Bitcoin Forum

I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?

The most secure and safe wallet to use are offline wallets, while hardware wallet is one of the offline wallets, which means its private key is completely generated offline and remain offline. While using online wallet to access your hardware wallet, the only risk involve is the recipient address to automatically change to a hacker's address unknowingly to the person that want to send from such wallet. If the sender do not check the address very well and notice the change of address to hackers address, the bitcoin will be sent to the hackers address. So, checking the address and rechecking it again before sending any coin will help during the time, but yet it is best to avoid malware and have good online and offline practice to protect you from attackers.

The private key is never transferred over the USB. The bootloader doesn't have any codes that would transfer the private key to the computer nor does it need to be exposed that way. The unsigned transaction is transferred through the USB and signed on the device. The private key is always stored within the device in a sanitized environment. As long as the device doesn't send the private key or the seed over the USB, it doesn't matter whatever data is sent to and from the device.

A good hardware wallet is more than just a simple USB drive. The whole point of hardware wallets is exactly that you can plug them in to compromised or online computers without having your private keys stolen.

The most that a compromised computer could do is craft a malicious transaction and push it to your hardware wallet to be signed. As long as you are paying attention and you don't confirm the malicious transaction on your hardware wallet, then your coins remain safe.

The two most important elements to the security of your coins is the seed you generate when you first fire-up your hardware wallet and the private keys derived from that seed, which sign transactions allowing you to spend your coins. In the case of Ledger, the seed is only visible on the screen of your hardware wallet. It's native software, Ledger Live, never sees the seed.

The private keys are kept in a sealed environment known as the Secure Element. The keys only get used when you need to sign transactions to spend coins. For that, you need to physically allow your device to sign the transaction by pressing the two buttons on top of it. No software or third-party can see your keys or broadcast the transaction for you.

You can test that yourself if you have a Ledger hardware wallet.
If you use Electrum, create a new wallet for testing purposes. Run the software, click on Wallet > Private Keys > Export. Enter your password and Electrum will display the private keys of 20 receiving and 10 change addresses by default.

Try the same with your Ledger. Plug in your Ledger and connect it to Electrum. Open your bitcoin wallet and try to view and export your private keys. You will see that it doesn't work because Electrum can't access them.

Secure element doesn't matter all that much in terms of securing the keys from malware. The purpose it serves is to make it harder for it to be extracted via physical attacks. Malware attacks are mitigated by designing the firmware and bootloader to not arbitrarily communicate sensitive information over the USB. Secure element doesn't ensure this, the MCU does. Secure elements mostly acts as a storage medium.

In certain hardware wallets, the private keys has to be exposed  to the MCU for transaction signing as certain secure elements are incapable of signing transactions. The environment is still sanitized nonetheless.

You're missing the simple fact that Hardware Wallets, while some of them might have the appearance of one, are not just a plain USB stick. They have custom hardware/software/firmware that prevents external devices from accessing the data stored within in.

Essentially they provide a limited "API" that external devices/software have to use to communicate with the device, such that the sensitive information stored within it (ie. seed/private keys) cannot be extracted using that API... at least, in theory :P

I once helped a friend with a crypto investment, so he asked me what the safest option was for keeping them - I recommended a hardware wallet and sent him links to an e-mail, to which he replied that he already had it at home. Of course, he only had a USB stick which I have to admit was quite similar to the Nano S.

I wonder how many people actually use such USB sticks for their crypto wallets (backups) and live in the belief that they have a hardware wallet?

Given the number of users that struggle to understand the difference between a "wallet" and an "address" etc... I'd say the number is probably higher than we'd like to hope :-\

Although one might hope that users who see hardware wallets like the Trezor or the Coldcards etc that look nothing like a traditional USB stick, would be less inclined to believe that a simple USB stick is a hardware wallet.

Even though your computer gets compromised, the hackers won't steal your private key as long as you didn't store it on your online computer.  All transactions or even crypto signing stuff will be done on your hardware wallet and it will not leave on the computer, and most HWs are protected with a PIN.  So hackers can't execute hacking online and extract your private key, unless if a hacker will physically access to steals your hardware wallet.

All kind of Bitcoin wallets that connected online will be hackable, you should be knowledgeable enough to keep private key safe which is the only one key to access your Bitcoin.  That's a very important point here that you should always remember.

I can't imagine it would be that high. To do this, you have to at least be capable of locating your wallet.dat or similar file for the software you are using, moving it to a USB drive, and opening it again from the USB drive when you want to use it. If you can do that, then even just looking at a Ledger or Trezor and realizing they have a screen and buttons should be enough for you to realize they are more than just a simple USB drive.

Still, although obviously not as good as a hardware wallet, storing a wallet file on a USB drive is marginally more secure than just using a straightforward software wallet, since your wallet file is not connected to the internet at all times.

They can't extract your private keys remotely (as far as we are aware for the major hardware wallets), but they can still attempt to push malicious transactions to your device in the hope you will sign them without checking. Hardware wallets are still only as good as the person using them.

You are right but not totally true.

Like if using hardware wallet like Ledger Nano, it has a secure element but which is close source, the secure element makes it impossible for hackers that steal Ledger Nano wallet to get access to the seed phrase, if the seed phrase can no be accessed, then no access to the private key. So the thieves will only steal the device for nothing.

It is very possible hackers can steal Trezor and able to access the seed phrase, this vulnerability has been discovered by Krakn like two or three years ago. But the use of passphrase to extent the seed will help for such hackers not to be able to access the cryptocurrencies because salting process in which additional words (passphrase) are used lead to generation of different keys entirely which will make it impossible for hakerd to get through to steal your funds.

There are some uncommon hardware wallets, example is the Coolwallet S that do not support passphrase and yet such physical attack can lead to access to its passphrase seed phrase, this will only make hackers to steal such wallet to get through by knowing the wallet seed phrase and have access to the keys generated by the wallet. That is why it is good not to use uncommon hardware wallet.

Secure element is designed to never leak the seeds or to at least make it inherently difficult and/or expensive to access it. Passphrase is used as an additional security measure against attackers if that layer of defense is broken, plausible deniability as well but using a passphrase is not desirable in all situations; not being covered by checksum, forgetting it, etc. AFAIK, CoolWallet has a secure element which makes it that much harder to extract the seeds in the first place.

I did not mean secure element or not. I meant how uncommon wallets can have unkown vulnerabilities, unlike the common ones like Trezor, Ledger Nano and Cold Card wallet that have been researched more about by experts. The vulnerability that was found in Coolwallet is not about the secure wallet, it is about having access to the hardware wallet and the phone used to access the wallet. The attack can even be through malware or physical theft of both the phone and the hardware wallet which will make the seed phrase to be know.



Although, there was a report from Coolwallet company (https://www.coolwallet.io/our-response-to-kraken-security-labs) that the vulnerability has been fixed. But I am talking generally about wallets that are not common, not about secure element. Also Coolwallet suffer some other vulnerability which not yet mention here.

Thanks everyone for the replies. My apologies for not answering before.
If I understood correctly from your replies hardware wallets are secure as long as the firmware is not compromised. The truth is I'm a bit surprised to see the community relying the storage to private companies when bitcoin and has been open source and DIY from the beginning. I found the offline (original) wallet method to be the most reliable and after reading you, correct me if i'm wrong, it still is. I'm referring to having and offline PC or liveUSB with your cold wallet there.

Nobody here is storing Bitcoin in any private companies, because bitcoin is stored on blockchain and hardware wallets are only keeping keys offline with no direct internet connection.
We are not promoting any hardware wallets, they are just simple and better way for holding coins than using regular hot wallets.

For most people it is not enough because they are sloppy, they make mistakes with offline wallets and they don't care about privacy at all, but you can do as you like.

There are pros and cons to both methods, and there is nothing stopping you from using both methods. I prefer a permanently airgapped computer with full disk encryption for the bulk of my cold storage. I transfer transactions back and forth using QR codes, using two separate webcams which are unplugged immediately after use, therefore eliminating any concerns regarding transferring malware or malicious code via a USB drive. The computer is stripped of all unnecessary hardware, only runs a basic open source OS and my bitcoin wallet and no other software, does not share peripherals with any other device, is stored in a safe in my house when not in use, and is only used in a room with curtains closed. However, I also use a couple of hardware wallets for funds I want to keep offline, but I will also be transacting with more often than with my main cold storage, which I might only touch once or twice a year. The ease of use of a hardware wallet is significantly higher than that of my main cold storage - just plug it in to my main computer I can be transacting within seconds.

Further, setting up an airgapped and encrypted cold storage device is not a trivial task, especially for someone with little technical knowledge, and there are many places you can go wrong in both the initial set up and the ongoing use. Conversely, buying a hardware wallet achieves a very good level of security (and I'm certain that some would even argue a better level of security), and is far easier to set up and use.

It's about the possibility of making these devices if you don't trust them, download the open source code on the physical devices and run them.
As mentioned above, it is related to economics cost. Hardware wallets provide acceptable protection for beginners, with the possibility of supporting many altcoins at a cheaper price than providing airgapped PCs.
As for companies and individuals who only care about their privacy and security, they do not use regular closed source hardware wallets

I have a small laptop that use in the same way.  I recently updated it with Ubuntu Desktop 20.04.2 minimal install, Ian Coleman's Bip39 tool, and Electrum.  That's all that's I have installed on it.  I haven't physically disabled the network adaptors and USB ports.  I like to keep the software updated, so I plan to use the hardware from time to time for easier upgrades.  Once the machine is set up the way I like it I disable the NIC and USB devices using the bios settings, which are also password protected.  The wifi adaptor is always disabled, I only use a wired connection when updating a newly installed OS.

I also use an encrypted USB as a redundant back up for all my seeds.  I store the seeds in an encrypted text file, and the USB stick is one of those aluminum enchased Corsair Survivor sticks.  Am using bitlocker for encryption, which is probably not the best thing since all my other devices are using open source OSs and software.  Since my data is PGP encrypted anyway, I don't think it's that big of a risk.  Of course I have my seeds backed up on paper and stainless steel, stored in a fire resistant document bag, in a fire resistant steel safe.  It's just nice to have them available electronically when I restore cold wallets on my off-line machine.

Although I do rip out the hardware I won't be using just to be extra safe, I don't think physically removing or disabling hardware that requires you to physically plug a cable in to operate is completely necessary, as long as you are pretty sure you won't absent-mindedly hook it up. I would recommend physically removing WiFi adapters and other wireless connectivity hardware, though.

Yeah, I would move away from BitLocker when you get the chance. It is closed source as you point out, but there are also widespread concerns that the FBI encouraged Microsoft to code a backdoor in it for them, as well as it suffering from some pretty major security flaws (https://www.reddit.com/r/privacy/comments/9ueskq/doh_what_my_encrypted_drive_can_be_unlocked_by/). My go to open source encryption software is either LUKS or VeraCrypt.

@zaico
Hardware wallets are simple to use, but still provide a decent level of security. That's what makes them so popular in the community. Web and software wallets are even easier, but they aren't nearly as secure as hardware devices. The perfect setup is an airgapped device or a properly generated paper wallet. But both these options require better technical knowledge than using a USB-like device.

An airgapped computer is only used as an offline medium to sign your transactions. It's a computer you aren't using for other things. Some don't have that luxury unfortunately. Some people don't own or want to own any PC/laptop, but they can still use a hardware wallet with their mobile phone.   

I downloaded VeraCrypt (maybe from sourceforge?) years ago, and the installer was full of a bunch of shit I had to decline.  I missed one and it took over my browser, the registry entries kept repairing themselves after I manually deleted them, and I had to purge the whole system to clean up the fucking mess.  Needless to say, it left a bad taste in my mouth, and haven't tried it again. 

Are partitions encrypted with VeraCrypt compatible with LUKS/cryptsetup?

I've never experienced something similar, but since it is all open source you could opt to download the source code and build it yourself if you wanted.

I've never tried it, since I pretty much exclusively use LUKS for full disk encryption and use VeraCrypt for individual files and containers, but a quick search suggests that cryptsetup will indeed open TrueCrypt and VeraCrypt containers:

https://wiki.archlinux.org/title/TrueCrypt#Accessing_a_TrueCrypt_or_VeraCrypt_container_using_cryptsetup
https://man.archlinux.org/man/cryptsetup.8#TCRYPT_(TrueCrypt-compatible_and_VeraCrypt)_EXTENSION

Now that's a security setup! The question is, how do you manage DEFI (that was the origin of my questioning) if there is no option for signing offline (airgapped pc)?

I don't. The only coins I regularly use and hold long term (or think are worth anything, for that matter) are Bitcoin and Monero, both of which support airgapped wallets, offline signing, and transferring unsigned and signed transactions back and forth. I occasionally buy another altcoin for a specific purpose, but since it is always for a specific purpose I am never holding it long term so I just stick it on one of my hardware wallets for the short time I need it.

I have no interest in DeFi, as I think it will go the same way as the ICO craze, the IEO craze, or all the other crazes we see in crypto - a lot of vaporware, a handful of scams thrown in, the vast majority of coins/tokens/projects dropping to zero, meaning some people who gamble on the right project at the right time will make a lot of money, but most people will lose money, and very little of it will survive long term.

Thanks for the answer and your view!