matt on Nostr: Hardware Wallets are devices designed to hold bearer assets which can be trivially ...
Hardware Wallets are devices designed to hold bearer assets which can be trivially stolen if you leak the private key(s). There’s many, many people involved in the manufacture of each hardware wallet, each of which might wish to make free money by backdooring the hardware wallet. For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. Sure, most hardware wallets have tried to be robust against these attacks, but there’s frankly just not that much that can be done.
Wouldn’t it be nice if you didn’t have to trust the device at all, but rather an attacker would have to compromise *both* your hardware wallet and your computer? Well, we’ve had the tech to do this for many, many years! The fact that only two hardware wallets bothered to implement this boggles my mind. It’s impressive incompetence, bordering on maliciousness, honestly.
Stop using hardware wallets that don’t take security seriously (sadly, all of them except Jade and BitBox). This is a novel construction, but the class of attacks is very old.
A laptop purchased in person, immediately installing Linux without ever connecting it to the Internet is a much better way to store coin than hardware wallets. Which, frankly, is just embarrassing incompetence for the hardware wallet industry.
https://darkskippy.com/
Published at
2024-08-05 19:07:01Event JSON
{
"id": "d9de08874149bfacfd7e6e03c7fb49de1d226c45aa855cc39bdd2dc8ec7012be",
"pubkey": "3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594",
"created_at": 1722884821,
"kind": 1,
"tags": [
[
"p",
"3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594"
]
],
"content": "Hardware Wallets are devices designed to hold bearer assets which can be trivially stolen if you leak the private key(s). There’s many, many people involved in the manufacture of each hardware wallet, each of which might wish to make free money by backdooring the hardware wallet. For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. Sure, most hardware wallets have tried to be robust against these attacks, but there’s frankly just not that much that can be done.\n\nWouldn’t it be nice if you didn’t have to trust the device at all, but rather an attacker would have to compromise *both* your hardware wallet and your computer? Well, we’ve had the tech to do this for many, many years! The fact that only two hardware wallets bothered to implement this boggles my mind. It’s impressive incompetence, bordering on maliciousness, honestly. nostr:note16748fqunfxq63y980gl7me3u7d6zklvg8tscg45fpfw2lhzpv05qw2l5y4",
"sig": "c45c55f8676f490cdc9c42578630d71f373aaf3c632fa30d8630f3e6bd055bb33680d19fbe2930709c19df877b1fc11d51e7df2cf176cc46f68e732c2a37780d"
}