/biz/ - Business & Finance

>>55007940
what the fuck are you talking about

Im unsure where to go from here. I have a ledger for my Hbar, if the citadel wallet turns out good I might switch over to that one.
Also I left binance after they didnt accept my "proof of wealth" and switched to kucoin

Use trezor. It's open source. You can literally compile the firmware yourself and use that

Trezor seems to be the next most popular, but that can be compromised if someone has physical access to it.

>>55007969
idk i've been around for some time, trezor has always been a meme and had multiple security breach innit

>>55007981
Trezor never had a single security breach
Ledger however leaked their customer information and now this shit

>>55007996
>Trezor never had a single security breach
False

>>55007940
I don't like to rush to judgement, but 'unplanned obsolescence' of one's own products and services seems to me to be a poor business strategy.

>>55007940
Just keep your bitcoins on a paper wallet in a tobacco tin under your bed.

>>55007969
SystemD was created by the CIA but ok faggot, tell me more.

Literally put the encrypted wallet on an usb and use it on an air gapped laptop
How retarded are crypto users?

>>55008024
>Literally put the encrypted wallet on an usb
hacked

I have the old Ledger Nano S, ordered the Trezor Model T and will use both as a 2/3 GnosisSafe multisig.

Does that make sense security wise or am I retarded?

Why would anybody buy a device from a company that leaked everybody's personal information in 2020?

It's been nearly 3 years since the world found out how bad Ledger and all of it's employees are at actually building anything secure, or even trusted.

Just keep your seed in a txt file on Google cloud

>>55007981
Nothing's a bigger meme than the retards who bought Ledgers after 2020.

>>55007976
>>55008007
>>55007996
Trezor's problems all stem from the fact that to be fully open source you can't rely on hardware hardening. That's its only fault, and given all these other jewish companies can't be trusted to secure their software I would take open source over (((secure elements))).

>>55008092
aaaaand its gone...

>>55008109
are you a trezor shill

Can we make our own hardware wallets with a raspberry pi?

>>55007940
My Link is stake via ledger. I'm so disappointed in myself for trusting them. I should have known since they were closed source and their team photos look like mostly kikes

>>55008024
And its sooooo convinient to use as well! Just buy a extra computer lol, and never connect it to internet or you lose everything lol

Airgapping a wallet on an old pc was always the only way and every 3rd party key was always a meme.

>>55008336
that's retarded, you should have the device up to date

>>55008262
There aren't many hardware manufacturers you can trust. Ledger failed the test in 2020. If you don't buy shitcoin there's ColdCard/Passport, if you do there's also BitBox.

Everything else is much more niche and much more complicated, but that doesn't change the fact that Ledger is the choice of the midwit.

>>55008007
It's true. Phishing doesn't count since that is users being retarded.

>>55007940
Use Tangem instead

>>55008336
Trezor is just an airgapped pc already, the code is open source and yes its been checked... apparantly

>>55008659
what's this supposed to be

>>55008690
https://youtu.be/t7xAehtvxRo

>>55008013
Doesn't matter, Trezor runs offline. Iirc its limited in what it can actually send. You could have all sorts of tranny backdoors on both, but unless its code specifically designed to compromise a Trezor (e.g. fake firmware) it should never actually be sending anything to the computer besides basic transaction maths shit.

There’s a community initiative $FuL fuledger.build that aims to fix this

>>55008659
>no screen
midwit tier

>>55007940
i bought one 2 years ago and never used it

>>55007940
Download your coins to a paper wallet

you really thought they will let you be anonymous? crypto is a failed concept, you will never be able to transact freely, I have never been more sure and I've been around since 2014

>>55008336
This is really only good for generating a long term cold storage paper wallet. Otherwise it's a real pain in the ass to have to manually generate with a usb stick and two computers when you want to transact.

>>55008757
lol the site is cool

>>55007996
>Trezor never had a single security breach
https://www.youtube.com/watch?v=dT9y-KQbqi4

>>55007981
Using a passphrase makes it basically bulletproof.

Trezor has more people attempting to hack it as it's fully open, there's probably similar attack possibilities on ledger or other hardware wallets which are not publicised or known yet. Also with trezor you dont have to worry as much as about nefarious actions by the manufacturers themselves, such as ledger creating a firmware that exports your seed

>>55007940
just b urself

>>55007962
>Hbar
lol

>>55008976
>physical device access and no secret pass on the wallet

>>55008109
Open source has nothing to do with security. Open source software is often more secure because it has to actually be secure and not just rely on people not bothering to reverse engineer it, or rely on the source code not being leaked.

>>55009042
You weren't supposed to actually click it please be kinder on the Ledger shills they are working very hard and their pay depends on our cooperation!

>>55008976
that's an older wallet, but you really shouldn't rely on a hardware wallet to protect from physical access, because your recover seed could be stolen / viewed too. You should use a passphrase to protect both.

>>55009119
i was just pointing out that yes it can be breached but almost nobody has the skills to hack that. a trezor is fine for almost everybody

Are you all retarded? Stop using hardware wallets you absolute mongoloids. Stop trusting 3rd parties. People secured their crypto just fine long before those memes came along.

>>55008976
>physical access
>no passphrase
Woopdiedoo its a nothingburger so there still hasn't been an actual security breach

So this doesn't affect any devices without the newest firmware?

>>55009063
(((open source))) means nothing if you don't have the skills to understand what developers are doing and can't proofread it

>>55009141
But that's not what hardware wallets are for. They're for preventing a computer from accessing your seed. They aren't meant to protect someone from extracting the seed with lab grade tools or something, The recovery phrase is plane text on a piece of paper anyway. You have to use passphrase if you want to protect your seed from physical access.

>>55009217
No, you can rely on everyone in the world being able to look at the code and vetting it. A bug in open source code could be more likely to be found and fixed than proprietary.

Im considering this for my main vault:

- Pixel 7a with Graphene OS (no google adware, hardened, only ZenGo app)
- ZenGo Wallet (3FA, seedless recovery)
- Never leaves home

Is it viable?

>>55009269
>trust other jews to vet jew sorcery
when will you faggots learn? there's no such thing as others will do it for me

>>55009349
Your alternative is closed source that no one can vet lol open source is strictly better.

>>55009063
>>55009217
this is a place for 100 iq and above, thanks.

the good thing is the midwit crowd are the ones who will be losing their money with ledgers and other (((secure))) devices. so please, enjoy your closed source (((security))) to interface with open source blockchains.

>>55009349
it really doesn't matter because you were never going to make it anyway. you might as well just use coinbase.

Enough of standing still anons, it's time to fight back $FuL fuledger.build

>>55007940
I ordered the blockstream jade. It’s open source and cheap, especially with the coupon code:bitcoinislove or loveisbitcoin. Can’t remember which

All these fuckers will do this eventually when the 5 eyes lean on them. Any company selling anything like this will end up the same way. Only solution is real self custody - make your own hw wallet.

>>55009461
Nice shitcoin anon, this is what I like to see out of you 4chan faggs.

>>55009401
you are a bunch of niggers, i am not saying closed source is better, i am saying the false sense of security you get from OS is completely unjustifyied

>>55009703
Your spelling is unjustifyied

Just write your seed phrase on a piece of paper you autists

>>55009838
And do you insert that piece of paper into the usb port to sign a transaction?

>>55008287
Theres a project using a esp32

keep giving the jews your bitcoins or tell ledger to fuck off and buy $FuL, your call

>>55010120
what are you 16yo????

>>55007940
you had a choice between secret code ledger and open source trezor. if you chose ledger, you're a moron.

>>55007940
is the seed exposed if you launch Ledger Live without the device itself plugged in?

for example to connect to the chanlink staking website?

>>55010615
It's insane that these two are touted as the best in class. Both of them are bloated with Defi crap. I don't want to stake in my hardware wallet, I just want to hodl it. All of these wallet connect features are just begging to be exploited. A hardware wallet should exist in its barest form where the only thing it can do is create wallets, delete its data, sign or cancel a transaction. That's it. The only options are bitcoin only wallets but I'm not a bitcoin maxi, so the cold storage market is really not giving people the options.

>>55011109
yeah i agree, i don't use any fancy functions either. just send and receive. i doubt you're exposed to any attack vectors if you don't use the features.

I bought a Ledger Nano S in 2018, am I safe?

>>55011417
do you still update your software? then no, you are not safe. lol

>>55007940
>Binance now wants me to basically record a tiktok if i want to log in
clap wagie clap

>>55010490
Are you? His point is that you cant conveniently broadcast transactions from a paper wallet

>>55007940
Fremen o' the larn'd

>>55008952
If its failed why are all the banks and Google and swift and amazon and fucking everyone getting into it then? Are you more enlightened than they?

>>55011250
>>55011109
Yeh I agree with this. Whoever makes an open source barebones device which does only these things will clean up. Fuck all that Bluetooth shit as well; I mean wtf, who needs to make wireless crypto moves from a cold storage device? And don't make one with a screen that dies after 3 years either

>>55007940
I can't believe there are motherfuckers out there so dumb, they can't memorize their seed phrase. I have the shit memorized and a special technique to jog my memory in case I somehow forget (which I won't).

>>55011109
>>55011250
>>55011657
Not wanting bluetooth makes sense. But a hardware wallet should sign any transaction sent to it. If you have software that creates a tx to stake or use defi, then the hardware wallet should sign it after displaying maybe the method and parameters. But its the software that creates the transaction. Like you can use metamask with trezor. If you want to deposit into some defi platform for example, metamask creates the tx and it just sends that tx to the trezor to get it signed. Trezor displays the details of the method call and you confirm it. The only thing the trezor is doing is signing and verifying.

>>55011730
I have my seed phrase memorized better than the ABC's.

>>55007940
>trusted the french.
Serves you right.

>>55011730
But you couldn't actually use your wallet which is the point of hardware wallets. If you're just holding in a cold wallet then paper/metal/brain wallets are better.

>believes in decentralization
>centralizes all his wallets in a piece of plastic made in china slave factory

>>55009703
>unjustified
then you're just another midwit

go lose your money, but don't expect people to not make fun of you while you do

>>55011753
yes, signing of transactions is all thats needed

>>55008013
Lol wtf shut the fuck up nigger trannie you obviously don't know what you're talking about.

Most stupid nonsensical argument in this thread.

>>55007940
encrusted sharts?

>>55007996
mailchimp incident

>>55008172
It's also written down on paper at my desk

>>55009063
>>55009217
>the people perish for lack of knowledge

>>55007981
you're pulling stuff out of your ass
trezor has always been superior to ledger

>>55009269
>everyone able to look
>nobody does
open-source is not automatically legit because it’s in cleartext
>A bug in open source code could be more likely to be found and exploited than proprietary.

>>55015498
of course, but its still a lot better than zero people looking.

as others have said, being open source forces the code to be better, as the developers can't be lazy fucks relying on code obfuscation.

>>55015498
>>55015514
plus if a dev is willing to release the source, its a whole lot less likely there is something embarrassing or sketchy in the code. While proprietary code can be absurdly, pathetically bad. Often times companies don't want to open source because it would be embarrassing to release their shit code.

>>55015530
not many people are looking, but everyone knows a lot of malicious actors are looking.

>>55007940

>>55008172
They won't really delete it -- they'll keep a copy for themselves. They just 'delete' your access to it.

>>55007940
It seems to be very bad communication and a very poor business move on account of the relative tech ineptitude of the audience.
The reaction IS NOT unwarranted, but there is no backdoor and the key still stays fully on the chip.
On twitter, they said 'it was always possible for a firmware to extract the key'. What they mean is 'an attacker could flash your ledget with a rogue firmware to extract the key'. What it sounds like is 'we lied when we said the key was secure'. That's because they made the mistake of oversimplifying how the storage of the key works and then going into more details.

In this post, they say 'encrypted shards of the key'. This means that the key never leaves the hardware, a transformed version thereof does. This is completely kosher from a security perspective but it requires decent understanding of cryptography to understand why.

The reaction is fair because it does mean that they could add more of those 'features' anytime, and as features of this type are added, increased cryptographic sophistication is required from both the developers and the user to avoid side-channel types of attacks.

The key (haha) part here is actually that now you people should understand that if you plug your key in a device you don't trust, anything can happen and your key could be lost. THIS IS NOT LEDGER SPECIFIC, ALL THOSE DEVICES WORK THIS WAY.

>>55007940
I use Bermuda dapp now. It's way more secure than ledger. Completely private like Tornado, but fully legally compliant.

>>55008287
Yes, you basically just need a decent HSM and basic tech knowledge for setup and programming.

>>55017175
>The key (haha) part here is actually that now you people should understand that if you plug your key in a device you don't trust, anything can happen and your key could be lost. THIS IS NOT LEDGER SPECIFIC, ALL THOSE DEVICES WORK THIS WAY.

100% false. This is the entire point of a hardware wallet, which is to use a computer you don't trust.

A hardware wallet is an interface to sign transactions, the idea of it as some sort of vault to "protect" your seed is fucking retarded. Protect your seed with the industry standard BIP39 passphrase that every wallet supports then you can drive around in a truck with your seed painted on the side and it would be safe.

>>55017253
Stop shitposting about things you don't have the faintest clue about.

>>55017264
Well OK, only the first part of your post was retarded, the second part was only exaggerated.
The point is, any computer that can touch the firmware can do anything it wants with the system including exact the key. It's the same with any hardware: an attacker having physical access (an entrusted computer IS AN ATTACKER (potentially)) automatically bypasses any cute little security measures you could possibly come up with.

>>55017300
>any computer that can touch the firmware
A hardware wallet won't allow firmware upgrade without user confirmation through physical buttons on the device. Same with signing transactions. You only have to trust the initial firmware you put on the device.

There is actually no inherent issue with allowing seed extract with user confirmation, its just a retarded feature because the user already has the recovery phrase and do whatever the fuck they want with the seed.

>>55017354
>Same with signing transactions. You only have to trust the initial firmware you put on the device.
No, you have to trust the entire sequence of firmware you put on there. If at any time you accept flashing a firmware that has a "bug" (backdoor) that no longer requires button action to flash, you're screwed from an opsec perspective (but not necessarily in real terms just yet).
See also
https://crysp.uwaterloo.ca/courses/cs458/F08-lectures/local/www.acm.org/classics/sep95/
for an example exposition of the issue.
Conversely if you do trust the firmware, then nothing in the ledger meme scandal is of relevance because the entire outrage is predilected on the concept of flashing an untrusted firmware.
>There is actually no inherent issue with allowing seed extract with user confirmation,
Basically true, except for exposure risk (the more security-related features you have, the more chances there are to be an exploit for it or a bug in it). In this case it's quite the unlikely scenario, though.
>its just a retarded feature because the user already has the recovery phrase and do whatever the fuck they want with the seed.
Also yes.

The fact is I don't understand why they made the decision to let you flash over usb instead of requiring e.g. a dedicated serial connection. The latter ensures you can't possibly get your firmware flashed when using the device to access your wallet even on an untrusted device.

>>55017475
I mean you have to trust when you update the firmware, but once setup you can plug that wallet into a completely virus ridden computer and do transactions by verifying the output on the device.

If malware tries to update your firmware, you can just deny it on the devices.

But yeah, when you actually do want to update the firmware, you have to trust the firmware you are putting on there, which you can if its open source. And that is the exact issue with ledger, its not, you have to trust ledger from the get go.

>>55017518
>If malware tries to update your firmware, you can just deny it on the devices.
So long as your chain of trust remains unbroken and so long as there's no bug that can be exploited to bypass it, yes.

>which you can if its open source
There can still be bugs. Also do YOU read the code of the firmware?
But yes, if it's opensource you can automatically trust it much more.

Oknso now it's established Ledger is fucked where best to hold alts that isn't trezor -
Is metamask ok ? Is it ok to use metamask on your phone instead of pc is you are torrenting on your pc ?

>>55017175
>The key (haha) part here is actually that now you people should understand that if you plug your key in a device you don't trust, anything can happen and your key could be lost. THIS IS NOT LEDGER SPECIFIC, ALL THOSE DEVICES WORK THIS WAY.
completely wrong.

What are the best open source wallets ?
Are all hotwallets truly inferior to cold storage -
What's a rough figure of value usd where you should start using cold storage-

>proprietary
kek retards

>>55017679
>What are the best open source wallets ?
trezor

>Are all hotwallets truly inferior to cold storage -
yes, first all hardware wallets are backed up by a paper/metal wallet which could just be used by itself for a cold wallet. second, you are far more likely to use funds using your wallet more and getting lazy about verification, then signing away your funds.

>What's a rough figure of value usd where you should start using cold storage-
If you're just holding, then always use a cold wallet. Otherwise just put whatever crypto you need to use frequently on a hot wallet.

>>55008896
What the fuxk does this mean

>>55007940
>>Once again i trusted the french.
Parisians*

Did they poison this coin after I got into the wallet?

>closed source hardware wallet
would you trust ledger employees with your private keys?
no?
then you shouldn't be using closed source devices.