[GUIDE] How to buy a Hardware Wallet the right way

[suchmoon]

~

Yeah you have a point there.

As for Ledger, what's done is done, can't unbuy it now but I'll probably bin it and go back to tried and trusted lukewarm-wallet-on-Linux-laptop because after reading eddie3's thread I realized I'll get fucked by those firmware updates sooner or later.

[o_e_l_e_o]

Yeah, I've been generally moving more towards airgapped devices and away from hardware wallets recently. With the unpatchable critical vulnerability in Trezor devices, and Ledger being unable to encrypt a simple database, there are just too many risks to using them.

As I said in another thread, the big appeal of hardware wallets is that they are (were?) a good balance of ease of use and security. A newbie could buy a hardware wallet, follow the set up guide, and store coins very securely without really any technical knowledge. They didn't need to know how to use a live OS, or airgap a device, or use encryption, or verify PGP signatures, or any of the other necessary steps to correctly use an airgapped wallet or a paper wallet.

To use a hardware wallet safely now, you need to use a disposable email, a pseudonym, a burner phone, find a neutral but secure shipping location, and pay in anonymized bitcoin. None of that screams "ease of use" to me, especially not for a newbie. If newbies are going to spend the time to follow all the steps in this thread to buy a hardware wallet, they would be better off just learning how to set up a proper airgapped cold storage wallet instead.

[Coin-Keeper]

To use a hardware wallet safely now, you need to use a disposable email, a pseudonym, a burner phone, find a neutral but secure shipping location, and pay in anonymized bitcoin. None of that screams "ease of use" to me, especially not for a newbie. If newbies are going to spend the time to follow all the steps in this thread to buy a hardware wallet, they would be better off just learning how to set up a proper airgapped cold storage wallet instead.

Add something else to your list.  When you connect your Trezor to "their" website, which most newbies will do, the connection URL captures YOUR exact device ID# every single time!  Do they use it/record it?  Of course they will say no, but we will never be able to know for sure.  This means numerous wallets/mpk's all reflect back to the exact same device ID#.  Not exactly anonymous is it, should Sat Labs ever go nefarious?

Still I use several Trezors and have learned to safeguard myself, but I am miles from being a newbie.  The business side of their house has sent me running from anything Ledger.  I received numerous bogus emails from them, but fortunately all went to tutamail and no further.  Those accounts are closed now.

With the unpatchable critical vulnerability in Trezor devices

What, which??  My SD card removes any I am aware of.  Fake SD is perfect for when I store my Trezor too.

[HCP]

With the unpatchable critical vulnerability in Trezor devices

What, which??  My SD card removes any I am aware of.  Fake SD is perfect for when I store my Trezor too.

He's talking about the critical vulnerability whereby if someone has access to the device, the (encrypted) seed mnemonic can be extracted in a matter of minutes using relatively cheap tools (and then the 1-9 digit PIN encrypting the seed mnemonic can be trivally bruteforced). Unless you're using a BIP39 passphrase, your funds are effectively unprotected if the device falls into the wrong hands.

It's an issue with the hardware used in the ONE and the T, and the only "workarounds" are to use a BIP39 passphrase (or the SD card encryption option on the T, which requires trezorctl, Python and commandline "skills").


Refer:
https://www.ledger.com/improving-the-ecosystem-disclosure-of-the-trezor-recovery-phrase-extraction-vulnerability?utm_source=Social&utm_medium=Twitter&utm_campaign=Donjon%20Trezor
https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

[o_e_l_e_o]

What, which??  My SD card removes any I am aware of.  Fake SD is perfect for when I store my Trezor too.

Yeah, the vulnerability is as HCP says. The issue is that only a minority of people using a passphrase, a smaller minority use a passphrase which is long and complex enough to be resistant to being bruteforced once an attacker has your seed phrase, and an even smaller minority use removable SD card. The vast majority of Trezor users are vulnerable to this attack.

And much like this recent database breach with Ledger, if you go to Trezor's website there is absolutely zero mention of it. Such a critical vulnerability which affects all Trezor users, or such a database leak which affects (we now think) a huge number of Ledger users, should be front and center of their website: Here is the issue, here's what we are doing about it, and here's what you should be doing about it. The fact that neither company is doing this doesn't exactly inspire confidence in their transparency and honesty.

[Coin-Keeper]

You may have a point for newbies.  Anyone hanging out here should know to cover their security with a LONG password, and further anybody with a Trezor T should be aware of the SD encrypt protection.  In reality I guess WE sometimes forget how far out of the mainstream beginner circle we have gone.  LOL!

Unrelated but back to the thread:

I thought of another privacy weakness for Trezors where more experienced attackers are concerned:

Bear with me here.  For Trezors that are used for long term storage I like to configure them for privacy.  One item I like to conceal is that I use passphrases at all.  As mentioned above, newbies likely don't use passphrase enhancements.  By logic then if someone has a Trezor in their hands and passphrases are activated, by default there is the ASSUMPTION that multiple wallets are likely in play.  This is true for most I would think.  So, I place a minimal (but believable) amount of BTC in the default wallet (no password needed) and leave it there.  Long PIN still of course.  My feeling is seeing passphrase activated is a BAD thing for privacy and even worse for a potential "$5 wrench attack".

If you connect a Trezor to a computer using trezorctl, which I use, it clearly displays whether the passphrase feature is activated. This means I don't need to know your PIN to know you have passphrase activated.  Try it if you want and you'll see I am correct on this.  trezorctl is much more powerful than the website experience, but most attackers I think would know that!

Therefore; I always take a couple of seconds, again using trezorctl, to turn off the passphrase feature when I am finished using my Trezor.  Turning passphrase on and off using trezorctl is seconds in either direction.  So this is a hardware wallet weakness in my view.  Its easy to correct as I just described, but most newbies or users in general would never have thought of it.

My suggestion then for Trezors not used daily/mobile on the go, would be to protect your privacy by turning off passphrase when in storage.

Lastly, become familiar with trezorctl and take advantage of its power/features.  A biggie that comes to mind is to enable wipe of the entire hardware wallet by entering a code you set to offer as a fake PIN.  You can't do such an important thing using the limited web experience.  My .02

[dkbit98]

And much like this recent database breach with Ledger, if you go to Trezor's website there is absolutely zero mention of it. Such a critical vulnerability which affects all Trezor users, or such a database leak which affects (we now think) a huge number of Ledger users, should be front and center of their website: Here is the issue, here's what we are doing about it, and here's what you should be doing about it. The fact that neither company is doing this doesn't exactly inspire confidence in their transparency and honesty.

Exactly, and they act like msm mainstream media and they keep quiet about things that are not in their favor or they don't like.
On positive note, they finally added notification after latest update telling people that there is big phishing scam attacks with their userbase.

After all this maybe the best way to buy hardware wallet would be not to buy hardware wallet, or think twice before you buy it.

[o_e_l_e_o]

On positive note, they finally added notification after latest update telling people that there is big phishing scam attacks with their userbase.

Where did you see that banner? When I visit their website, the only banner I see is an advertisement for their new stablecoin lending service which is being integrated with Ledger Live.

Honestly, I think I'm done with Ledger at this point. Should we maybe work on securing out databases against hacks? Should we maybe work on finally allowing proper coin control or address management for bitcoin? Nah, let's first launch a shitcoin exchange service with ridiculous fees, and then launch a shitcoin lending service (with I'm sure more ridiculous fees). I haven't used Ledger Live with my Ledger devices in a long time, but it seems Ledger as a company are going the same way Brave did - start off with a good product and great intentions, and gradually pay less and less attention to what is important to their customers and more and more attention to whatever makes them the most profit. Such a shame.

I'm still hoping someone can recommend a secure and easy to use storage solution which we can recommend to newbies in lieu of hardware wallets. Software wallets are not secure enough, and airgapped wallets are not newbie friendly enough.

[dkbit98]

Where did you see that banner?

It's not on their website, but on their ledger live app.
I saw there was a new update released and decided to do it, after this new popup shoed up.

I'm still hoping someone can recommend a secure and easy to use storage solution which we can recommend to newbies in lieu of hardware wallets. Software wallets are not secure enough, and airgapped wallets are not newbie friendly enough.

I am looking for some good alternatives for days, but everything I found so far is not suited well for newbies, and even some experienced users would most likely not use that.

Maybe ColdCard hardware wallet would be better option than ledger or trezor, it is open source and don't have problems like other competition (so far).

[suchmoon]

I'm still hoping someone can recommend a secure and easy to use storage solution which we can recommend to newbies in lieu of hardware wallets. Software wallets are not secure enough, and airgapped wallets are not newbie friendly enough.

To paraphrase a known meme - secure, easy to use, cheap - pick two.

[o_e_l_e_o]

It's not on their website, but on their ledger live app.

Explains why I never saw it. It should categorically be across the top of their website as well, not some rip-off lending rubbish.

Maybe ColdCard hardare wallet would be better option than ledger or trezor, it is open source and don't have problems like other competition (so far).

Maybe, but it runs in to all the same problems we have been discussing in this thread - how to get your hands on one without leaving your name and personal details in a database somewhere? I couldn't see anything on their website about official third party retailers you can buy from in person with cash?

[dkbit98]

Maybe, but it runs in to all the same problems we have been discussing in this thread - how to get your hands on one without leaving your name and personal details in a database somewhere? I couldn't see anything on their website about official third party retailers you can buy from in person with cash?

I think there are no official retailers, and only way would be to contact Coldcard support and ask them: support@coinkite.com
They are based in Canada, but I found some stores in Europe, Germany, United Kingdom and others, that are selling ColdCard.
Search locally and buy with cash.

[dkbit98]

bump

[jerry0]

I also thought of this as well.  When you buy a hardware wallet like nano ledger s and have it shipped to your address.. well there is risk of data breach like what happened with ledger live... but not only that... what about the ppl who are handling your packaging like the people who shipped it to you from france or say dhl or fedex etc in the US?  I mean i know postal workers bring packages to many places but im sure when they look at that package and see the france address... they probably know its a nano ledger s?



Like how could you order one securely without address information?  Only thing i could think of would be like those amazon locker etc?  But of course if you do it that way, isn't there a risk of it being manipulated if somehow the place or postal office knows what is it?  Like imagine a tech savy person having access to it for a bit.  But of course putting it back in the original packaging will make it look obvious something was done to it.   

[OROBTC]

...

I'd be interested in in the BitBox02 (https://shiftcrypto.ch/bitbox02/).  I had an earlier model from these guys (out of Switzerland) that worked fine until a it seemed to have a relatively short lifetime (overheating?) so I never re-ordered, so I then bought a Trezor (Model T) and Ledger S, both of which work fine but have the security issues...

Nonetheless, I have not heard of any problems or even reviews of their devices.  Swiss-made might mean extra-quality components (?). 

Any buyers please feel free to pass along comments or reviews, as when I bought one year ago, they were as functional as the early Trezor and Ledger.

[dkbit98]

...

I never heard about that overheating issue and short lifetime for BitBox02 wallet and I know warranty is 2 years for them (CoboVault is offering one year warranty, Trezor waranty has two years, ledger has one year warranty), but people reported problems for other hardware wallets also, like display not working after some time or they just die without any explanation, so there is no perfect device and it is important to keep your seed words safe.

If you purchased it one year ago than you can probably replace your BitBox.

[Dabs]

The other issue with hardware wallets is if you would like to use either many small inputs or many signatures, such is in multi-sig transactions. Those things are slow.

I've always used an old PC / laptop as my cold storage signing device. I might get another one now.

[jerry0]

Do most of you have at least two hardware wallets in case?


Thinking of ordering another one and will most likely stick with nano ledger s.  Do most agree just get another one as oppose to get a nano ledger x or trezor?  I heard trezor there is security issue right?  Nano ledger x uses a battery so wouldn't that mean it would go bad after a few years?  But also its much more noticeable as compared to a nano ledger s which look like a keychain?


So do you say its good idea to get a PO Box at your local USPS then to order this?  Or it doesn't matter since i already ordered from nano ledger before?  Also i got to assume the fedex or dhl drivers know what the package is right when you bring the item and see its from France?  Then again many of them probably never even heard of hardware wallets right?

[Dabs]

I'm actually going to order a cheap Fire 7 tablet, the cheapest one, it's about $50. Keep it offline, factory reset it again upon arrival, and sideload latest verified Electrum through the microsd slot, and use that as my "hardware" wallet. Turn on Airplane mode, turn off wifi, turn off bluetooth, and there are a few other privacy or app settings but that's not very much relevant if the device is permanently offline and in air gap.

You can probably sideload any offline apps / games you'd like to use as well, but I would keep the device to use only for a single purpose and that is as a bitcoin wallet. Get a second tablet for all your other stuff.

Everyone orders millions of Fire tablets through Amazon, so should not be an OPSEC issue, otherwise Amazon is going to have problems.

[bob123]

I'm actually going to order a cheap Fire 7 tablet, the cheapest one, it's about $50. Keep it offline, factory reset it again upon arrival, and sideload latest verified Electrum through the microsd slot, and use that as my "hardware" wallet. Turn on Airplane mode, turn off wifi, turn off bluetooth, and there are a few other privacy or app settings but that's not very much relevant if the device is permanently offline and in air gap.

Honestly, i wouldn't rely on the tablet being completely air-gapped by simply just turning everything off in the (user-mode) settings and enabling airplane mode.
You'd be always better off removing any wifi and bluetooth chips etc.

Further, this device would still lack the actual hardware security a hardware wallet offers.
If you want the hardware security and convenience of a hardware wallet, such a tablet solution is not even close to being good.
If you want a air-gapped cold wallet setup, there might be some better alternatives (e.g. old laptop with an open and verified OS installed).