What are your thoughts on this article:

https://robertspigler.com/in-defense-of-my-attack

Don't get me wrong, I use hardware wallets, I generate my own seed, etc.

But lately I've come across some anti-HWW bitcoiners and I've been wondering if HWWs are as secure as they claim to be.

Interesting.

Is this flashing you talk about done by the official hardware wallet app? (BitBox App, Trezor Suite, etc)

Or is this something I need to do separately myself?

Ok, let's say a non-technical person (like the vast majority of people) wants to buy $25k in Bitcoin and hold it for 5 years.

What would be your recommendation to this person?

1) Install a mobile app on his phone, generate a seed, back up the seed, receive the bitcoin and then uninstall the app.

2) Learn how to install Linux and a wallet like Electrum or Sparrow and use that to generate the seed and receiving address.

3) Other (specify)

So, in your opinion, an open source wallet on iphone/android is as safe (or safer) than a hardware wallet?

The idea of a hardware wallet is to make it easier for non-technical people to use Bitcoin without exposing their private keys to the internet.

I have taught several friends how to use them and they learn quickly.

The same cannot be said with using Electrum or Bitcoin Core on an airgapped Linux computer. I can picture my wife's face while trying to learn this, she would be like "This is too much for me".

Hi everyone,

One of the main reasons I love Bitcoin is having peace of mind knowing that my money is safe.

Throughout the years, I have gone from using closed source hot wallets like Coinomi to using hardware wallets, running my own node and generating my own seed using dice.

Lately I've seen several users on Twitter that oppose hardware wallets heavily. They claim that the wallet manufacturers can eventually rugpull everyone and there's nothing we can do about it.

The argument is that there is no way for users to know that the firmware signed by the maker is the one that is actually running on the device (only that the device claims that its running that).

In addition to that, we might be leaking our private keys through our signatures because of malicious nonce generation. This means that everything appears to be fine to the user, but the attacker can scan the blockchain for signatures generated using these nonces and could potentially figure out our private keys. This is explained here: https://shiftcrypto.ch/blog/anti-klepto-explained-protection-against-leaking-private-keys/ and here: https://medium.com/blockstream/anti-exfil-stopping-key-exfiltration-589f02facc2e

I am no expert in these topics so this is why I came here.

Are these worries warranted? What are the chances of losing our bitcoin even if we do everything right: buying the wallet from official website, running our own node, generating our own seed, checking app signatures, etc.

If all of this is true and COLDCARD can suddenly rugpull everyone, what hope does Bitcoin have?

If using Bitcoin Core on an airgap device with Linux is what's needed to keep your money safe, how will this ever be adopted globally?

Are these FUDers being overly paranoid? Or are we all dumb for trusting hardware wallet companies?

If by "make it" you mean being able to stop working for the rest of your life, then the answer is probably no. At least not before 2035 or so.

Hello crendore3,

I used to have an account at Biztorrents, but I tried to log in this week and it seems that it's gone.

Do you have any available?