It is NOT secure to use hardware wallets (and it never was)

HCP

legendary

Activity: 2086

Merit: 4316

Quote from: VZ Chains on April 30, 2018, 05:11:36 AM

Damn, my nano ledger is worthless then? Shocked

No, the exploit has been patched as of firmware v1.4.1... (Note: current firmware is v1.4.2 which helps remove a couple of other theoretical attack vectors by forcing random starting numbers when entering PIN etc)

As far as I'm aware... there have been no known instances of this exploit "in the wild"... it was merely a "proof of concept" that was responsibly reported by the "15yr old kid" and was subsequently patched by Ledger.

AGD

legendary

Activity: 2070

Merit: 1164

Keeper of the Private Key

Quote from: VZ Chains on April 30, 2018, 05:11:36 AM

Quote from: AGD on March 22, 2018, 03:32:02 AM

I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.

Damn, my nano ledger is worthless then? Shocked

Still secure enough for day today use, but I wouldn't trust it with big money.

VZ Chains

newbie

Activity: 87

Merit: 0

Quote from: AGD on March 22, 2018, 03:32:02 AM

I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.

Damn, my nano ledger is worthless then? Shocked

PHPSELLER

sr. member

Activity: 318

Merit: 251

Quote from: btcdevil on April 29, 2018, 03:48:10 AM

From starting i was also against Hardware wallet, i am always referring to use electrum or mycelium desktop wallet as it dont need to backup the full node, just download the software and install it and backup the seed key and start using your bitcoin wallet. Only thing to secure is the seed key through which you can install the software anywhere and use your wallet.

Until now, I didn't use a hardware wallet to save my bitcoin, I didn't like this idea because it's still risky to damage your wallet or to lose it. I agree that it's very good for security and save your BTC carefully without any worriying to lose them, but I don't like that. I just want to save my bitcoin in an online wallet or in a desktop wallet like Electrum wallet. It's too easy to manage and had a good secuirty.

QFT

sr. member

Activity: 476

Merit: 250

I only use paper wallets, they do the job just as efficiently if not more.

edhp

jr. member

Activity: 112

Merit: 2

Quote from: jahn_quid on April 29, 2018, 05:34:32 AM

After 8 pages of debate, I'm still not sure what my takeaway is...

For someone who's not serious in crypto, just playing around in the exchanges with little money, is a hardware wallet worth it?

The questions becomes considerably more significant with larger amounts of money involved, for sure. But some of the solutions seem to just be facsimiles of banks and fiat monies - paper wallets, storing in safes, multiple layers of authenticities. Does this mean in the end, when there are clearer standards that we just revert to "banking systems" that are slightly more customer friendly?

A hardware wallet's worth to you might depend on how much crypto you own. If you won't lose sleep losing whatever you own in those exchanges, then you might not need a hardware wallet after all since it costs a considerable amount of money.

bitmover

legendary

Activity: 2324

Merit: 6006

bitcoindata.science

Quote from: Lucius on April 29, 2018, 06:06:57 AM

Everyone has the right to their own opinion and it is true that even hardware wallets are not perfect,but in terms of security hardware wallets are undoubtedly above desktop wallets.If you ask why,there is very simple answer-how many cases you know that hardware wallet is hacked and user is lost his coins(excluded wallets bought on E-bay/Amazon...)?And how many cases you can find that users lost coins in desktop wallets?You can find it very easily in hundreds of examples,fake desktop wallets are responsible for millions $ of stolen coins.

There is no 100% safe way to store coins,but every serious user should seek for best solution.

Yeah, this topic title is a bit misleading. Hardware wallets are much safer than any desktop wallet. Hardware wallets are safe to use even on a computer that is infected with a malware. Hardware wallets are an airgapped enviroment on your desktop.

In the problem related to hardwallets mentioned above the hacker had physical access to the hardwallet.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: btcdevil on April 29, 2018, 03:48:10 AM

From starting i was also against Hardware wallet, i am always referring to use electrum or mycelium desktop wallet as it dont need to backup the full node, just download the software and install it and backup the seed key and start using your bitcoin wallet. Only thing to secure is the seed key through which you can install the software anywhere and use your wallet.

Everyone has the right to their own opinion and it is true that even hardware wallets are not perfect,but in terms of security hardware wallets are undoubtedly above desktop wallets.If you ask why,there is very simple answer-how many cases you know that hardware wallet is hacked and user is lost his coins(excluded wallets bought on E-bay/Amazon...)?And how many cases you can find that users lost coins in desktop wallets?You can find it very easily in hundreds of examples,fake desktop wallets are responsible for millions $ of stolen coins.

There is no 100% safe way to store coins,but every serious user should seek for best solution.

jahn_quid

newbie

Activity: 182

Merit: 0

After 8 pages of debate, I'm still not sure what my takeaway is...

For someone who's not serious in crypto, just playing around in the exchanges with little money, is a hardware wallet worth it?

The questions becomes considerably more significant with larger amounts of money involved, for sure. But some of the solutions seem to just be facsimiles of banks and fiat monies - paper wallets, storing in safes, multiple layers of authenticities. Does this mean in the end, when there are clearer standards that we just revert to "banking systems" that are slightly more customer friendly?

btcdevil

legendary

Activity: 1302

Merit: 1027

From starting i was also against Hardware wallet, i am always referring to use electrum or mycelium desktop wallet as it dont need to backup the full node, just download the software and install it and backup the seed key and start using your bitcoin wallet. Only thing to secure is the seed key through which you can install the software anywhere and use your wallet.

[email protected]

copper member

Activity: 6

Merit: 0

Here is a concept of next generation highly secured hardware wallet:

Bkey.tech

It is physically separated from untrusted environment and it`s inputs\outputs fully controlled by owner.

So it cannot be hacked remotely by design and very user friendly.

Also there will be several protective solutions to prevent "wrench attack".

Spendulus

legendary

Activity: 2898

Merit: 1386

Quote from: justmyname on April 27, 2018, 10:33:01 PM

Quote from: Artlee87 on April 22, 2018, 03:46:02 PM

Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank. Cheesy

I would have to disagree with this.

First of all, contents of a safe deposit box should be "tamper evident." Google that it will become clear that any prowling in that box can and should be detected. Yes that can include taking pictures of anyone opening the box, using a cam that doesn't look like a cam.

Important contents should not be obvious. A paper wallet should not be on a piece of paper that shouts "BITCOIN KEYS." It might be engraved on something that looks like a family heirloom. Johnny's First Communication certificate. Etc.

They could be on a page that looked like a listing of bank account numbers, split into pieces.

These things would not stop a determined attacker that already knew you had a stash, so one additional level of security is needed.

That is the encoding of the private key with a key phrase that only you know.

At this point you have

1. A box that does not appear to have any bitcoin paper wallets.
2. one object of many in the box that has the keys or sequences.
3. The key needs another part that is not in the box.
4. The box has tamper evident contents, hence an intruder is detected.

harbs23

newbie

Activity: 81

Merit: 0

Quote from: AGD on March 22, 2018, 03:32:02 AM

I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.

Yes ! Your right hardware wallet have a lot of vulnerability.
But? What about paper wallet ?/is it advisable to use?

network.decentralizer

jr. member

Activity: 30

Merit: 1

Allow me to say that all of this kind of "bugs" and "exploits" will not cause any problem to a normal user. You are SAFE! Nobody will modify the hardware wallet if you buy it from the official store(Trezor, ledger etc.).

No program can have access to the hardware wallet seed or private keys. To sign a transaction you need to press a button so every time you want to make a transaction you need to double check the outputs.

All other threads like man-in-the-middle attack are just theory.

justmyname

sr. member

Activity: 389

Merit: 250

Quote from: Artlee87 on April 22, 2018, 03:46:02 PM

Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank. Cheesy

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: frostalvin on April 24, 2018, 09:30:51 PM

yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin.

In reality nothing guarantees the security and safety of your coins.
But a hardware wallet is one of the best (if not the best when looking at security/convinience) type of storage for your BTC.

Quote from: frostalvin on April 24, 2018, 09:30:51 PM

and I'm still confused want to plunge into the world of cloudmining, ..

You should reconsider this. Cloud mining mainly is just scam.

Why should someone rent his hardware and mine for you for less profit than he could have when just mining for themselves?
If you are heavily interested in mining, buy a mining rig and join a pool. But without cheap(!) electricity this is just a waste of energy (without any profit).

frostalvin

newbie

Activity: 13

Merit: 0

yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin .
and I'm still confused want to plunge into the world of cloudmining, I do not understand after I get the results of the developers think 'my money is where

Spendulus

legendary

Activity: 2898

Merit: 1386

Quote from: PlayUp on April 23, 2018, 09:27:56 PM

....
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

It IS a different program, being compiled under OS X and relying on somewhat different underlying libraries.

They say to use Google Chrome or Chromium as the browser, were you doing that?

HCP

legendary

Activity: 2086

Merit: 4316

Quote from: PlayUp on April 23, 2018, 09:27:56 PM

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

1.4.1 was a bit of a nuisance for some folks, getting "confusing error messages... however, Ledger have already released 1.4.2... https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/

As noted in that blog post, they have a detailed step-by-step here: https://support.ledgerwallet.com/hc/en-us/articles/360002731113

I believe you can update directly from 1.3.1 to 1.4.2 without needing to load the 1.4.1 firmware. Also, going from Windows to MacOSX shouldn't make any difference to the device... it should switch without issue. What is the exact issue you've having? device not recognised? device recognised but update failing? Huh

PlayUp

newbie

Activity: 13

Merit: 0

I am most certainly not technical enough to grasp the extent of that document, but it does appear to imply that a hacker requires physical access to your device beforehand before hacking into it.

Everyone is aware of this threat. This is without doubt the pitfall of any hard wallet, not knowing how it was configured and what hands it has passed through beforehand.

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?

I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

Topic: It is NOT secure to use hardware wallets (and it never was) (Read 2133 times)