It is NOT secure to use hardware wallets (and it never was)

[Lucius]

I haven't heard of anyone losing coins in a hardware wallet yet. Other than a device that already had been previously opened. They set the seed words and password. Then sent the device and a copy of the seeds words-password to the new owner. The new owner thought he bought a new device and didn't reset it. The crooks just waited until the coins were in the wallet and stole them.   

It's true,so far there is no report about such a case,and the reason is very simple-hack a hardware wallet is not easy work,it is much easier for hackers to focus on online wallets/exchanges and business with fake wallets/phishing links.

That example you mentioned is something completely different,human ignorance and stupidity are endless.I think that is partly the fault of the manufacturers who should sell devices only directly from the factory with great security measures.Buying hardware wallet from e-bay or or some similar site is nothing but an extra risk.

However manufacturers can not stop people to sell their wallets,but notice on the site that such purchase is not advisable would be a good move.

[1714778260]

1714778260

[1714778260]

1714778260

[1714778260]

1714778260

[dpkagrwl]

It is somewhat misleading to say that hardware wallets are not safe. Of course, if you lose your hardware wallets, there is a chance that the seed can be recovered through some of the ways highlighted in the article there but most people would not know how to break it.

So the key point here is that you should ensure you purchase directly from the company or a reliable vendor and ensure that you setup the device from scratch. This should go a long way in keeping your funds secure.

With paper wallets or web wallets, there is always a risk of key logging or malware that can exploit your data. Hardware wallets are safe.

[nokati]

There is normally in every branch a trade off between security and ease of use. Question is how much do you trust a storage method for how much bitcoin.

[vadimkr]

I wish we could already live in a world where only secured digital wallets exist... I know there are many technological safety measures that could be implemented within digital wallets that could ensure the users' privacy and personal security. This can even be much better in time!

[shafqatellahi78]

These kind of hardware wallets will grow stronger with time.
A indestructible and safe wallet is a very hard thing to accomplish.

but thease days there is no ather option to secure your funds without using coldstorage.....
but need somting more secure in future

[Spendulus]

Right, although the "someone" who has unfettered access to a computer with Intel ME is Intel themselves (and anyone else holding the code signing key for executing code on the ME processor). I think exploits were discovered last year where an attacker circumvented the use of the Intel code signing key, but I forget the specifics.

You see we can agree on somethings but few MS developers have woken up to the fact that Microsoft is locking them
out from the OS all over the place let alone are spying on every byte of data they can see.

Who would ever had thought that you would be getting a merit from me and take it from me, I don't get many to
give away but I am stuck with MS because it's all I know.

I suspect Goolge on Android devices is nearly as bad, they both have a bad track record, both work for the CIA/NSA

Just take an old laptop, load your favorite wallet and coins, then break or disable the wireless networking. Then break or disable the wired networking.

Although hardware wallets may have some issues, those issues are nothing compared to the problems of binding a machine to the greater world, uploading data and reporting in fashions the user is not privy to, and requiring downloading of supposed "updates" that are not comprehensible.

Yeah, but you don't want just any old laptop to do that on.  Like if you were to get one of your old laptops from 10 years ago that you were downloading a whole bunch of sketchy stuff on through limewire, I wouldn't think to recommend using something like that.  The most secure way is to buy a cheap laptop that has no wireless or bluetooth capabilities, and then load trusted/gpg verified files on the computer through booting it on a live-USB.

Any old laptop?

An old laptop with a new SSD running a new Linux can be a pretty nice and secure computer. I say "a new SSD" only because an old hard drive is pretty risky.

Look, it's important to think clearly about the issues in this thread. Most any machine is safe, if it is loaded with a wallet that allows you access to your private keys, and if it is not capable of getting on the internet.

Don't just disable the networking, break or remove the adapter. Then you have a machine that can only be interfaced with through the USB or other ports.

[manchester93]

Don't just disable the networking, break or remove the adapter. Then you have a machine that can only be interfaced with through the USB or other ports.

But how do you actually do that? You need to do it physically?

I've been using an offline wallet to sign for a while, but I just disabled network adapters. I figured it was kinda bullshit, but the reality is that the risk is already pretty low. The offline machine was formatted clean and never connected to the internet. It seems to me that in either case (networking disabled vs. actually removed) the thumb drive you use for transporting raw transactions is a required attack vector.

Let's say Windows forces a shutdown/update and re-enables network adapters. What then? Some malware from the thumb drive keylogs my wallet password, swipes my private keys and......but there's no unprotected network to connect to. I'm not crazy for thinking the risk is low here am I? If there's malware sophisticated enough to do the above, then copy itself to the thumb drive and push the data from the online computer, then it seems like a PC with network adapter removed is prone to the same attack.

[bob123]

Don't just disable the networking, break or remove the adapter. Then you have a machine that can only be interfaced with through the USB or other ports.

But how do you actually do that? You need to do it physically?

Yes. Removing all network adapter physically gives you a 100% guarantee that your offline machine won't communicate with any other device in its proximity.
Note that being 100% secured against an attack vector can almost never be reached.
This is one of the few cases where it is possible to absolutely secure yourself against an attack vector.

I've been using an offline wallet to sign for a while, but I just disabled network adapters. I figured it was kinda bullshit, but the reality is that the risk is already pretty low. The offline machine was formatted clean and never connected to the internet. It seems to me that in either case (networking disabled vs. actually removed) the thumb drive you use for transporting raw transactions is a required attack vector.

Let's say Windows forces a shutdown/update and re-enables network adapters. What then? Some malware from the thumb drive keylogs my wallet password, swipes my private keys and......but there's no unprotected network to connect to. I'm not crazy for thinking the risk is low here am I? If there's malware sophisticated enough to do the above, then copy itself to the thumb drive and push the data from the online computer, then it seems like a PC with network adapter removed is prone to the same attack.

You are right, the risks are very low. But it still exists.
It all depends on how much you want your storage to be secured against which attack vectors.

And you are also right with the USB drive being the attack vector which would probably be the first one abused.
And it is indeed independent from your network adapters.

But there are other possibilities to transfer your unsigned TX to your offline machine and move your signed TX to your online pc.
The simpliest would probably be witht he help of two webcams:

• Create unsigned TX on online pc
• Display QR code of this TX
• Scan the QR code with webcam connected to your offline machine
• Sign the TX
• Display the QR code of the signed TX
• Scan this QR code with your webcam connected to your online PC
• Broadcast transaction

Note that to be on the safe side, you should NOT connect your webcam to an online PC after connecting it to your offline storage.
This attack vector (flashing webcam firmware with malicious version) is pretty unlikely.. but it also does exist.

[broilsemla0]

HArdware wallet is the safest wallest till now as you can store the btcs as the way you like

[justmyname]

I don't see me going back to downloading a block chain for each coin. And waiting to update or repair the blockchain before you can spend any coins .

Last weekend was spent updating and repairing 2 wallets, getting the coins out of a super secure offline signing wallet. And separating forks. I'm constantly helping users get access to their coins in their malfunctioning wallets:P. Corrupted data' human error etc etc etc. If your upgrade is tainted you could lose your coins that way.   

[Spendulus]

Don't just disable the networking, break or remove the adapter. Then you have a machine that can only be interfaced with through the USB or other ports.

But how do you actually do that? You need to do it physically?

I've been using an offline wallet to sign for a while, but I just disabled network adapters. I figured it was kinda bullshit....

Not at all.

Say the machine is one of those that have a little slide switch on the side, for wireless on or off. Stages in disabling wireless are:

1) software disable
2) slide the switch
3) tape the switch over in the off position
4) glue the switch one position
5) take the slide switch out (requires removing the cover)
6) take the computer's wireless card out

[manchester93]

And you are also right with the USB drive being the attack vector which would probably be the first one abused.
And it is indeed independent from your network adapters.

But there are other possibilities to transfer your unsigned TX to your offline machine and move your signed TX to your online pc.
The simpliest would probably be witht he help of two webcams:

• Create unsigned TX on online pc
• Display QR code of this TX
• Scan the QR code with webcam connected to your offline machine
• Sign the TX
• Display the QR code of the signed TX
• Scan this QR code with your webcam connected to your online PC
• Broadcast transaction

Note that to be on the safe side, you should NOT connect your webcam to an online PC after connecting it to your offline storage.
This attack vector (flashing webcam firmware with malicious version) is pretty unlikely.. but it also does exist.

Thanks, I hadn't considered using a setup with photos/QR codes. Interesting. Definitely seems more secure than a thumb drive (although I think a thumb drive attack on an offline/encrypted wallet has got to be a really sophisticated and targeted attack).

[bob123]

Thanks, I hadn't considered using a setup with photos/QR codes. Interesting. Definitely seems more secure than a thumb drive (although I think a thumb drive attack on an offline/encrypted wallet has got to be a really sophisticated and targeted attack).

It is true that such an attack is really really unprobable.
But i think this does not really always have to be a targeted attack.

IMO there is definetely a possibility of a malware (in this case: virus) which does spread itself onto thumb drives targeting offline storages without being directly targeted.

Sure, this sounds more like paranoia and won't happen to 99.9% of the people, but the possibility does exist (even though a very small chance of happening).

[hwBPKH]

it is better than your have none
you can use software to encrypt a usb flash to make a cheap hardware wallet

[nokati]

And you are also right with the USB drive being the attack vector which would probably be the first one abused.
And it is indeed independent from your network adapters.

But there are other possibilities to transfer your unsigned TX to your offline machine and move your signed TX to your online pc.
The simpliest would probably be witht he help of two webcams:

• Create unsigned TX on online pc
• Display QR code of this TX
• Scan the QR code with webcam connected to your offline machine
• Sign the TX
• Display the QR code of the signed TX
• Scan this QR code with your webcam connected to your online PC
• Broadcast transaction

Note that to be on the safe side, you should NOT connect your webcam to an online PC after connecting it to your offline storage.
This attack vector (flashing webcam firmware with malicious version) is pretty unlikely.. but it also does exist.

Thanks, I hadn't considered using a setup with photos/QR codes. Interesting. Definitely seems more secure than a thumb drive (although I think a thumb drive attack on an offline/encrypted wallet has got to be a really sophisticated and targeted attack).

That's the best and most secure way. Not  the easiest way but when its about some hard Bitcoins, you don't want any risk. That's why we choose this method over usb like many other hardware wallets. Production is not ready but we are working hard to get it out soon:
https://www.digisafeguard.com

[bob123]

you can use software to encrypt a usb flash to make a cheap hardware wallet

Not at all.
A hardware wallet is NOT simply an encrypted storage for your private keys.

A hardware wallet lets you access your private keys within an 'airgapped' environment.
You can use it even on an infected pc, without your private keys getting compromised.
It is made for secured storage AND convinient daily usage.


An encrypted USB on the other hand can only store your private keys encrypted.
And the moment you plug it into an pc which might be compromised and decrypt it, your private keys are exposed to theft.

While an encrypted thumb drive is a good way to store a backup (additional backup; not as the only backup) it is not comparable to a hardware wallet at all.

[Spendulus]

you can use software to encrypt a usb flash to make a cheap hardware wallet

Not at all.
A hardware wallet is NOT simply an encrypted storage for your private keys.

A hardware wallet lets you access your private keys within an 'airgapped' environment.
You can use it even on an infected pc, without your private keys getting compromised.
It is made for secured storage AND convinient daily usage.


An encrypted USB on the other hand can only store your private keys encrypted.
And the moment you plug it into an pc which might be compromised and decrypt it, your private keys are exposed to theft.

While an encrypted thumb drive is a good way to store a backup (additional backup; not as the only backup) it is not comparable to a hardware wallet at all.

That's fairly accurate. The USB is perfectly good except at the point of access by another machine, while the hardware wallet is by design intended to be good in all cases.

"Access" by another machine of the hardware wallet keys is not possible.

Of course a USB could be accessed by an offline air gapped PC. And a hardware wallet could by design have it's records regenerated on a PC if the key word set were known.

A bad actor or government actor could exert influence on a hardware wallet company, say by causing certain items to be included in an update of the hardware wallet. This is at least in my opinion, a long term risk worth mulling over.

[thecodebear]

I think paper wallets are the best for cold storage.

Two keys ideas for paper wallets:
1. you write down multiple copies and store them in different secure places so you have redundancy and you don't lose your coins if something happens in one of those locations.
2. keep it secure even from physical theft by making some simple change to the private key that you remember. Your own simple encryption that is super easy to remember, like change the a couple characters by some amount. Then if a paper wallet were to get stolen the thief would have no chance of accessing the coins because only you know that you changed the key and only you know how you changed it. This could even help with #1 because then you could safely keep a copy of the paper wallet at say your family's house as a backup copy but you would know that nobody but you could ever access your coins using what is on that paper wallet.

So maybe you store a paper wallet in your house, one hidden in your car, one at your family's house, you could even store it on a usb stick or computer and it would be entirely secure since you changed the key. So you get redundancy from loss plus nobody can access your coins even if they get a hold of one of the places where you store your self-encrypted key.

[onurgozupek]

Trusting any wallet (desktop, mobile, paper) 100% is most users' problem. First and foremost do not trust anything or anyone 100% in crypto world. Hardware wallets are insecure for me too. You have one seed and multiple altcoins connected to that same seed. If you loose your seed you are in the risk of loosing all your funds. Do not do that. If your crypto wealth is important do not store multiple crypto currencies in one wallet. On the other hand, you have to secure your seed and wallet separately. So it doesn't have much advantage compared to desktop or mobile wallet besides not being connected to the internet 7/24

[Coin-Keeper]

And please don't forget; NO hardware wallets I am aware of store your (BIP improved) passphrases if you use them.  This means that even if someone gets your entire seed and would somehow know your hardware wallet PIN, they still get zero coins!  During a physical hack you can't recover something that isn't there - namely the needed passphrases.  Not even a subject for debate if you understand that the hardware wallet and the needed passphrases are not kept together.