Topic: Electrum Air Gapped Setup Versus Hardware Wallet (Read 391 times)

The idea was that if you are known to have the coins and somebody is already targeting you, there's a better chance he will go for a 5$ wrench attack than something so highly sophisticated as presented in those lists.


Yes, overcomplicating the things are easily leading to that. And some try to do cold storage when they don't understand what happens there, again losing funds (I remember that there was a thread about Electrum 4.0.phishing "stole the coins" when the user came online! with the "cold storage"! to broadcast a tx)

Opsec? Comsec? ... If you are a target, they will get you. Osama Bin Laden had air gap computers and hundreds of flash drives discovered at the time of his death. His house had armed guard security. His "transactions" were sent by courier to go connect to some internet cafe far away. They still got him.

If you are a target of some large enough adversary and you are not a government agent yourself protected by a small private army, then someone will eventually use a $5 wrench on you, or someone you know.

I still prefer the computer. Do just enough, and your bitcoins will be safe "enough". And that can be good for up to a few million dollars worth maybe. If you have a billion dollars worth, then you probably have regulated custodian holding some of the coins for you.

Still, we can all see "Loaded"'s address with 40k BTC, has not moved in several years. It's probably on an air gap machine.

Silk Road dude, Ross Ulbricht made a few mistakes, and he had access to maybe thousands of bitcoins. The FBI and DEA eventually got him. There's a movie out there now. Silk.Road.2021.1080p.BRRip.AC3.x264 or something if you care to search for it.

(The movie is good, but it's not very accurate, as we know it has been changed a little bit for presentation.)

Not really, some of those attacks starting from top have actually been done in real life and not just written as some wild theory.


It is not so hard to make 5$ wrench attack on your airgapped computer also, especially if it is laptop.


I would agree with you here, and if you listened to people like Jameson Lopp or Andreas Antonopoulos they would also say the same thing, and tell you the stories of many people who lost Bitcoin just because they made their own airgapped computer for storing BTC, made everything over complicated and lost access to their BTC in the end.
Sounds like crypto horror story but it happens more often than we think, so for most people it's better to keep it as simple as possible.

Is there any research done on physical attacks to exploit the OS or the wallet software to glitch it to reveal the seeds or any sensitive info? I don't think Electrum (in this case) can be immune to such bugs, I mean JSON RPC was unencrypted for a long time. Is it possible for the attacker to clone the disk/sd card to have access to the encrypted storage to bruteforce?
I don't think cold storage is insecure by any means. I've only switched to ColdCard because it is something like a cold storage while being way easier to use. It's slightly annoying to have to start my RPi up to make my transactions every time. Side channel defenses are just the icing on the cake.
I agree.

Sure, they are hardened against side channel attacks, but they are also vulnerable to different attacks which airgapped, encrypted, cold storage is not vulnerable to. Seed phrases can be extracted from Trezor devices, and Ledger devices had a critical bug which would allow bitcoin to be stolen when the user was interacting with an altcoin, for example. Neither of these are possible against a well set up cold storage device.

There is no perfect solution for bitcoin storage, and each has its own pros and cons. But writing off cold storage because of incredibly difficult and rare attacks such as an attacker listening to the speed of your computer fan is incorrect, when by far and away the most likely way to lose your coins is through user mistake, simple malware (such as clipboard malware), or physical coercion.

I would argue that the plausible deniability of cold storage can outperform that of a hardware wallet. With a cold storage device I can use hidden volumes to decrypt fake or misleading "sensitive" data much in the same way that a passphrase on a hardware wallet can lead to fake or misleading wallets, and in both cases I can keep my main sensitive data/wallet completely hidden. The difference is with a cold storage device I could be hiding anything, from bank details to business accounts to wikileaks data etc., whereas with a hardware wallet, it is immediately obvious that I am hiding cryptocurrency.

I would agree with this. A hardware wallet remains the logical choice for anyone who feels they do not have the technical knowledge to safely set up and use an airgapped device, but for those of us who do, an airgapped device can definitely be better than a hardware wallet, depending on what attack vectors you are most concerned about.

Both hardware wallets and cold storage are geared to defend against any traditional malware attacks and both can do so relatively well.

It's a stretch to say that cold storage is safer. Most hardware wallets are audited regularly, even at times by competitors who obviously have an interest to exploit each other's devices. Vulnerabilities can happen with cold storage as well, they are not immune to it. There are hardware wallets which acts like an air gapped storage as well, like ColdCard but with the added benefit of it being easier to use as well as it being hardened against side channel.

In terms of the theoretical exploitation surface, it could be argued that having a hardware wallet which is specifically designed for storing Bitcoins safely is better than a person with little to no knowledge having to set up one themselves and exposing it to unnecessary risks.

Open source ≠ free of exploits. Companies like Ledger operates like a corporation with specific NDAs to follow. If you don't like to use devices that are not open source, avoid them. Plenty of HW wallets which are open source still.

You are right, I didn't phrase it good. I wanted to refer to those considering hardware wallets safer than cold storage.
Imho cold storage is safer because you can have much more control on what happens there and which in most cases you don't really need to update, versus hardware wallets which are not all open source, which can have bugs and hidden flaws (them or the wallets installed).

They do not invent attacks. Theoractical attacks are discovered with substantiated evidence that it is possible. I don't think it's bad to be researching on these to highlight the possible loopholes?

I don't think anyone goes as far to say that cold storage isn't safe. I've mostly seen people highlighting the focus of hardware wallets and the hardened nature of them against more novel attacks. If you are that conscious about security, then you could possibly get a hardware wallet shipped through a reshipper and do some simple auditing by yourself and could probably give you a peace of mind.

$5 wrench attack is much more likely and that is why most HW wallets have plausible deniability built into it as well. Don't think it's fair to shoot down hardware wallets like that; they do still provide much more protection against sidechannel attacks which is what you would be concerned about if you're absolutely paranoid. Using a drop address or a PO box for the shipping would be necessary as well.

Indeed. I keep reading about people claiming that cold storage is not safe and show big list of possible attacks.
A 5$ wrench attack is much more likely than all those together.

Most of those attacks are incredibly theoretical, and most are completely mitigated by not plugging in unnecessary hardware such as speakers or scanners to your airgapped device, and by preventing physical access to your airgapped device, meaning the attacker cannot measure LEDs flashing, fan speed noises, weak magnetic fields, screen brightness, power line consumption, etc. Simply using your airgapped device with the minimal hardware, keeping it inside your house (even better, locked in a safe), and only using it in a room with no other electronics and the curtains closed, will mitigate almost all of these attacks.

If someone manages to break in to your house, load malware on to your airgapped device, and set up some kind of covert monitoring device on your power cable or a microphone to record your hard drive noise, all without you even noticing it has happened, then you have much bigger problems to worry about.

You should know that airggaped computers also have many  potential attacks than hardware wallets because they are not really designed to keep secrets.
I am not saying hardware wallets are perfect, but airgapped computers are also far from perfect solution especially if you don't know what you are doing and you make one small mistake.

Here is just some of possible attacks on air gapped computers:

1. Cold Boot Attacks
2. The Chilling Reality of Cold Boot Attacks
3. Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems
4. Sniffing Keystrokes With Lasers/Voltmeters
5. Generating Covert Wi-Fi Signals from Air-Gapped Computers
6. Flaws in self-encrypting SSDs let attackers bypass disk encryption
7. NSA TEMPEST Attack can remotely view your computer and cell phone screen using radio waves!
8. LED-it-Go
9. USBee
10. AirHopper
11. Fansmitter
12. DiskFiltration
13. BitWhisper
14. Unnamed attack
15. GSMem
16. xLED
17. aIR-Jumper
18. HVACKer
19. MAGNETO & ODINI
20. MOSQUITO
21. PowerHammer
22. CTRL-ALT-LED
23. BRIGHTNESS
24. AiR-ViBeR
25. POWER-SUPPLaY
...

I am sure there are more attacks that are not listed here, and it was all collected with more explanation by this website :
https://airgapcomputer.com/

This is exactly what OP is describing - creating an Electrum wallet on an airgapped computer and keeping it permanently offline.

However, you still need a watch only copy of your Electrum wallet which can go online. A watch only wallet only contains addresses, not private keys, and therefore cannot be hacked or have coins stolen from it. You can create one by exporting your master public key from your airgapped Electrum wallet, transferring it via USB or QR code to your internet enabled device, and then importing it in to a new Electrum wallet. Without your online watch only wallet, you will not be able to see incoming transactions to your addresses, and will therefore not be able to create any transactions.

My opinion , no need for electrum wallet to be online.
Use TAILS OS and a downloaded , signature verified electrum wallet. Air gap the TAILS loading.
Create your off line wallets. back it up and never get the wallets online. EVER!

When you have 10 BTC, it would be a good idea to spend a little to get either a workstation or old server, install OS, install Bitcoin Core, install Fulcrum or ElectrumX or EPS (Electrum Personal Server) and you can then use that as your full node to connect to from your Watch-Only Electrum wallets.

I've also read that hardware wallets choke on 15-on-15 multisig transactions (or can't even do them) whereas any computer with Electrum can do it relatively quickly. Not that I have 15 different wallets. 2-of-3 multi-sig is pretty much a good standard already.

I've always said that this wiki page is greatly exaggerated. Basically it's whole argument is that because people may not correctly create paper wallets then they are considered unsafe. This is true about everything, even your hardware wallet if used incorrectly could be unsafe.

A correctly created paper wallet is the safest option in my opinion.
A correct way is:
1. Created offline on a clean and secure OS
2. Using a trusted tool (open source and verified)
3. The tool generates mnemonics
4. Is encrypted before written on paper
5. More than one backup is created from it and stored separately in safe places.

I prefer whole disk encryption for a number of reasons.

Firstly, I use it regularly on most of my devices, so I am very familiar with it.
Secondly, it eliminates the risk of leaving behind unencrypted information accidentally. If I accidentally save some sensitive information or a piece of software creates some unencrypted back up or log, it doesn't matter since it will all be encrypted anyway when I'm finished using the device.
Thirdly, it provides plausible deniability. If someone finds an encrypted hard drive, they have no idea that there might be bitcoin on it. If someone finds an encrypted Electrum wallet file, it's a different story. You can also take this further by using hidden volumes to decrypt different data to what you are really protecting.

Whether or not these are vectors of attack which would concern you is up to you. I would recommend LUKS for Linux or VeraCrypt if you go with Windows.

Thanks to all for the superb advice.

One final question, is whole disk encryption recommended in addition to wallet encryption?


I believe that an air gap Electrum wallet is the best solution for me.

I think paper wallets are not terrible as it is basically just another way to store your keys or seeds. The points as stated in the wiki are completely valid and are indeed downsides of paper wallets. Generating a paper wallet would most likely involve an offline computer so rather than doing that, I'll just make an Electrum wallet, export the master public key, write the seed and laminate it.

If you want to make it more indestructible, use some metal stamping tool to etch it into a block of metal.
Here lies another problem; that hasn't been any new commits for the past few years which means it doesn't have segwit support. Not exactly a big problem but it works fine if you want to generate legacy address.

OP, the Electrum air-gapped set up option is better for your OPSEC in that no one knows that you are a Bitcoin user. It has become especially concerning after Ledger leaked their customers’/users’ personal information.

pooya87, that's an excellent strategy...if only I had 10BTC 

Seriously though, can you please explain why you favour the paper wallet for long term HODL when this WiKi https://en.bitcoin.it/wiki/Paper_wallet#:~:text=A%20paper%20wallet%20is%20the,and%20should%20not%20be%20used. so strongly discourages it?

If I do generate a paper wallet, would this https://github.com/pointbiz/bitaddress.org be a suitable tool?