Pages:
Author

Topic: It is NOT secure to use hardware wallets (and it never was) (Read 2226 times)

HCP
legendary
Activity: 2086
Merit: 4361
Damn, my nano ledger is worthless then? Shocked
No, the exploit has been patched as of firmware v1.4.1... (Note: current firmware is v1.4.2 which helps remove a couple of other theoretical attack vectors by forcing random starting numbers when entering PIN etc)

As far as I'm aware... there have been no known instances of this exploit "in the wild"... it was merely a "proof of concept" that was responsibly reported by the "15yr old kid" and was subsequently patched by Ledger.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.
Damn, my nano ledger is worthless then? Shocked

Still secure enough for day today use, but I wouldn't trust it with big money.
newbie
Activity: 87
Merit: 0
I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.
Damn, my nano ledger is worthless then? Shocked
sr. member
Activity: 318
Merit: 251
From starting i was also against Hardware wallet, i am always referring to use electrum or mycelium desktop wallet as it dont need to backup the full node, just download the software and install it and backup the seed key and start using your bitcoin wallet. Only thing to secure is the seed key through which you can install the software anywhere and use your wallet.
Until now, I didn't use a hardware wallet to save my bitcoin, I didn't like this idea because it's still risky to damage your wallet or to lose it. I agree that it's very good for security and save your BTC carefully without any worriying to lose them, but I don't like that. I just want to save my bitcoin in an online wallet or in a desktop wallet like Electrum wallet. It's too easy to manage and had a good secuirty.
QFT
sr. member
Activity: 476
Merit: 250
I only use paper wallets, they do the job just as efficiently if not more.
jr. member
Activity: 112
Merit: 2
After 8 pages of debate, I'm still not sure what my takeaway is...

For someone who's not serious in crypto, just playing around in the exchanges with little money, is a hardware wallet worth it?

The questions becomes considerably more significant with larger amounts of money involved, for sure. But some of the solutions seem to just be facsimiles of banks and fiat monies - paper wallets, storing in safes, multiple layers of authenticities. Does this mean in the end, when there are clearer standards that we just revert to "banking systems" that are slightly more customer friendly?

A hardware wallet's worth to you might depend on how much crypto you own. If you won't lose sleep losing whatever you own in those exchanges, then you might not need a hardware wallet after all since it costs a considerable amount of money.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Everyone has the right to their own opinion and it is true that even hardware wallets are not perfect,but in terms of security hardware wallets are undoubtedly above desktop wallets.If you ask why,there is very simple answer-how many cases you know that hardware wallet is hacked and user is lost his coins(excluded wallets bought on E-bay/Amazon...)?And how many cases you can find that users lost coins in desktop wallets?You can find it very easily in hundreds of examples,fake desktop wallets are responsible for millions $ of stolen coins.

There is no 100% safe way to store coins,but every serious user should seek for best solution.

Yeah, this topic title is a bit misleading. Hardware wallets are much safer than any desktop wallet. Hardware wallets are safe to use even on a computer that is infected with a malware. Hardware wallets are an airgapped enviroment on your desktop.

In the problem related to hardwallets mentioned above the hacker had physical access to the hardwallet.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
From starting i was also against Hardware wallet, i am always referring to use electrum or mycelium desktop wallet as it dont need to backup the full node, just download the software and install it and backup the seed key and start using your bitcoin wallet. Only thing to secure is the seed key through which you can install the software anywhere and use your wallet.

Everyone has the right to their own opinion and it is true that even hardware wallets are not perfect,but in terms of security hardware wallets are undoubtedly above desktop wallets.If you ask why,there is very simple answer-how many cases you know that hardware wallet is hacked and user is lost his coins(excluded wallets bought on E-bay/Amazon...)?And how many cases you can find that users lost coins in desktop wallets?You can find it very easily in hundreds of examples,fake desktop wallets are responsible for millions $ of stolen coins.

There is no 100% safe way to store coins,but every serious user should seek for best solution.
newbie
Activity: 182
Merit: 0
After 8 pages of debate, I'm still not sure what my takeaway is...

For someone who's not serious in crypto, just playing around in the exchanges with little money, is a hardware wallet worth it?

The questions becomes considerably more significant with larger amounts of money involved, for sure. But some of the solutions seem to just be facsimiles of banks and fiat monies - paper wallets, storing in safes, multiple layers of authenticities. Does this mean in the end, when there are clearer standards that we just revert to "banking systems" that are slightly more customer friendly?
legendary
Activity: 1302
Merit: 1027
From starting i was also against Hardware wallet, i am always referring to use electrum or mycelium desktop wallet as it dont need to backup the full node, just download the software and install it and backup the seed key and start using your bitcoin wallet. Only thing to secure is the seed key through which you can install the software anywhere and use your wallet.
copper member
Activity: 6
Merit: 0
Here is a concept of next generation highly secured hardware wallet:

                             Bkey.tech

It is physically separated from untrusted environment and it`s inputs\outputs fully controlled by owner.

So it cannot be hacked remotely by design and very user friendly.

Also there will be several protective solutions to prevent "wrench attack".

legendary
Activity: 2926
Merit: 1386
Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank.  Cheesy

I would have to disagree with this.

First of all, contents of a safe deposit box should be "tamper evident." Google that it will become clear that any prowling in that box can and should be detected. Yes that can include taking pictures of anyone opening the box, using a cam that doesn't look like a cam.

Important contents should not be obvious. A paper wallet should not be on a piece of paper that shouts "BITCOIN KEYS." It might be engraved on something that looks like a family heirloom. Johnny's First Communication certificate. Etc.

They could be on a page that looked like a listing of bank account numbers, split into pieces.

These things would not stop a determined attacker that already knew you had a stash, so one additional level of security is needed.

That is the encoding of the private key with a key phrase that only you know.

At this point you have

1. A box that does not appear to have any bitcoin paper wallets.
2. one object of many in the box that has the keys or sequences.
3. The key needs another part that is not in the box.
4. The box has tamper evident contents, hence an intruder is detected.

newbie
Activity: 81
Merit: 0
I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.
Yes ! Your right hardware wallet have a lot of vulnerability.
But? What about paper wallet ?/is it advisable to use?
jr. member
Activity: 30
Merit: 1
Allow me to say that all of this kind of "bugs" and "exploits" will not cause any problem to a normal user. You are SAFE! Nobody will modify the hardware wallet if you buy it from the official store(Trezor, ledger etc.).

No program can have access to the hardware wallet seed or private keys. To sign a transaction you need to press a button so every time you want to make a transaction you need to double check the outputs.

All other threads like man-in-the-middle attack are just theory.
sr. member
Activity: 389
Merit: 250
Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank.  Cheesy
legendary
Activity: 1624
Merit: 2481
yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin.

In reality nothing guarantees the security and safety of your coins.
But a hardware wallet is one of the best (if not the best when looking at security/convinience) type of storage for your BTC.



and I'm still confused want to plunge into the world of cloudmining, ..

You should reconsider this. Cloud mining mainly is just scam.

Why should someone rent his hardware and mine for you for less profit than he could have when just mining for themselves?
If you are heavily interested in mining, buy a mining rig and join a pool. But without cheap(!) electricity this is just a waste of energy (without any profit).

newbie
Activity: 13
Merit: 0
yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin .
and I'm still confused want to plunge into the world of cloudmining, I do not understand after I get the results of the developers think 'my money is where
legendary
Activity: 2926
Merit: 1386
....
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?


It IS a different program, being compiled under OS X and relying on somewhat different underlying libraries.

They say to use Google Chrome or Chromium as the browser, were you doing that?
HCP
legendary
Activity: 2086
Merit: 4361
Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?
1.4.1 was a bit of a nuisance for some folks, getting "confusing error messages... however, Ledger have already released 1.4.2... https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/

As noted in that blog post, they have a detailed step-by-step here: https://support.ledgerwallet.com/hc/en-us/articles/360002731113

I believe you can update directly from 1.3.1 to 1.4.2 without needing to load the 1.4.1 firmware. Also, going from Windows to MacOSX shouldn't make any difference to the device... it should switch without issue. What is the exact issue you've having? device not recognised? device recognised but update failing? Huh
newbie
Activity: 13
Merit: 0

I am most certainly not technical enough to grasp the extent of that document, but it does appear to imply that a hacker requires physical access to your device beforehand before hacking into it.

Everyone is aware of this threat. This is without doubt the pitfall of any hard wallet, not knowing how it was configured and what hands it has passed through beforehand.

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?

I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

Pages:
Jump to: