Author

Topic: Electrum Multi-Sig with Hardware Wallets - Problem (Read 717 times)

lyw
newbie
Activity: 28
Merit: 1
Quote
This is to complicated and it has nothing to do with Electrum wallet.
One alternative for using USDT is with layer-2 Liquid Network and L-USDT token that is backed by Bitcoin and it has much lower transaction fees.
I think that supported hardware wallets are Jade (airgapped) and Ledger, and Green software wallet that should have multisig support.

Huobi, Binance, and OKEx do not support L-USDT. I cannot trade it on these platforms. Thank you. I will seek advice elsewhere regarding this issue.
legendary
Activity: 2212
Merit: 7064
I have already discussed how to securely store Bitcoin. For me, it is impossible to never use USDT.
Now, let's talk about how to securely store the Ethereum token USDT and share my thoughts with everyone here!
This is to complicated and it has nothing to do with Electrum wallet.
One alternative for using USDT is with layer-2 Liquid Network and L-USDT token that is backed by Bitcoin and it has much lower transaction fees.
I think that supported hardware wallets are Jade (airgapped) and Ledger, and Green software wallet that should have multisig support.



lyw
newbie
Activity: 28
Merit: 1
Quote
Can someone please offer advice or point me in the right direction? How are others actually doing this at present?

At this point I am seriously considering forking out $1800 per year for Casa Keymaster Platinum 3-of-5 multisig. I’d prefer to not have to spend that sort of capital (forgo that many Sats), but I can’t find a reasonably simple multi-sig setup with different hardware vendors that is fully compatible without having serious security flaws at present.

I have already discussed how to securely store Bitcoin. For me, it is impossible to never use USDT.
Now, let's talk about how to securely store the Ethereum token USDT and share my thoughts with everyone here!
One feasible solution is to generate disposable Ethereum wallets. Since Bitcoin operates on a four-year cycle, using two disposable Ethereum wallets per cycle is sufficient. Here is the plan:
Utilize the Passphrase feature of Trezor, which combines a mnemonic phrase and passphrase to generate a disposable Ethereum wallet. This way, you only need to change the passphrase without altering the mnemonic phrase, which is very convenient. Yesterday, I tried two software programs, Metamask and Exodus Wallet, which support the Passphrase feature of Trezor hardware wallets and allow the generation of Ethereum addresses in an offline environment.
The passphrase should be at least 15 characters long. I have tried using an RTX 3090 graphics card to crack WinRAR passwords consisting of numbers and lowercase letters, with an 8-character password taking approximately 1 hour to crack. Considering the hardware and electricity costs, let's assume the expense is 0.1 dollar. The cost of cracking a 15-character password would be significantly higher. To be even more secure, it is recommended to use a completely random password consisting of 20 characters of numbers and letters.
legendary
Activity: 994
Merit: 1089
Wheel of Whales 🐳
How to securely protect Bitcoin, I feel like I've figured it out. But when it comes to securing Ethereum assets, there isn't a particularly good solution.
This section is generally about BTC and you may not get the best information about Ethereum here as users who are active here probably don't use Ethereum, maybe you can seek solution or help in the altcoin section: https://bitcointalk.org/index.php?board=67.0
lyw
newbie
Activity: 28
Merit: 1
Quote
Airgapped wallets offer the highest level of protection from any online threat, when you combine that with a hardware wallet, either directly using a device like Passport or manually, you have a fairly high level of protection which cannot be breached.

How to securely protect Bitcoin, I feel like I've figured it out. But when it comes to securing Ethereum assets, there isn't a particularly good solution. For Ethereum, there are physical isolation solutions like the MEW Offline wallet and AirGAP Vault wallet, but they don't support hardware wallets. I also tried the multi-signature feature of the Gnosis Safe wallet, but there are two serious issues. 1) Transaction information cannot be displayed well on hardware wallets. 2) If a single private key is leaked, although funds cannot be stolen, if a hacker sends an infinite number of invalid transaction requests, it will still result in the funds being stuck and unable to be withdrawn.   Other issue is that transaction fees are too expensive.

If any of you have better suggestions, I hope you can let me know. Thank you very much, everyone.
hero member
Activity: 644
Merit: 661
- Jay -
3. Airgapped method can give the triple defense.
Airgapped wallets offer the highest level of protection from any online threat, when you combine that with a hardware wallet, either directly using a device like Passport or manually, you have a fairly high level of protection which cannot be breached.

- Jay -
lyw
newbie
Activity: 28
Merit: 1
Quote
I’ve spent a great many hours looking into best practices for setting up a multi-sig configuration with hardware wallets and Electrum. I just can't seem to find a safe, agreeable setup.

After practicing for about one month, maybe some useful opinions are:
     A multisig wallets with a Ledger and a Trezor, and working at airgapped environment.
     Reasons:       
            1. Messages showed by Ledger can be checked (>95%). Some are public key (xpub of two hardware wallets, you can get them by sparrow wallet software), and others are transaction addresses and fees . I have checked.
            2. Ledger nano s plus is more cheap.
            3. Airgapped method can give the triple defense.
lyw
newbie
Activity: 28
Merit: 1
Quote
Ethereum is an account based system (not like Bitcoin UTXO), so cold storage is similar to paper wallets in Bitcoin. All the steps are almost the same, the best wallet for this is https://www.myetherwallet.com and you can connect it to the Trezor device.
The only difference is that you do not need the master public key, but rather copy the address and search for it in any block explorer such as Etherscan.io.
Thanks, I have tried myetherwallet, again and again. I found that MEW Offline version was like a cold wallet, but could not connect to Trezor or other kinds of hardware wallets. Its online version could connect hardware wallets. Ethereum offline version is also a cold, and could be connected to trezor. So, there are two defense lines, and it is quite safe. MEW wallet can not do it. Am I right?

Quote
Your steps aren't completely clear to me. Just to clarify - you are connecting your Trezor only to your airgapped computer and interacting with it via Electrum, signing transactions on your Trezor, and then moving those transactions from your airgapped Electrum to your live Electrum to be broadcast?
That's certainly one of doing it and is very secure. An alternative solution for the future would be to use a hardware wallet which is already airgapped and does not need to connect to a computer at all, such as a Passport.
Yes, that was what I did. I do not find a similar method for USDT or USDC. Maybe I have to use online versions for them. Two hardware trezors are used only for BTC with airgapped method, and two hardware wallets (Ledger and Trezor) are used only for USDT and USDC through a third-party software, like MetaMask.

Quote
Well yeah, you could also die without multisig and it would be the same IF you don't write recovery instruction letter for your wife.
Making more complications means it's going to be harder for anyone to recover your coins.
Yes, I must prepare one for her, immediately.  The airgapped method with electrum software and trezor are quite safe for BTC. I do not have other asset, for the moment
. Maybe I will consider multisig wallets for USDT and USDC two years later. Grin Grin
legendary
Activity: 2212
Merit: 7064
The multisig is good, but I am worry that if I suddenly die, my wife could not find back the money. So maybe multisig is not a good choice for me.
Well yeah, you could also die without multisig and it would be the same IF you don't write recovery instruction letter for your wife.
Making more complications means it's going to be harder for anyone to recover your coins.

PS
Try to use correct quotes in forum...
hero member
Activity: 630
Merit: 510
Electrum is used only for BTC, could you tell me whether there is a way to make an an airgapped wallet for ETH? I have tried at least 10 different wallet softwares, but failed. I only have some basic knowledge about cryptocurrency, and python.

Ethereum is an account based system (not like Bitcoin UTXO), so cold storage is similar to paper wallets in Bitcoin. All the steps are almost the same, the best wallet for this is https://www.myetherwallet.com and you can connect it to the Trezor device.

https://trezor.io/learn/a/myetherwallet-and-trezor
https://help.myetherwallet.com/en/articles/6167899-how-to-create-a-cold-wallet-a-k-a-paper-wallet

The only difference is that you do not need the master public key, but rather copy the address and search for it in any block explorer such as Etherscan.io.
legendary
Activity: 2268
Merit: 18775
-snip-
Your steps aren't completely clear to me. Just to clarify - you are connecting your Trezor only to your airgapped computer and interacting with it via Electrum, signing transactions on your Trezor, and then moving those transactions from your airgapped Electrum to your live Electrum to be broadcast?

That's certainly one of doing it and is very secure. An alternative solution for the future would be to use a hardware wallet which is already airgapped and does not need to connect to a computer at all, such as a Passport.

Dear o_e_l_e_o, Electrum is used only for BTC, could you tell me whether there is a way to make an an airgapped wallet for ETH?
Absolutely no idea, I'm afraid. I don't use ETH or any other pre-mined shitcoins. Maybe you are able to do it with Trezor Suite itself?
lyw
newbie
Activity: 28
Merit: 1

If you still don't fancy using a hardware wallet, then I would suggest an airgapped wallet. An old laptop seems to be what most people use, but if you don't have one, you can buy something for far less than the $1,800 you are considering. You can buy a Raspberry Pi for less than 50 bucks. You could even multisig between a couple of Raspberry Pis, or between a Raspberry Pi and a Trezor.
[/quote]

Dear o_e_l_e_o, Electrum is used only for BTC, could you tell me whether there is a way to make an an airgapped wallet for ETH? I have tried at least 10 different wallet softwares, but failed. I only have some basic knowledge about cryptocurrency, and python.
newbie
Activity: 7
Merit: 0
this work to ensure that solutions are equitable to ensure the crypto currency community information is required to complete and other immersive technologies become more advanced so whynot bani fitness will help you
lyw
newbie
Activity: 28
Merit: 1

[/quote]
I think you are making to much complications, but hey it's your choice.
Both bitbox and keepkey are based on trezor source code, and they don't have stupid app installation, so I am sure they don't have that problem.
However, I wouldn't use keepkey for anything serious, Bitbox is much more mature product, they have regular updates and they 100% support multisig without any issues.

dkbit98, thanks for your help. Next time, I will buy trezor and BitBox hardware wallets. The multisig is good, but I am worry that if I suddenly die, my wife could not find back the money. So maybe multisig is not a good choice for me.
legendary
Activity: 2212
Merit: 7064
I do not have other hardware wallets (Bitbox, keepkey, Passport, Keystone, Coldcard). Someone can tell me bitbox or keepkey is Ok to avoid this question?
I think you are making to much complications, but hey it's your choice.
Both bitbox and keepkey are based on trezor source code, and they don't have stupid app installation, so I am sure they don't have that problem.
However, I wouldn't use keepkey for anything serious, Bitbox is much more mature product, they have regular updates and they 100% support multisig without any issues.

As the method presented above, the only channel to hack is the Two-dimensional code. Now, maybe your money is safe, unless both Trezor company and Electrum are malicous, and they collaborate together. Am I right?
Nobody knows if you done everything correctly or not, but even if hardware wallets are malicious you are not connecting them to internet directly.
lyw
newbie
Activity: 28
Merit: 1
As the method presented above, the only channel to hack is the Two-dimensional code. Now, maybe your money is safe, unless both Trezor company and Electrum are malicous, and they collaborate together. Am I right?
 
By the way, I do not need two computers. I have two solid state disks (SSD), and switch two connecting lines to the same mainboard. One SSD cost about 10 dollars.
lyw
newbie
Activity: 28
Merit: 1
Thanks for your suggestions.

I have tried another way as suggested by o_e_l_e_o,  an airgapped wallet, details are as follows:

       Using One Trezor wallet, one online computer, one offline computer, one online mobile phone, USB flash disk, Electrum 4.4.6, Trezor suite.

       step 1: Generated 24 words for a legitimate wallet on the offline computer with a python code. I'm not a professional programmer, and it is not very hard.
       step 2: Restore the trezor wallet on the offline computer with trezor suite.
       step 3: A single signature wallet with Electrum and trezor, and get the Master public key.
       step 4: Install electrum on the online computer and mobile phone, and then input the Master public key to get online wallets.
       
       Now, I can made a transaction as these:
       step 1: start a transaction on the online computer, and export the transaction file (.pstb file).
       step 2: copy to  the offline computer with a USB flash disk, and then erase the USB flash disk.
       step 3: Sign the transaction on the offline computer, and show the Two-dimensional code.
       step 4: Scan with mobile phone, and broadcast it.

I have tried Ledger wallet, too. The problem is that its apps will be erased after restore the seeds. So I have to connect ledger wallet to ledger live through the internet, again.
I do not have other hardware wallets (Bitbox, keepkey, Passport, Keystone, Coldcard). Someone can tell me bitbox or keepkey is Ok to avoid this question?
Maybe next time, I will not buy Ledger, and prefer to Bitbox or keepkey, or other mainstream hardware wallets.

                                                           
legendary
Activity: 2268
Merit: 18775
I'm not sure what having one key on a hot Electrum wallet adds to this set up. Why not just have 2-of-2 with two hardware devices, and don't include a hot wallet cosigner at all?

I agree with dkbit98 and also wouldn't recommend either Ledger or Trezor devices though - the first for their terrible approach to security, and the second for the terrible approach to privacy.
legendary
Activity: 2212
Merit: 7064
Now I am also considering the same thing as you. I have generated a multisig wallet with a ledger and a trezor. However, the ledger could not display the details of transaction while sending BTC. I am worried about this.
Don't use ledger crap wallet for any multisig setups!
I talked about this and I will repeat again, ledger can't always construct multisig and/or multisig with ledger can't be properly verified.

Maybe a solutions is that. A 3-of-3 multisig wallet, with two trezors and one obtained using electrum. The two trezors must be purchased in different times. The time interval of purchase data must be more than 2 or 3 years.
It's silly to think buying two Trezor wallets in different times... and I really don't understand your gibberish ideas.
Trezor wallet was not much better than ledger in past, maybe they improved something with model T but I am not so sure about it.
Hardware wallets that work correctly in multisig setup are Bitbox, Passport, Keystone, Coldcard.
lyw
newbie
Activity: 28
Merit: 1
Now I am also considering the same thing as you. I have generated a multisig wallet with a ledger and a trezor. However, the ledger could not display the details of transaction while sending BTC. I am worried about this.
Maybe a solutions is that. A 3-of-3 multisig wallet, with two trezors and one obtained using electrum. The two trezors must be purchased in different times. The time interval of purchase data must be more than 2 or 3 years.
newbie
Activity: 15
Merit: 1
I have been using Casa Keymaster 2 of 3 setup without any problems.
HCP
legendary
Activity: 2086
Merit: 4363
It's still frustrating that Ledger does this so badly and that one has to rely so heavily on Trezor as a result, but hopefully Ledger addresses the issue in time. It's not my intention to spend from this setup for some time, so perhaps the issue will be resolved by then.
Indeed, some of Ledger's decisions in the past have left me a little confused... It would appear they'd rather add a bunch of shitcoin support than fix something like this. I guess "the squeaky wheel gets the grease" and more people wanted to be able to store (worthless) shitcoins on their Nano S' than people who wanted to be able to use their Nano S in an Electrum Multisig ¯\_(ツ)_/¯

Hopefully they'll find some spare dev capacity now that Ledger Live is relatively stable and the X has been out for a while... not holding my breath tho. Undecided
newbie
Activity: 4
Merit: 1
Thanks HCP. That makes a lot of sense.

I received some feedback from an experienced/technical individual yesterday that exactly aligns with your comments. It makes me feel a lot better hearing the same thing from two experienced sources.

For background on my concerns, see the following two links:

https://twitter.com/mflaxman/status/1163585172568268802
https://saleemrashid.com/2018/01/27/hardware-wallet-electrum-multisig/

It's still frustrating that Ledger does this so badly and that one has to rely so heavily on Trezor as a result, but hopefully Ledger addresses the issue in time. It's not my intention to spend from this setup for some time, so perhaps the issue will be resolved by then.

Nevertheless, I'll probably go ahead. This is the guide I am following, if anyone is interested or has comments:

https://github.com/DriftwoodPalace/guides/tree/master/hodl-guide
HCP
legendary
Activity: 2086
Merit: 4363
Ledger is not an option because of the massive attack vector regarding not verifying change outputs or displaying fees for multi-sig transactions. I’ve seen some suggest that incorporating a Ledger into a multi-sig setup being counter-productive. 
Not sure how this really matters if you're using a multisig? Huh

Surely, once you've confirmed the change and/or fees using the Trezor and then partially signed the transaction then you don't have to worry about it, as, at that point, it's then impossible to alter the transaction and still have the Trezor part of the signature be valid... Or you could sign it with the Ledger first, then double check everything with the Trezor before adding the 2nd (and final) signature before sending.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
With respect to Casa's fee, I tend to agree. I'm happy to pay the $1800 once-off, for which you get a node, 3 hardware wallets and a few other items. Obviously you get access to their software, priority support and assistance etc too.

I can't believe anyone would entrust a third party with any of their seeds, sorry.  Even if it's only one seed of a multi-sig wallet. 

You can do a similar thing yourself for much less money, and it'll be infinitely more secure.  If you're concerned about the safety of your storage facility there are solutions to that as well:  A small fire-resistant document safe is only a couple of hundred bucks; buy two and put one at home and another in a self-storage unit (about $50 a month) with back-ups of your seeds in both safes.  You'll be the only one with access to your seeds, they're safe from various physical threats, and you'll be spending a lot less on security.
legendary
Activity: 2268
Merit: 18775
I'm genuinely interested what others are doing though with respect to this problem. Perhaps they're not too concerned with these specific attack vectors and therefore just using a bunch of Trezors or a Ledger and Trezor.
Both Ledger and Trezor have instructions to follow to verify that the device you received is completely genuine, from opening the device and inspecting the hardware, to verifying it against their servers. Also, by way of updating to the latest firmware, you would overwrite any malicious code on the device. The chance of a supply chain attack is negligible provided you follow the recommended set up steps.

In terms of a bad actor, all software you are using should be open source. Unfortunately, not all hardware wallet firmware is open source, however you can independently verify that the wallet is returning the correct responses and there is no side channel attack present.

If you still don't fancy using a hardware wallet, then I would suggest an airgapped wallet. An old laptop seems to be what most people use, but if you don't have one, you can buy something for far less than the $1,800 you are considering. You can buy a Raspberry Pi for less than 50 bucks. You could even multisig between a couple of Raspberry Pis, or between a Raspberry Pi and a Trezor.
newbie
Activity: 4
Merit: 1
Electrum can generate a seed by itself. It's a software wallet. So why not use a combination of electrum generated seed and a hardware wallet?

Hardware wallets are nowhere as important as people make them out to be. IDK why people spend so much money on them. You are essentially trusting the postal system and some remote company not to steal from you.


Appreciate the reply. It's useful to get this perspective... I think I'm too irrationally stuck in a single line of thinking.

And your comment re. the postal system/remote company is interesting, and very true. I'll definitely rethink my strategy with this in mind! Thanks
newbie
Activity: 4
Merit: 1
Thanks for the reply DireWolfM14.

That is a viable solution which I didn't consider....and perhaps I am over complicating things. My technical knowledge is somewhat basic, so I guess my logic has been to err on the side of caution so that I don't screw anything up (i.e. use hardware wallets with which I'm pretty familiar). I'd also have to purchase a second PC for the air-gapped solution.

I'm genuinely interested what others are doing though with respect to this problem. Perhaps they're not too concerned with these specific attack vectors and therefore just using a bunch of Trezors or a Ledger and Trezor.

With respect to Casa's fee, I tend to agree. I'm happy to pay the $1800 once-off, for which you get a node, 3 hardware wallets and a few other items. Obviously you get access to their software, priority support and assistance etc too.

They only store 1 of the 5 keys, which acts as the emergency backup key. You retain 4 keys (3 generated by your hardware wallets & and the 4th generated by their app, to which they supposedly don't have access).

I've read that you can cancel your membership with them and still retain access to their software/servers, but support and recovery would presumably cease from year 2. I've also seen them suggest that the membership fee includes free hardware upgrades as and when they are released, shipped to you anywhere in the world for free. They also retain 3 backup hardware wallets for you at all times and will ship them to you for free, if you lose any of yours.

Considering the above, the cost appears to be somewhat justified. In my case though, I don't really see it as being particularly worthwhile.
legendary
Activity: 3710
Merit: 1586
Electrum can generate a seed by itself. It's a software wallet. So why not use a combination of electrum generated seed and a hardware wallet?

Hardware wallets are nowhere as important as people make them out to be. IDK why people spend so much money on them. You are essentially trusting the postal system and some remote company not to steal from you.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
At this point I am seriously considering forking out $1800 per year for Casa Keymaster Platinum 3-of-5 multisig.

I don't see for what they're selling subscriptions.  Do they store your recover seeds?  WTF?  Maybe I'm missing something but that sounds like a bad idea.

My specific goal is to have a 2-of-2 setup with 2 different hardware wallet manufacturers, to mitigate the risk of bad actors/supply chain issues in any one company. Herein lies my primary issue.
 
Trezor appears to work flawlessly with electrum in a multi-sig setup, which is great. The problem however is that I can’t find a second mainstream hardware wallet that actually works securely at the moment.

Seems like you're over complicating things.  You can use a standard Electrum wallet as a the second signature, go with an airgapped system for extra security.  You'll still need one hardware sig and another sig from another wallet that has no ties to Trezor. 
newbie
Activity: 4
Merit: 1
Hi there,

I’ve spent a great many hours looking into best practices for setting up a multi-sig configuration with hardware wallets and Electrum. I just can't seem to find a safe, agreeable setup.
 
I’ve been listening to Stephan Livera’s recent podcasts on hardware wallets and most of the technical experts (Michael Flaxman and the like) seem to suggest that it is irresponsible to NOT use multi-sig. The curveball, according to other experts, appears to be is that it can actually increase overall risk in some respects if not executed properly.

My specific goal is to have a 2-of-2 setup with 2 different hardware wallet manufacturers, to mitigate the risk of bad actors/supply chain issues in any one company. Herein lies my primary issue.
 
Trezor appears to work flawlessly with electrum in a multi-sig setup, which is great. The problem however is that I can’t find a second mainstream hardware wallet that actually works securely at the moment.
 
I’ve bought a Coldcard, which is highly recommended for secure storage, but I discovered that it is not supported fully for multi-sig with electrum just yet.
 
Ledger is not an option because of the massive attack vector regarding not verifying change outputs or displaying fees for multi-sig transactions. I’ve seen some suggest that incorporating a Ledger into a multi-sig setup being counter-productive. 

Using two Trezors is obviously pointless, given the specific attack vector that I am trying to guard against.
 
Can someone please offer advice or point me in the right direction? How are others actually doing this at present?

At this point I am seriously considering forking out $1800 per year for Casa Keymaster Platinum 3-of-5 multisig. I’d prefer to not have to spend that sort of capital (forgo that many Sats), but I can’t find a reasonably simple multi-sig setup with different hardware vendors that is fully compatible without having serious security flaws at present.

Thank you kindly in advance.
Jump to: