Bitcoin Forum

Maybe some of you read the news that came out few days ago how Biden is going to hire more people to work for IRS to make better tax enforcement and people will have to pay him $80 billion (https://www.wsj.com/articles/biden-to-seek-80-billion-to-bolster-irs-tax-enforcement-11619539465) in extra funding for that.
News came out that IRS recently launched Operation Hidden Treasure (https://news.bloombergtax.com/daily-tax-report/irss-operation-hidden-treasure-focusing-on-crypto-fraud) for tracing cryptocurrency transactions and detecting people who are avoiding to pay taxes for undeclared cryptocurrency gains.

What is Biden administration going to do with all that money collected from people?
IRS or Internal Revenue Service is now looking for help to hack cryptocurrency hardware wallets (Trezor, Ledger, Coldcard and others) and they released must read 25 pages long PDF document in March 2021 named:
Performance Work Statement Criminal Investigation Development of Exploitation Techniques Against Cryptowallets (https://pdfhost.io/v/NLQrwNPQy_Statement_of_Work.pdf).
In this document IRS Digital Forensic Unit admits that hardware wallets have become very secure and they need solutions and reusable tool to hack wallets, because they may have them in possession from various cases but can't break them.

This means that it is very important to have open source hardware wallets because backdoors can much easier be implemented in closed source wallets and ''secure elements'', and we may even see some new or existing hardware wallets secretly being founded by IRS in future.

Trezor wallet posted on Twitter that this is oppression of citizens and attack on individuals rights to privacy, and I would agree with that:
https://twitter.com/Trezor/status/1387863392984182787

Remember to always protect your hardware wallets with passphrases and multisig solutions and learn how to protect from $5 wrench attacks or if done by government it is called Go to Jail card.

https://i.imgur.com/SUGR7mL.jpg
source document (https://feedback.gsa.gov/WRQualtricsSurveyEngine/File.php?F=F_3oO5cwpbxHlGByo&download=1)

Tell me they are not after hacking your wallet passphrase?

So in the none open source wallet the backdoor is to pass the wallet seed to a third party? Or what else information they are after. And if they are after such information then how would one differenciate them from a bad hacker?


Goverment can put pressure and they do everything to get their job done. Maybe some company will sell their ethics for more money but those who are into true bitcoin they will never sell their idology. We need to be more careful when we are chosing our wallet and handling our crypto.

Yeah, privacy should be human right, but then again it's hard dilemma for regulators when people are using privacy to escape regulations. You might get away it for a while, but more money you are trying to hide, more difficult that's going to get. And i don't think that there's a real consensus yet how this right to privacy should be handled, because even regulators want privacy, but they also want a possibility to audit. I am looking at combination of RegDeFi and zero knowledge proofs to combat this.

Because no one want lack of privacy in the end. We need to build an opposite system for china's trackable currency. We need to be a good altervative for oppression.

Typically, a backdoor would allow unauthorized access. Someone who is not the owner of the wallet and does not own the seed or pass phrase would be able to bypass all security and have access to the contents of the software. In an open source system anyone would be able to see the backdoor which was put and avoid using such applications, this is not the case if it is closed source.

The government is not relenting in their efforts to identify Bitcoin users and transactions, so Bitcoin users should not compromise on safety and privacy.

Yeah good luck cracking my seed, suckers. More evidence that the gov are getting envious & desperate.

Biden should concentrate on building a quantum computer then only its possible to hack the wallets. :P

Tax evaders should be worried about it but its time for the crypto billionaires to move out of the USA or else they have to pay 70% of their asset value for tax and penalty or even they have to pay it completely.

Cracking seed phrases? Are they insane, simple word, it's robbery.

Also, the bip39 would be another hindrance to them, it would require them lots of resources just to get their motive. Good luck with that lol.

I wonder how many companies with closed-source HWs would not sacrifice their clients for millions of bucks coming from IRS. In an open-source world, it is indeed very weird to sell a partially closed-source product. But since authorities have easy access to very large fundings, a $10M secret contract with Ledger might actually sound good enough for them to allow backdoors in their HWs, if they haven't done it already.

Worst thing is, they literally have a money printing machine. They could at any given time start working on a computer specifically created to break down all the seeds using latest technologies, without us knowing it. They're so desperate they might want to do that, even though it does mean breaking someone's financial intimacy from anywhere around the world.

One perfect example which fits here is the coinbase IPO. If the companies or individual buy the coinbase IPO, then the government can get hold of you and demand you for all sort of taxes and income sources etc but if you buy the real bitcoin and hold it in your private wallets, government hands can't reach there. Now its your choice on what you choose.  :)

the irs doesnt need private keys or the seed to achieve their main objective; all the need is a list of addy you control. at that point they have all the info they need as they can then monitor those addys.

they could get those addys from ledger (trezor etc) servers now if they tried which is much easier.

all the more important to run your own full node for your hardware/software wallets and use that for your transactions. then only you know the addys.

Imagine they had an 8yo seed which was used with coin control ever since it's been generated. Having the seed means knowing its entire history and, moreover, you now know all this history is of one single person's finance. It's their wet dream..

I heard that Biden is gearing up for a $6 trillion additional spending plan, which is conveniently named as the "American Families Plan". Obviously not all of this amount can be sourced from printing banknotes alone. Some of it needs to come from taxing successful people. The long term capital gains tax for the highest slab is about to touch 60% in cities such as LA and Portland. I don't understand why the successful people still want to remain in the United States. Is it that hard to renounce your citizenship and move to some Caribbean country?

yeah, with the seed thats the icing on the cake. yes the seed give far far more info into the history. who wants transactions you did 10 years ago scrutinized even if you did something totally legal (goat porn is legal right?).

i can build an open source trezor from the published schematics and BOM. and compile the code. so hard to hide a backdoor there at least.




to do that you 1st have to pay a one time "exit tax" on basically your entire net worth. that may or not be worth it to some.

It is enough for them to have just one dirty worker in this hardware wallet factory who will add some hidden backdoor and nobody will ever know that something is wrong.
Secure element will not help you in this case, and NDA will prevent them from saying anything about that in public, so they don't need to pay millions of dollars at all.


Oh but they do need your private keys and passphrases to access your funds and confiscate them whenever they want, because they probably have a bunch of hardware wallets full of treasure just collecting dust in their warehouses.

It's kinda ironic: they're so stuck in their ways trying to control people and money, they don't realize that's why crypto was created in the first place.

Maybe Ledger can also leak send them all data they have on their customers. O wait :P

Don't they have the same "problem" with most software wallet and other encryption? As far as I know they don't have a backdoor to BIP38, if they eventually manage to enforce backdoors into hardware wallets, we'll just go back to using paper.

Unless they store that too, but since you can use as many different passwords as you want, that must have a limitation.

Yeah, Signal is bad because it allows criminals to communicate without them knowing. Bitcoin is bad because criminals can have transactions and mix their coins without the IRS finding the real source of coins. Cash is bad because it pretty much removes the trace of money... dumb phones are bad because Google can't do targeted advertisements anymore.. 3G and 2G are bad because they're the only ones still making dumb phones a thing..

Tl;dr: anything they can't look into is bad. Your safety is provided by the government who really cares about you. I mean, they really do. So much, they'd look into anything that you do just so they make sure nothing bad ever happens to you. ::)

Lesson of the day: when you give up your freedom for safety, you lose both

Is this hacking of wallet also connected to that of hotbit? Hotbit also complained on that in there website on attempt to hack them the past one week ago but that they didn't succeed. They shut down site for a week but have now reopened.

They would do so anyway and it is not the average guys with a little investment who does all the harm. Read the papers written by Gabriel Zucman on tax evasion with highly sophisticated structures using tax havens. That is where the money is and not in the cryptocurrency wallets of the average Joe.

It is sad to read this but they will make it happen and indeed a backdoor in hardware wallets being developed b the IRS themselves is a true threat. If you work at the IRS and you know how to get access to a specific type of wallet, what will keep you from abusing that knowledge when the opportunity coms up? That's a real issue

This is how you spot a country in trouble. A country that is promising more than it can deliver and looking for ways to make additional money at people's expense.

They're crazy if they think they can trace bitcoin when people can trade their coins for cash at any moment. Hacking hardware wallets, sure. :)

Biden is being laughed at by other countries when he can't find stuff, gets confused in public, forgets what he was talking about, apologizes to people. He's not a strong leader, not a healthy one too and Americans will be lucky if he lives to see the end of his presidency.

Ledger is stupid enough and they are storing passphrase on their device combining it with PIN code, but Trezor is not storing passphrase anywhere and you can verify that because they are fully open source.

They first take away all your freedom and lock you, than they offer you solution to make you free in future if you accept some new restrictions... sounds familiar?
Good thing is there are more and more people who are waking up and working for freedom and not against it.

They don't even need to have access to hardware wallet factory and workers, and all they need is backdoor in closed source secure element chips like they are doing with smartphones and NDA would protect everyone.
That is why we need to have open source hardware wallets with open source secure elements to reduce risk as much as possible.

A simple but slightly expensive method would be to just shred and burn the Ledger each time you've entered the passphrase. When you need it again, you restore your seed and password a new device.
If you're hiding a few billions from the IRS that might be a small price to pay.

How do you audit the chips though? It can be open source but there is nothing you can possibly do if you can't verify that the chip follows the schematics exactly, evil maid attacks, etc. You would also lose some parts of the security; reason why most chips aren't open source is because they provide security through obscurity. Whether you can maintain a similar level of security with open source chips would probably be debatable.

Just microwave it :D

Let's wait and see what Trezor devs will do with TropicSquare TASSIC project and $4m for making open source chip, and most users will probably never going to verify anything, but other developers will do it.
You can have evil made and other attacks with any device, but you will not be buying cat in a bag like you are doing with closed source chips that can have hidden Chinese or irs backdoors and you will never know it.

The US government is doing what I consider illegal to attack people's personal wallets. What am I going to do with my money now that I don't know much about the units that store cryptocurrencies? The wallets are only third-party entities that help store Bitcoin. Should I bring all my Bitcoins to a mixer or convert them to Monero?

That doesn't change a thing if the US government gets their hands on your hardware wallet.

This is a fact and it unfortunately applies to almost any kind of hardware.  The US government has managed to plant at least one backdoor in most of the recent hardware available as customer-end products.  It would surprise me quite a bit if I knew they cannot get past an encrypted disk, for which reason even fully encrypted airgapped computers may not be the perfect solution to this type of abuse.

Best solution for this issue may still be paper.  It is undetectable by professional equipment and you can laminate and hide it just anywhere, as opposed to hardware wallets which may already have who-knows-what kind of flaws and backdoors inside them.  Since they have been specifically created with cryptocurrency cold storage as a purpose, expect anything and everything from them.  I am talking particularly about Ledger, as it has closed-source components inside.

Hide a seed on a piece of paper in two different locations and choose two other separate spots to hide the seed's very long, random passphrase at.  Should they ever get to own your piece of paper, they will find out it contains a balance of exactly zero Bitcoins inside.

-
Regards,
PrivacyG

Yes but brings up the next problem: all users have to be equally educated about which wallet to use and why. If there are people using a hardware wallet who interact with those using an open source secure wallet both parties are exposed. In a sense you would have to ask the other party if she sends the Bitcoin from an open source wallet or else you refrain from transacting with each other. The hard part is to get all users develop the understanding of the advantageous of open source wallets. Frankly speaking, is that even possible?

You still need to use paper or metal plate even for hardware wallets because this devices worth nothing without your backup phrase.
Airgapped computers are not the best solution for most of the people and average tiktok generation with short attention span, and they can also have even more backdoors, because they have more chips and other electronic parts, including more complex operating system.
I have nothing against airgap and all options are viable and possible but masses want something simple and shewed up.

As if that's a new thing, they have been spying on their citizens remember? They also have been instilling dictatorship in third-world countries for a long time, have a lot of black sites to torture prisoners and innocent people, and hacking hardware wallets of their citizens is just a walk in the park compared to all that they did so no surprises there. If it ever comes to that point, you better hide your HW somewhere like a drug trafficker.

Very true.  However, the closed-source components may store basic yet crucial information about your hardware wallet such as passphrases and seeds.  Paper wallets do not have a memory to store sensitive information on without your knowledge.  In consequence, a backdoor-enabled device may enable a security agent to see what a paper wallet would not be able to show.

-
Regards,
PrivacyG

FYI all chips in your airgap computer are closed source, they can have backdoors, and you still need to import paper wallet at some point of time or take it with you in your grave and afterlife.

Trezor HW is open source, they are not storing passphrases anywhere, and they are actively working on open source secure element for their next generation hardware wallet.

The proper way to spend funds from a paper wallet is by creating a transaction, and signing it offline. If you're truely paranoid you can verify the signed transaction with different software on a different offline computer before broadcasting. If you're worried about hardware backdoors: you can probably find a computer older than Bitcoin for a few bucks on Craigslist.

I was particularly talking about Ledger, see one of my previous posts:
Moreover, the previously mentioned issue does not apply in the case of importing paper wallets.  IRS wants to unlock your hardware wallet after getting their hands on it.  They want to either alter your device or have backdoors in order to get to your keys.

As a result, encrypted paper wallets are way more safe than hardware wallets as long as the passphrase(s) are stored securely.  You cannot alter a paper in an attempt to get a passphrase out of it that does not exist.  In consequence, getting their hands on your paper wallet will be in vain.

Upon importing the seed or private key, its safety depends solely on the user's behavior.  Main threat implies a closed-source piece of hardware storing a seed and passphrases.  A paper wallet combined with a legitimate open-source hardware wallet like Trezor is definitely the best combo for hardware cold storage today.

-
Regards,
PrivacyG

This makes it now even more and more important to trust only open source wallets,,, and also as much as possible all the Ledgers and Trezors you ever bought, if you used your personal details you can be sure their databases are not only now vulnerable to hacker attacks (as we have already seen happen) but also to government requests.

Old Trezors may also become obsolete or need updates. Don't forget that these state led agencies also buy hidden stakes in these companies. We may not even get to know if an organization like the CIA or NSA is involved in any particular way when it comes to hardware wallets.

Yes I know about ledger and they are my biggest concern for hardware wallets along with safepal hardware wallet who is even more shady and they can easily have some hidden chinese backdoor.

Let's imagine scenario of some government agency busting your home and finding hardware wallet and your paper wallet that are not connected with each other.
What do you think would be easier way for them to confiscate your coins, from paper wallet or hardware wallet?
They don't need to hack paper wallet but they already have private key written on it.

I would agree with this and maybe this is not the perfect solution, but it is most simple for average users.

To be completely honest with you, I think it would be easier for them to confiscate coins from a hardware wallet IF the paper wallet has a strong enough password.  One requires brute forcing, the other may require only a coding or hardware flaw.

Moreover, an initialized hardware wallet hints out that it contains a seed inside.  If a professional finds your initialized hardware, they will most likely think it is not an empty seed.  Otherwise, you would have not owned a hardware wallet in the first place.  Therefore, spending resources to crack it may be worth it.  A seed printed or hand-written on a paper that retrieves an empty balance without the proper passphrase gives absolutely zero hints that it may have a balance inside.

I am not sure there is a limit on the number of characters a passphrase could have.  However, you can only imagine how long a 70-char random passphrase brute forcing has to take.  After enough time spent trying to brute force it, I think it is likely they will give up.

I wonder, is it absolutely impossible that even an open-source hardware wallet does NOT temporarily store a passphrase inside its memory that may be retrievable if a weak security point is found through physical tampering?  I reckon getting the right strong password of a paper wallet is a harder job.

-
Regards,
PrivacyG

Some hidden and some not so hidden. All these states ask banks to look at the underlying companies who own money transactions but the truth is there is a lot of "good states" who are as dark as the non-state rogue actors.

If we think Ledger and Trezor etc do not already share our data directly,,, we are such fools:)

I wouldn't worry too much about it at this point because if you think about it, the government probably has all the information needed to control and spy on you already, even before your introduction to cryptocurrency so no point worrying, they won't probably go rogue suddenly if you are living in a first world country.

It's disgusting that the state are that desperate to know everyone's worth that they stoop down to such low levels to find it. Attempting to crack wallets without permission, is something a "normal" person would likely go to prison for.

This doesn't only just apply to closed sourced software, though. Open source hardware wallets now need to be monitored more frequently for changes in code, since they could try, and sneak something in without anyone noticing. We shouldn't be complacent, and trust something just because its open source.

Yeah, I don't believe that they intend to take anything, unless they can lawfully take it by coming to the conclusion that someone hasn't declared the correct amount of tax.

I guess it's only robbery if they actually take anything. Their intentions might be to try, and break in, and determine whether someone has been paying the correct amount of tax or just general surveillance, because as we know from the Snowden leaks they love to monitor pretty much everything that they can, and they don't mind breaking some laws to do that.

Absolutely, if someone has evaded the government completely then I would be extremely impressed. Since, our world revolves around using mega companies such as Google, Facebook, and other Monopolies its just easy for them to gain access. I believe there was several USA phone service providers who were sharing data with the government, and that was also exposed by Snowden.

It is true, open source doesn't mean something is automatically safe, and we saw many examples of malware spreading like open source fake wallet clones.

All phone operators worldwide are closely connected with governments so you can't consider any information or your location with based station to be secret for anyone.

It is unnecessary. The passphrase is only stored on the device if you choose to attach it to a secondary PIN. You can also enter a temporary passphrases which is not stored anywhere and the keys it generates are wiped whenever you unplug your device.

I wouldn't recommend that. Not many people create and hide paper wallets with nothing on them, and that is pretty strong indication you are using an additional passphrase. It would be wise to have a small amount of bitcoin under the non-passphrased seed phrase which you can give up in such a scenario.

In such a scenario, then they just through you in jail until you tell them what they want to know. Whether your wallet is hardware or paper is irrelevant.

On Trezor it is 50 characters, on Ledger it is 100 characters. On Electrum, there is no upper limit I am aware of set by the wallet, so the upper limit would theoretically be the maximum input size for the HMAC-SHA512 function, which is a string with length just less than 2¹²⁸ bits.

What's that going to do if your government has you on their records the moment that you were born, I mean they all have us the moment that we were thrown in this world, if they suspect that you are hiding something especially with their precious taxes, you will be easily located.

Oh I would worry,,, I know the government has a lot of information on us but I would really not like them to know exactly where I keep my Bitcoin and for how long and for how much. It should be enough for them that if I sell for my local currency, then I can pay taxes, that is fine they can track my bank account. But why should they track my wallet?

You will probably have a hard time finding a single company whose business is data driven in any conceivable way in the US that is not closely cooperating with the government. There is so much information out there who is cooperating with the government, I don't believe there is a single one resisting the pressure government puts onto them should they not cooperate.

You are also right with the open source software not being safe necessarily just because it is open source. Same for the TOR network where they spy a lot by setting up infected exit nodes or, put differently, their own exit nodes. You have to pay tremendous attention to effectively protect your privacy.

That's a big assumption to make. First world governments frequently "go rogue" and ruin the lives of any citizens they decide are causing too much of a problem. The US government is undoubtedly spying on you constantly and collecting huge amounts of data about you, unless you are taking active steps to maintain your privacy. A very basic step in that process is not letting the government know exactly how much money you own and exactly when and where you spend it.

Exactly. We live in a surveillance state, but they have no right to blanket monitor everyone's financial activities. If I'm not doing anything illegal, then why am I being monitored? Whatever happened to innocent until proven guilty?