 Show Posts
|
|
Pages: [1] 2 3 »
|
First Keystone announced discount and it is still available for Keystone 3 Pro version, discount is 30% and price is $90 plus shipping.
I think Keystone's products look very attractive, but the numbers of reviews and Google Play downloads are too small. Bitbox02 is good too, but it also faces the problem of too few users. I wish all open-source altcoin hardware wallets, include trezor, bitbox, onekey, and keystone, can receive more attentions and have more users. Then I will have more choices. |
|
|
|
I have no idea if the X1 model is open-source or not. I can see that WalletScrutiny has not yet reviewed it, but their other product, the S1, never became open-source although they said it would. So the first condition you mentioned may never be fulfilled and you will have to look elsewhere.
According to the number of app downloads on Google Play Store, the data published by the official websites of various wallets, and the number of reviews on Amazon, I estimate that only Ledger, Trezor, and Safepal have 1 million users. Among them, only Trezor is open source. This indicates that users lack the necessary knowledge, or are ignorant. The number of users of other brands is particularly small. I estimate that the number of OneKey users is less than 300,000, the BitBox users is less than 100,000, and the Keystone users is less than 30,000. If a company's annual sales is less than 100,000, is its profit enough to maintain the operation? With too few users, the supervision will be insufficient, and it will not be safe. |
|
|
|
5,最好的方法是办理境外比如香港/新加坡/欧洲和美国的银行账户。然后将u通过合规平台转入境外银行账户,再由境外账户转回或ATM取现或境外银行卡绑定支付宝直接消费或通过刷卡套现。 另外还可以去香港现场换现金,然后存在香港银行账户等方法。
谢谢赐教!如果我只有50万人民币要出金,去一趟香港成本显得太高了些。 币安币商赚差价,通常只有0.1-0.5%的利润,这可以推测出:币商银行卡被冻结(公安冻结那种)的概率小于0.1%吗?如果大于这个概率,币商岂不是要亏本? 当然,如果有大钱(几百万),去香港办银行卡就有必要了。 3,币安港币出金已停止。
现在有什么办法通过合规平台转入香港银行卡吗? |
|
|
|
|
您好,请教:
1. 如果不贪便宜,选择币安C2C交易量大,注册时间长的币商出金,被冻结的概率能小于1%吗?
2. 这个策略合适吗?我使用8-10张银行卡(非工资卡)小额出金,出金后放在银行卡10-15天,如果没事,取现金,然后集中存到我老婆的银行卡。
3. 向币安的币商买U,是不是完全没被冻结的风险?这种情况人民币是流出的。
4. 一般情况下,银行卡被公安冻结后,钱还能要回来的概率有多大?
5. 还有什么更好的出金门道吗?
请高人指点!
|
|
|
|
The best thing to do is to not do anything with centralized stablecoin that would trigger addition to the blacklist or just use a decentralized stablecoin like DAI. Most of the addresses in those blacklists are addresses that contain hack funds.
I noticed that the total trading amount of DAI per day on Binance and OKex is very very small. Will there be a problem of low liquidity if I hold DAI? |
|
|
|
That's true for any hardware wallet. So, think twice before you do something you might later regret. If in doubt, ask questions before, not before making a mistake.
Thank your suggestions. I placed an order for OneKey, now own three different brands of hardware wallets: Trezor One, Bitbox02, and OneKey Classic. I will pay attention to the OneKey's open source nature and reputation, and will immediately don't use it if anything bad happens. |
|
|
|
...I think. Anyway acording to them it was fixed but anyway…guess no company is 100% safe.
Originally, I only intended to use Trezor as it has the most users and the most open-source nature. I came across various user reviews of hardware wallets on the website https://www.trustpilot.com/review/ , and found that Trezor had the most stolen customers (= 12). Although it is widely believed that users' responsibility led to these thefts, but a single mistake could wipe me out. So I chose diversifying my altcoins in 3 different brand hardware wallets. ...But dkbit98 mentioned something interesting. OneKey had a serious vulnerability a few months ago where it was proven that the keys from its secure element weren't encrypted and thus could be intercepted. That's exactly what a security company did and made OneKey aware of that. Despite the existence of a SE chip, it didn't make the wallet safer because it was coded wrongly. Who knows what else they did wrong that is yet to be discovered.  Compared to OneKey, DKBit98 may prefer Keystone, perhaps because Keystone is air-gapped. However, in terms of user base, OneKey (with 50k downloads on Google Play) is significantly larger than Keystone (with 5k downloads). |
|
|
|
The positive thing is that both wallets are open-source. ...However, WalletScrutiny couldn't match the binary with the published source code. I want to buy three different brands of hardware wallets to diversify my altcoin storage. Currently I have TREZOR ONE and BITBOX02, both were purchased directly from the official website. It's hard to choose the third one, as both onekey and keystone do not passed the open source testing of WalletScrutiny. Is there any problem with the open source nature of OneKey at present? Can I trust that it is completely open source? Is it better that buying a new Trezor safe 3 (only using trezor safe 3 and bitbox02), instead of onekey or keystone (using trezor one, bitbox02, onekey/keystone)? Thank you! I can't seak much about quality of Onekey wallets, but I know they had serious bug connected with secure element...
Using a passphrase, I am not very worried about being stolen after physical acquisition. Two worried things: 1. It cannot be hacked remotely. 2. It must be sufficiently open source to allow the community to fully review it. |
|
|
|
For those who are interested in getting one of these HWs, there's a 20% discount for its pre-sale that ends in 4 days!
I want 3 different brands of open source hardware wallets to store altcoins and spread risk. I currently use Trezor One and placed an order of BitBox02, and need a third one of different brand. I have noticed that Keystone 3 pro used an embedded system, not the previous Android OS. But I am not sure whether Keystone 3 will be completely open source like Trezor Safe 3 and Bitbox02, and be reproducible. Or just wait a few months for more informations? (Note: I cancelled my previous keystone 3 pro order) |
|
|
|
we've also seen countless users on this forum make posts blaming their hardware wallet for the funds being stolen, and it almost always turns out to be a mistake the user has made instead (such as storing their seed phrase in their emails).
I have carefully reviewed the stolen comments and have difficulty to confirm the true reason. I am not a professional, but I believe that there is no problem for Trezor firmware and Trezor Suite, only the hardware itself may have problems. If a backdoor is left on a small amount of hardware, ordinary users and professionals cannot detect it. Of course, if the Trezor firmware can effectively eliminate the harm of fake hardware wallets, then it can only be users' errors. You can even raise the more general concern. Is it possible that there is a bad entity (located, let's say, in China) outside Trezor company that produces counterfeits of wallets? I would not answered negatively. Even if such company doesn't exist today it can appear tomorrow. Thus, it is always better to buy the stuff directly from brand.
It is fact that there are many cheaters in China. I bought two Trezor One from the Trezor official website, and another two from the Trezor store on Amazon. Yes, the high probability is that the users' own errors. Getting professionals' opinions make newbies like me feel ease. o_ e_ l_ e_o said:"Just one incident can wipe me out." It's better to be cautious. |
|
|
|
Other open-source hardware wallets (altcoin wallet, not bitcoin only) have few users and less attention, making them less secure.
Having less attention doesn't necessarily make you less secure. In fact it may be the exact opposite. You may be right. I found user reviews of different wallets on the bitbox website. see https://bitbox.swiss/bitbox02/#compare and https://www.trustpilot.com/review/bitbox.swissI compared several kinds of wallets and recorded the theft situation myself, as follows: Trezor, User score: 3.5, Number of reviews: 405, Number of stolen users: 12, Some details: Robert in AU, 160,000$ stolen; Curtis in US, 100,000$ stolen; Donald in US, 60,000$ stolen; Voodoo in AU, 0.4BTC stolen. Ledger, User score: 2.8, Number of reviews: 1559, Number of stolen users: 12, Some details: Di in IT, 1 eth stolen; Ale in AU, 0.33BTC stolen. Keepkey, User score: 2.4, Number of reviews: 290, Number of stolen users: 1, Some details: Gennady, 5000$ stolen. BitBox, User score: 4.9, Number of reviews: 547, Number of stolen users: None Keystone, User score: 4.2, Number of reviews: 47, Number of stolen users: None Onekey, User score: 3.5, Number of reviews: 56, Number of stolen users: None The theft of the Trezor hardware wallet is the most serious. Is it possible that there is a bad man inside the Trezor company who left a backdoor in the manufacturing process of a small number of wallets? And the genuine firmware of Trezor and Trezor Suite did not recognize it? |
|
|
|
How can thieves or ordinary hackers crack it? I already showed you a link where someone cracked a fingerprint reader on a $1000 smartphone in 3 minutes. The fingerprint reader on a $20 USB drive will be trivial by comparison. Thank you very much, o_ e_ l_ e_ o! I saw that video, and knew that the fingerprint U disks were not unbreakable. So the handwritten documents (corresponding to the unencrypted files of USB drives), will not be stored at my home (off site backups). |
|
|
|
Storing partial unencrypted wallet data on a fingerprint-encrypted USB drive or writing it directly on paper doesn't make much difference. These fingerprint-encrypted USB drives are specifically designed for protecting corporate trade secrets, and I don't think they can be easily cracked.
Digital storage has other shortcomings that just being hacked/cracked. For example hardware problems that is where the USB disk is harmed either physically or due to electrical issues or other things and the data on it becomes inaccessible. Or we have the data decay/degradation by passage of time. The most terrible thing is that all U disks are broken at the same time. I currently have 3 encrypted USB drives and plan to buy one more. In addition, I have added another preventive measure.
Also, keep in mind that if you use 24 words seed phrase, even if you reveal words in unordered way, hacker still won't be able to crack your wallet, but will be able to crack if you use 12 words seed phrase and reveal all of them.
I own 4 trezor one. There are two ways to recover the seed phrase of Trezor One on Trezor Suite, one is standard and the other is advanced. When restoring with the standard mode, the words are entered directly in a unordered way, via the computer. If someone saw all the unordered words, he should try 24*23*22*...3*2*1 times to crack the wallet. If 12 out of 24 words have been exposed, he should try 12*11*10*...3*2*1 times, then this recovery method is obviously not secure. If I enter in advanced mode, will there be no problem? Of course, a safer way is to write down the 24-word password and encrypt only the passphrase.
As others have pointed out: go for proven schemes (mnemonic words and separate mnemonic passphrase; stored safely in redundant safe and secret locations // multi-sig stored safely in redundant locations // use hardware wallet(s)). Mnemonic recovery words and (if used) a mnemonic passphrase should only be backed up on physical non-digital media (paper and for protection against paper harming conditions or events: stamped in stainless steel or titanium). I divided the seed phrase and passphrase into two parts, one handwritten and the other stored on USB drives. If the files in the fingerprint U disks are not encrypted, then I do not need to remember any passwords to recover the wallet data. If I have three fingerprint-encrypted USB drives, and check whether they work properly every year. Then the probability will be very very low that they all are unusable at the same time. Your method: seed phrase and separate passphrase were backed up on physical non-digital media. There are no much difference between yours and mine? Handwriting all the seed phrase and passphrase on papers is also risky. First of all, I have to divide them into two parts, and each part must have multiple backups. If all two parts are hidden in my home, once they are found by thieves, I am died. What should I do? Doesn't it hurt my head? The encrypted fingerprint U disks are specially made for corporate secrets, with AES256 hardware encryption. How can thieves or ordinary hackers crack it? Top hackers may be able to, but they don't care about my altcoins. The main problems for encrypted USB drives are: 1) they may all fail simultaneously. 2) All were stolen by thieves. 3) In the distant future, AES256 encryption will no longer be unbreakable. As for storing the wallet file encrypted (only winrar) with a strong password on the email, there are two purposes: 1) Once all USB drives and hardware wallets fail, or they all were stolen by thieves. 2) If my house catches fire, all files, USB flash drives, and hardware wallets may be burned. This is the final recovery plan. If the thief knows that you have a lot of Bitcoin, he may steal all related things in your home, including hardware wallets, handwritten papers, anything. Can your solution deal with such extreme situations? [moderator's note: consecutive posts merged] |
|
|
|
Additionally, after obtaining new hardware wallet, is it necessary to change the seed phrases and passphrase?
Your question is not very clear, I hope you don't mean that hardware wallets are usually being shipped with some "default" seed phrases and passphrases. Not that mean. Additionally, after obtaining new hardware wallet, is it necessary to change the seed phrases and passphrase?
I would advocate generating new seed phrases and a passphrase for your newly acquired device before transferring your funds from the old wallet. Otherwise, why invest in the new model? You should expect that the level of randomness generated by the new model is superior to that of the old Trezor. Consequently, the new seed generated by the new model is preferable. Thank your suggestion. |
|
|
|
|
Sorry to bother you again!
The new Trezor wallet has arrived, and I have some confusion:
1) I need a secure wallet to store altcoins, and I believe Trezor should be the best choice. It is the most famous among open-source wallets and has the least possibility of having a backdoor. Even for Trezor, the number of users is only slightly over a million (1M+, according to the official website). Other open-source hardware wallets (altcoin wallet, not bitcoin only) have few users and less attention, making them less secure.
2) I previously bought 4 trezor one, intending to use for many years. However, hardware wallet companies release product quickly. Should I only buy one of each generation of products? The passphrase for Trezor One is entered via the computer, while Trezor safe 3 has an input on the hardware wallet itself. I want to buy a Trezor safe 3 from the Trezor Amazon store since buying directly from the official website incurs high shipping costs. Additionally, after obtaining new hardware wallet, is it necessary to change the seed phrases and passphrase?
|
|
|
|
(2) I have purchased a few high-level encrypted USB drives, including two fingerprint USB drives. The seller claims that these encrypted USB drives cannot be cracked. Therefore, relatively weak passwords (~20 characters) can be used for the electronic files stored on these drives. Also, every encrypted file must have a password explanation.
I doubt security of such USB drive, especially since usually biometric usually only used as authentication (not encryption). And there's also possibility serious theft would just open the USB drive and take NAND/flash drive. [/quote] Storing partial unencrypted wallet data on a fingerprint-encrypted USB drive or writing it directly on paper doesn't make much difference. These fingerprint-encrypted USB drives are specifically designed for protecting corporate trade secrets, and I don't think they can be easily cracked. |
|
|
|
The file is encrypted with WinRAR and 7-Zip. To ensure that encrypted electronic files can be opened, I have done the following works: Have you personally reviewed the code of 7zip to ensure there are no flaws in its encryption algorithms? Did you take steps to mitigate against known vulnerabilities such as this one: https://nitter.cz/3lbios/status/1087848040583626753?Did you make sure to build the app yourself from the source code you reviewed to ensure you haven't downloaded a fake or malicious one? How to you plan to do any of that for WinRAR given that it isn't even open source? Did you only encrypt your data on a permanently airgapped device with a clean OS? Did you make sure to delete all the temporary files it creates in the archiving process, and then write over those sections of your computer's memory with junk data? Did you make sure to delete the unencrypted text file you would have first stored on your computer before encrypting it, and then write over that section of your computer's memory with junk data? I know nearly nothing about 7-zip and winrar. Even if the electronic file is leaked, hackers only know part of the wallet data. The encryption of all files is done on offline computers. The file is temporarily stored on a USB flash drive, and the data on the USB flash drive will be cleared using the software DiskGenius. The encrypted data is then transmitted to the network through this USB flash drive. I have purchased a few high-level encrypted USB drives, including two fingerprint USB drives. Biometrics, especially fingerprints, can be very easily bypassed, even on high end 3D ultrasonic fingerprint scanners such as those on the latest flagship phones - https://bitcointalk.org/index.php?topic=5281976.msg55391797#msg55391797. It will be trivially easy to fool a basic USB fingerprint scanner. Even if the thief takes the U disk and breaks it, he still needs to crack the password of Winrar or 7-Zip, and get the handwritten portion. There is a reason that everyone here and every good wallet tells you to write down your seed phrase and store it offline. If you want to ignore all that advice and do your own thing then obviously we can't stop you, but you greatly increase the risk of loss. Thank your suggestion. I will store a portion of the unencrypted wallet data on USB drives, but the remaining handwritten portion is not stored at my home. |
|
|
|
The charge leakage from floating gate which is part of memory cell that traps electrons via hot electron-injection thus setting it to binary "0" , in a first approximation, doesn't depend on whether hardware wallet is turned on or off. I mean if you turn it on, the injections into relevant cells will not happen again. In fact you should rewrite sensitive info if you want to rejuvenate the old one in the memory. Thus it doesn't matter how often a year you will turn you device on to prevent the loss of your information as applied power doesn't come into play. For TLC's USB flash drive, do I need to copy and paste important files every year? I don't know how the internal drive of the U disk works. For hardware wallets, if SLC particles are used, there is no need to pay attention to this issue. |
|
|
|
You may need a script to generate the latter. (can anyone provide the numbers if the latter if possible?) Let's see. You can generate a 12 word seed phrase with a valid checksum and use that as the first 132 bits of entropy for your 24 word seed phrase. Concatenate another 124 bits of entropy, and then calculate the 8 bit checksum to give yourself a valid 24 word seed phrase. Take the last 12 words of this seed phrase. Given 12 words have a 4 bit checksum, then there is a 1/16 chance that this checksum is valid. So it won't take long at all to bruteforce a valid combination. Here's one I just made in just a few minutes: pupil magic fun throw lecture sunset pizza fashion helmet couch auto impact despair height humor impose near plunge clever abstract swing laundry scheme acquire Both the first 12 words and the last 12 words are valid seed phrases on their own: pupil magic fun throw lecture sunset pizza fashion helmet couch auto impact
despair height humor impose near plunge clever abstract swing laundry scheme acquire This method is very deceptive. The first 12 words and the last 12 words are all valid wallets. And then store them separately in different places? (different houses, even different cities?) To improve reliability, it is advisable to consider adding this scheme. As I said to OP in another thread, his back up scheme is not great. He is planning to have some words written down, some words stored electronically, a variety of different encryption techniques, a variety of different passwords (are these being backed up too? Where? Or are you relying on memory? (Which is even worse!)), and more. It is far too complicated, and he runs a significant risk of failing to recover from his back ups and inadvertently locking himself out of his own wallets. The file is encrypted with WinRAR and 7-Zip. To ensure that encrypted electronic files can be opened, I have done the following works: (1) For electronically stored files on the network, use strong passwords (>40 characters) and prepare password explanations. The passwords will primarily come from things or names that I am very familiar with but others are not, such as the names of childhood playmates, and so on! Every encrypted file must have a password explanation. So passwords will only relying on memory and password explanation. I test this method for a long time, and it is very reliable. (2) I have purchased a few high-level encrypted USB drives, including two fingerprint USB drives. The seller claims that these encrypted USB drives cannot be cracked. Therefore, relatively weak passwords (~20 characters) can be used for the electronic files stored on these drives. Also, every encrypted file must have a password explanation. (3) The last line of defense is hardware wallets. As long as the hardware wallet continues to function properly, it remains secure. (4) Check whether the encrypted files can be opened normally once a year. If not, transfer funds through a hardware wallet immediately. |
|
|
|
I never said they are cheap or cheapest wallet in the world, but they are certainly airgapped open source devices with fair price.
Keystone is not open source, and I have been considering writing a blog posts that dives into their claims. Here's their 5 GB+ Android OS that does not have source code available: https://github.com/KeystoneHQ/Keystone-systemDue to copyright, some vendors’ code cannot be made public, and we have removed some of the code from the source code. Therefore this open source code cannot be compiled. However, we can share this part of code under an NDA if you want to fully verify the code and reproduce it. Please send an email to eng@keyst.one. Since the size of a single repo on github cannot exceed 5G, we put the code on AWS. You can access the code through this link: keystone-system What about their secure element firmware? Looks like that code can only be compiled with proprietary ARM software called Keil. https://github.com/KeystoneHQ/keystone-se-firmware Additionally, there is no information as to who even makes their secure element. It's some kind of white labeled processor. https://github.com/KeystoneHQ/Keystone-developer-hub/blob/main/hardware/Keystone_V1.02_BOM.xls Furthermore, their hardware schematic is not all-inclusive and omits the self-destruct mechanism. Hopefully Keystone 3 will actually be open source, but I am growing tired of hardware wallet companies hiding behind false claims of open source. It really damages the definition and I consider it attack on the FOSS movement. I didn't notice your remarks earlier, but I have already placed an order for a Keystone 3 Pro. Although I am a Chinese, but don't have much trust in Chinese products. There are very few well-known hardware wallets that support altcoins, which is quite unfortunate and leaves limited options. I'm trying to contact Keystone for a refund. Alternatively, buying a Bitbox would be more reassuring. |
|
|
|
|
