PSA: When choosing a cold wallet realize that some require software be installed \ stacker news ~bitcoin

PSA: When choosing a cold wallet realize that some require software be installed

330 sats \ 21 comments \ @satoshisat 7 Oct 2022 bitcoin

I've always read that when creating a multisig wallet, you should choose devices from multiple vendors in order to make sure you're not exposed to a vulnerability that may be found on one device. Therefore, I purchased a ColdCard, Trezor, and Ledger.

When I went to create the multisig computer on a new computer I quickly realized something no one seems to talk about: some of these devices will not work unless you install software from their respective companies.

Trezor: If you connect a Trezor to your computer without installing anything, it doesn't work. You need to at the very least install the Trezor Bridge software. This is a deal breaker for me since if Trezor goes bankrupt one day, your device is basically useless on any computer that doesn't have their software already installed.

Ledger: Requires Ledger Live in order to be able to install the Bitcoin "app" on it in order for you to be able to use it for a bitcoin wallet. In this case, this is only necessary for the initial setup and after that you don't need Ledger Live installed for it to work. This is better than Trezor but still not great.

ColdCard: Doesn't require anything. It just works on any computer. Period.

At this point, I'm going to order more ColdCards and use them for my multisig wallet. I am okay with sticking to a single vendor knowing that I am not dependent on ColdCard remaining in business for me to be able to use the devices.

view all related items

0 sats \ 0 replies \ @timechain 7 Oct 2022

By the way, for anyone reading who has settled on coldcard, check out @btcsessions for a wonderful video for beginners:

He has amazing videos on most things hardware in the Bitcoin space.

40 sats \ 9 replies \ @ek 7 Oct 2022

Trezor: If you connect a Trezor to your computer without installing anything, it doesn't work. You need to at the very least install the Trezor Bridge software. This is a deal breaker for me since if Trezor goes bankrupt one day, your device is basically useless on any computer that doesn't have their software already installed.

How so? You don't depend on Trezor not going bankrupt, you just need access to the software. For example, you can host it or save it somewhere yourself. Or others might.

Also, someone posted a few hours ago if the Bitcoin Core software should have more seeders of it's torrent. Something like this could be done for other "essential" bitcoin software.

45 sats \ 6 replies \ @sime 7 Oct 2022

Additionally Trezor actively works on ensuring that Trezor users can to continue living there Bitcoin life even if the company sinks.

Firstly, the Trezor Suite, Firmware, Bridge are all open source.

If the Trezor blockchain explorer/backend (known as Blockbook) gets shut down, that too is open source. So members of the community can run an instance.

This year Trezor introduced support for custom Electrum backends too. For users who have something like an Umbrel instance running at home.

Also open source is the Trezor command line client. So if you are reading this in the year 2121 and find a Trezor buried in the rubble of society, look up trezorctl in the archives of humanity and spend those coins.

It's not perfect, but Trezor company wants you to have your coins accessible, always.

0 sats \ 5 replies \ @satoshisat OP 7 Oct 2022

That’s all great but in the end, fact of the matter is that with Trezor you have to worry about software, with Cold Card you don’t.

Also, something I didn’t mention in my original post is the fact that I don’t want to install unnecessary software on my new computer. No matter how much you trust a company, installing their software opens you up to an additional attack vector.

25 sats \ 2 replies \ @sime 7 Oct 2022

Well, the only software you should trust is on the hardware.

Which is why hardware vendors constantly prompt you to verify what is on the device screen, and not the attached host.

11 sats \ 1 reply \ @satoshisat OP 7 Oct 2022

I meant more as an attack vector in general (virus, etc) more than just being able to steal your bitcoin. I try and keep the software installed on my machines to the bare minimum required and there should be no reason that I need to install bloated software in order to use a hardware wallet. I don't want to use their platform to buy and sell bitcoin nor do I care about all the other sh*t coins.

35 sats \ 0 replies \ @sime 7 Oct 2022

All fair. Trezor also has BTC only firmware.

0 sats \ 1 reply \ @ek 7 Oct 2022

fact of the matter is that with Trezor you have to worry about software, with Cold Card you don’t.

That's true. I just don't agree that the software problem with Trezor is as big as you make it out to be. But if Cold Card works for you, that's great :)

I'll definitely try Cold Card as my second hardware wallet after all the good stuff I heard about it

5 sats \ 0 replies \ @satoshisat OP 7 Oct 2022

Highly suggest getting a Cold Card. It's hard to describe but when you have all three of these hardware wallets, you quickly realize how much better a Cold Card is. It definitely inspires confidence that Trezor and Ledger do not in terms of longevity, security, and just overall futureproof-ness.

0 sats \ 1 reply \ @satoshisat OP 7 Oct 2022

You can host or save it all you want, unless you’re going to go through the hassle of doing that with every release, it’s very possible that what you have saved is outdated and may not work/be compatible/break with future OSes or patches.

Point is you have to depend on software while with a Cold Card you don’t. Something I didn’t mention in my original post is the fact that I don’t want to install unnecessary software on my new computer. No matter how much you trust a company, installing their software opens you up to an additional attack vector.

5 sats \ 0 replies \ @sime 7 Oct 2022

Not entirely accurate. Cold card has its own software, ala firmware.

But I get your point.

10 sats \ 0 replies \ @Jon_Hodl 14 Oct 2022

So glad that someone else has brought this to light.

hardware wallets that require a third party to initialize are not permissionless devices and go completely against the ethos of Bitcoin.

ColdCard, SeedSigner, BitBox, Specter, and Passport are the only HWW devices that don't require third party permission to set up.

Trezor, Ledger, and KeepKey are all permission'd systems that might even store a copy of your xPub key. I know for a fact that KeepKey does have your xPub.

1 sat \ 0 replies \ @ln123 7 Oct 2022

Accurate indeed

Care to share your multisig strategy, for curious souls?

1 sat \ 0 replies \ @alpacachino 7 Oct 2022

Useful, and good call re ColdCard.

What's your experience with BitBox2 BTC-only, or other hardware wallets?

Thanks in advance for any feedback.

0 sats \ 3 replies \ @DarthCoin 8 Oct 2022

In the past, I had all of them (trezor, coldcard and ledger). I gave them away to new coiners.

For me personally are not necessary. I have much better ways to store my keys without any HW or complicated multisig. I keep it simple.

And never lost any sat in all these 10+ years using bitcoin.

0 sats \ 2 replies \ @satoshisat OP 12 Oct 2022

Storing keys alone is not the reason to use a HW wallet. The real reason one would benefit from a hardware wallet vs other methods of key storage is the ability to sign transactions when you want to spend bitcoin. If all you're doing is holding bitcoin then agreed, a hardware wallet is not necessary.

I'm sure you're spending bitcoin as well so I'm curious what these "better ways to store my keys" are that still allow you to spend your bitcoin without too much hassle.

0 sats \ 1 reply \ @DarthCoin 12 Oct 2022

LN is only for spending. Onchain is only for holding.

0 sats \ 0 replies \ @satoshisat OP 12 Oct 2022

That makes sense and it's how I handle it as well. That said, sometimes my transaction wallet gets low and I transfer some sats from my holding wallet to my spending wallet and for those instances, having a HW wallet is convenient. I guess if you stay on top of your transaction wallet balance and never let it get low, then this is not an issue.

A good analog would be checking vs savings account although even in those traditional accounts I end up having to transfer funds from savings to checking to keep checking funded.

0 sats \ 2 replies \ @timechain 7 Oct 2022

Coinkite is a really good company. Open Source soft AND hardware. The bitcoin-only thing might mean something in terms of attack surface. Even over the one where you only download the Bitcoin app.

Also, if anyone is shopping around, hardware devices are a thing you should possibly see if you can buy at a conference or meetup. Or at least use a PO box; don't let bad actors know where your house is. (I hope 3 companies don't know where you live, OP.). If buying online, also consider buying with a prepaid Visa Gift card or something like that.

0 sats \ 1 reply \ @sime 7 Oct 2022

Trezor at least deletes customer data after 90 days. They don't want to be caught holding the bag.

0 sats \ 0 replies \ @timechain 7 Oct 2022

Yep, that was bad. Did you know Richard Heart bought a copy of the leak to shill them Hex? Lol.