IRS now wants to Hack Hardware Wallets - page 2.

PrivacyG

hero member

Activity: 882

Merit: 1873

Crypto Swap Exchange

Quote from: LoyceV on May 12, 2021, 06:42:54 AM

That doesn't change a thing if the US government gets their hands on your hardware wallet.

This is a fact and it unfortunately applies to almost any kind of hardware. The US government has managed to plant at least one backdoor in most of the recent hardware available as customer-end products. It would surprise me quite a bit if I knew they cannot get past an encrypted disk, for which reason even fully encrypted airgapped computers may not be the perfect solution to this type of abuse.

Best solution for this issue may still be paper. It is undetectable by professional equipment and you can laminate and hide it just anywhere, as opposed to hardware wallets which may already have who-knows-what kind of flaws and backdoors inside them. Since they have been specifically created with cryptocurrency cold storage as a purpose, expect anything and everything from them. I am talking particularly about Ledger, as it has closed-source components inside.

Hide a seed on a piece of paper in two different locations and choose two other separate spots to hide the seed's very long, random passphrase at. Should they ever get to own your piece of paper, they will find out it contains a balance of exactly zero Bitcoins inside.

-
Regards,
PrivacyG

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: int03h on May 11, 2021, 11:13:45 AM

Should I bring all my Bitcoins to a mixer or convert them to Monero?

That doesn't change a thing if the US government gets their hands on your hardware wallet.

int03h

full member

Activity: 532

Merit: 104

The US government is doing what I consider illegal to attack people's personal wallets. What am I going to do with my money now that I don't know much about the units that store cryptocurrencies? The wallets are only third-party entities that help store Bitcoin. Should I bring all my Bitcoins to a mixer or convert them to Monero?

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceV on May 11, 2021, 05:29:35 AM

A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase.

Just microwave it Cheesy

Quote from: ranochigo on May 11, 2021, 05:50:46 AM

How do you audit the chips though? It can be open source but there is nothing you can possibly do if you can't verify that the chip follows the schematics exactly, evil maid attacks, etc. You would also lose some parts of the security; reason why most chips aren't open source is because they provide security through obscurity. Whether you can maintain a similar level of security with open source chips would probably be debatable.

Let's wait and see what Trezor devs will do with TropicSquare TASSIC project and $4m for making open source chip, and most users will probably never going to verify anything, but other developers will do it.
You can have evil made and other attacks with any device, but you will not be buying cat in a bag like you are doing with closed source chips that can have hidden Chinese or irs backdoors and you will never know it.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: dkbit98 on May 11, 2021, 05:19:05 AM

They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.

How do you audit the chips though? It can be open source but there is nothing you can possibly do if you can't verify that the chip follows the schematics exactly, evil maid attacks, etc. You would also lose some parts of the security; reason why most chips aren't open source is because they provide security through obscurity. Whether you can maintain a similar level of security with open source chips would probably be debatable.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: dkbit98 on May 11, 2021, 05:19:05 AM

Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.

A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase. When you need it again, you restore your seed and password a new device.
If you're hiding a few billions from the IRS that might be a small price to pay.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceV on May 10, 2021, 01:27:29 PM

Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.

Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.

Quote from: 20kevin20 on May 10, 2021, 02:41:44 PM

Lesson of the day: when you give up your freedom for safety, you lose both

They first take away all your freedom and lock you, than they offer you solution to make you free in future if you accept some new restrictions... sounds familiar?
Good thing is there are more and more people who are waking up and working for freedom and not against it.

Quote from: riiiiising on May 10, 2021, 03:41:53 PM

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue

They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.

pixie85

hero member

Activity: 2184

Merit: 531

This is how you spot a country in trouble. A country that is promising more than it can deliver and looking for ways to make additional money at people's expense.

They're crazy if they think they can trace bitcoin when people can trade their coins for cash at any moment. Hacking hardware wallets, sure.

Biden is being laughed at by other countries when he can't find stuff, gets confused in public, forgets what he was talking about, apologizes to people. He's not a strong leader, not a healthy one too and Americans will be lucky if he lives to see the end of his presidency.

riiiiising

full member

Activity: 336

Merit: 100

Quote from: cryptoperkele on May 01, 2021, 07:16:36 AM

Yeah, privacy should be human right, but then again it's hard dilemma for regulators when people are using privacy to escape regulations. You might get away it for a while, but more money you are trying to hide, more difficult that's going to get. And i don't think that there's a real consensus yet how this right to privacy should be handled, because even regulators want privacy, but they also want a possibility to audit. I am looking at combination of RegDeFi and zero knowledge proofs to combat this.

Because no one want lack of privacy in the end. We need to build an opposite system for china's trackable currency. We need to be a good altervative for oppression.

They would do so anyway and it is not the average guys with a little investment who does all the harm. Read the papers written by Gabriel Zucman on tax evasion with highly sophisticated structures using tax havens. That is where the money is and not in the cryptocurrency wallets of the average Joe.

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue

Gozie51

hero member

Activity: 2660

Merit: 630

Vave.com - Crypto Casino

Is this hacking of wallet also connected to that of hotbit? Hotbit also complained on that in there website on attempt to hack them the past one week ago but that they didn't succeed. They shut down site for a week but have now reopened.

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: LoyceV on May 10, 2021, 01:27:29 PM

Don't they have the same "problem" with most software wallet and other encryption? As far as I know they don't have a backdoor to BIP38, if they eventually manage to enforce backdoors into hardware wallets, we'll just go back to using paper.

Yeah, Signal is bad because it allows criminals to communicate without them knowing. Bitcoin is bad because criminals can have transactions and mix their coins without the IRS finding the real source of coins. Cash is bad because it pretty much removes the trace of money... dumb phones are bad because Google can't do targeted advertisements anymore.. 3G and 2G are bad because they're the only ones still making dumb phones a thing..

Tl;dr: anything they can't look into is bad. Your safety is provided by the government who really cares about you. I mean, they really do. So much, they'd look into anything that you do just so they make sure nothing bad ever happens to you. Roll Eyes

Lesson of the day: when you give up your freedom for safety, you lose both

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

It's kinda ironic: they're so stuck in their ways trying to control people and money, they don't realize that's why crypto was created in the first place.

Quote from: dkbit98 on May 01, 2021, 04:53:10 AM

This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.

Maybe Ledger can also ~~leak~~ send them all data they have on their customers. O wait Tongue

Don't they have the same "problem" with most software wallet and other encryption? As far as I know they don't have a backdoor to BIP38, if they eventually manage to enforce backdoors into hardware wallets, we'll just go back to using paper.

Quote

Remember to always protect your hardware wallets with passphrases

Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: 20kevin20 on May 02, 2021, 02:10:27 AM

I wonder how many companies with closed-source HWs would not sacrifice their clients for millions of bucks coming from IRS. In an open-source world, it is indeed very weird to sell a partially closed-source product. But since authorities have easy access to very large fundings, a $10M secret contract with Ledger might actually sound good enough for them to allow backdoors in their HWs, if they haven't done it already.

It is enough for them to have just one dirty worker in this hardware wallet factory who will add some hidden backdoor and nobody will ever know that something is wrong.
Secure element will not help you in this case, and NDA will prevent them from saying anything about that in public, so they don't need to pay millions of dollars at all.

Quote from: vapourminer on May 02, 2021, 08:01:05 AM

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

Oh but they do need your private keys and passphrases to access your funds and confiscate them whenever they want, because they probably have a bunch of hardware wallets full of treasure just collecting dust in their warehouses.

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: 20kevin20 on May 02, 2021, 08:38:26 AM

Quote from: vapourminer on May 02, 2021, 08:01:05 AM

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

Imagine they had an 8yo seed which was used with coin control ever since it's been generated. Having the seed means knowing its entire history and, moreover, you now know all this history is of one single person's finance. It's their wet dream..

yeah, with the seed thats the icing on the cake. yes the seed give far far more info into the history. who wants transactions you did 10 years ago scrutinized even if you did something totally legal (goat porn is legal right?).

i can build an open source trezor from the published schematics and BOM. and compile the code. so hard to hide a backdoor there at least.

Quote from: bryant.coleman on May 02, 2021, 08:54:50 AM

I heard that Biden is gearing up for a $6 trillion additional spending plan, which is conveniently named as the "American Families Plan". Obviously not all of this amount can be sourced from printing banknotes alone. Some of it needs to come from taxing successful people. The long term capital gains tax for the highest slab is about to touch 60% in cities such as LA and Portland. I don't understand why the successful people still want to remain in the United States. Is it that hard to renounce your citizenship and move to some Caribbean country?

to do that you 1st have to pay a one time "exit tax" on basically your entire net worth. that may or not be worth it to some.

bryant.coleman

legendary

Activity: 3766

Merit: 1217

I heard that Biden is gearing up for a $6 trillion additional spending plan, which is conveniently named as the "American Families Plan". Obviously not all of this amount can be sourced from printing banknotes alone. Some of it needs to come from taxing successful people. The long term capital gains tax for the highest slab is about to touch 60% in cities such as LA and Portland. I don't understand why the successful people still want to remain in the United States. Is it that hard to renounce your citizenship and move to some Caribbean country?

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: vapourminer on May 02, 2021, 08:01:05 AM

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

Imagine they had an 8yo seed which was used with coin control ever since it's been generated. Having the seed means knowing its entire history and, moreover, you now know all this history is of one single person's finance. It's their wet dream..

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

they could get those addys from ledger (trezor etc) servers now if they tried which is much easier.

all the more important to run your own full node for your hardware/software wallets and use that for your transactions. then only you know the addys.

UmerIdrees

hero member

Activity: 2422

Merit: 875

Quote from: AB de Royse777 on May 01, 2021, 06:10:46 AM

Tell me they are not after hacking your wallet passphrase?

So in the none open source wallet the backdoor is to pass the wallet seed to a third party? Or what else information they are after. And if they are after such information then how would one differenciate them from a bad hacker?

Quote from: dkbit98 on May 01, 2021, 04:53:10 AM

This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.

Goverment can put pressure and they do everything to get their job done. Maybe some company will sell their ethics for more money but those who are into true bitcoin they will never sell their idology. We need to be more careful when we are chosing our wallet and handling our crypto.

One perfect example which fits here is the coinbase IPO. If the companies or individual buy the coinbase IPO, then the government can get hold of you and demand you for all sort of taxes and income sources etc but if you buy the real bitcoin and hold it in your private wallets, government hands can't reach there. Now its your choice on what you choose.

20kevin20

legendary

Activity: 1134

Merit: 1598

I wonder how many companies with closed-source HWs would not sacrifice their clients for millions of bucks coming from IRS. In an open-source world, it is indeed very weird to sell a partially closed-source product. But since authorities have easy access to very large fundings, a $10M secret contract with Ledger might actually sound good enough for them to allow backdoors in their HWs, if they haven't done it already.

Worst thing is, they literally have a money printing machine. They could at any given time start working on a computer specifically created to break down all the seeds using latest technologies, without us knowing it. They're so desperate they might want to do that, even though it does mean breaking someone's financial intimacy from anywhere around the world.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Cracking seed phrases? Are they insane, simple word, it's robbery.

Also, the bip39 would be another hindrance to them, it would require them lots of resources just to get their motive. Good luck with that lol.

Topic: IRS now wants to Hack Hardware Wallets - page 2. (Read 604 times)