Pages:
Author

Topic: IRS now wants to Hack Hardware Wallets (Read 604 times)

legendary
Activity: 2268
Merit: 18711
May 16, 2021, 03:12:38 AM
#46
I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
That's a big assumption to make. First world governments frequently "go rogue" and ruin the lives of any citizens they decide are causing too much of a problem. The US government is undoubtedly spying on you constantly and collecting huge amounts of data about you, unless you are taking active steps to maintain your privacy. A very basic step in that process is not letting the government know exactly how much money you own and exactly when and where you spend it.

But why should they track my wallet?
Exactly. We live in a surveillance state, but they have no right to blanket monitor everyone's financial activities. If I'm not doing anything illegal, then why am I being monitored? Whatever happened to innocent until proven guilty?

Quote from: Glenn Greenwald
The old cliché is often mocked though basically true: there’s no reason to worry about surveillance if you have nothing to hide. That mindset creates the incentive to be as compliant and inconspicuous as possible: those who think that way decide it’s in their best interests to provide authorities with as little reason as possible to care about them. That’s accomplished by never stepping out of line. Those willing to live their lives that way will be indifferent to the loss of privacy because they feel that they lose nothing from it. Above all else, that’s what a Surveillance State does: it breeds fear of doing anything out of the ordinary by creating a class of meek citizens who know they are being constantly watched.
full member
Activity: 336
Merit: 100
It's disgusting that the state are that desperate to know everyone's worth that they stoop down to such low levels to find it. Attempting to crack wallets without permission, is something a "normal" person would likely go to prison for.

This doesn't only just apply to closed sourced software, though. Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.
Yeah, I don't believe that they intend to take anything, unless they can lawfully take it by coming to the conclusion that someone hasn't declared the correct amount of tax.

Cracking seed phrases? Are they insane, simple word, it's robbery.

I guess it's only robbery if they actually take anything. Their intentions might be to try, and break in, and determine whether someone has been paying the correct amount of tax or just general surveillance, because as we know from the Snowden leaks they love to monitor pretty much everything that they can, and they don't mind breaking some laws to do that.

I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
Absolutely, if someone has evaded the government completely then I would be extremely impressed. Since, our world revolves around using mega companies such as Google, Facebook, and other Monopolies its just easy for them to gain access. I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.

You will probably have a hard time finding a single company whose business is data driven in any conceivable way in the US that is not closely cooperating with the government. There is so much information out there who is cooperating with the government, I don't believe there is a single one resisting the pressure government puts onto them should they not cooperate.

You are also right with the open source software not being safe necessarily just because it is open source. Same for the TOR network where they spy a lot by setting up infected exit nodes or, put differently, their own exit nodes. You have to pay tremendous attention to effectively protect your privacy.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
,,, but also to government requests.
I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.

Oh I would worry,,, I know the government has a lot of information on us but I would really not like them to know exactly where I keep my Bitcoin and for how long and for how much. It should be enough for them that if I sell for my local currency, then I can pay taxes, that is fine they can track my bank account. But why should they track my wallet?
sr. member
Activity: 1624
Merit: 315
Leading Crypto Sports Betting & Casino Platform
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.
What's that going to do if your government has you on their records the moment that you were born, I mean they all have us the moment that we were thrown in this world, if they suspect that you are hiding something especially with their precious taxes, you will be easily located.
legendary
Activity: 2268
Merit: 18711
A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase.
It is unnecessary. The passphrase is only stored on the device if you choose to attach it to a secondary PIN. You can also enter a temporary passphrases which is not stored anywhere and the keys it generates are wiped whenever you unplug your device.

Should they ever get to own your piece of paper, they will find out it contains a balance of exactly zero Bitcoins inside.
I wouldn't recommend that. Not many people create and hide paper wallets with nothing on them, and that is pretty strong indication you are using an additional passphrase. It would be wise to have a small amount of bitcoin under the non-passphrased seed phrase which you can give up in such a scenario.

Let's imagine scenario of some government agency busting your home and finding hardware wallet and your paper wallet that are not connected with each other.
What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet??
To be completely honest with you, I think it would be easier for them to confiscate coins from a hardware wallet IF the paper wallet has a strong enough password.
In such a scenario, then they just through you in jail until you tell them what they want to know. Whether your wallet is hardware or paper is irrelevant.

I am not sure there is a limit on the number of characters a passphrase could have.
On Trezor it is 50 characters, on Ledger it is 100 characters. On Electrum, there is no upper limit I am aware of set by the wallet, so the upper limit would theoretically be the maximum input size for the HMAC-SHA512 function, which is a string with length just less than 2128 bits.
legendary
Activity: 2212
Merit: 7064
Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.
It is true, open source doesn't mean something is automatically safe, and we saw many examples of malware spreading like open source fake wallet clones.

I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.
All phone operators worldwide are closely connected with governments so you can't consider any information or your location with based station to be secret for anyone.
staff
Activity: 3304
Merit: 4115
It's disgusting that the state are that desperate to know everyone's worth that they stoop down to such low levels to find it. Attempting to crack wallets without permission, is something a "normal" person would likely go to prison for.

This doesn't only just apply to closed sourced software, though. Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.
Yeah, I don't believe that they intend to take anything, unless they can lawfully take it by coming to the conclusion that someone hasn't declared the correct amount of tax.

Cracking seed phrases? Are they insane, simple word, it's robbery.

I guess it's only robbery if they actually take anything. Their intentions might be to try, and break in, and determine whether someone has been paying the correct amount of tax or just general surveillance, because as we know from the Snowden leaks they love to monitor pretty much everything that they can, and they don't mind breaking some laws to do that.

I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
Absolutely, if someone has evaded the government completely then I would be extremely impressed. Since, our world revolves around using mega companies such as Google, Facebook, and other Monopolies its just easy for them to gain access. I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.
member
Activity: 868
Merit: 63
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.
I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
Old Trezors may also become obsolete or need updates. Don't forget that these state led agencies also buy hidden stakes in these companies. We may not even get to know if an organization like the CIA or NSA is involved in any particular way when it comes to hardware wallets.

Some hidden and some not so hidden. All these states ask banks to look at the underlying companies who own money transactions but the truth is there is a lot of "good states" who are as dark as the non-state rogue actors.

If we think Ledger and Trezor etc do not already share our data directly,,, we are such fools:)
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
(..) What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet?
They don't need to hack paper wallet but they already have private key written on it. (..)
To be completely honest with you, I think it would be easier for them to confiscate coins from a hardware wallet IF the paper wallet has a strong enough password.  One requires brute forcing, the other may require only a coding or hardware flaw.

Moreover, an initialized hardware wallet hints out that it contains a seed inside.  If a professional finds your initialized hardware, they will most likely think it is not an empty seed.  Otherwise, you would have not owned a hardware wallet in the first place.  Therefore, spending resources to crack it may be worth it.  A seed printed or hand-written on a paper that retrieves an empty balance without the proper passphrase gives absolutely zero hints that it may have a balance inside.

I am not sure there is a limit on the number of characters a passphrase could have.  However, you can only imagine how long a 70-char random passphrase brute forcing has to take.  After enough time spent trying to brute force it, I think it is likely they will give up.

I wonder, is it absolutely impossible that even an open-source hardware wallet does NOT temporarily store a passphrase inside its memory that may be retrievable if a weak security point is found through physical tampering?  I reckon getting the right strong password of a paper wallet is a harder job.

-
Regards,
PrivacyG
legendary
Activity: 2212
Merit: 7064
I was particularly talking about Ledger, see one of my previous posts
Yes I know about ledger and they are my biggest concern for hardware wallets along with safepal hardware wallet who is even more shady and they can easily have some hidden chinese backdoor.

Moreover, the previously mentioned issue does not apply in the case of importing paper wallets.  IRS wants to unlock your hardware wallet after getting their hands on it.  They want to either alter your device or have backdoors in order to get to your keys.
Let's imagine scenario of some government agency busting your home and finding hardware wallet and your paper wallet that are not connected with each other.
What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet?
They don't need to hack paper wallet but they already have private key written on it.

A paper wallet combined with a legitimate open-source hardware wallet like Trezor is definitely the best combo for hardware cold storage today.
I would agree with this and maybe this is not the perfect solution, but it is most simple for average users.
full member
Activity: 336
Merit: 100
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.

Old Trezors may also become obsolete or need updates. Don't forget that these state led agencies also buy hidden stakes in these companies. We may not even get to know if an organization like the CIA or NSA is involved in any particular way when it comes to hardware wallets.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.

Trezor HW is open source, they are not storing passphrases anywhere, and they are actively working on open source secure element for their next generation hardware wallet.
I was particularly talking about Ledger, see one of my previous posts:
(..) Since they have been specifically created with cryptocurrency cold storage as a purpose, expect anything and everything from them.  I am talking particularly about Ledger, as it has closed-source components inside. (..)
Moreover, the previously mentioned issue does not apply in the case of importing paper wallets.  IRS wants to unlock your hardware wallet after getting their hands on it.  They want to either alter your device or have backdoors in order to get to your keys.

As a result, encrypted paper wallets are way more safe than hardware wallets as long as the passphrase(s) are stored securely.  You cannot alter a paper in an attempt to get a passphrase out of it that does not exist.  In consequence, getting their hands on your paper wallet will be in vain.

Upon importing the seed or private key, its safety depends solely on the user's behavior.  Main threat implies a closed-source piece of hardware storing a seed and passphrases.  A paper wallet combined with a legitimate open-source hardware wallet like Trezor is definitely the best combo for hardware cold storage today.

-
Regards,
PrivacyG
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.
The proper way to spend funds from a paper wallet is by creating a transaction, and signing it offline. If you're truely paranoid you can verify the signed transaction with different software on a different offline computer before broadcasting. If you're worried about hardware backdoors: you can probably find a computer older than Bitcoin for a few bucks on Craigslist.
legendary
Activity: 2212
Merit: 7064
Very true.  However, the closed-source components may store basic yet crucial information about your hardware wallet such as passphrases and seeds.  Paper wallets do not have a memory to store sensitive information on without your knowledge.  In consequence, a backdoor-enabled device may enable a security agent to see what a paper wallet would not be able to show.

FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.

Trezor HW is open source, they are not storing passphrases anywhere, and they are actively working on open source secure element for their next generation hardware wallet.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
You still need to use paper or metal plate even for hardware wallets because this devices worth nothing without your backup phrase. (..)
Very true.  However, the closed-source components may store basic yet crucial information about your hardware wallet such as passphrases and seeds.  Paper wallets do not have a memory to store sensitive information on without your knowledge.  In consequence, a backdoor-enabled device may enable a security agent to see what a paper wallet would not be able to show.

-
Regards,
PrivacyG
full member
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
The US government is doing what I consider illegal to attack people's personal wallets. What am I going to do with my money now that I don't know much about the units that store cryptocurrencies? The wallets are only third-party entities that help store Bitcoin. Should I bring all my Bitcoins to a mixer or convert them to Monero?
As if that's a new thing, they have been spying on their citizens remember? They also have been instilling dictatorship in third-world countries for a long time, have a lot of black sites to torture prisoners and innocent people, and hacking hardware wallets of their citizens is just a walk in the park compared to all that they did so no surprises there. If it ever comes to that point, you better hide your HW somewhere like a drug trafficker.
legendary
Activity: 2212
Merit: 7064
This is a fact and it unfortunately applies to almost any kind of hardware.  The US government has managed to plant at least one backdoor in most of the recent hardware available as customer-end products.  It would surprise me quite a bit if I knew they cannot get past an encrypted disk, for which reason even fully encrypted airgapped computers may not be the perfect solution to this type of abuse.

You still need to use paper or metal plate even for hardware wallets because this devices worth nothing without your backup phrase.
Airgapped computers are not the best solution for most of the people and average tiktok generation with short attention span, and they can also have even more backdoors, because they have more chips and other electronic parts, including more complex operating system.
I have nothing against airgap and all options are viable and possible but masses want something simple and shewed up.
full member
Activity: 336
Merit: 100
Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.
Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.

Lesson of the day: when you give up your freedom for safety, you lose both
They first take away all your freedom and lock you, than they offer you solution to make you free in future if you accept some new restrictions... sounds familiar?
Good thing is there are more and more people who are waking up and working for freedom and not against it.

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue
They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.

Yes but brings up the next problem: all users have to be equally educated about which wallet to use and why. If there are people using a hardware wallet who interact with those using an open source secure wallet both parties are exposed. In a sense you would have to ask the other party if she sends the Bitcoin from an open source wallet or else you refrain from transacting with each other. The hard part is to get all users develop the understanding of the advantageous of open source wallets. Frankly speaking, is that even possible?
Pages:
Jump to: