
169 sats \ 1 reply \ @TSW 22 Nov \ on: How have you surprised yourself this year? meta
I thought I would just continue orange-pilling people as usual but ended up starting my own company in the bitcoin space!
Yes. In the future, 99% of the world population will be priced out of using L1. Only the ones that are early and stacked a large enough stack will be using on-chain. For myself, I only have UTXOs of 1M sats or larger for this reason. These might need to be consolidated at some point as well.
100% agree. But people should know their own limitations, and that is definitely not the case in the bitcoin space, unfortunately. You might be an expert, but ~80% of people are not and might make a critical mistake sooner or later.
Security budget likely increases with what you have to secure, for example:
- 100 USD of bitcoin: paper wallet
- 1k USD of bitcoin: HW wallet single sig
- 20k USD of bitcoin: multisig
- 100k USD of bitcoin: multisig with SeedHammer
-
100k of bitcoin: proper inheritance planning
Why would you complicate your lift with singlesig?
Are you an individual that doesn't want:
- Protection against a 'single point of failure.'
- Protection against loss/theft of private keys.
- Protection against 'evil maid' attacks.
- Protection against physical attacks.
- Protection against phishing.
- Protection against malware.
- Protection against supply chain attakcs
- Protection against non-standardized passphrases
- Inheritance planning
This has been resolved by https://seedhammer.com/. You only need two plates from the 2of3 to restore a wallet. One plate does not provide all the XPUB details so if anyone finds one plate your privacy is still protected.
Single-sig vs. Multi-sig
It is crucial to safeguard your bitcoin assets so that:
- You feel comfortable when purchasing power increases tenfold.
- You have confidence in securely managing your bitcoin in the coming decades.
- You have arranged your bitcoin legacy.
Multi-sig
When properly set up, multi-sig provides the following security benefits:
- Protection against a 'single point of failure.'
- Protection against loss/theft of private keys.
- Protection against 'evil maid' attacks.
- Protection against physical attacks.
- Protection against phishing.
- Protection against malware.
Multi-sig also offers additional functionality possibilities, such as:
- Configurable co-signing: reduces the need to travel for the minimum required signatures and having multiple wallets, which is a risk in itself.
- (Automated) inheritance planning.
Single-sig
The main reason cited for using single-sig vs. multi-sig is that multi-sig is too complex and thus carries additional risks. However, this is a false sense of security because securely managing a single-sig requires additional complexity, such as:
- Adding a passphrase so that access to the seed does not grant access to the bitcoin.
- Creating multiple physical copies of the seed so that if one backup is lost, the bitcoin are not lost.
Passphrases bring multiple risks:
Are they random and complex enough to resist brute force attacks? Many hardware wallets offer the option to use BIP39 words, making it easy to enter the passphrase. However, if you use <12 words, your passphrase is weaker than a 12-word seed phrase.
There is no standard for securely storing passphrases. You have your seed in steel, what do you do with your passphrase? On paper? On the computer? In your head? How do you guarantee that no one gains unauthorized access?
Physical copies of seeds and passphrases:
If you lose your seed or passphrase, you can no longer access your bitcoin. Therefore, additional locations are needed to store your passphrase separately from your seed phrase. Additional locations that you must secure and check regularly.
Single-sig vs. Multi-sig
The complexity required to set up a secure single-sig is not lower than setting up a multi-sig. In fact, because you can use standards for multi-sig, it is, in our opinion, a safer solution. The biggest technical drawback of multi-sig is that you need the so-called 'wallet descriptor' to restore your wallet; this issue has been solved by @SeedHammer
.
Wow, this must be one of the riskiest setups that I have heard of:
- You talk about backups of your seeds but the weakness is in backup in the passphrase
- Passphrases are not standardized and people use weak passphrases every time
- You need three additional secure locations to secure your passphrases. In this set-up you require six secure locations
- There are no standards for this set-up to backup the descriptor, so another thing you need to keep track off
Coming back to the browser malware idea. I'm not a programmer, but with help of ChatGPT it took me 30 minutes to modify a Chrome extension to swap the BTC address shown on a HodlHodl contract with my own BTC address using Javascript.
I took this open-source wallet to try this out: https://github.com/iamadamdev/bypass-paywalls-chrome
Only a matter of time before someone deploys this attack vector.
I love the thoughtful blogposts and proposals @joko, keep them coming! I hope the SW & HW vendors can and work on these things more together. There are too many standards already, and all the different practices that are being used for self-custody aren't helping the end-user either.
Thanks for highlighting how the change address actually works. As I understand it the signature is only valid for the change address that is verified by the hardware wallet. So to attack the change address, you would need to attack the HW, which is more complicated than software.
Any idea/suggestions on protecting against address replacement when sending bitcoin as a user to anyone? Would that follow the same approach as in your blogpost if all wallets implement that? I guess so.
Right now, I'm considering doing a second verification over phone/chat/e-mail before sending bitcoin. Unfortunately, that cannot always be done since there will be many instances where the receiver also doesn't exactly know how their receive address is generated.
Ah yes, I just learned about that in this episode: https://fountain.fm/episode/XlD5eSY0ekb1pjDXAwmU
I haven't listened to that episode again, but it would require a certain amount of transactions to leak the private key right? Still, if that is already on the firmware level then that is bound to happen at some point if the number of transactions required is not too large.
Yes. I use a custodian that hosts one key from my 2-of-4, but I always control the majority. I will never use those new services where you spread your keys over multiple custodians. They can basically ransom your bitcoin as a group!
Yes, that is a good start. Still doesn't protect you from anything else that happens on your phone/computer though. I personally believe that browsers are one of the greatest weaknesses with all the extensions and code that websites run on them. So address swapping in a browser is more likely than in a native app. That's why I use Nunchuk as wallet software.