related posts
40 sats \ 0 replies \ @DarthCoin 8 Mar 2023
I used 2 HW in the past. I give them away to a noob.
HW are only a good tool for non-tech users, that feel insecure with software.
I do not use anymore any HW but I follow rigorously rules to keep my BTC stash in 3 parts: HODL, cache, spending.
Is not so hard if you know how to manage apps and UTXOs.
As I explained in one of my guides
and
- https://darthcoin.substack.com/p/deposit-only-bitcoin-wallets
- https://darthcoin.substack.com/p/build-your-hodl-btc-cold-wallet
reply
20 sats \ 1 reply \ @TwoLargePizzas 8 Mar 2023
As a coder that deals with security systems on a regular basis I think about this stuff all the time. I'm always paranoid someone is going to steal my $20 worth of Bitcoin.
reply
0 sats \ 0 replies \ @TheBTCManual OP 8 Mar 2023
Lol best way to store it then is to spend it, then at least you know you got something for it, having lost a bunch of bitcoin by being a dumbass in the past the getting nothing for my bitcoin is the ultimate dick punch
reply
20 sats \ 1 reply \ @gunson 8 Mar 2023
I appreciate the paranoia, but is it actually possible for an MCU to leak parts of the private key on a Coldcard? This data would be detected by both the firmware and Sparrow?
Also, article didn't mention the most simple extra security layer: Add a passphrase since that's not stored on the HW.
reply
21 sats \ 0 replies \ @TheBTCManual OP 9 Mar 2023
Yeah you could defs use a passphrase, lol will tackle that one in a different article though since its pretty easy to F up a passphrase since most people won't understand thats like creating an entirely new wallet
reply
10 sats \ 1 reply \ @0260378aef 9 Mar 2023
Have to give you a lot of credit for covering pretty much every angle in this long-standing debate. I get quite annoyed with the most public figures talking about HW wallets as if it's the obvious and only correct solution to holding bitcoin.
If I have one tiny criticism it's that you frame the 'general purpose hardware' approach as being only about extremely techy things like seedsigner (great project, but yes, techy), but one or more generic laptops are perfectly viable if never connected to internet.
reply
5 sats \ 0 replies \ @TheBTCManual OP 9 Mar 2023
I think HWW are pushed because it gives you something physical to kind of get your head around "holding" your bitcoin and also because its something you can sell people and make money, thing against it I own several HWW I think they're a great addition to the custody model and gets people thinking and talking about their custody solutions
I do think that in some cases it might distract people from taking custody because they "feel" they need this device though
reply
10 sats \ 2 replies \ @billiam 9 Mar 2023
For tech users, no need for a hardware wallet as those have their own, special attack surface like everything else.
Idea:
Encrypted Virtual Machine with disabled network adapter, a minimal Linux OS, updated. Host disconnected from internet when seed + passphrase is generated with the wallet on the VM (sparrow or electrum). Jot down seed and passphrase and store them in two locations (metal plate ...). Copy the xpub and create a read only wallet somewhere else and use it to receive bitcoin and to broadcast transactions. Use from internet disconnected VM as a "signing device" only (sign transaction and copy to read only broadcast wallet)
reply
0 sats \ 1 reply \ @TheBTCManual OP 9 Mar 2023
Lol damn son, you must be custodying hella sats with that set up
reply
0 sats \ 0 replies \ @billiam 9 Mar 2023
Problem is if host infected (keylogger, trojan, meterpreter, ...) recording keystrokes while offline and sending it back to attacker when going online. Also we don't know what zero days might exist in the vm software or operating system used.
reply
10 sats \ 1 reply \ @sime 9 Mar 2023
Articles like these IMO as not helpful to the yet to be orange pilled crowd.
Or at least not yet hardware wallet crowd.
Education needs to be around not storing private keys on malware riddled PCs.
reply
0 sats \ 0 replies \ @TheBTCManual OP 9 Mar 2023
I doubt any newbies are reading these kinds of articles, they're still getting into terms with hot wallets, but I think its important to give you all the trade offs with each one.
Depending on how parioniod you are, you could pick your solution.
Some sleep at night with a hot walet with all their bitcoin
Others have a multi-sig with different HW devices and a Virtual machine device with key
To each their own
reply
10 sats \ 1 reply \ @sudonaka 8 Mar 2023
Not your multisig not your coins
reply
10 sats \ 0 replies \ @TheBTCManual OP 8 Mar 2023
Lol for sure, don't trust one hardware wallet, distro it across several.
I think people will figure that out when they see how much purchasing power is actually sitting in a single sig ledger wallet when the price keeps running up, I mean do you really want to be keeping 100, 200, 500k on a single sig device?
reply