100%, great point. A tapsigner would make more sense and would be more cost effective.

We use the 608a chip from Microchip, and are switching to the 608b for next batches.

There is no critical vulnerability in the 608a, it's just not recommended for new designs because the 608b is rolling out. The 608b does have some kind of security enhancements but Microchip has not provided any further info. My guess is the 608b further protects against sophisticated lab-based laser attacks.

In order to compromise the 608a, or the 508a, or many chips like it – you can use expensive lab equipment to grind down the top layers of the chips, and shine lasers at the chip in an attempt to extract some data. My guess is we'll see similar attacks against the 608b, and I am sure Ledger's team is already trying to break the 608b.

Every chip is vulnerable to these kinds of targeted, sophisticated attacks, and we've seen everything from Apple's chips, to Intel SGX, etc be compromised in the last few years.

Passport's dual chip architecture removes the need to place all your trust in a single chip, and requires that an attacker compromises both the STM processor and the Microchip secure element.

You'd have to be specifically targeted for this attack, your device would have to be brought to a lab and taken apart, the chips would need to be removed from the board, etc.

Contrast to something like a Trezor, which does not use a secure element and can be trivially voltage-glitched using $100 of hardware.

There is no perfect security, but we can ship devices that require enormous cost and time to break into. Things like Multisig and Passphrases also render these sophisticated attacks useless.

Sure, that article was published just a few months after we publicly announced Foundation to the world, after I recorded with TFTC podcast.

Seems pretty apparent that a competitor was quite unhappy that we used some of their open source code, and has been coming after us ever since – calling us "cloners" "leeches" "scammers" "con artists" and so on.

Our founding team worked together previously at a company called Obelisk, building ASIC mining hardware, and shipped over $26M of hardware (over 13,000 units). We ultimately quit our jobs and left because (1) we wanted to be founders and build a Bitcoin-centric company and (2) we didn't agree with the management decisions.

I talked about it more in length on the Blue Collar Plebcast: https://www.youtube.com/watch?v=Vo6k0fbcC-o

Definitely read the rest of the Foundation novels! They are truly excellent.

One thing to point out – the company name is based loosely on the first Foundation novel, not the sequels. Turns out there's more than one Foundation 🤫

In all seriousness, I'm still pinching myself – can't believe we've built such an incredible team.

There's the more public ones like @QnA, Lili, and @sethforprivacy. But behind the scenes we have extremely talented software + hardware engineers and designers.

We likely have one of the most multidisciplinary teams in the industry, and we do everything in house. Circuit boards, firmware, mechanical engineering, industrial design, mobile apps, you name it! Even some operating system work now :)