Pages:
Author

Topic: Hardware wallets still aren't secure, and they never will be. Use paper wallets (Read 1881 times)

legendary
Activity: 1382
Merit: 1122
Seems like a great time to bump this important thread!

Never forget, you don't know what vulnerabilities will be found in the future. Don't trust a third party with your crypto, or in this case, your data.

Hardware wallets and the centralized companies behind them are insecure. Learn how to secure your funds properly.
staff
Activity: 3304
Merit: 4115
Transmissions can be blocked, but its whether you want to go into the skeptical world of carrying a frequency blocker with you at all times. That would mess up quite a few frequencies, and could effect  some of the emergency services communications which could potentially be a crime depending on where you live.

@o_e_l_e_o,
I've heard somewhere about a virtual chip that can be inserted in a human body anywhere (most probably wrist) and they can generate invoices and even send/receive Bitcoins through the same. If that's true, even if the attackers know that "this guy is having Bitcoins" but are unsure where did he store them, how will they plan and attack such person? If such a device can be stored in us, why can't we have some sort of device stored in our body too that can alarm Police by sending them necessary details like our live location as well as a message like "Emergency, need help, stuck somewhere!" that we may use by just tapping that area in our body whenever such scenario takes place?
It doesn't matter where you store your Bitcoin it only matters that you have Bitcoin. In most scenarios its better to just give up a small amount of money than get harmed. By refusing to tell them where your Bitcoin is it could potentially put you in a life alternating situation which to be honest I wouldn't be willing to risk for a small amount of cash. This is why the point of carrying a small amount of cash is a good idea, and not bringing your whole stash with you. If you're smart, and keep your Bitcoin separated the thief won't be able to prove that you own more than what you give to him on the spot.
legendary
Activity: 2268
Merit: 18771
I mean can an attacker actually come to know the exact body part and area where such a chip is stored?
Probably the simplest method is through observation of you using it. They would also be able to detect it through scanning for what it is transmitting, be that NFC, RFID, WiFi, or whatever. Microchip detectors exist for scanning animals which have been chipped; no reason an attacker couldn't use it on a person.

They don't actually need to know where it is to disable it though. As I said before, a signal jammer would do the trick. An EMP or even just a strong magnetic field could be also be used to disable it.
legendary
Activity: 2730
Merit: 7065
Is there any such device that can counter the type of virtual chip I discussed above? I mean can an attacker actually come to know the exact body part and area where such a chip is stored?
If the chip transmits over the same frequencies as phones it can blocked using a cell phone jammer. A jammer isn't directed to a certain body part, for example towards the wrist like in your example. It blocks all signals in the entire room. We had these at school. They were used to prevent students from cheating on exams who would be in contact with someone during the exam who helped them with the questions. 
legendary
Activity: 3052
Merit: 1273
If such a device can be stored in us, why can't we have some sort of device stored in our body too that can alarm Police by sending them necessary details like our live location as well as a message like "Emergency, need help, stuck somewhere!" that we may use by just tapping that area in our body whenever such scenario takes place?
Don't see why not, but I would assume something like that could be fairly easily countered by an attacker using a cell phone jammer or similar device.

Is there any such device that can counter the type of virtual chip I discussed above? I mean can an attacker actually come to know the exact body part and area where such a chip is stored? I have not heard of any such counter device as of yet, but if one is available, what is it?
legendary
Activity: 2268
Merit: 18771
If that's true, even if the attackers know that "this guy is having Bitcoins" but are unsure where did he store them, how will they plan and attack such person?
I assume the same way they would attack anyone they know is storing bitcoin but they don't know how or where: Physically.

If such a device can be stored in us, why can't we have some sort of device stored in our body too that can alarm Police by sending them necessary details like our live location as well as a message like "Emergency, need help, stuck somewhere!" that we may use by just tapping that area in our body whenever such scenario takes place?
Don't see why not, but I would assume something like that could be fairly easily countered by an attacker using a cell phone jammer or similar device.
legendary
Activity: 3052
Merit: 1273
@o_e_l_e_o,
I've heard somewhere about a virtual chip that can be inserted in a human body anywhere (most probably wrist) and they can generate invoices and even send/receive Bitcoins through the same. If that's true, even if the attackers know that "this guy is having Bitcoins" but are unsure where did he store them, how will they plan and attack such person? If such a device can be stored in us, why can't we have some sort of device stored in our body too that can alarm Police by sending them necessary details like our live location as well as a message like "Emergency, need help, stuck somewhere!" that we may use by just tapping that area in our body whenever such scenario takes place?
legendary
Activity: 2268
Merit: 18771
Sure, but physical attacks with the aim of stealing bitcoin aren't happening by approaching random people on the street in the spur of the moment. The attack is targeted and planned, and the attacker usually knows the victim is holding a significant amount of bitcoin. Often they are home invasions, or fake meetups under the pretense of trading.
Unless you are involved in these types of attacks, you do not have any way of knowing this. These types of attacks are not well publicized.
You don't need to be involved in bitcoin attacks to realize that approaching random members of the public and threatening them to "hand over their bitcoin" isn't exactly going to net you high returns. Bitcoin attacks are planned in advance. I would also direct you to this page: https://github.com/jlopp/physical-bitcoin-attacks. Sure, many are not publicized, but of the ones which are, the majority take place within a building (usually a home or a predetermined meeting point), or sometimes within a vehicle. More rarely the victim is abducted.

These attacks are not akin to a mugger approaching a random person on the street, and running if they don't have anything of value on their immediate person.
legendary
Activity: 2730
Merit: 7065
Sure they could. An attacker could use blockchain analysis to reasonably conclude a lower bound of how much coin a person is holding. An attacker could use a set of known facts to conclude a person is holding a large amount of coin.
If your coins are spread around in different wallets and these addresses are not public and can't be connected to your real name it is safe to assume that you would be safe. How would someone discover that a certain number of addresses belong to John Smith from Denver, Colorado?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
I don't even know how much is in my cold storage as I haven't accessed it in a number of years.
Smart. Attackers can't know how much you are holding if you don't know how much you are holding. Perhaps this is the best way to protect against $5 wrench attacks. Wink
Sure they could. An attacker could use blockchain analysis to reasonably conclude a lower bound of how much coin a person is holding. An attacker could use a set of known facts to conclude a person is holding a large amount of coin. Feigning ignorance is not going to stop you from getting robbed.
Sure, but physical attacks with the aim of stealing bitcoin aren't happening by approaching random people on the street in the spur of the moment. The attack is targeted and planned, and the attacker usually knows the victim is holding a significant amount of bitcoin. Often they are home invasions, or fake meetups under the pretense of trading. <>
Unless you are involved in these types of attacks, you do not have any way of knowing this. These types of attacks are not well publicized.
full member
Activity: 728
Merit: 115
Indeed paper wallet is a better option than a hardware wallet.

Paper wallet is just that, piece of paper it cannot function without other part, and that is the main problem, it's not suitable for most people. And also main question is "better for what exactly" > storing, using, or both, or neither of that?

I would say its nice thing  to create and load it with some BTC and after that gift it to someone that you want educate how crypto works.



newbie
Activity: 3
Merit: 0
Indeed paper wallet is a better option than a hardware wallet.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
But if my leather wallet is empty, it's not like I'm going to get shot because they think I have $1000 stored somewhere else on my person. The mugger would run away.
Sure, but physical attacks with the aim of stealing bitcoin aren't happening by approaching random people on the street in the spur of the moment. The attack is targeted and planned, and the attacker usually knows the victim is holding a significant amount of bitcoin. Often they are home invasions, or fake meetups under the pretense of trading. If you initially refuse to hand over any bitcoin or wallet details, the attacker is unlikely to just say "Oh well" and leave.
What if this happens: Everybody in the world now uses cryptocurrency, whether it's bitcoin or not, it's widely applied. For sure there are criminals lurking and attacking innocent people. We are definitely not there yet but who knows, it's a great thing to think about. Imagine the move "In Time". Where time was the currency, but it's cryptocurrency. Or maybe it's the blockchain they are using? Lol
legendary
Activity: 2268
Merit: 18771
I don't even know how much is in my cold storage as I haven't accessed it in a number of years.
Smart. Attackers can't know how much you are holding if you don't know how much you are holding. Perhaps this is the best way to protect against $5 wrench attacks. Wink

But if my leather wallet is empty, it's not like I'm going to get shot because they think I have $1000 stored somewhere else on my person. The mugger would run away.
Sure, but physical attacks with the aim of stealing bitcoin aren't happening by approaching random people on the street in the spur of the moment. The attack is targeted and planned, and the attacker usually knows the victim is holding a significant amount of bitcoin. Often they are home invasions, or fake meetups under the pretense of trading. If you initially refuse to hand over any bitcoin or wallet details, the attacker is unlikely to just say "Oh well" and leave.
legendary
Activity: 1382
Merit: 1122
Obviously the best way to mitigate a wrench attack is to maintain your privacy wo you don't become a target, but I've often wondered what the best way to survive it would be provided the attacker has already overcome that first step.

Unless they know for a fact your wallet set up (which is incredibly unlikely), then there is no real difference in using multi-sig and just telling them you are using multi-sig. However, if they are willing to physically attack you for money, is having everything you own locked away in multi-sig wallets really the best way to go? Perhaps you actually want to have some bitcoin available you can hand over for your own sake. Also, there's nothing really stopping them from forcing you to tell them where you've stored all your multi-sig keys instead of the keys themselves.
Good point. For an example of this if you were to get robbed on the street of your cash you would likely be willing to give up some pocket change to prevent any harm being done, but you're not exactly giving away your whole bank account. This is why I truly believe in having multiple wallets to store your funds. Everyone has their own tolerance of risk, and I don't really keep anything more than a few Bitcoin in my wallets at a time, and this will likely evolve as the Bitcoin price changes.

But if my leather wallet is empty, it's not like I'm going to get shot because they think I have $1000 stored somewhere else on my person. The mugger would run away. It's only a significant risk if they're planning the attack against you for a long time.

My paper wallets aren't secure either

FTFY
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
I was moving some bitcoins to my Nano S. There was a new update to the Ledger Live app and I installed it. I wanted to check the Account Manager if there were any updates to my installed apps. After clicking on the Account Manager on Ledger Live my hardware wallet wiped itself clean! It just restarted, I never experienced it before. I thought that it got broken at first.

I disconnected and reconnected it again and it showed me the welcome screen you usually see the first time you set it up. Press both buttons to start the setup etc... I had to reconfigure it with my seed and set it up again. Very weird indeed.

I am not sure if this was a bug, some hardware failure or if it has anything to do with the update I performed.

this is a drawback to most hardware wallets. occasionally an update will wipe the device, although the readme for the update will mention this. my trezor had one update like that, and they gave plenty of warning 1st.

that being said you should always verify the seed before any update on anything. thats a given. bad cable, power glitch, whatever.. things happen.

i always put aside a bit of time before a hardware wallet update. usually goes fine but you never know.
staff
Activity: 3304
Merit: 4115
Agreed. I use a mobile wallet for a few hundred dollars worth of bitcoin, which I carry around daily. I know it is far from being secure, but it's an amount I can easily afford to lose and an amount I would happily give to an attacker to prevent any physical harm to myself. The amount in that wallet is in no way linked to my main cold storage via blockchain analysis. My various cold storage wallets are also in no way linked, are of various types (hardware, paper, old laptop which has been airgapped), and are all stored separately.
I don't even know how much is in my cold storage as I haven't accessed it in a number of years. Although, I don't actually own a mobile wallet due to my precautions when dealing with anything mobile. I do have a wallet which stores a few hundred stored on my a computer which isn't regularly accessed. I'm not the type of Bitcoin fanatic which trades or sends transactions regularly though.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange

you can never be 100% sure however they are the 2 safest forms of custody i know, the same paper wallets are more or less secure as long as they don't be transfer to other wallets, their creation(paper wallet) is very complex and requires a lot of attention to avoid make a mistake...
And they also need..everyone all together...repeat after me:

AN OFFLINE COMPUTER.

Be it an old PC, Mac, desktop, laptop whatever.
Make sure it's not hooked to any network in any way.
You want to print plug in a USB cable.
No Wi-Fi, no cabled network, no network.

Now, keep in mind I am talking generating wallets for significant amounts of BTC that you are putting into storage for a while.
A little bit (more or less what you would keep on your phone for quick payments) you don't have to go though all of this.

Want to put 25BTC for a year or two? Spend the time and do it right.
Want to put .01 so when you spend what you have on your phone you have quick access to more, probably don't need to be as secure.
Your own risk amounts will vary.

-Dave
legendary
Activity: 2730
Merit: 7065
A question here:

If I've kept my coins in a hardware and that hardware either blasts off or gets destroyed anyhow (talking about these Ledger and Trezor thing), will I be able to ever regain them?
Here is what happened to me yesterday.

I was moving some bitcoins to my Nano S. There was a new update to the Ledger Live app and I installed it. I wanted to check the Account Manager if there were any updates to my installed apps. After clicking on the Account Manager on Ledger Live my hardware wallet wiped itself clean! It just restarted, I never experienced it before. I thought that it got broken at first.

I disconnected and reconnected it again and it showed me the welcome screen you usually see the first time you set it up. Press both buttons to start the setup etc... I had to reconfigure it with my seed and set it up again. Very weird indeed.

I am not sure if this was a bug, some hardware failure or if it has anything to do with the update I performed.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
A question here:

If I've kept my coins in a hardware and that hardware either blasts off or gets destroyed anyhow (talking about these Ledger and Trezor thing), will I be able to ever regain them?
So long as you have your seed phrase yes you can recover what you need. Those words are the key to everything.

Which when you think about it brings us back to paper wallets. If you wrote it down then although not a long alpha-numeric private key its still something very important that is on paper.

-Dave
Pages:
Jump to: