Pages:
Author

Topic: Trezor hacked (again) (Read 1501 times)

jr. member
Activity: 59
Merit: 30
July 04, 2023, 03:23:22 AM
#99
Quote

@rohanagarwal7 You should also avoid over-shilling your hardware wallet in other people's threads which you have been doing lately. Depending on the situation and/or mod, if those posts were reported, they could be deleted. That isn't something you want to see. 

I will take care about this. Although, I might have posted in 1-2 threads only which were relevant and solving the problems that were being discussed in the post.
jr. member
Activity: 59
Merit: 30
July 04, 2023, 03:17:14 AM
#98
Quote

Open a discussion thread for your Cypherock Wallet where we can dissect it, if you haven't done already. I have taken a short look over your website and there's a lot of eye-candy and fancy claims but getting real hard details seems a bit difficult.

I have already quite some questions how your product would be superior as you claim it to be. I'm not yet at all convinced of your product because showing the usual marketing bullshit doesn't prove any superiority.

I hear your concerns.

Here is the thread we have already opened in the past - https://bitcointalksearch.org/topic/m.61451074

Here is the thread for the 2nd use case of the product - https://bitcointalksearch.org/topic/shamirs-secret-sharing-based-wallet-cypherock-x1-5457147

Here is the link to the technical docs which you might fancy more - https://cypherock.com/docs

Here is the link to the github - https://github.com/cypherock

Happy to answer any questions you might have

legendary
Activity: 2730
Merit: 7065
July 02, 2023, 07:56:24 AM
#97
This makes no sense, since ColdCard is not open source but the code is still public and verifiable. This means you can not use their code for free in your own product, however just like in an open source code you can verify that it is not malicious.

To me that is not the best but acceptable solution.
It terms of code verifiability, there is no difference between Coldcard's code and that of other open-source solutions. If you know how to do it, you can verify both, just like you said. Because of that, saying I don't trust them means very little. You don't have to trust them, verify it. But we all know that verifying isn't possible for the majority of us, so we are back on trusting this or that.

dkbit98 not trusting Coldcard is probably related to the way they acquired the code they now use in their wallets. It's based on open-source code that they modified, and are now preventing other brands from using it. There was even a time when they referred to their code as open-source, when it wasn't. It's verifiable but not open-source. Unethical approach by Coldcard on that front. Their CEO is also a controversial figure that some people don't like.
hero member
Activity: 1022
Merit: 642
Magic
July 02, 2023, 05:07:11 AM
#96
Coldcard sells its wallets with industrial grade SD cards
Colcard is not open source, so I don't trust them very much, and they don't include industrial SD cards for free like Passport does, so you have to pay extra for them  Roll Eyes


This makes no sense, since ColdCard is not open source but the code is still public and verifiable. This means you can not use their code for free in your own product, however just like in an open source code you can verify that it is not malicious.

To me that is not the best but acceptable solution.
legendary
Activity: 2730
Merit: 7065
July 02, 2023, 03:00:22 AM
#95
Open a discussion thread for your Cypherock Wallet where we can dissect it, if you haven't done already.
< This!

@rohanagarwal7 You should also avoid over-shilling your hardware wallet in other people's threads which you have been doing lately. Depending on the situation and/or mod, if those posts were reported, they could be deleted. That isn't something you want to see. 
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
July 01, 2023, 10:11:37 AM
#94


Open a discussion thread for your Cypherock Wallet where we can dissect it, if you haven't done already. I have taken a short look over your website and there's a lot of eye-candy and fancy claims but getting real hard details seems a bit difficult.

I have already quite some questions how your product would be superior as you claim it to be. I'm not yet at all convinced of your product because showing the usual marketing bullshit doesn't prove any superiority.
jr. member
Activity: 59
Merit: 30
June 28, 2023, 04:37:00 PM
#93
Quote
While it's good to remind people now and then about this kind of problems, the overall conclusion has not change:
if the hardware wallet falls into the hands of unknown people, it's safer to assume it's going to get broken into/hacked, hence use the backup seed and move the coins away asap.

I would love to get your thoughts on Cypherock X1 wallet. We are building a new kind of hardware wallet where we never store the private keys in a single place permanently. We use Shamir's Secret Sharing to split the seed into 5 parts stored on 5 tamper-resistent hardware such that the keys do not have a single point of failure like you described.
legendary
Activity: 2730
Merit: 7065
June 28, 2023, 11:30:06 AM
#92
The Trezor Suite Lite is a new piece of software and different from the Trezor Suite client you have on your mac. The app you have is the standard software that works with Trezor hardware wallets. Trezor Suite Lite is a portfolio tracker, where you can import your master public keys on a phone app and keep track of your accounts that way. You can't generate or sign transactions with it, though. Since it holds master public keys, it gives you an option to generate new receiving addresses. It will probably develop into a fully working mobile app with time, which also includes signing capabilities.

Before installing a newer version of the Trezor Suite, ensure you verify the signatures.
legendary
Activity: 3836
Merit: 10832
Self-Custody is a right. Say no to"Non-custodial"
June 28, 2023, 08:13:12 AM
#91
It's gone now. Only the official Trezor Suite Lite is available on the App Store.
I did a quick check on Google's Play Store as well. There is only one Trezor Suite Lite available, and it's the official client you would find if you clicked on the link on Trezor's website.

The one that I have been running on my MacOs is called "Trezor Suite".. and it is version 23.5.2 (23.5.2.28476) -  I update it from time to time when prompted by the App.. which does sometimes make me uncomfortable to be updating it upon prompt.... but I don't recall seeing (or using) a "Trezor Suite Lite" app from them, even though it does seem that they had changed their name - or was it just a change from the bridge extension that previously had run through Chrome OS over to the separate "Trezor Suite" App (which would have been around a year ago)?  There was a point in which you could use either the app or the Chrome extension, but it has probably been around a year since I had even tried to use anything other than the "Trezor Suite" app...
legendary
Activity: 2730
Merit: 7065
June 28, 2023, 04:08:40 AM
#90
It's gone now. Only the official Trezor Suite Lite is available on the App Store.
I did a quick check on Google's Play Store as well. There is only one Trezor Suite Lite available, and it's the official client you would find if you clicked on the link on Trezor's website.
legendary
Activity: 1708
Merit: 1615
Payment Gateway Allows Recurring Payments
June 21, 2023, 11:22:49 AM
#89
There's a Fake Trezor Wallet in the Apple App Store Draining Crypto
"A malicious Trezor app has appeared on the Apple App Store under the fake name "Trezor Wallet Suite."
Downloaded a Trezor app for your Apple iPhone lately? Better double check it.

A malicious Trezor app has appeared on the Apple App Store, potentially putting users at risk danger of losing their crypto. Under the fake name "Trezor Wallet Suite," the app was pointed out on Twitter yesterday as a false version of the hardware wallet provider’s software."
legendary
Activity: 2212
Merit: 7064
June 07, 2023, 06:08:31 PM
#88
Coldcard sells its wallets with industrial grade SD cards
Colcard is not open source, so I don't trust them very much, and they don't include industrial SD cards for free like Passport does, so you have to pay extra for them  Roll Eyes

Comparison with Audi is not appropriate here, since a person paid a lot of money for luxury, and not for reliability. If he had bought a basic Toyota, then he would have had no problems with repairs in the early years.
Excuse me but that is nonsense, I could easily replace word Audi with any other modern car brand or equipment, new stuff is mostly junk full of electronics with intentional bugs.
This can be said for everything, check out the video testing modern vs old bricks and concrete:
https://www.youtube.com/watch?v=6_LgrbAsoME

Now let's get back on topic of Trezor hack.
full member
Activity: 343
Merit: 167
June 07, 2023, 03:54:44 AM
#87
Yeah they are, until they stop working like all new flash storage devices.
Most new stuff made today is trash and it stops working right after warranty expires, happened to me and people I know many times.
One guy purchased brand new luxury Audi in 2021 (with Bitcoin), year after alternator died, and ever since he is going in service each months for electronic issues.
They are making most new electronic stuff shiny from the outside with intentional time-ticking error-bomb.

Coldcard sells its wallets with industrial grade SD cards:
https://store.coinkite.com/store/category/bundles
These wallets are considered one of the most reliable for storing bitcoins.
Comparison with Audi is not appropriate here, since a person paid a lot of money for luxury, and not for reliability. If he had bought a basic Toyota, then he would have had no problems with repairs in the early years.
legendary
Activity: 2212
Merit: 7064
June 06, 2023, 02:58:43 PM
#86
I don't expect something even in 2024. Until then it's vaporware.
It's far from vaporware if they already have new chips ready for testing and they officially said new devices should be released in the time I said.
They recently published information with chip photographs and they started doing internal testing for all people working in Trezor.
It's not like they are inventing wheel all over again, they are just open sourcing the chips from experienced chip manufacturer.

Looking at the steep price jump from Trezor Model One to Model T, I'm not particularly confident that a new Trezor device with secure element will be moderately priced. But we might see maybe some basic SE Model and something as fancy as the Model T, now with SE and maybe camera, too? There is competition in the HW market and that's good.
New-gen Trezor device wont be cheap, that's for sure, but I would be ok with price around $200 to $300.

Industrial SD cards are quite reliable. These cards use pSLC technology rather than the cheap QLC found in conventional cards. Such cards are significantly more expensive, but this can be quite commensurate with your bitcoin investment. In addition, you should not forget about backups by placing them on cards from different manufacturers.
Yeah they are, until they stop working like all new flash storage devices.
Most new stuff made today is trash and it stops working right after warranty expires, happened to me and people I know many times.
One guy purchased brand new luxury Audi in 2021 (with Bitcoin), year after alternator died, and ever since he is going in service each months for electronic issues.
They are making most new electronic stuff shiny from the outside with intentional time-ticking error-bomb.
full member
Activity: 343
Merit: 167
June 04, 2023, 05:00:30 AM
#85

They are really small and indeed easy to loose and also not much space left to label them properly. You have to accomodate for that. And of course I wouldn't rely solely on flash storage. I've seen a few flash storage cards, sticks and drives die all the sudden, I'd be crazy to rely only on such a backup alone. That would be a recipe for desaster and not good Bitcoin safety storage practice.

Industrial SD cards are quite reliable. These cards use pSLC technology rather than the cheap QLC found in conventional cards. Such cards are significantly more expensive, but this can be quite commensurate with your bitcoin investment. In addition, you should not forget about backups by placing them on cards from different manufacturers.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
June 03, 2023, 10:50:19 AM
#84
It would sound more interesting to me if they added secure element, but I guess we are going to have to wait until they release new Trezor gen device with that, probably in the end of 2023 or in 2024.

I have no idea, when the Tropic Square secure element (SE) will be declared as OK for delivery in real products. Yes, there are real silicon samples but I lost or never really had track of how far is serious testing of this SE. I'd wish we won't have to go through multiple flaws detected, hardware fixes needed cycles. ETA of a future Trezor R or however they want to call it is ... in the future, who knows when, I don't expect something even in 2024. Until then it's vaporware.

Looking at the steep price jump from Trezor Model One to Model T, I'm not particularly confident that a new Trezor device with secure element will be moderately priced. But we might see maybe some basic SE Model and something as fancy as the Model T, now with SE and maybe camera, too? There is competition in the HW market and that's good.


And it's very easy to lose it  Cheesy
I wouldn't count that as only backup option, flash storage can go stupid sometimes (happened to me with flash drives).

They are really small and indeed easy to loose and also not much space left to label them properly. You have to accomodate for that. And of course I wouldn't rely solely on flash storage. I've seen a few flash storage cards, sticks and drives die all the sudden, I'd be crazy to rely only on such a backup alone. That would be a recipe for desaster and not good Bitcoin safety storage practice.
legendary
Activity: 2212
Merit: 7064
June 02, 2023, 03:52:49 PM
#83
True, I find Trezor One quite basic. It offers the bare minimum without bells and whistles. A Trezor T clone sounds like more fun to have.
It would sound more interesting to me if they added secure element, but I guess we are going to have to wait until they release new Trezor gen device with that, probably in the end of 2023 or in 2024.

SeedSigner DIY is definitely an interesting project especially for Multisig. What I didn't like very much, is to constantly have your seed on a QR code paper in use. Without a QR code it will be a constant pain to use.
That is downside only if you are using it daily, but for everything else this is much safer, especially if done as multisig setup.
I think this should be introduced to all hardware wallets as option, if they can verify that erasing everything really means that.

I find a small microSD card as used in a PiTrezor easier to hide and conceal. You can even easily swith wallets nearly instantly with multiple microSD cards.
And it's very easy to lose it  Cheesy
I wouldn't count that as only backup option, flash storage can go stupid sometimes (happened to me with flash drives).
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
June 01, 2023, 04:03:43 PM
#82
I haven't used my PiTrezor for serious coin storage. I tested it more or less to some extend with Testnet coins and mainly with Electrum, not so much with the Trezor Suite. It's been some months ago, but I don't remember that the warning in Trezor Suite hindered further usage of the PiTrezor. AFAIR you can force to ignore the warning cause, there's an option for that in Trezor Suite and I hope Trezor didn't remove it in more recent versions.


Another problem I have with PiTrezor is that it can only be used to replace Trezor One, not Trezor model T, as far as I know.

True, I find Trezor One quite basic. It offers the bare minimum without bells and whistles. A Trezor T clone sounds like more fun to have.


For people using only Bitcoin I would prefer using RaspberryPi for making SeedSigner DIY device, or something similar that dont keep anything on device and it has camera. 

SeedSigner DIY is definitely an interesting project especially for Multisig. What I didn't like very much, is to constantly have your seed on a QR code paper in use. Without a QR code it will be a constant pain to use.

I find a small microSD card as used in a PiTrezor easier to hide and conceal. You can even easily swith wallets nearly instantly with multiple microSD cards.
legendary
Activity: 2212
Merit: 7064
May 31, 2023, 07:01:49 AM
#81
I can use my DIY PiTrezor without problems with official Trezor Suite. Yes, Trezor Suite detects that the PiTrezor isn't genuine and shows a warning banner, but otherwise works perfectly fine with it.
Is there any way to bypass and skip that warning?
Another problem I have with PiTrezor is that it can only be used to replace Trezor One, not Trezor model T, as far as I know.
For people using only Bitcoin I would prefer using RaspberryPi for making SeedSigner DIY device, or something similar that dont keep anything on device and it has camera. 
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
May 30, 2023, 03:36:24 PM
#80
I can use my DIY PiTrezor without problems with official Trezor Suite. Yes, Trezor Suite detects that the PiTrezor isn't genuine and shows a warning banner, but otherwise works perfectly fine with it.
Pages:
Jump to: