/biz/ - Business & Finance

That’s what I would do if I was a jew

literally nothing
which is why no institution or company or fund or high net worth investor uses hardware hot wallets designed for casual retail use

they're simply secure browser wallets, at their core

>>52458243
Welcome back fren. God I hate jannies so much

>>52458230
Bump for interest.

I don't think they can do that tho.
They can push a firmware update but since they don't know the private key they can't move your coins.
They could however through some trickery trick you into sending BTC to a wrong address... Or some other display related thing. Can someone with a brain answer to this? Or I'll go to Reddit. Yes this is a threat.

>>52458281
They're cold wallets tho.

>>52458309
Thanks bud, and guess what that was just me replying to someone in a thread I didn’t even make and got banned lmao

>>52458324
they can simply export your key overtly, or they can do it covertly by slightly changing the signature when you sign a tx

>>52458343
they can be _used_ as a cold wallet, but to do that you need extra computer hardware as well as the hardware wallet, at which point you might as well cut out the vulnerability (the specialized hardware wallet) and use your extra computer hardware as a cold wallet itself.

alone connected to a phone or networked computer, they're just hot wallets.

>>52458230
Trezor is open source tho

>>52458380
They don't have access to the key itself that much I know.

>>52458380
thanks for clarifying. so pretty much laptop without internet is still the best solution but for most people it's too much of a hassle.

>>52458409
bitbox apparently too, but who's there to check. is there a community which checks every update. damage would probably already be done.

>>52458324
It’s not that deep, if they deployed one clipper not update it will be the largest rug in crypto history, back to reddt

>>52458230
>he updates his software

>>52458430
who says they don't? and if they don't a software update easily fixes that.

a hardware wallet relies on you trusting the company behind it implicitly, unless you take extra precautions, at which point you don't need it at all (other than for a multisig setup).

>>52458457
bruh, what if they make it incompatible with the software until you update it? also what if there's some vulnerability that forces you too?

only scenario would be install firmware 1.1 and then never connect it again, hold forever, before connecting check if anything fishy.

>>52458243
did you at least get a sniff before the ban took effect? please tell me you at least got half a snootful of the vavavoom vapors before you got to the hammer

>>52458230
Yes, they will get hacked or 'hacked' eventually and this will happen.
Btw, what's your opinion on CBDC?

>>52458380
retard alert

>>52458683
dont try to argue about things you don't understand, you'll only embarrass yourself.

>>52458230
The private key is locked in a chip, that's what makes it a "hardware" wallet. That being said if the company was compromised they could try and trick you into signing a phoney transaction sending them your crypto to an address they control. That's why you do a test transaction first before any large transfers. Also, people would figure this out pretty quickly and you could just migrate your seed to a new wallet and the company would go bankrupt so it's not really in their interest.

>>52458230
firmware updates are opt in. the end user has to consent to them and can audit the code of that firmware to be installed beforehand if it is open source. which is why you shouldnt use a ledger, since its a block box and shuld get a coldcard instead.

>>52458709
they don't need to trick you do to anything. software has full control over the entire device.
you load the update and they can just take your seed while the update is in progress.

>>52458640
I think it's just the evolution of money, as in the currencies will eventually get digitalized.

Ideally we would still have paper money alongside it but the elite is not interested in that to track all money flows and have more control.

Apart from that I see two possible outcomes. We get CBDC, they regulate the shit out of crypto to the point where it becomes unusable and we only get to see a few tokens that reflect certain aspects. Second scenario I see is we go pretty much into medieval mode where the western world goes into "civilized" globohomo part where crypto = CBDC. And the other parts of the world where it's basically rural peasant style or countries that didn't bow to globohomo and btc is a valid currency.

>>52458454
I was just thinking about this situation before I saw this thread
an industry wide hardware wallet hack would be like a great reset for brypto

>>52458742
The details differ by manufacturer, but in this case they'd have to re-program the wallet OS/MCU/client to scan through any installed chains/apps and automatically send found crypto to the attacker using the private key on the secure element. So yes technically possible, but very difficult in practice. Piggybacking off valid user transactions would be much easier and less obvious. In both cases upgrading a hot wallet first would display the malicious behaviors so it's probably best practice to keep a cold wallet separate even with hardware wallets if you're dealing more than a couple thousand bucks.

>>52458742
The seed is stored offline, you retard. The device does not know what your seed is it can only check if the seed you have typed in is correct. That is why you write down your seed because there is no way to press a forgot password button, you brainlet.

>>52458281
yep, bitcoin is supposed to be this trustless asset, but literally every step of actually using it requires a massive amount of trust

>>52458230
Go on

>>52459256
you're attempting to explain algebra to a dog right now, this kid could have googled an answer if she really wanted to know. don't fight the retards, it's a bad look.

>>52459333
checked
i think the point is people want verification that it is indeed the way they say it is
sure the ideas make sense, is it reality though?

>>52458230
Same question but with software wallets. Why are these trustworthy at all?

>>52458380
Shut up retard

>>52458465
Yeah bro it’s why I keep my money under my bed

>>52459402
supposedly being open source would mean inserting a backdoor would be impossible

>>52459386
most middle aged women save their recreational outrage for facebook. I'm not sure what OP was trying to achieve with this journal entry.

what I do know is it would be easy to compromise a single "ST31 secure microcontroller" if you had access to it, but due to it being a standalone powerless device you'd never be able to achieve this grand heist. a few people would get wiped out and then the issue would be resolved.

>>52459402
they're not, didn't they steal solana from a bunch, also I think trust wallet.

they say the fault is on solana, but wouldn't the affacted hot wallets just show how vulnerable they are?

>>52458230
You're right. Nothing like boomer rocks that you can hold in your hands

>>52458230
Nothing electronic is secure.
Nothing.

>>52458230
>>52458324
>>52458380
To mitigate this issue I recommend using your Trezor with Sparrow or any other wallet software but never with the Trezor Suite.

>>52458640
>>52458774
I'm thrilled to be participating in this organic and useful discussion full of knowledgeable people.

>>52459881
god dammit, you're right

>>52458380
this. I just use my computer. its linux, encrypted ssd. better than some stupid usb stick

>>52459280
>we live in a society

>>52459280
You can actually do it in a trustless way. It's just expensive and also a pain in the ass. But it's doable. I have a wallet that's absolutely unhackable. The only problem is that getting money out of it would take me half a day. It's for long term storage so I don't care though.

>brutally mogs your $200 pendrive

>>52459333
>this kid could have googled an answer if she really wanted to know
Subtle, based, and checked

>>52459881
>>52459990
It's a test of your will :>

>>52460261
Imagine having your grandpa burn his nu-metal mp3 collection over your wallet

>>52460261
lol this. Tho better to use DVD-R

>>52460261
based, got these retards shelving over $100 for something they could make for $1 if they were smart

>>52458230
You dont have to update the firmware. Trezor firmware is open source. One of the reasons i chose trezor over ledger.

>>52460541
none of you retards understand how hardware wallets work.

>>52460427
nu metal in now grandpa music. it feels like the 2000s were just yesterday

>>52460573
Do you?

>>52458498
What if someone who works at ledger looks at your address and personal information and just comes to your house with a gun and forces you to give them everything? What if that happens?

>>52460668
Ledger is French. They don't have guns and will surrender quickly if you refuse to give your pin.

>>52460427

Am I safe to use a ledger without ever upgrading the firmware? I don't like upgrading firmware on this computer with malware.

>>52460651
at least slightly better than most of the people in this thread.

Trezor is open source, so anyone who can read the code can verify it.

>>52460634
>>52460805