Bitcoin Threat Model - State Actors and HW Security - Chip Supply Chain Attacks

[BobbysTransactions]

Either way it's the same.
If you want to get to a certain persons BTC / crypto there are much easier ways to get to a certain person or a small group then to have a chip maker install a back door that you hope they don't find.

I'm not sure this is true. The fact that a key can be leaked means that a government can drain your wallet covertly and with impunity. It is not possible to do this with the current financial system where bank transfers and thefts can be traced to an individual or organisation or government. This gives them immense power over individuals to directly interfere in their financial affairs in a way that can be covered up as an op-sec failure on their behalf. Other ways to get at an individual involves trails of evidence and potential witnesses.

“Hope you don’t find” implies that it’s relatively straightforward for 3rd parties to verify back doors etched onto the wafer when it isn’t. Government agencies can and do keep secrets when they want to.

A small percentage of people use crypto, a smaller number use hardware wallets, an even smaller number use a wallet with a chip made by manufacturer X.

Correct, but I believe that Bitcoin is going to become a rival to the existing monetary system. Its use will expand and HW are presented as the most secure and optimal solution. The fact that people use software wallets strengthens my case as it’s much easier to leak keys with SW.

It's just not worth the effort either way.
Governments have the budget and resources and time to disrupt crypto in general and the same to do a targeted trap for any particular user or small group of users.

I think it really is worth it for the reasons given. Again, the objective is not to disrupt the Bitcoin monetary systems as a whole – quite the opposite. The aim is to grow it but have the ability to covertly target individuals as an when required.

Even if 1 in a 1000 individuals had their BTC drained, I doubt that would be enough to cause general alarm, as its very difficult to pinpoint how a key was leaked.

I agree that this is all very theoretical and amounts to a bit of storytelling. AFAIK there is zero evidence this is happening. However, it’s not for me to prove it. The onus is on the "Don't Trust, Verify" BTC proponents to justify that what I’m hypothesising is false.

[Forsyth Jones]

I think it really is worth it for the reasons given. Again, the objective is not to disrupt the Bitcoin monetary systems as a whole – quite the opposite. The aim is to grow it but have the ability to covertly target individuals as an when required.

Even if 1 in a 1000 individuals had their BTC drained, I doubt that would be enough to cause general alarm, as its very difficult to pinpoint how a key was leaked.

I agree that this is all very theoretical and amounts to a bit of storytelling. AFAIK there is zero evidence this is happening. However, it’s not for me to prove it. The onus is on the "Don't Trust, Verify" BTC proponents to justify that what I’m hypothesising is false.

Well, let's say that your device that you use for offline signatures of bitcoin transactions has a backdoor installed to leak private keys (I won't go into technical details on how this can be done), you would have to verify the supply chain of that chip, each component of your computer, each manufacturer piece by piece... this would be unfeasible for ordinary people, especially those without technical knowledge... of course, when it comes to sensitive information such as bitcoin keys, we should always be concerned with verifying everything before considering the best option to store your keys safely. However, verifying the entire supply chain is impossible and impractical at the moment and perhaps in the distant future. Unfortunately, some degree of trust is still necessary to impute on what is beyond our reach to verify for ourselves.

That's why hardware wallet DIY projects like Krux, seedsigner and so many others were created, to reduce (not completely) the risks of supply chain attacks while users use them on offline devices to further minimize the risks, all we can do is minimize the risks, unfortunately not completely, remember, nothing in this life is 100% safe, seat belts, helmets, condoms and so many security methods are to reduce the risks of some unwanted factor, but none of them guarantee 100% security.

[NotATether]

I have the uncanny feeling that the only "state actor" that would try to attack Bitcoin itself is not Russia or the USA, but North Korea. They are exactly the kind of people who would attempt something like this.

This would involve attacking the HSM chip manufacturer's hardware itself, whether by exploiting an unfixable hardware vulnerability or by infecting some developer's computer to inject their own flaws into the manufacturing process.

It would be basically amount to being able to steal the private keys of every single device from that brand ever made.

I think the best way to protect from this is two-fold. 1) Cybersecurity, and specifically the art of finding bugs, needs to be made an essential part of Bitcoin education. 2) The community needs to start producing its own chips. Whether by 3D printing or some other way.

[Satofan44]

As Bitcoin continues to grow, I think we are going to have bigger issues with these things. I hope that we can get a manufacturer to release an innovative device that bring next generation security. I mean, they can always keep simpler devices as their main products to tailor for average users who may not want or need that level of security. They would avoid limiting or hurting their primary sources of revenue this way.

I think the best way to protect from this is two-fold. 1) Cybersecurity, and specifically the art of finding bugs, needs to be made an essential part of Bitcoin education. 2) The community needs to start producing its own chips. Whether by 3D printing or some other way.

Open source chips would be a good thing, but I think at the current state of things we are unlikely to see devices with such any time soon. The problem primarily lies in the trade off between usability and security. One example that I can think of is that multisignature wallets aren't used nearly enough. Multisig must be very standardized, with cross-device compatibility and good UI. Having security that is obscure and hard to use by the average person is pointless.

In that sense, you can imagine a 2 out of 3 multi-signature setup that uses 3 different hardware devices by 3 different manufacturers who use 3 different chips. It is extremely unlikely that an hack would happen in this scenario, especially not one that was not exposed before a second hardware device is compromised. Why? Given how hard this is, a successful compromise of 1 brand would likely be used and public before a second one would occur.  Clearly the usability of such a setup is terrible compared to something fast as a browser extension. However, for long-term cold storage does it really matter if you need 5 minutes to create a transaction knowing how much security you have in your setup? For me it does not matter at all, and it wouldn't hurt most people if their patience was improved.

When it comes to your small or every day wallet, I think you should use it with the expectation that you can be hacked because there are so many ways for this to happen. Unless of course, your daily wallet is also a hardware wallet. Then that is a whole different story.

[satscraper]

Hello.

to target the least decentralised aspect of the Bitcoin security chain: the hardware wallets.

Your concern can be addressed by using the multisig wallet where HWs act as cosigners. The most secure setup involves the quorum of devices from different manufacturers, so that each one serves as a safeguard against potential compromise of the others. For even greater resilience, it's a good idea to have in quorum those HW that use electronic components ^{such as SE, MCU, displays, etc.}from different vendors and employ different programming languages in their codes.

[Lucius]

I have the uncanny feeling that the only "state actor" that would try to attack Bitcoin itself is not Russia or the USA, but North Korea. They are exactly the kind of people who would attempt something like this.
~snip~

It seems to me that the "Lazarus Effect" is at work here, because we have reached a situation where we are being tried to convince ourselves that an isolated, sanctioned country in which the internet practically does not exist represents the number one hacking force in the world. I'm not saying that NK doesn't do such things, but it's no secret that the "guys" who play dirty public games without any shame do much worse things in secret.

Maybe you should read what the most famous whistleblower revealed about BTC and US agencies - and this data clearly shows that they were already obsessed with controlling it 10+ years ago. NK simply doesn't have the potential to do something like that on a global level - except maybe when it comes to Ledger amateurs, because their sense of security with the Recovery option is the ideal way to hack them remotely.

[BobbysTransactions]

I have the uncanny feeling that the only "state actor" that would try to attack Bitcoin itself is not Russia or the USA, but North Korea. They are exactly the kind of people who would attempt something like this.

If this attack were to be realised it is almost certainly would be a joint operation of the western intelligence services (CIA, MI6, DSGE, Mossad etc.).

Your concern can be addressed by using the multisig wallet where HWs act as cosigners. The most secure setup involves the quorum of devices from different manufacturers, so that each one serves as a safeguard against potential compromise of the others.

True, but this doesn't help if every SE vendor is compromised and the kind of threat model I'm envisioning this is a credible scenario.

I think the best way to protect from this is two-fold. 1) Cybersecurity, and specifically the art of finding bugs, needs to be made an essential part of Bitcoin education. 2) The community needs to start producing its own chips. Whether by 3D printing or some other way.

Yes, some kind of hardware that can sign transactions that can be built and verified at home using more standardized building blocks rather than a fully integrated Secure Element. I haven't looked into the details but something *like* this betrusted.io device that incorporates a user-coded FPGA  in lieu of a microprocessor.

https://betrusted.io/

"Transparency is the bedrock of trust. Understanding what makes a thing tick gives us an evidence-based reason to trust that it works as intended. Betrusted is unique in that, instead of a black-box CPU chip, it uses reconfigurable hardware – an FPGA – for computation. This means you can compile our reference processor design from source, instead of simply having to accept on faith that this black epoxy rectangle contains precisely the circuits it advertises. "

[btc-freedom-money]

I will focus this explanation about usa because i know they do this stuff I'm going to say so everything I say is about usa.

Before police started having bodycams, we all know how terribly corrupt they used to be. With bodycams it became more difficult for them to be as blatantly corrupt as they used to be. But when we talk about the feds, the do everything in secret. That's what they are known for, especially CIA. Classified everything as a rule of thumb. That gives them freedom to be as corrupt as they want to be. No one will know because it's all done in the shadows. It's their word against ours.

Knowing all of the above, I think you can use your imagination on the countless amount of threats we innocent citizens face. They can do anything they want against us. We just have to hope they don't look in our direction. If we step on their foot in the line to buy a coffee, then that could be the motivation they needed to steal all your crypto.

There is a law in usa which lets feds force anyone the want to put a backdoor. They do it with a gag order so they can't tell anyone about it. Anything made in usa can't be trusted.

It's not about a total all encompassing attack against crypto. FBI is well known by now to be a political weapon and they have gone after very ruthlessly anyone who isn't left wing. If you say anything that is supportive of trump, maybe you will get swatted or have some fbi guy visit you. If they know you have crypto then they maybe will try to attack it.

With everything I've said, do you really trust a proprietary security chip?