Author

Topic: IRS now wants to Hack Hardware Wallets (Read 604 times)

legendary
Activity: 2268
Merit: 18748
May 16, 2021, 03:12:38 AM
#46
I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
That's a big assumption to make. First world governments frequently "go rogue" and ruin the lives of any citizens they decide are causing too much of a problem. The US government is undoubtedly spying on you constantly and collecting huge amounts of data about you, unless you are taking active steps to maintain your privacy. A very basic step in that process is not letting the government know exactly how much money you own and exactly when and where you spend it.

But why should they track my wallet?
Exactly. We live in a surveillance state, but they have no right to blanket monitor everyone's financial activities. If I'm not doing anything illegal, then why am I being monitored? Whatever happened to innocent until proven guilty?

Quote from: Glenn Greenwald
The old cliché is often mocked though basically true: there’s no reason to worry about surveillance if you have nothing to hide. That mindset creates the incentive to be as compliant and inconspicuous as possible: those who think that way decide it’s in their best interests to provide authorities with as little reason as possible to care about them. That’s accomplished by never stepping out of line. Those willing to live their lives that way will be indifferent to the loss of privacy because they feel that they lose nothing from it. Above all else, that’s what a Surveillance State does: it breeds fear of doing anything out of the ordinary by creating a class of meek citizens who know they are being constantly watched.
full member
Activity: 336
Merit: 100
It's disgusting that the state are that desperate to know everyone's worth that they stoop down to such low levels to find it. Attempting to crack wallets without permission, is something a "normal" person would likely go to prison for.

This doesn't only just apply to closed sourced software, though. Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.
Yeah, I don't believe that they intend to take anything, unless they can lawfully take it by coming to the conclusion that someone hasn't declared the correct amount of tax.

Cracking seed phrases? Are they insane, simple word, it's robbery.

I guess it's only robbery if they actually take anything. Their intentions might be to try, and break in, and determine whether someone has been paying the correct amount of tax or just general surveillance, because as we know from the Snowden leaks they love to monitor pretty much everything that they can, and they don't mind breaking some laws to do that.

I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
Absolutely, if someone has evaded the government completely then I would be extremely impressed. Since, our world revolves around using mega companies such as Google, Facebook, and other Monopolies its just easy for them to gain access. I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.

You will probably have a hard time finding a single company whose business is data driven in any conceivable way in the US that is not closely cooperating with the government. There is so much information out there who is cooperating with the government, I don't believe there is a single one resisting the pressure government puts onto them should they not cooperate.

You are also right with the open source software not being safe necessarily just because it is open source. Same for the TOR network where they spy a lot by setting up infected exit nodes or, put differently, their own exit nodes. You have to pay tremendous attention to effectively protect your privacy.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
,,, but also to government requests.
I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.

Oh I would worry,,, I know the government has a lot of information on us but I would really not like them to know exactly where I keep my Bitcoin and for how long and for how much. It should be enough for them that if I sell for my local currency, then I can pay taxes, that is fine they can track my bank account. But why should they track my wallet?
sr. member
Activity: 1624
Merit: 315
Leading Crypto Sports Betting & Casino Platform
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.
What's that going to do if your government has you on their records the moment that you were born, I mean they all have us the moment that we were thrown in this world, if they suspect that you are hiding something especially with their precious taxes, you will be easily located.
legendary
Activity: 2268
Merit: 18748
A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase.
It is unnecessary. The passphrase is only stored on the device if you choose to attach it to a secondary PIN. You can also enter a temporary passphrases which is not stored anywhere and the keys it generates are wiped whenever you unplug your device.

Should they ever get to own your piece of paper, they will find out it contains a balance of exactly zero Bitcoins inside.
I wouldn't recommend that. Not many people create and hide paper wallets with nothing on them, and that is pretty strong indication you are using an additional passphrase. It would be wise to have a small amount of bitcoin under the non-passphrased seed phrase which you can give up in such a scenario.

Let's imagine scenario of some government agency busting your home and finding hardware wallet and your paper wallet that are not connected with each other.
What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet??
To be completely honest with you, I think it would be easier for them to confiscate coins from a hardware wallet IF the paper wallet has a strong enough password.
In such a scenario, then they just through you in jail until you tell them what they want to know. Whether your wallet is hardware or paper is irrelevant.

I am not sure there is a limit on the number of characters a passphrase could have.
On Trezor it is 50 characters, on Ledger it is 100 characters. On Electrum, there is no upper limit I am aware of set by the wallet, so the upper limit would theoretically be the maximum input size for the HMAC-SHA512 function, which is a string with length just less than 2128 bits.
legendary
Activity: 2212
Merit: 7064
Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.
It is true, open source doesn't mean something is automatically safe, and we saw many examples of malware spreading like open source fake wallet clones.

I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.
All phone operators worldwide are closely connected with governments so you can't consider any information or your location with based station to be secret for anyone.
staff
Activity: 3304
Merit: 4115
It's disgusting that the state are that desperate to know everyone's worth that they stoop down to such low levels to find it. Attempting to crack wallets without permission, is something a "normal" person would likely go to prison for.

This doesn't only just apply to closed sourced software, though. Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.
Yeah, I don't believe that they intend to take anything, unless they can lawfully take it by coming to the conclusion that someone hasn't declared the correct amount of tax.

Cracking seed phrases? Are they insane, simple word, it's robbery.

I guess it's only robbery if they actually take anything. Their intentions might be to try, and break in, and determine whether someone has been paying the correct amount of tax or just general surveillance, because as we know from the Snowden leaks they love to monitor pretty much everything that they can, and they don't mind breaking some laws to do that.

I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
Absolutely, if someone has evaded the government completely then I would be extremely impressed. Since, our world revolves around using mega companies such as Google, Facebook, and other Monopolies its just easy for them to gain access. I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.
member
Activity: 868
Merit: 63
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.
I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
Old Trezors may also become obsolete or need updates. Don't forget that these state led agencies also buy hidden stakes in these companies. We may not even get to know if an organization like the CIA or NSA is involved in any particular way when it comes to hardware wallets.

Some hidden and some not so hidden. All these states ask banks to look at the underlying companies who own money transactions but the truth is there is a lot of "good states" who are as dark as the non-state rogue actors.

If we think Ledger and Trezor etc do not already share our data directly,,, we are such fools:)
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
(..) What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet?
They don't need to hack paper wallet but they already have private key written on it. (..)
To be completely honest with you, I think it would be easier for them to confiscate coins from a hardware wallet IF the paper wallet has a strong enough password.  One requires brute forcing, the other may require only a coding or hardware flaw.

Moreover, an initialized hardware wallet hints out that it contains a seed inside.  If a professional finds your initialized hardware, they will most likely think it is not an empty seed.  Otherwise, you would have not owned a hardware wallet in the first place.  Therefore, spending resources to crack it may be worth it.  A seed printed or hand-written on a paper that retrieves an empty balance without the proper passphrase gives absolutely zero hints that it may have a balance inside.

I am not sure there is a limit on the number of characters a passphrase could have.  However, you can only imagine how long a 70-char random passphrase brute forcing has to take.  After enough time spent trying to brute force it, I think it is likely they will give up.

I wonder, is it absolutely impossible that even an open-source hardware wallet does NOT temporarily store a passphrase inside its memory that may be retrievable if a weak security point is found through physical tampering?  I reckon getting the right strong password of a paper wallet is a harder job.

-
Regards,
PrivacyG
legendary
Activity: 2212
Merit: 7064
I was particularly talking about Ledger, see one of my previous posts
Yes I know about ledger and they are my biggest concern for hardware wallets along with safepal hardware wallet who is even more shady and they can easily have some hidden chinese backdoor.

Moreover, the previously mentioned issue does not apply in the case of importing paper wallets.  IRS wants to unlock your hardware wallet after getting their hands on it.  They want to either alter your device or have backdoors in order to get to your keys.
Let's imagine scenario of some government agency busting your home and finding hardware wallet and your paper wallet that are not connected with each other.
What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet?
They don't need to hack paper wallet but they already have private key written on it.

A paper wallet combined with a legitimate open-source hardware wallet like Trezor is definitely the best combo for hardware cold storage today.
I would agree with this and maybe this is not the perfect solution, but it is most simple for average users.
full member
Activity: 336
Merit: 100
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.

Old Trezors may also become obsolete or need updates. Don't forget that these state led agencies also buy hidden stakes in these companies. We may not even get to know if an organization like the CIA or NSA is involved in any particular way when it comes to hardware wallets.
hero member
Activity: 2338
Merit: 953
Temporary forum vacation
This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.

Trezor HW is open source, they are not storing passphrases anywhere, and they are actively working on open source secure element for their next generation hardware wallet.
I was particularly talking about Ledger, see one of my previous posts:
(..) Since they have been specifically created with cryptocurrency cold storage as a purpose, expect anything and everything from them.  I am talking particularly about Ledger, as it has closed-source components inside. (..)
Moreover, the previously mentioned issue does not apply in the case of importing paper wallets.  IRS wants to unlock your hardware wallet after getting their hands on it.  They want to either alter your device or have backdoors in order to get to your keys.

As a result, encrypted paper wallets are way more safe than hardware wallets as long as the passphrase(s) are stored securely.  You cannot alter a paper in an attempt to get a passphrase out of it that does not exist.  In consequence, getting their hands on your paper wallet will be in vain.

Upon importing the seed or private key, its safety depends solely on the user's behavior.  Main threat implies a closed-source piece of hardware storing a seed and passphrases.  A paper wallet combined with a legitimate open-source hardware wallet like Trezor is definitely the best combo for hardware cold storage today.

-
Regards,
PrivacyG
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.
The proper way to spend funds from a paper wallet is by creating a transaction, and signing it offline. If you're truely paranoid you can verify the signed transaction with different software on a different offline computer before broadcasting. If you're worried about hardware backdoors: you can probably find a computer older than Bitcoin for a few bucks on Craigslist.
legendary
Activity: 2212
Merit: 7064
Very true.  However, the closed-source components may store basic yet crucial information about your hardware wallet such as passphrases and seeds.  Paper wallets do not have a memory to store sensitive information on without your knowledge.  In consequence, a backdoor-enabled device may enable a security agent to see what a paper wallet would not be able to show.

FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.

Trezor HW is open source, they are not storing passphrases anywhere, and they are actively working on open source secure element for their next generation hardware wallet.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
You still need to use paper or metal plate even for hardware wallets because this devices worth nothing without your backup phrase. (..)
Very true.  However, the closed-source components may store basic yet crucial information about your hardware wallet such as passphrases and seeds.  Paper wallets do not have a memory to store sensitive information on without your knowledge.  In consequence, a backdoor-enabled device may enable a security agent to see what a paper wallet would not be able to show.

-
Regards,
PrivacyG
full member
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
The US government is doing what I consider illegal to attack people's personal wallets. What am I going to do with my money now that I don't know much about the units that store cryptocurrencies? The wallets are only third-party entities that help store Bitcoin. Should I bring all my Bitcoins to a mixer or convert them to Monero?
As if that's a new thing, they have been spying on their citizens remember? They also have been instilling dictatorship in third-world countries for a long time, have a lot of black sites to torture prisoners and innocent people, and hacking hardware wallets of their citizens is just a walk in the park compared to all that they did so no surprises there. If it ever comes to that point, you better hide your HW somewhere like a drug trafficker.
legendary
Activity: 2212
Merit: 7064
This is a fact and it unfortunately applies to almost any kind of hardware.  The US government has managed to plant at least one backdoor in most of the recent hardware available as customer-end products.  It would surprise me quite a bit if I knew they cannot get past an encrypted disk, for which reason even fully encrypted airgapped computers may not be the perfect solution to this type of abuse.

You still need to use paper or metal plate even for hardware wallets because this devices worth nothing without your backup phrase.
Airgapped computers are not the best solution for most of the people and average tiktok generation with short attention span, and they can also have even more backdoors, because they have more chips and other electronic parts, including more complex operating system.
I have nothing against airgap and all options are viable and possible but masses want something simple and shewed up.
full member
Activity: 336
Merit: 100
Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.
Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.

Lesson of the day: when you give up your freedom for safety, you lose both
They first take away all your freedom and lock you, than they offer you solution to make you free in future if you accept some new restrictions... sounds familiar?
Good thing is there are more and more people who are waking up and working for freedom and not against it.

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue
They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.

Yes but brings up the next problem: all users have to be equally educated about which wallet to use and why. If there are people using a hardware wallet who interact with those using an open source secure wallet both parties are exposed. In a sense you would have to ask the other party if she sends the Bitcoin from an open source wallet or else you refrain from transacting with each other. The hard part is to get all users develop the understanding of the advantageous of open source wallets. Frankly speaking, is that even possible?
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
That doesn't change a thing if the US government gets their hands on your hardware wallet.
This is a fact and it unfortunately applies to almost any kind of hardware.  The US government has managed to plant at least one backdoor in most of the recent hardware available as customer-end products.  It would surprise me quite a bit if I knew they cannot get past an encrypted disk, for which reason even fully encrypted airgapped computers may not be the perfect solution to this type of abuse.

Best solution for this issue may still be paper.  It is undetectable by professional equipment and you can laminate and hide it just anywhere, as opposed to hardware wallets which may already have who-knows-what kind of flaws and backdoors inside them.  Since they have been specifically created with cryptocurrency cold storage as a purpose, expect anything and everything from them.  I am talking particularly about Ledger, as it has closed-source components inside.

Hide a seed on a piece of paper in two different locations and choose two other separate spots to hide the seed's very long, random passphrase at.  Should they ever get to own your piece of paper, they will find out it contains a balance of exactly zero Bitcoins inside.

-
Regards,
PrivacyG
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Should I bring all my Bitcoins to a mixer or convert them to Monero?
That doesn't change a thing if the US government gets their hands on your hardware wallet.
full member
Activity: 532
Merit: 104
The US government is doing what I consider illegal to attack people's personal wallets. What am I going to do with my money now that I don't know much about the units that store cryptocurrencies? The wallets are only third-party entities that help store Bitcoin. Should I bring all my Bitcoins to a mixer or convert them to Monero?
legendary
Activity: 2212
Merit: 7064
A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase.
Just microwave it Cheesy

How do you audit the chips though? It can be open source but there is nothing you can possibly do if you can't verify that the chip follows the schematics exactly, evil maid attacks, etc. You would also lose some parts of the security; reason why most chips aren't open source is because they provide security through obscurity. Whether you can maintain a similar level of security with open source chips would probably be debatable.
Let's wait and see what Trezor devs will do with TropicSquare TASSIC project and $4m for making open source chip, and most users will probably never going to verify anything, but other developers will do it.
You can have evil made and other attacks with any device, but you will not be buying cat in a bag like you are doing with closed source chips that can have hidden Chinese or irs backdoors and you will never know it.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.
How do you audit the chips though? It can be open source but there is nothing you can possibly do if you can't verify that the chip follows the schematics exactly, evil maid attacks, etc. You would also lose some parts of the security; reason why most chips aren't open source is because they provide security through obscurity. Whether you can maintain a similar level of security with open source chips would probably be debatable.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.
A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase. When you need it again, you restore your seed and password a new device.
If you're hiding a few billions from the IRS that might be a small price to pay.
legendary
Activity: 2212
Merit: 7064
Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.
Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.

Lesson of the day: when you give up your freedom for safety, you lose both
They first take away all your freedom and lock you, than they offer you solution to make you free in future if you accept some new restrictions... sounds familiar?
Good thing is there are more and more people who are waking up and working for freedom and not against it.

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue
They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.
hero member
Activity: 2184
Merit: 531
This is how you spot a country in trouble. A country that is promising more than it can deliver and looking for ways to make additional money at people's expense.

They're crazy if they think they can trace bitcoin when people can trade their coins for cash at any moment. Hacking hardware wallets, sure. Smiley

Biden is being laughed at by other countries when he can't find stuff, gets confused in public, forgets what he was talking about, apologizes to people. He's not a strong leader, not a healthy one too and Americans will be lucky if he lives to see the end of his presidency.
full member
Activity: 336
Merit: 100
Yeah, privacy should be human right, but then again it's hard dilemma for regulators when people are using privacy to escape regulations. You might get away it for a while, but more money you are trying to hide, more difficult that's going to get. And i don't think that there's a real consensus yet how this right to privacy should be handled, because even regulators want privacy, but they also want a possibility to audit. I am looking at combination of RegDeFi and zero knowledge proofs to combat this.

Because no one want lack of privacy in the end. We need to build an opposite system for china's trackable currency. We need to be a good altervative for oppression.

They would do so anyway and it is not the average guys with a little investment who does all the harm. Read the papers written by Gabriel Zucman on tax evasion with highly sophisticated structures using tax havens. That is where the money is and not in the cryptocurrency wallets of the average Joe.

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue
hero member
Activity: 2660
Merit: 630
Vave.com - Crypto Casino
Is this hacking of wallet also connected to that of hotbit? Hotbit also complained on that in there website on attempt to hack them the past one week ago but that they didn't succeed. They shut down site for a week but have now reopened.
legendary
Activity: 1134
Merit: 1598
Don't they have the same "problem" with most software wallet and other encryption? As far as I know they don't have a backdoor to BIP38, if they eventually manage to enforce backdoors into hardware wallets, we'll just go back to using paper.
Yeah, Signal is bad because it allows criminals to communicate without them knowing. Bitcoin is bad because criminals can have transactions and mix their coins without the IRS finding the real source of coins. Cash is bad because it pretty much removes the trace of money... dumb phones are bad because Google can't do targeted advertisements anymore.. 3G and 2G are bad because they're the only ones still making dumb phones a thing..

Tl;dr: anything they can't look into is bad. Your safety is provided by the government who really cares about you. I mean, they really do. So much, they'd look into anything that you do just so they make sure nothing bad ever happens to you. Roll Eyes

Lesson of the day: when you give up your freedom for safety, you lose both
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
It's kinda ironic: they're so stuck in their ways trying to control people and money, they don't realize that's why crypto was created in the first place.

This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.
Maybe Ledger can also leak send them all data they have on their customers. O wait Tongue

Don't they have the same "problem" with most software wallet and other encryption? As far as I know they don't have a backdoor to BIP38, if they eventually manage to enforce backdoors into hardware wallets, we'll just go back to using paper.

Quote
Remember to always protect your hardware wallets with passphrases
Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.
legendary
Activity: 2212
Merit: 7064
I wonder how many companies with closed-source HWs would not sacrifice their clients for millions of bucks coming from IRS. In an open-source world, it is indeed very weird to sell a partially closed-source product. But since authorities have easy access to very large fundings, a $10M secret contract with Ledger might actually sound good enough for them to allow backdoors in their HWs, if they haven't done it already.

It is enough for them to have just one dirty worker in this hardware wallet factory who will add some hidden backdoor and nobody will ever know that something is wrong.
Secure element will not help you in this case, and NDA will prevent them from saying anything about that in public, so they don't need to pay millions of dollars at all.

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

Oh but they do need your private keys and passphrases to access your funds and confiscate them whenever they want, because they probably have a bunch of hardware wallets full of treasure just collecting dust in their warehouses.

legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.
Imagine they had an 8yo seed which was used with coin control ever since it's been generated. Having the seed means knowing its entire history and, moreover, you now know all this history is of one single person's finance. It's their wet dream..

yeah, with the seed thats the icing on the cake. yes the seed give far far more info into the history. who wants transactions you did 10 years ago scrutinized even if you did something totally legal (goat porn is legal right?).

i can build an open source trezor from the published schematics and BOM. and compile the code. so hard to hide a backdoor there at least.



I heard that Biden is gearing up for a $6 trillion additional spending plan, which is conveniently named as the "American Families Plan". Obviously not all of this amount can be sourced from printing banknotes alone. Some of it needs to come from taxing successful people. The long term capital gains tax for the highest slab is about to touch 60% in cities such as LA and Portland. I don't understand why the successful people still want to remain in the United States. Is it that hard to renounce your citizenship and move to some Caribbean country?

to do that you 1st have to pay a one time "exit tax" on basically your entire net worth. that may or not be worth it to some.

legendary
Activity: 3766
Merit: 1217
I heard that Biden is gearing up for a $6 trillion additional spending plan, which is conveniently named as the "American Families Plan". Obviously not all of this amount can be sourced from printing banknotes alone. Some of it needs to come from taxing successful people. The long term capital gains tax for the highest slab is about to touch 60% in cities such as LA and Portland. I don't understand why the successful people still want to remain in the United States. Is it that hard to renounce your citizenship and move to some Caribbean country?
legendary
Activity: 1134
Merit: 1598
the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.
Imagine they had an 8yo seed which was used with coin control ever since it's been generated. Having the seed means knowing its entire history and, moreover, you now know all this history is of one single person's finance. It's their wet dream..
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

they could get those addys from ledger (trezor etc) servers now if they tried which is much easier.

all the more important to run your own full node for your hardware/software wallets and use that for your transactions. then only you know the addys.
hero member
Activity: 2436
Merit: 877
Tell me they are not after hacking your wallet passphrase?

So in the none open source wallet the backdoor is to pass the wallet seed to a third party? Or what else information they are after. And if they are after such information then how would one differenciate them from a bad hacker?


This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.
Goverment can put pressure and they do everything to get their job done. Maybe some company will sell their ethics for more money but those who are into true bitcoin they will never sell their idology. We need to be more careful when we are chosing our wallet and handling our crypto.


One perfect example which fits here is the coinbase IPO. If the companies or individual buy the coinbase IPO, then the government can get hold of you and demand you for all sort of taxes and income sources etc but if you buy the real bitcoin and hold it in your private wallets, government hands can't reach there. Now its your choice on what you choose.  Smiley
legendary
Activity: 1134
Merit: 1598
I wonder how many companies with closed-source HWs would not sacrifice their clients for millions of bucks coming from IRS. In an open-source world, it is indeed very weird to sell a partially closed-source product. But since authorities have easy access to very large fundings, a $10M secret contract with Ledger might actually sound good enough for them to allow backdoors in their HWs, if they haven't done it already.

Worst thing is, they literally have a money printing machine. They could at any given time start working on a computer specifically created to break down all the seeds using latest technologies, without us knowing it. They're so desperate they might want to do that, even though it does mean breaking someone's financial intimacy from anywhere around the world.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Cracking seed phrases? Are they insane, simple word, it's robbery.

Also, the bip39 would be another hindrance to them, it would require them lots of resources just to get their motive. Good luck with that lol.

sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
Biden should concentrate on building a quantum computer then only its possible to hack the wallets. Tongue

Tax evaders should be worried about it but its time for the crypto billionaires to move out of the USA or else they have to pay 70% of their asset value for tax and penalty or even they have to pay it completely.
legendary
Activity: 3304
Merit: 1617
#1 VIP Crypto Casino
Yeah good luck cracking my seed, suckers. More evidence that the gov are getting envious & desperate.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
So in the none open source wallet the backdoor is to pass the wallet seed to a third party? Or what else information they are after. And if they are after such information then how would one differenciate them from a bad hacker?
Typically, a backdoor would allow unauthorized access. Someone who is not the owner of the wallet and does not own the seed or pass phrase would be able to bypass all security and have access to the contents of the software. In an open source system anyone would be able to see the backdoor which was put and avoid using such applications, this is not the case if it is closed source.

The government is not relenting in their efforts to identify Bitcoin users and transactions, so Bitcoin users should not compromise on safety and privacy.
member
Activity: 889
Merit: 60
Yeah, privacy should be human right, but then again it's hard dilemma for regulators when people are using privacy to escape regulations. You might get away it for a while, but more money you are trying to hide, more difficult that's going to get. And i don't think that there's a real consensus yet how this right to privacy should be handled, because even regulators want privacy, but they also want a possibility to audit. I am looking at combination of RegDeFi and zero knowledge proofs to combat this.

Because no one want lack of privacy in the end. We need to build an opposite system for china's trackable currency. We need to be a good altervative for oppression.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
Tell me they are not after hacking your wallet passphrase?

So in the none open source wallet the backdoor is to pass the wallet seed to a third party? Or what else information they are after. And if they are after such information then how would one differenciate them from a bad hacker?


This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.
Goverment can put pressure and they do everything to get their job done. Maybe some company will sell their ethics for more money but those who are into true bitcoin they will never sell their idology. We need to be more careful when we are chosing our wallet and handling our crypto.
legendary
Activity: 2212
Merit: 7064
Maybe some of you read the news that came out few days ago how Biden is going to hire more people to work for IRS to make better tax enforcement and people will have to pay him $80 billion in extra funding for that.
News came out that IRS recently launched Operation Hidden Treasure for tracing cryptocurrency transactions and detecting people who are avoiding to pay taxes for undeclared cryptocurrency gains.

What is Biden administration going to do with all that money collected from people?
IRS or Internal Revenue Service is now looking for help to hack cryptocurrency hardware wallets (Trezor, Ledger, Coldcard and others) and they released must read 25 pages long PDF document in March 2021 named:
Performance Work Statement Criminal Investigation Development of Exploitation Techniques Against Cryptowallets.
In this document IRS Digital Forensic Unit admits that hardware wallets have become very secure and they need solutions and reusable tool to hack wallets, because they may have them in possession from various cases but can't break them.

Quote
Despite best cyber security efforts, even secure embedded hardware devices may possess vulnerabilities in hardware, software and firmware that allow for the unintentional disclosure of information.
This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.

Trezor wallet posted on Twitter that this is oppression of citizens and attack on individuals rights to privacy, and I would agree with that:
https://twitter.com/Trezor/status/1387863392984182787

Remember to always protect your hardware wallets with passphrases and multisig solutions and learn how to protect from $5 wrench attacks or if done by government it is called Go to Jail card.


source document
Jump to: