no network in general can mitigate every possible network attack.
But for how long?
Update: I googled it, and the first thing I found was lifetime eSim for €2.50, to be soldered inside a device. This is very scary, it will create a whole new level of attacks. Imagine replacing someone's hardware wallet with a fake device with esim that instantly broadcasts the PIN. Air gapped devices will need a faraday cage to be sure.
sr. member
Activity: 364
Merit: 298
September 03, 2023, 05:16:06 PM
#19
2- If we are sure that there is no malware or something in the computer, what difference does it make to connect that cold storage computer sometimes to the internet to make transactions?

Tell me you don't know anything about computer security without telling me.  Grin

There are millions of things to account for your computer's security.  One of them is the net.  Never connecting to the net, and to no network in general can mitigate every possible network attack.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
September 03, 2023, 02:59:53 PM
#18
I consider TAILS safe enough for me. Always check and verify you downloaded a genuine version of it and other cryptocurrency related software. This verification step should never be skipped. Be aware that TAILS is agnostic, forgets everything you saved, unless you have a persistent storage partition setup (which is usually or should be encrypted; don't forget or loose the decryption passphrase!).

Don't rely on a single USB flash device, be it with TAILS or some other encrypted container or other valuable data on it, as such devices can fail. Cheap flash storage is sometimes of questionable quality. No backups, no mercy!
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
August 31, 2023, 11:48:09 PM
#17
I am testing out making a tail OS through USB and then using electrum through it. This can be a cost effective and better solution rather than making a computer or a mobile an air-gapped device. With tail OS, the Electrum wallet comes by default and there is no need to install any more softwares. Secondly, you can keep save that USB like you save a hardware wallet.

Since i do not have any extra system with me right now to meet this emergency, is the tails USB with the built-in electrum can be trusted?


Better learn how to setup before doing it on your own or else you may end up either setting the wallet incorrectly or losing your bitcoins.

I would advise you to first watch these three tutorials to have a basic understanding. Although these are a bit old, but they will give you an idea of what you are going to do.

Hardware Wallets in TAILS or Ubuntu Linux - Verify GPG Electrum, udev rules, sweep Paper Wallet

How To Make A DIY Cold Storage Bitcoin Wallet

Electrum offline transactions tutorial
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
August 31, 2023, 08:14:24 PM
#16
Well, i thought that since I did not download any extra software on my system, never click on unknown links, and had an updated anti-virus on my system, so it is hard to get any malware on my system. Also, i wondered why would any hacker try to intrude on my system, I do not store even a full Bitcoin. Also, another thing that made me confident of my system is that i haven't faced any such issues for the last few years, using Electrum as a hot wallet.

Anyhow, reading all of the replies and none agreeing with my point of view, i have started to feel scared.
Think about it — even experts themselves are scared of malware/viruses. If they're worried, YOU should be worried.

Also, hackers don't necessarily choose who to hack. They do wide attacks that affects as much devices as possible.


not have any extra system with me right now to meet this emergency, is the tails USB with the built-in electrum can be trusted?
It's fine if you know what you're doing; but the thing is, most people don't. Seriously don't cheap out and just buy a decent hardware wallet.
legendary
Activity: 2268
Merit: 18771
August 31, 2023, 03:27:36 PM
#15
Well, i thought that since I did not download any extra software on my system, never click on unknown links, and had an updated anti-virus on my system, so it is hard to get any malware on my system.
Hard? Maybe. Impossible? Absolutely not.

How can you be sure you'll never click an unknown link? You can't. How can you be sure your anti-virus will pick up every possible piece of malware? You can't. Whereas I can be 100% certain I will never click an unknown link on my airgapped computer, because it has no hardware in it which is capable of connecting to the internet.

Also, another thing that made me confident of my system is that i haven't faced any such issues for the last few years, using Electrum as a hot wallet.
This is like saying you have driven for 5 years without wearing a seatbelt, so you are confident you don't need a seatbelt. Just because you have been safe so far doesn't mean you will be safe forever more.

Anyhow, reading all of the replies and none agreeing with my point of view, i have started to feel scared.
Hot wallets have their place. I use a hot wallet frequently. But I only use it for amounts I can afford to lose. My rule of thumb is "How much cash would you carry around in your physical wallet?" $100? Fine. Then $100 worth of bitcoin can be in a hot wallet. $10,000? No chance. So that amount of bitcoin should be on something more secure, be that a hardware wallet or an airgapped wallet.

Since i do not have any extra system with me right now to meet this emergency, is the tails USB with the built-in electrum can be trusted?
It's certainly better than a hot wallet, provided you disconnect your internet connection prior to booting to Tails and keep Tails offline the entire time you are using it. But it is not as good as a proper hardware wallet or dedicated airgapped computer.
hero member
Activity: 2856
Merit: 618
Leading Crypto Sports Betting & Casino Platform
August 31, 2023, 03:13:01 PM
#14
If you are sure your computer is 100% impenetrable to attacks and completely free from all malware 100% of the time, then you should probably present your findings to the CIA or something and be paid handsomely in return, since you'll be the first person ever to create a 100% secure system.

Well, i thought that since I did not download any extra software on my system, never click on unknown links, and had an updated anti-virus on my system, so it is hard to get any malware on my system. Also, i wondered why would any hacker try to intrude on my system, I do not store even a full Bitcoin. Also, another thing that made me confident of my system is that i haven't faced any such issues for the last few years, using Electrum as a hot wallet.

Anyhow, reading all of the replies and none agreeing with my point of view, i have started to feel scared.


I am testing out making a tail OS through USB and then using electrum through it. This can be a cost effective and better solution rather than making a computer or a mobile an air-gapped device. With tail OS, the Electrum wallet comes by default and there is no need to install any more softwares. Secondly, you can keep save that USB like you save a hardware wallet.

Since i do not have any extra system with me right now to meet this emergency, is the tails USB with the built-in electrum can be trusted?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
August 31, 2023, 02:02:22 PM
#13
I think you do not get my point of view, I just want to know that in an IDEAL WORLD
I think you're missing the point. There is no such thing as nirvana. Here's haven, here's hell, and it's far from ideal. In an ideal world, we wouldn't need bitcoin --or money in general. We wouldn't need food to survive, 8 hours of sleep, there wouldn't be diseases, wars, and unhappiness.

For the same reason, you can't just make the arrogant assumption that your machine will be free from malware if it remains Internet connected. You don't have 100% security, nowhere. Neither permanently airgapped devices are 100% secure. It's just one factor less to account for.

1- If we connect the Internet to that machine once or sometimes (to update the Electrum wallet) , will it not remain a cold storage?
Technically No.
But still possible, Yes?
Of course and it's possible. It's possible to have a hot wallet which never gets compromised. It's possible to download bunch of non-reviewed software in the same machine, such as cracked programs, and still not lose a penny. In fact, it's even possible to guess a private key with a million dollars worth of bitcoin. What's possible is not relevant. What's relevant is what's probable, and it's a lot less probable to have your wallet compromised if it lives in an airgapped device.
legendary
Activity: 3472
Merit: 10611
August 31, 2023, 11:47:04 AM
#12
Look here, you said "potential vulnerabilities". if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.
The problem is that you can never be sure about that, in fact the whole point of using an air-gap computer is to effectively eliminate a large number of potential vulnerabilities that may not even be known to us. So by taking that simple step we try to significantly improve our security.
The real question is why would you want to take that risk and connect to the internet?
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
August 31, 2023, 11:15:34 AM
#11
1- If we connect the Internet to that machine once or sometimes (to update the Electrum wallet) , will it not remain a cold storage?
Air-gapped wallets means isolation from outer world. Which means it should not have any connection to outer world even there must not be any Bluetooth, or NFC etc. This definition indicates that we should not attach our AG wallet to outside world even if we do it for once or two time then it is not Air-gapped anymore. To update the wallet you could use SD card or usb to insert data into your wallet. In my knowledge most of the wallet even do not have the option of SD card mean to insert data in it. But in current era, new wallets are coming which have many features. like QR scan etc. and more which also lies on security levels.

2- If we are sure that there is no malware or something in the computer, what difference does it make to connect that cold storage computer sometimes to the internet to make transactions?
As per my understanding, we do not connect cold storage to the internet because we fear that any malware may get our electrum seeds etc. Is is right ? There is no other reason. Connecting to Internet, does not mean that the Internet will know the private key or leaks your private key.
A computer can be air-gapped just like a wallet once if it become isolated from outside world. But you are saying you are connecting that computer to online will not make it non-air-gapped. I mean the question is same but you changed the device. i.e. In first question the device was air-gapped wallet and in this question the device is air-gapped computer.

So my answer is same for the Question 1 and 2.

3- If we install electrum on computer (which is malware free and connected to the internet), make a new wallet, keep a note of the seeds and then uninstall electrum from that computer and also remove the wallet files, isn't it secure too?
Secure from what? I mean if you are that sure about your computer being free of virus then what's the need of uninstalling the electrum from it. But still in my knowledge it is not a practical thing to achieve Means not a single computer could remain free of malware. There are numerous types of Malware so new types of malwares will keep coming. But Yeah this method is way secure then keeping that Electrum wallet installed on your device.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
August 31, 2023, 11:08:05 AM
#10
I think you do not get my point of view, I just want to know that in an IDEAL WORLD, the Electrum wallet on the computer with an internet connection is safe if there is no Malwares, no hacker's attempt etc

We use Cold Storage only to avoid any possible risk that comes through the Internet, Right? There is no other reason.
Look — in an ideal world, there are no malware and viruses. But in the real world, they're everywhere. The point of having cold storage is to erase the chances of you getting malware on your device. Because even if you're the most technologically savvy person in the entire world, you can still have malware with a slight misstep.


Look here, you said "potential vulnerabilities". if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.
The thing is, how sure are you that you actually will get no malware/viruses? Just because your device's antivirus didn't detect any malware doesn't mean you can't have any.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
August 31, 2023, 10:47:00 AM
#9
if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.
Those who lost the coin also said at first "we were sure that there was nothing on our device".

I would like to drop a thread I thought I would never get hacked... which clearly explains why we should not assume "my device is invulnerable to hacks and other potential risks" and that is the whole point of having cold storage as well.

...

You can "assume/If or But" where I don't see the word 'for sure' here.
hero member
Activity: 2212
Merit: 670
Signature designer - start @$10 - PM me!
August 31, 2023, 04:50:23 AM
#8
if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.
Those who lost the coin also said at first "we were sure that there was nothing on our device".
We have the definitional boundary between hot and cold wallets based on due diligence and recognized by most technical experts. But you always have the right to enforce your wallet security according to your own definition.
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
August 31, 2023, 03:37:40 AM
#7
I think you do not get my point of view, I just want to know that in an IDEAL WORLD, the Electrum wallet on the computer with an internet connection is safe if there is no Malwares, no hacker's attempt etc

There is no ideal world, it is only your mind that thinks that your computer is malware free and the other 99% of the users also believe the same. And then when they lose their crypto, they have no idea what went wrong.


You aren't sure. No one is sure. Have you disassembled and intricately examined every piece of hardware in your computer to check for backdoors? Have you read every line of code for every piece of software running your computer, from your BIOS and OS through to your wallet software? Are you examining every incoming and outgoing packet across your internet connect to check for malware or data being leaked? Of course not. Therefore you have no idea if there are vulnerabilities in your system.

This is the whole point of a permanently airgapped device. It is impossible to have a completely secure system connected to the internet, but you can mitigate a lot of possible attack vectors simple by airgapping your device permanently.

I am testing out making a tail OS through USB and then using electrum through it. This can be a cost effective and better solution rather than making a computer or a mobile an air-gapped device. With tail OS, the Electrum wallet comes by default and there is no need to install any more softwares. Secondly, you can keep save that USB like you save a hardware wallet.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
August 31, 2023, 03:05:55 AM
#6
I think you do not get my point of view, I just want to know that in an IDEAL WORLD, the Electrum wallet on the computer with an internet connection is safe if there is no Malwares, no hacker's attempt etc

Just connecting a device to the internet doesn't leave it non-airgapped until it starts sending and receiving TCP or UDP traffic (collectively I will call this stuff TCP although there's a slight difference).

For example, if the device has any sort of incoming ports, then it is no longer air-gapped as hackers can start throwing malicious traffic at it.

Outgoing ports are trickier and depend on the server that said traffic is going to - if it is your own managed server from the internet, that's not making any other traffic, or running any other software on different incoming ports, using a protocol whose traffic you have audited, there shouldn't be any concern, however if it is some random website or even google.com or AWS, then the air-gapped nature is gone because you cannot verify what those servers are doing with your request.

You can have a LAN in an airgapped setting, even a WLAN - as long as all computers inside the network are under your control and don't talk to the outside world, with the possible exception of getting security updates from your package manager, as running vulnerable air-gapped software or firmware is equally as dangerous.
legendary
Activity: 2268
Merit: 18771
August 31, 2023, 02:55:42 AM
#5
1- If we connect the Internet to that machine once or sometimes (to update the Electrum wallet) , will it not remain a cold storage?
No, it won't. It will be a hot wallet which is sometimes disconnected from the internet.

2- If we are sure that there is no malware or something in the computer, what difference does it make to connect that cold storage computer sometimes to the internet to make transactions?
If you are sure your computer is 100% impenetrable to attacks and completely free from all malware 100% of the time, then you should probably present your findings to the CIA or something and be paid handsomely in return, since you'll be the first person ever to create a 100% secure system.

3- If we install electrum on computer (which is malware free and connected to the internet), make a new wallet, keep a note of the seeds and then uninstall electrum from that computer and also remove the wallet files, isn't it secure too?
No. First, you can't be sure your device is malware free. Second, when you delete data, all you are actually doing is telling your computer it can write over these sectors of your hard disk when it needs to. The data isn't actually removed until it is written over, which could take months or even years depending on how you use that disk.

if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.
You aren't sure. No one is sure. Have you disassembled and intricately examined every piece of hardware in your computer to check for backdoors? Have you read every line of code for every piece of software running your computer, from your BIOS and OS through to your wallet software? Are you examining every incoming and outgoing packet across your internet connect to check for malware or data being leaked? Of course not. Therefore you have no idea if there are vulnerabilities in your system.

This is the whole point of a permanently airgapped device. It is impossible to have a completely secure system connected to the internet, but you can mitigate a lot of possible attack vectors simple by airgapping your device permanently.

Again, assuming the computer never gets stolen, uninstalling the electrum keeps the coin safe even if some malware later comes in that computer and we never re-install the electrum in that computer without formatting it first.
Again, nope. Your wallet data will still exist on your hard drive unless you have deliberately written over the necessary sectors, which few people do. Malware can access that data and send it off to an attacker.
hero member
Activity: 868
Merit: 952
August 31, 2023, 01:52:11 AM
#4
I think you do not get my point of view, I just want to know that in an IDEAL WORLD, the Electrum wallet on the computer with an internet connection is safe if there is no Malwares, no hacker's attempt etc



Ideally just like you assumed, your coins or keys saved on electrum is save as long it is not compromised but in all honesty that something you will never get guarantee on


1- If we connect the Internet to that machine once or sometimes (to update the Electrum wallet) , will it not remain a cold storage?


No because a cold storage should never tastes the internet. Even that once could have it caught a malware.

2- If we are sure that there is no malware or something in the computer, what difference does it make to connect that cold storage computer sometimes to the internet to make transactions?
You cannot or never be sure once it touches or connects to the internet because once it touches it then consider it been already compromised. There are malwares that can’t easily be detected. And connecting it sometimes to internet as you have suggested even if you are sure the device doesn’t have malware doesn’t not make it a cold storage again but rather a hot storage that is yet to catch malware. A cold storage never touches the internet.


hero member
Activity: 2856
Merit: 618
Leading Crypto Sports Betting & Casino Platform
August 31, 2023, 01:36:21 AM
#3
I think you do not get my point of view, I just want to know that in an IDEAL WORLD, the Electrum wallet on the computer with an internet connection is safe if there is no Malwares, no hacker's attempt etc

We use Cold Storage only to avoid any possible risk that comes through the Internet, Right? There is no other reason.


1- If we connect the Internet to that machine once or sometimes (to update the Electrum wallet) , will it not remain a cold storage?
Technically No.
But still possible, Yes?

2- If we are sure that there is no malware or something in the computer, what difference does it make to connect that cold storage computer sometimes to the internet to make transactions?
As per my understanding, we do not connect cold storage to the internet because we fear that any malware may get our electrum seeds etc. Is is right ? There is no other reason. Connecting to Internet, does not mean that the Internet will know the private key or leaks your private key.
The actual purpose of creating the cold storage for crypto wallet is to mitigate any potential vulnerabilities so in case if you want to take the risk that you can be sure the device is entirely malware free then it's your choice.

Look here, you said "potential vulnerabilities". if we are sure that there are no vulnerabilities in the system, then we can connect to the internet.


3- If we install electrum on computer (which is malware free and connected to the internet), make a new wallet, keep a note of the seeds and then uninstall electrum from that computer and also remove the wallet files, isn't it secure too?
Uninstalling and deleting doesn't necessarily mean files are gone permanently because we know it is possible to retrieve data back even from the formatted hard drives.

Again, assuming the computer never gets stolen, uninstalling the electrum keeps the coin safe even if some malware later comes in that computer and we never re-install the electrum in that computer without formatting it first.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
August 31, 2023, 12:10:09 AM
#2
You don't necessarily need to connect your air-gapped device to the internet (because it voids the actual purpose) to upgrade your electrum since it can be done completely offline.

Download the latest version of Electrum from https://electrum.org/#download and then verify the signatures before installing it.

[GUIDE] How to Safely Download and Verify Electrum

Then copy the downloaded file to your air-gapped device and install it, then restore your wallet with your seeds "Standard Wallet -> I already have a seed".

Then go to  "Wallet -> Info" and get your "Master Public Key"

After this go to your device which is connected to the internet create the "watch-only" wallet (Standard Wallet -> "Use a Master Key)

By this method device will be never connected to the internet so you no need to worry about your seeds being exposed to malware or anything.




1- If we connect the Internet to that machine once or sometimes (to update the Electrum wallet) , will it not remain a cold storage?
Technically No.

2- If we are sure that there is no malware or something in the computer, what difference does it make to connect that cold storage computer sometimes to the internet to make transactions?
As per my understanding, we do not connect cold storage to the internet because we fear that any malware may get our electrum seeds etc. Is is right ? There is no other reason. Connecting to Internet, does not mean that the Internet will know the private key or leaks your private key.
The actual purpose of creating the cold storage for crypto wallet is to mitigate any potential vulnerabilities so in case if you want to take the risk that you can be sure the device is entirely malware free then it's your choice.

3- If we install electrum on computer (which is malware free and connected to the internet), make a new wallet, keep a note of the seeds and then uninstall electrum from that computer and also remove the wallet files, isn't it secure too?
Uninstalling and deleting doesn't necessarily mean files are gone permanently because we know it is possible to retrieve data back even from the formatted hard drives.
Pages:
Jump to: