 Another day and another hardware wallet hacked, this time it was open source device OneKey, biggest manufacturer of hardware wallets in China. OneKey was forked from original Trezor code and they added secure element ATECC608A, but they obviously didn't do a good job with that, as it was explained in this short video clip. This vulnerability was discovered by company called Unciphered, known for helping people unlock their crypto wallets, and for this job they received $10,000 bug bounty reward from OneKey. Seed phrase was easily extracted by doing man in the middle attack, and inserting chip between processor and secure element, after that it took only one second to extract all seed words. It's important to say that this bug is now fixed with firmware update, but problem is that many hardware wallets available today share the same code (based on Trezor) so they could also be affected.  Video by Unciphered: https://www.youtube.com/watch?v=b8OrakRJmHEEric Michaud, the founder of Unciphered said that hardware wallets can often times give people a false sense of security, thinking that wallet can't be hacked. He also said that there could be a problem with many other hardware wallets because manufacturers recycle the same code base for their products. Article about this was first released on Fortune Crypto website: https://archive.is/S1NwoOneKey released official reply on their blog page, and they said how these attacks cannot be exploited remotely, and attackers need to have physical access to device. It's interesting to see them claiming how other ''world-renowned hardware vendors'' had similar problem but they didn't say anything about it, because they are not open source (Ledger comes to my mind first). They plan to improve security for future devices by introducing EAL6+ higher level of security, but I would be careful with their devices in future. https://archive.ph/1qg0hGood thing about this bug was that nobody lost any coins, because evil hackers didn't found out first about it, but it's a good reminder to everyone, don't blindly trust any device just because it is open source and it has secure element. Don't trust, verify. |
|
|
|
I think it's time for me to change hardware wallet, this time I would like to take an Open source hardware wallet that doesn't cost much, I looked at your list and the onekey classic caught my attention, it looks like a good device but I would like to ask what do you think? Are the updates regular? does the battery have a long life? Or would you recommend a different wallet?
I don't own OneKey hardware wallet so I can't answer everything you want, but I know they are forked from Trezor wallet with added secure element ATECC608A. They are making regular updates for their native OneKey app, but not all of their devices have battery, only OneKey Classic 100 mAh and OneKey Touch 800 mAh. I am not going to recommend any hardware wallet, you have the list with more information, and you can make your own decision based on your needs and coins your use. |
|
|
|
Jesi li imao priliku da isprobaš aplikaciju već? Pitam jel na stranici piše da trenutno ne primaju nove beta testere već moraš ostaviti svoj email pa će te naknadno kontaktirati.
Kakve su impresije i ima li već nekog značajnog volumena trgovanja?
Nisam još dovršio testiranje, ali uradio sam mali mađioničarski trik i preuzeo sam APK fajl sa njihove stranice. Za sada ima opcija za samo nekoliko EU zemalja sa lokal opcijom, ali postoji i Bank Transfer, Paypal, Revolut i Wise za online wallet, i Amazon Gift cards. Mislim da bi ovo moglo dobro funkcionirati i mnogo je lakše za korištenje nego LocalBitcoin i slične p2p web stranice.   https://peachbitcoin.com/beta.htmlPS Koristite na vlastitu odgovornost i rizik... I am not your financial advisor  |
|
|
|
We've seen with the recent earthquakes how important it can be to have a seed phrase backup that can withstand some damage. One of the reasons I like to use one washer per 24-word seed backup and large washers is that the end result is relatively large and bulky, so you could find it again in such a scenario. LoyceV tactics of putting paper backup inside walls wouldn't end very well in this earthquake scenario, but I don't think slightly larger washers would make much difference. Only thing that would work in events like this is if you have multiple backups distributed in different locations, different cities, regions or even countries. We could argue that living in house is much better option than living in tall buildings, and if you want to hide anything, digging a hole in your backyard or near your favorite tree/flower would be much better. I'm actually in the process of doing it, and not just for my Bitcoin, but other things like certain credentials. However, my threat model isn't as extreme as some of the options here, since I live in a relatively stable area which doesn't have too many hazards.
Stable can quickly turn to unstable, and it doesn't have to be natural disasters. I know some people who are having big problems with immigrants, police are not doing anything about them, they are armed, they are dealing drugs, and doing all kinds of shit. They look more like armed forces ready to be deployed on command. When I was referring to threats I was thinking about legal ones, like government banning bitcoin possessions, or legal ones (an asset seizure from government) or a search warrant of your belongings.
Not just natural disasters, rather self-inflicted ones!
They banned gold in past, so nothing would surprise me anymore. |
|
|
|
Doing trades on there before kyc was really slick. They were a great dex when I used them (similar in style to bisq now iirc) but then regulations came...
It's sad to see one of the oldest Bitcoin p2p trading websites going down like this, but this was expected after they accepted mandatory kyc regulations on their platfrom. In future we are going to have to pick sides and I don't see any reason to use websites like LocalBitcoin if they have kyc verification. I am not worried about this news at all, there are several alternative options for p2p trading that work just fine now, and for all others there are always centralized exchanges. This is obviously related to latest Operation Choke Point 2.0 that was started by US administration, to make life harder for all crypto to fiat connections. |
|
|
|
Looks to be interesting. Lets see how it really turns out.
Basically a MK4 cold card with a larger screen and real keyboard and a few other features but the underlying hardware is the same.
And where the price really winds up in the end. It's $200 pre-order. Who knows if it will actually stay that way.
I thought this was some kind of Blackberry joke first, but then I remembered it was not April 1st. It's obvious to me they are concerned with their main competition Passport wallet, so they decided to go with this phone look direction instead of old calculator style, but having 3xAAA batteries is a big mistake in my opinion. Similar thing with batteries was done by Keystone essentials and Passport wallet first edition, and it didn't work very well for both of them. Good thing to see that this year is going to be very interesting for hardware wallets, now we have Coldcard Q1, and new Keystone and Trezor should also come out. |
|
|
|
Seems like yet another big name in crypto won't survive this bear market as Coin Cloiud (according to coinatmradar the world's 2nd biggest ATM operator in the world) filed for bankruptcy, owning between $100 million and $500 million. It looks like this happened because of their connection with Genesis Global Trading who had financial problems recently and they are one of the biggest creditors for CoinCloud. I don't think CoinCloud have any Bitcoin ATM's in Europe, and most of them are located in North and South America. Maybe there is still hope someone could buy them for a good discount price and ATM's could continue operating with rebranding. I've used Bitcoin ATM for years while there were no better (cheaper) options to buy & sell bitcoin but then competition started showing up that can offer lower fees, making me using BATM only as a last resort and I think that many (at least in my country) do the same so I am not surprised at all to see that companies that offer those services are having troubles.
I think having Bitcoin ATM option is still very important, maybe they don't offer lowest fees but sometimes this is the quickest way to exchange Bitcoin for cash. |
|
|
|
Našao sam još jedan novi hardverski novčanik Ammer Card u formatu pametne (NFC) kartice. Ova kartica se može kupiti za 99 CHF (€100) i podržane kriptovalute su Bitcoin, Ethereum, Litecoin, Polygon, Ton, BNB, Celo, Waves, ERC20, USDT, USDC... Ammer card izgleda kao obična kreditna kartica, ali ne može raditi na normalnim bankomatima, već samo na njihovim Ammer pay terminalima. Privatni ključevi se balaze na kartici u sigurnosnom elementu sa EAL6+ certifikatom.  https://ammer.cards/PS FatFork možda bi mogao ukloniti Kune i ostaviti samo Euro ili Dolar za sve hardverske novčanike. |
|
|
|
Nisam iznenađen što ovo čujem za LocalBitcoins, nakon što su uveli obaveznu kyc verifikaciju njihova lividnost je stalno opadala, a sigurno su imali i problema sa regulacijom. Nedavno sam čuo za alternativu koja se zove Peachbitcoin.com, p2p trading app, za sad je open beta, bez kyc verifikacije, super je za EU. A postoji i Bisq, AgoraDesk i druge opcije. |
|
|
|
This is not the first time some member is doing ban evasion and he does not get banned by moderators. I remember few years ago I posted clear proof and connection between accounts (address and social media), that guy created many accounts but most of them never got banned. As for IP bans, they are far from perfect, because I know some examples of people who tried to register in forum for the first time and they received evil fee message. Being honest Im bigger contribution to the forum than the Yahoo guy.
Yeah sure, I think you deserve a medal for your contribution in stupidity, and you write forum posts like a real cave man. P.S. The user has now been banned for ban evasion.
Just remember his special style of writing, I am sure we are going to see him again soon. |
|
|
|
I hope Satoshilabs can find a solution to give support to its original model, it would be a pity if they started to neglect it right when the most exciting parts of this technology are supposed to be at the reach of those with a tight budget.
I don't think they are neglecting Trezor One model, but coinjoin transactions need more processing power with memory and model One is getting old for that. It's more likely they are going to focus on supporting new generation Trezor hardware wallet and Trezor Model T, but I wouldn't mind if they release Trezor model Two with small upgrades. I am certainly not going to buy Trezor Model T for more than $200 just because of new CoinJoin feature. |
|
|
|
to be fair, if Gavin were concealing his original reasons for giving Craig Wright the thumbs-up, ill intent is only one possibility. If we don't know his reason(s), then that's as much as we may ever know
Or Gavin was simply blinded by CSW charisma  I wonder did Gavin also played a lot of games with certain government agency as well, and could that affect his judgement as well? Anyway, I see more bad new for Craig Wright as he just lost his Bitcoin copyright claim in UK court, but I am sure that won't stop him going to more courts in future: https://www.coindesk.com/policy/2023/02/08/craig-wright-loses-bitcoin-copyright-claim-in-uk-court/ |
|
|
|
Even M5stickV has 3 buttons now. After an update, power button can be used to navigate(go back).
DIY version Dock navigates using a rotary encoder.
Yeah I know, but I have to admit that buttons are not very comfortable to use, if anyone plans to use them for entering letters and seed words manually I don't know how old Androids will handle the app. As the app doesn't require anything fancy I hope it has some wide range of compatibility. I have some cheap, but not old phones to test. If you try let us know if it worked.
I tried using Krux app with Android v4.4.2 and sadly it could not be installed on this old smartphone from year 2015. It works just fine in any newer smartphone and in android emulators. |
|
|
|
I find this thread very interesting, I've been wanting to try my hand at producing a DIY hardware wallet for some time, I also saw that it supports lightning network! I would like to know since you haven't updated the thread for some time if you have encountered problems, both on the hardware and on the software side
Everything works fine and I didn't have any problems, but I am not using it very much and device is just ''sleeping'' in one of my tech drawers. I remember there was some small issues during initial firmware and software installation, but this was related to my operating system, not with device itself. Device I used was dirt cheap and I printed my own case, so it's easy to do it yourself. I immediately came to look since I am very passionate about DIY
very nice, I wanted to try with M5stack since I own this device (but I miss the keyboard, I have to provide it)
I don't know if it works with M5stack (not confirmed on website), but I used TTGO T-Display that works fine, and you don't really need to have any keyboard for this. |
|
|
|
It's possible there are some little changes after they did recent facelift and brand design changes. Judging by Christian Reitter who opened Safepal last year, there are no tamper detection sensors here, so it looks like one more false advertisement from Safepal. I would never spend a single dollar on this wallet, but if someone already owns it's good to know that battery can be replaced. honestly speaking, i don't think a firmware update will solve the safepal s1 battery problem, i think the problem is just the type of battery supplied with the hardware wallet that doesn't hold a charge! trying to replace it could trigger the self-destruct protection! you should first order a new device or get a different device than safepal
Does anyone know how exactly their self-destruction mechanism works? If it is triggered by opening of device, than it would be almost impossible to replace battery, but it can probably still be used with cable power connection. They obviously added self-destruction sticker to make it sound look than it is  |
|
|
|
This wallet is still in alpha experimental stage of development, but why do I need to create online account with username and password, instead of downloading wallet and installing it on my computer? I am not interested in creating and using any altcoins or nft with this wallet, but I would consider using it as alternative for stable coins. Another problem I have with this wallet is that I can't find any information about license, so you might want to add this on website. |
|
|
|
Why Electrum doesn't use BIP39 seed? even use and have the same wordlist as BIP39 (2048 words). Electrum developers think that BIP39 seed is not safe enough so they tried to improve it by making their own system and fixing shortcomings. I know this could be confusing to some users, and I would suggest writing extra information when you are generating seed words, by simply writing small note like Electrum or BIP39. In same way I would write derivation path that is not standard, passphrase, and anything that could help recover coins. How to know if no.1 is bip39 seed and no.2 is electrum seed?
You can only know by importing words and checking your balance after that. |
|
|
|
With a strategy to stop the growth of bitcoins by reducing the community behind it, Is it possible that the government (say a collective effort by them all) target bitcointalk since it is the largest community bitcoin has(I think), to stop the activities of forum members from staying together to ensure that this community is disbanded?
It's impossible to stop Bitcoin by targeting Bitcointalk forum, and I am sure theymos is making regular backups in case something bad happens, so it can be restored quickly. Most of developers and people who are working on Bitcoin code are not actively writing in forum, but in theory we could always create another way of communication. Nostr was recently released as alternative to Twitter and it is growing in popularity a lot, so maybe it's possible to do something similyr for bitcoin forum. |
|
|
|
Može još jedno ažuriranje FatFork i Pmalek?  Shitcoins.club otvara prvi Bitcoin bankomat za kriptovalute u Sarajevu, glavnom gradu Bosne i Hercegovine, iako u BiH promet kriptovalutama još nije zakonski uređen. Adresa za bankomat je Kranjčevićeva 33 na na Marijin Dvoru, Sarajevo, a za sada podržava Bitcoin, Litecoin, Ethereum i Tether USDT. To je treći ovakav bankomat u BiH, a druga dva grada koja imaju Bitcoin bankomate u BiH su Banja Luka i Gradiška.  https://radiosarajevo.ba/vijesti/bosna-i-hercegovina/kriptovaluta-u-bosni-i-hercegovini-prvi-atm/483045 |
|
|
|
A minor correction. You can pick your Wasabi coinjoin coordinator. You are not required to use zksnacks.
This is correct, but there is a good chance you won't be able to coinjoin anything because there are not enough coins with using different coordinators, or coinjoin results would be poor. On top of that, most of the people don't even know how to choose different coordinator, and there is always a risk this other coordinators could be arrested for doing something illegal, so it's not very popular position |
|
|
|
|
Show Posts
