S4 E3: Lazy Ninja on Hacking Hardware Wallets
Lazy Ninja (whom you can follow on Twitter at FreedomIsntSafe) has been around the Bitcoin space for almost 7 years. More recently, he decided to make use of his background in security in order to hack into hardware wallets and make responsible disclosures about the various vulnerabilities he finds.
Most famously, Lazy Ninja has found and reported issues in the BitBox02 and Coldcard devices. For each of his reveals, he used the bounty program and wrote lengthy blog posts to explain his methods.
In this episode, the mysterious bitcoiner talks about his experiences with hacking hardware wallets and gives invaluable advice to those who seek to acquire a new device. He emphasizes on the qualities that matter and explains how new hardware wallets should be approached.
Most importantly, Lazy Ninja gives an insight in the mind of a hacker and should help you understand how and why you should protect your hardware wallets and private keys.
4:00 – Introduction
5:48 – When did Lazy Ninja get into Bitcoin?
6:45 – Lazy Ninja first heard about the Trezor
7:43 – When Lazy Ninja first started hacking hardware wallets
8:50 – Are hardware wallets secure at all?
11:00 – Lazy Ninja’s experimentation with hacking the Trezor
12:10 – Coldcard wallet and the age factor in hardware wallets
14:30 – Finding issues in the code/documentation before even touching the hardware wallet
15:25 – What does Lazy Ninja think about the ColdCard?
19:40 – Piece of advice for when your device stops working
20:10 – Is air-gapping the hardware wallet with PSBT important for security?
23:40 – Vulnerabilities found in ShiftCrypto’s BitBox02
32:40 – Which hardware wallet does Lazy Ninja recommend for newbies?
36:35 – Secure element chips, open source, and trust in manufacturers
43:00 – The 2018 wallet.fail Ledger hack
46:10 – On Trace Mayer’s criticism of hardware wallets
49:20 – General-purpose devices and DIY hardware wallets?
52:00 – On the security of Armory, Wasabi, Electrum and Bitcoin Core (hot wallets)
54:40 – Mobile phone security
59:00 – Hardware wallets vs cold storage
1:01:30 – Getting a backup device
1:05:00 – Are multisig setups safe and good for security?
1:10:00 – Is the Lindy effect relevant?
1:12:00 – On CoolWallet, Ellipal, and other new hardware wallets
1:16:10 – Buying the cheapest device if you just plan to ditch proprietary software and use Electrum and Wasabi?
1:17:50 – Cold storage vs hardware wallet
1:20:00 – Are Bitcoin-only hardware wallets more secure for your BTC than the ones with multi-coin software?
1:23:00 – YubiKey and general-purpose devices?
1:26:00 – Bitcoin vs gold
1:28:00 – Blind trust in exchanges vs the purpose of Bitcoin
1:40:00 – Governments turning Bitcoin into a surveillance system through KYC and blockchain analysis
1:42:00 – Switching to Bisq
1:45:50 – Tweet at us
1:47:13 – Sponsor ads
“LXMI is a European Cryptocurrency exchange whose name is inspired by Lakshmi, the Hindu Goddess of Wealth, Good Fortune and Prosperity. It’s one of the regulated and legal Cryptocurrency exchange.
On LXMI you can buy bitcoins with most fiat currencies and you can also do the trading for top Altcoins.
They follow the “Not your keys not your bitcoins” philosophy with their integrated non-custodial wallet which helps you manage your own private keys. So if you’re into trading, then you don’t have to worry about having your Crypto frozen by whatever political decisions, since you’re empowered to hold and move your coins around whenever you wish.
It’s great to have new players like LXMI that respect your financial sovereignty.
LXMI is launching in 2020 for more information please check out – www.LXMI.IO/
If you’re not trading, it’s recommended to move your coins to a hardware wallet or some other form of cold storage, and in this episode, you’re about to find why.
Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.
“Phemex is a Bitcoin exchange with derivative trading options which focuses on speed, robustness, and maximum uptime. Built by former Morgan Stanley executives, it manages o bring simple and accessible Bitcoin trading. In 2020, Phemex will also add S&P 500 stocks, stock indexes, FOREX, commodities, and more.
Sign up today at phemex.com/bonus and receive a bonus of up to $72.
Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.”
Vlad Costea (00:04:01):
Hi there and welcome to season four episode free of the Bitcoin takeover podcast. I am Vlad, and my guest today is Lazy Ninja who is a hacker of hardware wallets who gets it. A lot of acknowledgement from big companies which produce hardware wallets. And there recently recently was able to find vulnerabilities in the ColdCard and the BitBox that would too. And I think also the Trezor, but I’m not 100% sure.
So in this regard, I think he’s a very valuable individual who makes hardware wallets more secure for all of us. And the fact that he finds issues and reports to them for bouncy means that we all get a lot more security from software updates from the companies. She could easily chase owners of hardware wallets and try to steal their Bitcoins. But he’s a very nice guy and she will not do that. So hello, mr Lazy Ninja, who by the way can be followed on Twitter at freedom is unsafe.
Hey Vlad, how’s it going?
It’s going okay so far. I’ve checked the balance and the hardware wallet and it’s still fine. You haven’t hacked it?
Lazy Ninja (00:05:17):
Haha, I have not hacked it yet. However, be careful. I don’t know that I’m so altruistic. Is that that I wouldn’t hack it given the right opportunity.
Vlad Costea (00:05:28):
You don’t have physical access yet because we’re not in the same room.
Lazy Ninja (00:05:33):
Yeah. So, so far all my hacks have been only physical access related. So I’m going to have to sort of broaden out my my scope of attacks I’m looking at here to get ya.
Vlad Costea (00:05:45):
So how did you acquire this interest in half hardware wallets?
Lazy Ninja (00:05:49):
Well, I, I started out in Bitcoin right at the end of 2013, well heard about Bitcoin right at the end of 2013 when it was making its run up to a thousand. And I was like, Whoa, what’s this thing? And so I started investigating it and I was sort of hooked right away. Now unfortunately I wasn’t a massive buyer then, so I’m not yet, you know, a super Bitcoin wealthy.
New Speaker (00:06:16):
But I did investigate sort of, you know, I had ran my own wallet, I ran an armory wallet and I investigated sort of, Hey, how do I protect this key? And so I printing out my key and storing it and thinking about that. But so that was even pre, I think that was pre hardware wallet time. So when did the Trezor come out? Like 2014, 15, something like that. So I think, I don’t think I even heard about the Trezor right away.
New Speaker (00:06:44):
So it’s probably not until like 2015 that I heard about it and started thinking, well that’s a really good idea and it’s actually really silly. I didn’t sort of think about that at all. Like I didn’t, I didn’t even think about, Oh this would be really good for a little embedded device cause sort of working with embedded devices and security is actually sort of my job. So it’s sort of funny how I just didn’t sort of put that together right off the bat. [inaudible].
Lazy Ninja (00:07:14):
But yeah, I think the Trezor was my sort of first interest. And I really also, it’s interesting, I didn’t really think about hacking these devices for a long time. Like so Trezor was my first wallet, so I forgot when I got one, probably early 2017, I think is when I got my first Trezor. And it’s still, for some reason I didn’t think about attacking these devices. I just sort of a generic Bitcoin user.
New Speaker (00:07:42):
And I think it was probably sometime in 2018 was when I sort of, you know, whenever, when everything’s going up, sort of in 2017 we’re all just thinking about price and all that excitement. And it wasn’t really thinking about how I could make money or help the community. She’ll always say, and then, yeah, sometime in probably 2018, you know, during the low times, she’ll always say it’s when I’m like, you know, I need to do something other than just sit here and stare at black folio on my phone and shake my head. So I think that’s when I started sort of looking around at what some of these devices did. [inaudible]
Vlad Costea (00:08:30):
Okay, sorry, I was muted for whatever. So you started looking into the, the devices from a security experts point of view and how do you find them? Do you think that they’re secure? Do you think that they are simplistic in their design? Is it an efficient way to store your keys?
Lazy Ninja (00:08:54):
Yeah. What’s really, so in your phrasing right there, you sort of give away the secret of everything here. The simplicity. And it’s really just fundamentally the simplicity of the device or not, not so much the simplicity of the device, but that the device isolates the complexity of the rest of the Bitcoin environment. So it isolates you from all the complexity going on in the computers and the networking and stuff, talking to the backend Bitcoin network and other nodes and having this device that provides, you know, this isolation and simplicity is the fundamental piece of security that these devices off.
New Speaker (00:09:39):
So even, even if I’ll say this, maybe this isn’t true in all cases, but even if some guy just made their own random hardware wallet in a, in a very simple way, it’s probably more secure than keeping your keys on your computer. So in almost all cases, these wallets do a relatively good job at, at protecting keys.
Lazy Ninja (00:10:06):
It’s only when they get scrutinized very closely that we start finding issues. Now, some of these issues are, are very important, especially when wallets start being sold on scale because the attack isn’t always just on a single wallet. If you can find some sort of software issue with a wallet, you can steal. Well, depending on the type of attack you can not only steal one individual’s funds, you could steal many individuals funds on anybody that uses this wallet. So the level of security needs to be much higher because the value to the attacker is also very high.
Vlad Costea (00:10:52):
So one was the first time you discovered vulnerabilities in hardware wallets. And how did you acquire this taste for being an ethical hacker?
Lazy Ninja (00:11:06):
So the first one I looked at or started looking at, shall I say, was the Trezor. Now I never did find anything with the Trezor at the time. And that was only sort of half-heartedly looking cause I just felt, you know, the Trezor had just been around a relatively long time and it was, you know, well-researched. So I knew anything that was to be found would probably be somewhat difficult.
New Speaker (00:11:33):
But it was really fun to just sort of look at the simplicity of the architecture. You know, if, I don’t know if anybody’s, you know, taking a look at what the Trezor actually look like looks like, but it’s basically just one chip and a display. You know, there’s other passive components around there, but it is just an incredibly simple and sort of fun to fun to start researching. But I knew I didn’t have a lot of time to spend really digging in super deep.
Lazy Ninja (00:12:05):
So I just sorta sat by just sort of keeping my eye on devices coming out. And then the ColdCard came out. And so I decided this was really my opportunity because one of the things about a wallet that really, or I guess it’s any, any piece of software or hardware trying to do security, is the, the age of the device.
New Speaker (00:12:34):
You know, as devices, age, you know, they have more eyes and more people looking at them and more vulnerabilities are being fixed. And so your best opportunity to find sort of the low hanging fruit is on brand new devices. And so that was my strategy on a ColdCard. And additionally, the ColdCard also, what really caught my eye too is it also used a security chip that I had some familiarity with. And I had sort of previously been thinking about how I could use this chip.
Lazy Ninja (00:13:10):
So it’s, they call it, you know, it’s a secure element that always people refer to it as it’s a, it was at the time a [inaudible] ECC 508. And that chip was really what caught my eye because when I was thinking about how could I design a wallet to use this device prior to knowing about the ColdCard or seeing it, there was a few problems I couldn’t solve or I thought it would be difficult. And so as soon as ColdCard came out, I’m like, well, I better take a look at how the ColdCard guys solve these problems.
New Speaker (00:13:47):
So I first started out, you know, I’m, I’m really cheap. You know, I’ve got to say it, got to save those Bitcoin, got to huddle those. So I started out by just looking at ColdCards websites. I spent a couple of hours just reading through their documentation and, and seeing how it works and a few things kept catching my eye there and their documentation [inaudible] and then I’m like, well, better, better dive into the code and take a look. And what’s really interesting is I pulled up the code and it probably only took about 30 minutes to identify the vulnerability that I ended up being able to exploit on that device.
Lazy Ninja (00:14:31):
Really. So you are able to find the vulnerability just from the documentation. Yeah. Well the documentation. Yes. So the, the written documentation on their website sort of gave me some hints of what that may get. It gave me some suspicions and so once I had those suspicions, then I had some idea of where I should be looking in the code. And so yeah, once, once it got to be looking at the code, it was really just sort of verifying, well there were a couple of different things in the code than was explicit in the documentation. But
Lazy Ninja (00:15:07):
My, my suspicions were correct in the areas of the code that I thought might be vulnerable. And so I was just immediately able to open, open the project and, and find what I was looking for.
Vlad Costea (00:15:21):
So what do you think about the ColdCard? It gets a lot of praise on social media. A lot of people talk about the PSVT partially signed chain Bitcoin transactions, which allow you to never connect the device to an internet connected computer, which is huge because you’re just sync with an SD card. And that’s able to do many operations on device, which makes it
Lazy Ninja (00:15:48):
Vlad Costea (00:15:48):
But at the same time I saw that a lot of people reported small vulnerabilities and bugs in it. And you’re one of them. What is your general impression? Does it live up to the hype?
Lazy Ninja (00:16:03):
So the ColdCard guys did some, did some really good things. So I think they have a, they had a good sort of architecture strategy. So in sort of an how, how they design the chip and some of the features they added in. I was really impressed with. So, you know, using the secure chip is a very important feature. What we can get into later and it protects against the number of attacks that some of the other wall, let’s have circum too. And then they also add a couple of other subtle, you know, a few things they have in there I don’t find as valuable as they’re sold.
Lazy Ninja (00:16:40):
For example, you know, the, the duress pen, you know, it’s, it’s, it’s, it’s interesting, but if somebody, if somebody knows you’re, your ColdCard is actually a hardware wallet, they quite possible they’re familiar with the architecture of it and so they’ll know these, these different types of pens. So I think the guy with the wrench can still tell you, don’t enter your dress pen, enter your real pen.
New Speaker (00:17:08):
Um a few things like that. But I mean it’s not, it’s not a bad feature. It’s a nice feature. And then there was a couple of other good ones too, like a during pen entry they display sort of a unique identifier that’s unique for that device and your pen halfway through, always say your pin entry. [inaudible] That actually, that’s a really good feature. It really helps, you know, a lot of my attack minded thinking has to do with, you know, stealing somebody’s device and not letting them know you stole it.
Lazy Ninja (00:17:43):
So forget, for example, attacks that take is actually related to the hack on the cold. So we can get into that a little bit more detailed. But I’d just give a quick overview. So, so basically I had an attack on the ColdCard that allowed the brute force scene of pin code. But it was really slow, like, so you just had to use the gooey on the device to force it.
New Speaker (00:18:06):
So it takes, you know, five, 10 seconds per guests. So take a really long time. So if it takes, you know, four months to force somebody’s pen, if somebody doesn’t have their wallet, they’re going to get a new wallet, possibly, you know, if they realize it’s stolen, they’re going to move their funds. But one of my lines of thinking on how to make attacks that require theft more effective is you don’t let the person know you stole their wallet.
Lazy Ninja (00:18:39):
So I steal your wallet and I do my slow or long attack. Maybe I shipped the wallet to a lab and they do all sorts of stuff in order to try to extract information. But if you know your wallet’s, it’s gone, you’ll move your funds. So one thing I like to do in, in general in this thinking is you don’t steal the wallet, you actually replace it. So I’ll take your wallet, but I will replace it with a bricked version of your wallet such that you don’t know your wallet was stolen.
New Speaker (00:19:11):
You just think your wallet stopped working. And this can be effective for the ColdCard too. Cause it’s like if you get your ColdCard one day and you plug it in and the screen just displays a bunch of garbage, you’ll think, Oh crap, you know, something happened to it and you’ll just go buy a new one and set up the new one.
Lazy Ninja (00:19:27):
Not realizing that somebody may have actually stolen your good one. Replaced it with a Domeen as busy brute forcing your pen. So I guess that’s one piece of advice for people is if your wallet ever stops working for some reason it’s probably a good idea to move your funds to a new Steve unless you have it stopped working cause you dropped it in the Lake or something yourself.
New Speaker (00:19:54):
And you know what didn’t stop working because that is one of the attack vectors I was thinking about to make these attacks more useful. But one of the other things too, you know, you mentioned the PSBT and the [inaudible], the SD card one of the, that’s another feature that’s a little bit over-hype. I mean it’s useful but it’s, it’s not quite as valid label. Some people think, I mean there is value but not quite as much [inaudible] because air gaps, Mmm [inaudible] you’re still plugging an SD card [inaudible] ColdCard, you know, so here’s the trap.
Lazy Ninja (00:20:39):
So people say, okay, so you can have, you can connect the wallet maybe with Bluetooth and your computer can pass, you know, the transaction information over Bluetooth. Or you can connect your wallet with USB and now your computer can pass the transaction information over USB. Or you can plug an SD card into your computer, copy of the transactions onto it and plug that into your wallet.
New Speaker (00:21:07):
And the only difference is really that the connection between the computer isn’t real time, but somebody can still give you a not a [inaudible] real SD card. So it again, this sort of fall back to a physical attack. But let’s say, you know, I go to your house, do you have a party at your house? And I see your ColdCard. Now this isn’t a known attack, that’s just a concept. And I replace the S an SD card you have in your house or an SD card near your gold card or maybe you have a plugged in or whatever with a malicious one.
Lazy Ninja (00:21:49):
And my SD card looks just like a real SD card, but I’ve actually replaced the firmware on the SD card. So the SD cards actually have little chips in them that run software. It’s not just pure hardware. There’s chips that run software on those. So I can either, sometimes they’re updatable, sometimes they’re not. Or I could make my own and I can replace yours such that when you plug in that SD card into your ColdCard, that SD card might not correctly implement the protocols.
New Speaker (00:22:20):
And maybe I have found some sort of buffer overflow type of error. If I incorrectly implement the SD protocol or maybe the fat file system or in one of those stack layers on your MCU, I might be able to cause a vulnerability just through a malicious SD card, you know, so anything you plug into your wallets, you know, has the potential of exploiting that interface you’re connecting with.
Lazy Ninja (00:22:49):
Now, the one thing that is useful still is the SD interface is much simpler than USB or Bluetooth. So it’s, it’s easier to not have made a mistake implementing that in software. So, and then also, you know, it may be hard to corrupt the firmware or replace an SD card more so than corrupt the computers USD stack to make a volition. So there’s some benefits there.
New Speaker (00:23:22):
But you know, Eric air gap is a little oversold cause it, it’s, it’s a gap, but you’re still making a connection across that gap with the device. And it’s all about evaluating the complexity of that connection, which is SD versus USB. Oh, really? Promote adversarial thinking. I only think about scenarios where you’re able to physically access
Vlad Costea (00:23:46):
And compromise Harbor wallets. So the other big discovery that you have made, and I think it was this week that the article got published on the website of chef crypto. And that was about the big box though too, right? And you’re able to find some kind of vulnerability and
Lazy Ninja (00:24:05):
Yeah, that’s right. So it’s funny as I, I actually found basically, you know, a different method, but I found the exact same attack that I found on the ColdCard. So apparently my adversarial thinking is very focused around just sort of one thing apparently.
New Speaker (00:24:21):
But yeah, so with the, the BitBox, so to again, my, my strategy for choosing it was exactly the same as my strategy for choosing the ColdCard, which is, it’s a new wallet. And so there’s most likely going to be some low hanging fruit on it that I should be able to find something quickly. [inaudible]
Lazy Ninja (00:24:45):
And so what I was able to do with the bib Oxo too and I, maybe I should tell exactly what I did with the ColdCard too. I’ll, I’ll, I’ll talk about the buy box and I’ll say exactly what happened with the gold card, but the gold card, actually, there’s some good, a good write up, you know coin guy that actually a good writeup of it. So people can read that as well too. And, and I also have a write up, but I’m the BitBox there wasn’t a significant writeup on it, so I, I think I’ll go into some detail on that. [inaudible]
Lazy Ninja (00:25:15):
Oh, sorry. For the cold here. Blood. So when I first got the BitBox well let’s, let’s see, how should I start with this? So again, my strategy is the same. So I saw Hill, Hey look, there’s this new wallet just appeared on the market.
New Speaker (00:25:32):
You know, I better go start poking around and see what’s going on with it. So also the BitBox uses a secure element very similar to what the ColdCard did. So now uses an 80 ECC, six Oh eight versus a ColdCard. Originally used a five. They did upgrade to the six also. But so I thought I’d try to find the same type of vulnerability that I found in the ColdCard, which in the ColdCard, what I found is some of the information that was being exchanged between the ColdCard and the secure element wasn’t being authenticated.
Lazy Ninja (00:26:12):
And so what does that mean? It means that the, the MCU was just trusting some of the information it received from the ColdCard and in the case or from the secure element on the old guard. And in the case of the ColdCard, that was a 10 pin attempt counter.
New Speaker (00:26:30):
So the ColdCard rights an update, it says, Hey, a secure element increments, a pin attempt counter. And then it it says, okay, that was a failed attempt. And so what I was able to do on the ColdCard was they didn’t actually confirm the right. So I was able to actually block the right command and it just wouldn’t increment the counter. And there’s a co and the thing is too is you can also read back the counter, but if you don’t read it back in this complex way, that command can be spoofed as well.
Lazy Ninja (00:27:15):
So I could you, can you try to increment the counter and then I can just, you know, return the, when you read it back, I can return the original value of the counter and then they wouldn’t know a penitence it happened because they weren’t able to incremented.
New Speaker (00:27:34):
And so they ultimately were able to fix that by just authenticating that. The right happened in a strong way using some cryptography. And so I was looking for something very similar in the BitBox cause some of the commands to the chip are just plain text command will play an cryptographically verified commands. And so I thought I would be, and it’s really with that chip, it’s really easy to forget and do something like that. So I was looking for the same thing. So when I, when I pulled up the code and I started looking through it it actually all looked really good.
Lazy Ninja (00:28:12):
Like a, they were doing things rights, you know, it was very professionally done. And so I started getting disappointed. I’m like, Oh darn it, I low hanging fruit isn’t there? But I kept focusing around the pin entry and when I actually noticed this a relatively subtle thing, but it sort of stood out to me, which was the logic for the pin entry.
New Speaker (00:28:35):
So when you get your box, you plug it in, it powers up and it says, Hey enter, actually it’s a password on the BitBox it says, Hey enter your password. And so one of the things they do in the code is they say it just like that. They say, okay, Hey enter your password, the user interest or password clicks. Okay. And then the BitBox uses that password and it checks with the secure element to try to verify if that password a was correct and if that password was not correct, get increments, a failed attempt counter. And if the password was correct, it actually decrypts the seed that is stored in the BitBox MCU.
Lazy Ninja (00:29:26):
So actually, and what’s interesting is in just that little bit of logic I just gave you right there, you can actually parse out what the attack is. If you’re thinking about possible side channel attacks in microcontroller [inaudible] what a side channel is. And a microcontroller is just an alternative way outside of the normal function of a device that a person can extract information from the system.
New Speaker (00:30:02):
And it sounds really sort of vague, but it’s, it’s actually quite easy. So one of the important side channels and embedded devices are all devices. Is there power consumption? So how much power is the device consuming at any point? And what you find is every time the device does something, you know, different numbers of transistors within the device turn on. Like literally for every instruction in the code that runs, it can nearly uniquely be identified if you have enough precision on a power measurement in real time. [inaudible].
Lazy Ninja (00:30:43):
So what I was able to do, and this didn’t even require that much precision, but so what I was able to do is, because I knew I could sort of see what the chip was doing by just monitoring the power consumption, I noticed that the pin is tested before they Mark it as failed.
New Speaker (00:31:06):
So when when the pen is successful, it does this a S decryption and it is actually very easy to see the difference in the power consumption for a trace of power trace where it does a S encryption and where it doesn’t do it. And if, when you look at the power consumption, you’ll see, I mean, everything looks absolutely identical without looking at an instruction by instruction level. Just looking at it on a more of a macro scale, you can see exactly what the chip is doing. And so on the BitBox, I’m able to determine that, Hey, the BitBox tested my password right here in the code.
Lazy Ninja (00:31:52):
And then if that was right, it should have done an AEs decryption right here, which looks like this, which draws this amount of power. But I can see that it didn’t do that. And so it draws us different amount of power. And then so the final step is to reset the chip before it increments account.
New Speaker (00:32:10):
So I can see if the chip tested the password as valid or invalid before the counter is incremented. And then you just reset the system. And this allows you to just like the, a hold card test, an unlimited number of pins because the device doesn’t actually track areas where you prevent it from tracking each attempt.
Vlad Costea (00:32:40):
Okay. So given your experience with hardware wallets and your understanding of security, if you are a newbie right now and you’re just starting out, which hardware wallet would you purchase?
Lazy Ninja (00:32:56):
Oh, that’s a good one right off the bat at. So I think it’s best to evaluate hardware wallets on a couple of things. So the wallet being popular is actually a very good indicator to somebody that’s not a security person, that the wallet has a better level of security.
New Speaker (00:33:19):
I’m also a wallet that has been around for a long time. Also is a good indication that the security level is higher. But Oh yeah. And also wallets that have good bug bounty programs that are well advertised and good payouts as well. Meaning they attract a lot of security researchers to investigate because they’re paying a lot of money. So it’s worth everybody’s time to try to find something. So that’s sort of, I would say, a general criteria. So I would highly advise against people buying a hardware wallets that are not, that are new, at least for a while.
Lazy Ninja (00:34:15):
And then also hardware wallets that you haven’t heard of or that not a lot of people have heard of. And those are probably the important criteria. And then once you have it sort of narrowed down to, you know, the top, you know, so you right here in, you know, in your article, lad, you, you listed, and then this podcast series, you know, you, you mentioned, you know, basically the five top wallets that I’m aware of and that I’m interested in. And I think that’s definitely a good place for anyone to start.
New Speaker (00:34:47):
Mmm. personally, I actually use a, a Trezor a model T I had actually just upgraded from my Trezor one to that and now it’s sort of funny, people will be like, well, you know, that doesn’t have the secure element that you like so much and stuff like that.
Lazy Ninja (00:35:10):
And it is actually a security negative to that device to not have a secure element. And there are a number of attacks that are possible because of that. But in my case I’m valuing the screen size and ease of use from that perspective as being more important then the secure element because in general, I don’t actually take my hardware out of my house and I actually only, I have a, I don’t actually store my funds on the hardware wallet most of the time. Usually everything’s in cold storage and the hardware wallet is just sort of storing intermediate levels of funds. So in my case, yeah, the Trezor model T was the best one for me.
Vlad Costea (00:36:00):
I think my next episode is going to be with SLAs of Trezor and slush bull. So I’m going to let him know that I did interview at a hardware wallet hacker and he said, you know, maybe that it doesn’t have a secure element, but if I were to choose just one hardware wallet, it would be the Trezor model T
Lazy Ninja (00:36:24):
That no, that doesn’t give them an excuse not to add the secure element. I think that should be a design path for them. But but yeah, no that was sort of my logic for valuing my choice there.
Vlad Costea (00:36:34):
I think sometimes the argument against the secure element is that not all the code in it is open source, which means that there needs to be some kind of trust that you put into the manufacturer. Right?
Lazy Ninja (00:36:50):
Yeah. And this is, this is another good line of conversation cause people, there’s sort of, there’s different types of secure elements. So the the one used in the box and the ColdCard, like I said, is that ATCC 508 or 608, I’m from microchip.
New Speaker (00:37:11):
And that device is a fixed function device. So meaning the, ultimately there is a processor in there running code, but that code is programmed by the manufacturer and the wallet manufacturer, the chip manufacturer that is, and the wallet manufacturer has no ability to modify that code. They can just sort of put values in and perform sort of general operations
Vlad Costea (00:37:39):[Inaudible]
Lazy Ninja (00:37:39):
However, the ledger has a slightly different approach where, you know, I, I, their secure element is a secure MCU. So it’s actually a cortex M zero processor if anybody knows what that is, that has been hardened against lots of types of physical attacks.
New Speaker (00:38:02):
And so what that means is ledger has the ability to write code to do arbitrary things on that device. Mmm. So there’s sort of this confusion between the different types of devices and then also what it means in all in all situations. So at any time a chip manufacturer can insert back doors into any device.
New Speaker (00:38:29):
So some people they, Oh, well the, you know, the secure element, you know, it could have a backdoor in there. I don’t, don’t know what it’s doing. Well, the chip manufacturer could put a back door in the general purpose MCU you’re using as well. You know that anything can be done in that Silicon because it’s just not something that’s, that’s visible to you.
Lazy Ninja (00:38:52):
So it, it’s, it’s not so, you know, it’s, it’s sort of a not the right argument when you argue it that the chip manufacturer could have put a back door on because they can put a back door on anything if they want you. So the argument is more, you know, in the case of ledger, you know, there’s sort of two trusted parties cause the chip manufacturer has stuff they’re doing in that ship that is more secret and also ledger has code running on that secure element that is based on the rules by the chip manufacturer is required to be non-disclosed their code that they’re putting on there.
New Speaker (00:39:38):
So this creates a vulnerability where ledger could have done something. Now ledger is actually a very good company and to do a ton of research and they’re not doing that, but it’s very easy for them to potentially have missed something because less people are able to review what’s going on inside that secure element. But I, it was that clear plan. I, I guess I wanna make sure I’m making this clear. Is there sort of two different styles and, and yeah, it’s not yeah. Is that clear?
Vlad Costea (00:40:16):
I think that was pretty concise and you’ve made the point why sometimes using secure elements relies on a third party and sometimes it’s the manufacturer of the chip and other times it’s just the company which tries to arbitrarily inject some kind of code that may be benevolent and may strengthen the security, but at the same time you can never be sure because there is no easy way to tech.
Lazy Ninja (00:40:47):
Yup. Yeah. There you go. That’s really it. Yeah, you can’t, you can’t check. But, and then one also, one more point about the, the ledger approach is having a secure MCU also gives you some more flexibility. So here’s sort of another angle on this whole thing. So a secure chips like I said, they ultimately they’re running, you know, the, you know, the secure chips in a BitBox and the cold are ultimately running, you know, shall we say, hard-coded manufacturer code. And, and then on the ledger there’s some hard coded manufacturer code, but then there’s also code by ledger.
New Speaker (00:41:27):
So if there’s some error in the code on the Ledger’s secure element ledger can actually release a software update and fix the issue where if there’s some sort of manufacturer error on like a secure element of Nicole card BitBox there’s no ability for cold Carter BitBox to bandaid. The problem they have, they’re solely reliant on, well, I don’t know. But in a lot of cases they’re solely reliant on the manufacturer to provide the fence. So there there’s, there’s pluses and minuses and it really, if ledger could somehow, you know, open up their code at some point through some mechanism, you know, that that actually can be a superior solution as far as a secure security goes.
Vlad Costea (00:42:30):
Interesting. And as far as I know right now, ledger are the market leaders and they sell the most units because they also seem to have the best records in terms of hurricane, meaning that they didn’t have many and they did not seem to be as severe, even though I think the people from wallet dot hack, I think that’s the name of their website and organization.
New Speaker (00:43:00):
Oh yeah. That one. Yup. They try to emphasize on the fact that they installed a custom firmware on the ledger, nano S and they were able to play a game of snake. And I think that was a way for them to say, if we were able to do this as a modification of the firmware, just think about all the software we could inject to steal people’s coins. Ledger was that they did not interact or hack to secure element, which is where supposedly or most likely the private keys are stored because they did not sweep any funds.
Lazy Ninja (00:43:42):
Yeah, that’s correct. That’s correct. However, the attack from Walt fail can be extended to steal people’s money, you know, relatively easily. So it is a significant attack. And it’s actually, it’s, it’s a tricky one to fix too from the ledger perspective, but let’s talk about that for a second. So being able to arbitrarily install firmware onto the, the general purpose microcontroller in the ledger.
New Speaker (00:44:11):
So not the secure amount, but the general purpose [inaudible] is actually very critical because the general purpose element has access to the display and Oh, and make sure I’m right about this. I believe it has access to display and buttons, but I guess I’m not 100% on button, but for sure it has to the display. And it’s, and it’s very critical because if I can, if I, if you’re, again, if I come to a party at your house, glad I can, I can walk over to your ledger that you have sitting out and I can replace the firmware on it with malicious, firmer.
Lazy Ninja (00:44:48):
And now my malicious firmware won’t run snake. I lit malicious firmware will look exactly like the factory firmware. And what’s going to happen is when you enter your pin onto the ledger, I will just, I will now know your pen, right? So, no. So let me put a couple of caveats in here. I haven’t researched closely into the ledger and I don’t have one, so I may be missing a couple extra types of checks they do there.
New Speaker (00:45:18):
So double check the details of what I’m saying here, but in general, you enter a pin. I don’t have to know the pin, I just recorded it in my software and now I can access the secure element and [inaudible] and I can also display wrong information on the screen. So you say, Hey, I want to transfer money here or here, you know, you enter your pin, I show the address you said on the screen, but I actually go off to the secure element. Well now maybe that’s not quite right. Well anyway, I could, I could, if nothing else I could I could I could steal, steal your pen and then at a later point, you know, gain access to your device and then actually have your pen and probably a few other ones there. I don’t want to get too far down the road. I just haven’t looked at that closely enough. I’ll make sure they’re going to disparage them when they’re actually over prevention for one of these mechanisms.
Vlad Costea (00:46:15):
Okay. I spoke to trace Mayer a couple of weeks ago and he declared himself a big critic and totally not a fan of dedicated Bitcoin devices and it was mostly because he’s very concerned with privacy and he believes that when you order something from Amazon, it’s going to be on a permanent record that can be used against you.
New Speaker (00:46:39):
And when you purchase from, for example, the website of Trezor, you’re going to be registered as a customer. And also when you access the interfaces of these hardware wallets, I think their wallets are in SPV mode. So you connect to somebody else’s full node in order to make your transactions. So you’re trusting the company to be accountable and fair when it comes to software.
New Speaker (00:47:10):
I’m not aware at this point of any hardware wallet, which has native software to allow you to connect your full node as a user. But anyway, wait, I think home only BitBox, so too does that. But moving on, the point of my argument is that trace Mayer said that you should be buying general purpose hardware and use it for storing keys and it’s better to just get an old laptop, sweep it and never connected to the internet and have your private keys stored on it than to buy a Bitcoin device that is going to associate you with Bitcoin and from whoever you buy it, they’re going to know that you’re into this.
Lazy Ninja (00:47:59):
Yeah, I think it, it depends. So I’ll say in general, I don’t agree with that. For most people. There are people, you know, if you’re in a country with a government that is authoritarian or hostile to Bitcoin, the risk of penalty or seizure or harm to you from letting anyone, you know, you potentially have some Bitcoin is probably high enough that using a, a, a, a custom or a, now let’s say word, a software mechanism to store your funds that where you don’t disclose or docks yourself to the government [inaudible] could be valuable.
New Speaker (00:48:53):
But I think for most people, the, the risks of losing your money or having your money stolen from it’s stolen from you Bay by a private party probably outweigh the risks of retaliation by a government. But I think that probably has to be evaluated in each case. It would be my sort of thinking on that.
Vlad Costea (00:49:26):
Yeah. The idea is that if you’re going to use a hardware wallet, it’s possibly better for privacy reasons to just get a general purpose device or if you’re technically minded, you can just download the schematics from the Trezor get hub or I think even called card has released oldest specification so that you can build your own from parts.
Lazy Ninja (00:49:55):
Yeah. Yep. For sure. For sure. When you have the skill set to do that, yes, you absolutely can can get a a hardware wallet implemented yourself for sure. And I think, you know, Justin, Dustin moon, right? He has a, is a university that teaches you how to design your own hardware wallet and, and yeah, I think for certain people that that can be a valuable way to do it. But most people like I said, I think, I think the risk of loss through theft and mistakes probably outweigh loss from doxing yourself to your government.
Vlad Costea (00:50:35):
It’s not just about the government. Sometimes it’s about third parties that may be interested in your transaction data and knowing how much Bitcoin you own and some very smart criminals who will, I think also trace Mayer told me in that interview that if a hacker is able to extract all the information from the customer database of Trezor or ledger, they will also be able to see addresses that they generated and transactions that they made unless they manage to connect the device to full node. And that helps them identify holders who have most Bitcoins. And from there they just hunt specifically the individual.
Lazy Ninja (00:51:22):
Yeah. So, so for that angle, I definitely, so my statement I guess is focused on building your own hardware, but I, I definitely agree that running your own node and connecting your device to your own node is important for a numerous other reasons. So, yeah, I 100% agree that running, you know, not connecting to Trezor or lenders backend server is, you know, was very important. And I guess for new new people it’s sort of hard to get that set up right away. So I, I can definitely understand people have problems there, but I think that’s different though than the the problem of buying hardware versus building your own hardware or just using a computer and software to do it.
Vlad Costea (00:52:13):
What do you think about software like armory or Electrum or wasabi, which is very good as an open source then I guess it received a lot of your review and it’s for free. You can just download it on a computer, you can run it on a computer that’s not connected to the internet and some people may regard even Bitcoin core as a good replacement that is much more secure, done other configurations possibly not as secure as a hardware wallet, but it’s still some kind of security. Right?
Lazy Ninja (00:52:56):
Yeah, for sure. I actually, well, so it’s, it’s sort of tricky. You [inaudible] in general, things on your PC are going to be less secure than things on your phone. [inaudible] So having a wall and you know, I’m not a complete expert in this area, but having a wallet on your phone I say is probably generally safer then your PC in most cases.
New Speaker (00:53:32):
However, I, you know, I definitely, so I originally had, you know, first gotten Bitcoin. I did have an armory wallet. But you know, since then I’ve, I’ve been using all Electrum and, and wasabi and I generally, I don’t just store, like when I’m using wasabi on my PC, I don’t just store money there. It’s just sort of for transactional use to mix coins and then move them somewhere else, whether that be cold storage or warm storage and in a hardware wallet.
New Speaker (00:54:09):
But yeah, I think yeah, I, I think in general I would prefer, you know, something like samurai on your phone for larger amounts of money than I would, I would store on my PC, my general purpose PC. Now if you have a PC that’s are not connected, the internet is just your Bitcoin PC that probably could be better perhaps than a phone if it’s something we’re very careful with. But probably for most normal users, the phone is probably the most secure environment. If you can get a trusted wallet,
Vlad Costea (00:54:44):
I guess it depends on the phone because I think Androids have a lot of malware diet you can get just by downloading some kind of obscure application or even by installing third party software while connecting your phone to the computer with a USB cable or whereas I think Apple has better security in this regards.
New Speaker (00:55:07):
They might limit some teachers like I don’t think there is any wallet wait, there is one just green address or Blockstream green. It’s the only one which has door on iOS. They figured out some way to do it, but an iOS is very hard to implement something like Tor. It’s very hard to do lots of stuff that on Android is just open and easy.
Lazy Ninja (00:55:34):
Yeah. And I don’t want to get too far out of my expertise, but I think a lot of the issues on Android are when you install applications that are not in the Google play store or you know when you, when you go outside of that ecosystem and it’s a little bit easier to do that than on an Apple device.
New Speaker (00:55:55):
I think that’s where you get in trouble. I think as long as you stay within sort of the Google play store ecosystem, I think most of the, the things those lap locations can do to your phone don’t ultimately allow them to, to, to steal your to steal your funds. Cause it’s generally those wall, even if they get access to storage as long as you’ve a decent passphrase for your wall encryption, that should be encrypted. So the only time when they would really have access is there somehow it’s mobility for them to attack your wallet. Well it’s running and get into that sort of execution sandbox. But yeah, I don’t want to get too far out of what I know. I’m probably just, people find, make fun of me cause I don’t know what I’m talking about here on the phone side,
Vlad Costea (00:56:50):
One of the questions that I’ve asked every guest that I’ve had and the season was about why should anyone use a hardware wallet? Why not just resort to a paper wallet or a brain wallet or try some other way of storing your keys.
New Speaker (00:57:08):
And believe me, I’ve heard about people just holding their seed phrase and a never note document on their email, on their notes application and that’s just insane. You should not do that. Or even sometimes they take a picture and keep it in their phone or some kind of screenshot one day create the wallet on the mobile wallet. They just take a screenshot of the words and say, Oh this is great. I can just copy this image and that’s it. I don’t have to grab a piece of paper and write down. And this isn’t just about the security of your Bitcoins. This is about data security in general.
New Speaker (00:57:50):
Because when I look at my nephews, for example, they’re about 10 years old and they have no understanding of security and they tend to just keep hold their data on their tablets and laptops and things. That is just their data and they even upload to the cloud. They synchronize their devices without thinking about privacy and consequences and that can be easily abused and we have no idea what’s going to happen with this data or at any points of our lives or after our lives.
Lazy Ninja (00:58:28):
Yeah, I think it’s, it’s a really hard lesson to just tell somebody cause people don’t realize how vulnerable and they are with different pieces of data that they share, whether it’s Bitcoin keys or things you upload online and it really tight takes sort of being burned on the stove as people say before you learn, you shouldn’t touch the stove. So it’s, it’s, it’s, yeah, it’s hard to just say you shouldn’t do this enough to somebody until it’s happened.
Vlad Costea (00:59:00):
Lazy Ninja (00:59:02):
As far as why should somebody use a hardware wallet for Bitcoin? It’s actually for me, I would say it’s sort of a split use case. So, you know, I, you know, hold in cold storage. So every, everything I hold is cold storage stamped on a piece of metal and protected that way. So completely non-electronic. But and then I have all my UTX owes divided up, you know, so it’s not all sitting in one UTX.
New Speaker (00:59:34):
So, and then occasionally if I need to pull money from there for some reason or another, I will sort of use a hardware wallet at that point to interact with those funds. On a temporary basis. I just interact with them transactionally just to get them from that address and then perhaps put them into, you know, a phone wallet or another hardware wallet. That’s my quote unquote warm wallet address set. [inaudible]
Lazy Ninja (01:00:07):
But if you plan on using your Bitcoin it can’t be in cold storage, can’t be on a piece of paper. You ultimately at some point have to use it well, depending on how long, what your timescales are at some point, some point everybody has to use it. But so the purpose of the hardware wallet is for in cases where you’re going to use your Bitcoin to do something cause putting, putting that money on your phone or on your PC once it gets above a certain threshold becomes not safe.
New Speaker (01:00:42):
So for me, hardware wallets are for intermediate amounts of money, so not your bulk savings but not your cash, but sort of intermediate mounts. So if you are doing, you know, if you’re trading on an exchange perhaps and you need to move money in and out of that exchange relatively frequently that’s a good chunk of change.
Lazy Ninja (01:01:06):
But not everything. You know, it’s probably really good to have that on a hardware wallet. But I definitely recommend you know, cold storage however you do gotta be, you gotta be careful with cold storage too, that that you do that properly and don’t lose it.
New Speaker (01:01:23):
Um by similarly to a hardware wallet, I guess, or any backup. I actually, when I converted to cold storage, I had a really hard time doing that factory reset on a, on my Trezor to erase it. I was just never sure. And then I had to try to reenter the seed again just to double check. I didn’t mess anything up when I was transferring it to the the cold storage. But yeah,
Vlad Costea (01:01:52):
Actually that’s something which is oftentimes overlooked as you don’t really think about getting a backup and trying your seed phrase to see if you wrote it down correctly.
Lazy Ninja (01:02:07):
Yeah. And the other thing that’s really important too, sorry if I interrupt your train of thought there is don’t just try it on like, so this is actually a dangerous thing but a safe thing. So like when I checked my backup I don’t just check it on my Trezor, I also check it on another device and just to make sure that it’s generating the same, a key chain between the devices.
New Speaker (01:02:37):
Um so it’s, you can get in situations where if you just always Chuck on, on one device then you end up with some derivation pass. It’s not standard or some, you know, some sort of issue like that. And all of a sudden you’re, you potentially could find your money again, but your money can become lost for a little while and it’s really scary.
Vlad Costea (01:03:01):
Oh, it is carry all the time. I actually, I don’t think even after a year or so you could, I don’t think you can make Bitcoin transactions without being a bit paranoid. I will checking and feeling how your heart beats faster and you’re not sir, if your setup is secure, if somebody can see what you’re doing and you’re basically in your head, you’re reviewing the whole process and I think that’s a part of giving up hard money. I imagine that our ancestors, when they were trading amounts of gold, they were in the middle of a similar process. Yeah.
Lazy Ninja (01:03:44):
You brought up some I when I’m, when I’m doing sort of cash operations like or like small, you know, I’m sending $50 here or $100 here, you know, off my, off my phone to buy something or whatever. I don’t think about it for a second. Not nervous at all. Totally. Totally fine. Not, that doesn’t cause me any worries, but yeah, when I move my cold storage funds, if I want to take a chunk out of there and remix it or do something with that, I am absolutely terrified. Terrified. It’s like the most stressful moments of my life.
Lazy Ninja (01:04:23):
Sort of. When you have a deeper look at some of these things, you realize how much can go wrong. Like there, there can be all sorts of, you know when, when your hardware wallet signs your transaction or generates the outputs. There can be several things.
New Speaker (01:04:39):
Ron, just for some, you know, maybe there is some you know, some, some sort of just glitch on your device for some random reason can potentially corrupt an output or something like that. Then you can send your coins into nowhere, you know, I mean, you can review code and see for double checking and things like that, but that’s probably the reason why I have all my money divided up into a number of UTX. Oh, so something weird like that happened. It’s not just all gone, you know, it’s just the tone.
Vlad Costea (01:05:12):
Yeah. That’s very good advice. What about multisig? Because we had this conversation before
Vlad Costea (01:05:18):
We started recording and you said that it’s kind of overrated and its importance is overstated in regards to the risk.
Lazy Ninja (01:05:27):
That’s a symbol. Yeah. I think, I think multisig for most users ads more complexity, then it, then it mitigates risk of other failures. So if you look at how do people lose coins, how do people lose money? So you know, let’s say, so an argument for multisig and a hardware wallet would be [inaudible]. And this, this is actually potentially a good one, right?
New Speaker (01:06:01):
Let’s say the Trezor so they use a microcontroller from SD and STM 32, let’s say it’s discovered that S T is incorrectly did an incorrect implementation of the random number generator on the device such that based on factory information, the way it’s being seated people can determine those random numbers. So maybe that’s a little too much engineering Babel, but what that would mean would be that it could be potentially, there could be a potential for some internal, maybe S T employee with knowledge of some configurations on the random number generator.
Lazy Ninja (01:06:48):
And the way it’s seated that they could just determine deterministically random numbers that have been generated by all their devices, which would result in a remote person being able to just steal your Bitcoin right off the blockchain without ever having talked to your car without installing malware on your computer, without touching your device or anything. They can just steal your money. Because at random number generator is generating private keys.
New Speaker (01:07:19):
No, there’s mitigations in there, right? So devices have other internal information they combined with the random number generator and there’s a whole bunch of other things happening that make that not super likely, but you know, it’s sort of an angle. So to mitigate some catastrophic implementation thing at the hardware level like that, you can use two devices. So let’s say the BitBox, so the BitBox uses a chip from a different manufacturer and it would be highly unlikely that both those would have the same issue.
Lazy Ninja (01:07:54):
So if you use them in a multisig, you get rid of that issue where something like that, it could be wrong. So, okay. So we’ve got rid of some rare potential issue, but now we’ve introduced something that is, it’s not new, but it’s, it’s, it’s sort of uncommon, which is multisig. So multisig is sort of a, a more infrequent use case. And so what does that mean?
New Speaker (01:08:29):
Based on what I’ve said before? Well, it’s, it’s just not tested as well. And additionally, depending on the multisig you do now, you have to keep track of more keys. So ultimately you don’t just want these in hardware wallets, you want backups and people talk about, well, we keep one key here and one key there. Having each of those locations [inaudible] you know, you how have to protect each of those locations. Now there can be different multisig like two of two or two of three. You can do things there, but it starts getting really complex. And the fact also that it’s new is the, the, the, the format of the script that’s generating the multisig is also hasn’t really been standardized. So if you don’t keep track of how that was generated, you could be unable to claim your coins. Just because you can’t say I identify how to claim them anymore. So there’s,
Vlad Costea (01:09:33):
Lazy Ninja (01:09:34):
There’s a lot, there’s lots of complexities introduced my multisig and for the problem, at least at this time for the problem at fixes, I don’t, I don’t think they’re, they’re justified in most cases.
Vlad Costea (01:09:46):
Right. So let’s think about some of the new hardware wallet devices. Is there any particular one that caught your attention and made you think that it might get huge in the future? Or are you still conservative and think it’s still a good idea to just go for the most tested one? The one which follows this so-called Lindy effect?
Lazy Ninja (01:10:11):
Yeah, I think I think the Lindy effect as you referenced there is probably the right way to go. I think right now we’re also in this stage of [inaudible] experimentation, right? So there’s, there’s lots of things changing and different designs being tried and, and it’s hard to say if a new vendor will come on the market with some better tradeoffs between usability and form factor and stuff that will really, really sort of capture everything.
New Speaker (01:10:44):
But it’s also if a, an older player sees a new guy comes on the, on the field with a [inaudible], a newer form factor that sort of is capturing the market, they can always just copy that and then rely on their previously generated a network effect to then capitalize on that investment by the new player. So I think, I think the, I think the older guys in the, in the field, they’re probably going to end up winning out. But at least at this point in the evolution, I mean, ultimately companies get so big they can’t, they can’t be agile and change. But at this point, I think some of the legacy players in hardware wallets are going to be the ones that are, you’re going to be around in another 10 or 15 years.
Vlad Costea (01:11:32):
So it’s always about the first mover advantage.
Lazy Ninja (01:11:36):
Yeah. Especially I’m being a little bit agile as a first mover, right? Some first movers run out of money or get hit with a hit with something at the wrong time and get stomped out. But if they can make it through a few downturns and still have money to continue to invest in their products, they’re probably, they’re probably gonna be around a long time.
Vlad Costea (01:11:58):
W after I finished writing that article for Bitcoin magazine, I got a lot of requests from other companies that just wanted me to review their hugger wallets and felt like they were left out. I think one of them was coolwallet and one of them, what’s their name? Elipal.
New Speaker (01:12:20):
I’m not sure how you pronounce it, but it’s from China that they produce devices that look like tablets and they say they are just as Eric gap does the ColdCard and they wanted to send me one to review it and I told them, okay, you’re going to send me a device but just take into account the fact that I might not like it and I may just, it might be bad press for you if you send it to me and I just slam it and they said anyway, we think you should have it and you should test it.
New Speaker (01:12:57):
And is it a good idea to give the benefit of the doubt to this manufacturers or should we just assume that they forked some kind of code parts from the Trezor because it’s generally available and it’s probably safe to assume that every hardware wallet is more or less inspired and derives from the Trezor and maybe has taken some twos from other manufacturers and released a new product.
Lazy Ninja (01:13:26):
Well, you know what, I [inaudible] I think we’re, so, I don’t know if this is totally consistent with what I said before. I just feel this way though. I think
Vlad Costea (01:13:47):
You muted yourself, you said, I think, and then you stop still there. They’re bled. Yeah. Your backup.
Lazy Ninja (01:13:59):
Sorry, my phone cut out there. So I think we’re at a point in the evolution of the Bitcoin ecosystem and these products
Lazy Ninja (01:14:11):
That it is, it is worthwhile giving the benefit of the doubt of people because there’s just this rapid innovation where, where people are just changed tweaking this or tweaking that. Like even between the Trezor and the Kiki. I’ll have to concede.
New Speaker (01:14:28):
I didn’t, I haven’t used a Kiki, but they just wanted to make a usability trade off in, you know, display size and things like that. And I think that’s really a legit thing to experiment with. I mean it’s, it’s, there are lots of attacks where the user is attacked because not enough information is displayed or the information isn’t displayed in a way that’s, that’s intelligible or usable. So I think experimentation with displays and form factors and things like that is a good thing even if it is just the Trezor clone.
New Speaker (01:15:06):
But I still fall back on when I said before though, I even though those devices, those devices or strategies, maybe the right strategy, I still think the legacy guys end up just copying those strategies and if they’re determined to be successful and then and then move forward with that. But I think it’s interesting to evaluate all the different strategies people are people are using. Just expose, put that out there for, for everybody to know.
Vlad Costea (01:15:33):
Yeah. Maybe it’s a good idea to give the benefit of the doubt and possibly I will invite some of them to talk and present their features. And one of the most popular questions that I ask whenever I have hardware wallet representatives is, can you say something nice about your competition? Something that you don’t like about them?
New Speaker (01:15:57):
So far it was mostly positive and they had struggles finding something negative and praise their competition and said, Oh, they are doing such a great job, but you know, we have this one extra feature which makes us where fee of your consideration. Because at the end of the day, it’s just a matter of choosing which features you want to have out of the box. And if you want to just use the Electrum and connect your full node, you can just buy the cheapest device. Right?
Lazy Ninja (01:16:33):
Vlad Costea (01:16:36):
Does it make much of a difference if you buy, keep key for $30 and connected to the Electrum and your full node and never go for the intended manufactor path? [inaudible] Mmm.
Lazy Ninja (01:16:57):
Well, yeah. No, I think that’s, that’s the right, you know, in my, in my opinion, that would be the right way to use a Kiki. But also, well here, let me split this. So I do think one of the main use cases of a hardware wallet is potentially for trading on exchanges.
New Speaker (01:17:18):
So, you know, using, you know, shapeshift with your keepkey actually, you know, you’re already giving them your information by trading on their platform. So [inaudible] maybe it’s less important to just keep your keep key tied to your Electrum personal server or Electrum and your own node. But yeah, I don’t, I, I guess I guess I, I don’t know. I don’t want to go on that.
Vlad Costea (01:17:54):
I was about to ask you to tell the difference between cold storage and hardware wallet because there seems to be a lot of confusion. And you mentioned just before this, there one of the use cases of a hardware role, it is to connect to exchanges and trade.
Lazy Ninja (01:18:10):
Yeah. So I think for me, no, maybe this differs for other people is I, I think, you know, anytime you have a large amount of money that is truly your savings, that should be in cold storage and cold storage means not an electronic device. It, paper is fine. You can write things on a piece of paper put it in a safety deposit box. I, I went in, I stamped my seed phrases into a, a piece of titanium and one of the things I looked at there too was sort of a usability type of thing.
New Speaker (01:18:49):
Like I, I got a [inaudible] hi Kate. So I used a crypto tag and so one of the things I liked about them was it was just very clear, like I didn’t as far as like, if somebody my heirs in the future see this thing, there’s lots of information on there to sort of tell you what’s going on and it’s, you don’t have, there’s no chance for ambiguity and some of the information on there.
Lazy Ninja (01:19:20):
So that was one of the things I liked about that. And then so now it’s a preserved for generations such that, you know, it can survive all sorts of of issues. And so that’s where the bulk of my savings goes. And then intermediate mounts of money are what I use hardware wallets for. So I’ll pull the cold storage, I would have it’s storage and enter that seed into a hardware wallet and then use that to transact a whatever amount of money I want to move and then put the cold storage back and cold storage and then erase the key from my, my hardware wallet and that, that’s sort of my use case, how I do stuff.
Vlad Costea (01:20:10):
Yeah, that’s an interesting setup that you have there. But how would you advise somebody to begin securing their own Bitcoins and embracing financial sovereignty? And by the way, should they go for a Bitcoin only hardware wallet? Like is the case with the Trezor, the box and the ColdCard.
Lazy Ninja (01:20:31):
So I like to support the Bitcoin only hardware wallets just because by being Bitcoin only, well, there’s some hybrids here, right? So a true Bitcoin only hardware wallet, like the ColdCard mean they don’t have to invest extra resources in supporting other stuff. And so it allows them to focus and spend more money and do it better. Just supporting one coin that they support.
New Speaker (01:21:10):
However, there are some Bitcoin Omani version, you know, like the BitBox has a Bitcoin only version of software and then another version that supports other coins. There’s less value in that. Personally, when I buy, when I buy this stuff, I always just buy Bitcoin only just to try to send signals to the manufacturers that what I’m interested in. But there’s a little value in that is in that the code complexity is potentially reduced. But there’s sort of, there’s a lot of trade offs there, right?
New Speaker (01:21:44):
Cause now you have two versions of code and if you don’t maintain those two versions of code correctly having two versions can ultimately sort of introduce errors. But so it’s a little tricky. So I do, I do buy Bitcoin only, but yeah, it’s, it’s best when it’s, there’s not an option. It is just Bitcoin. Bitcoin only and you know where they’re spending their money.
Speaker 9 (01:22:09):
Lazy Ninja (01:22:11):
Oh, so what should, okay, so a new person, what should they do? So what I tell my friends to do is actually I don’t tell them to buy hardware walls, but that’s probably not good for the hardware wallet manufacturers. I just tell them, I will let you use my hardware wallet cause I, I just use it ephemerally anyway, I just, you know, I just, I wipe it and then put other stuff on it. I’m like, create a seed, buy some Bitcoin, write in a piece of paper and then, and then wipe it out and then I’ll just go and just give it back to me.
New Speaker (01:22:43):
So that’s normally what I tell people to do. However, I did have friends that were really into trading and stuff, a little shit. Shit’s coin casino I’m going on. So they have hardware wallets and they’ve moved their money in and out of the exchange using that, I’ve sort of showed them what to do there.
Vlad Costea (01:23:03):
What do you think about the fact you can use a YubiKey, which is more of a general purpose device for storing data to also start your private keys? Is that a good idea to get one of these general purpose items that can also be used for email passwords and banking information and put it put in your private keys altogether? Or possibly just separate and have that only bit of information on the device?
Lazy Ninja (01:23:37):
Mmm, I’d have to look at exactly what the set up was, but in general I would say no. I think it’s protecting Bitcoin seeds and is really hard. And I think you need a company that is just focused on doing that, at least at this point. So I’d ha I had YubiKey I’d have to, I’d have to see exactly how they’re protecting things and what their interface is like.
New Speaker (01:24:09):
But like as in general, I think you just need an incredible amount of focus in order to secure Bitcoin correctly. And you know, like, you know, you’ve seen even all these companies that have security professionals, their only job is to protect Bitcoin. All of these devices still ultimately have vulnerabilities. And that’s not to disparage these companies at all. It’s just to demonstrate how hard it is to protect information. Especially when physical attacks are also part of the threat map.
Vlad Costea (01:24:49):
No, it’s always sensitive whenever it comes to data security. And I guess we can both agree that at some point Bitcoin will be huge. Maybe in our lifetime, hopefully it’s very hard money, possibly the hardest that we have. But at the same time, it’s just as hard to secure and we need to develop some kind of technologies and popular means to allow individual sovereignty or else we will have a situation where like in Germany, people can deposit their Bitcoins in traditional banks and that’s considered to be a safe way where you also have this type of guarantee that if they get hacked, they’re going to give you back the Bitcoins that you owned.
Lazy Ninja (01:25:48):
Yeah, it’s a, it’s sort of an interesting, I mean it’s, it was, it’s ultimately very similar to the down the reason for the downfall of gold as
Lazy Ninja (01:26:03):
As, as cash shall we say. Right. Because gold is very good. It’s very hard. You, you can’t fake gold, but it has some problems in that it’s hard to verify just a gold, Boolean payment. So like if I just give you a pile of gold, you don’t know the purity, you don’t know the weight, you have to weigh it, you have to check the purity.
Lazy Ninja (01:26:32):
And that is really cumbersome for a lot of commerce. So what the first step was, you need an authority to give you standard purities and weights. And that’s where governments got into the business of stamping their leaders face on a piece of gold and call it a coin and say,
New Speaker (01:26:51):
Hey, this is a standard weight and purity of gold. Well now the public has an easier way to transact cause they don’t have to worry about Wayne and checking gold, purity. But then once government controlled that part of the money, it just kept centralizing more and more until the governments held gold and like, well, you don’t need to carry around this heavy gold, you know, you called it in the bank and we’ll give you these these paper certificates ment that you can you can write, you can hand around to transfer your gold.
New Speaker (01:27:19):
And, and it escalated from there until the situation we have right now. So yeah, we don’t want [inaudible] Bitcoin to go down that same path. And I think there’s risk. It’s, it, it is easy to use Bitcoin. There’s just, yeah, I don’t know. There, there’s some risk. So yeah, ultimately I do believe that, okay. Using it, you know, is going to be easier than it was to use gold. And so I’m hoping that everything doesn’t centralize or at least a much lower amount of Bitcoin centralizes into places like exchanges and Bitcoin banks. So we don’t end up back in the same situation we’re in now and 200 years.
Vlad Costea (01:28:15):
Right. Right. Now when you get into Bitcoin, your first instinct is to download the Coinbase app or get on the website. I, I don’t think there is a more popular option and that’s how everybody begins and unless you start to understand the purpose, why it was created and what it’s supposed to do, you’ll just look at the hacking record of Coinbase and see that it’s pretty well-performing. I don’t think there is any major attack on it. It didn’t end up like Mt. Gox the people in there are very competent and they take it very seriously. So if you just think about speculation and it’s a speculative investment that you right now and possibly
Vlad Costea (01:29:02):
Sell later and you have no problem with a company knowing all of your transactions, maybe that it makes sense to stand Coinbase. But if you’re trying to hedge against government money and you think that ultimately Fiat will fail and you won your funds to be suffering and you want to be able to move it whenever you want, however you want, then it makes a lot of sense to hold it on a hardware wallet or any other form of cold storage and just hoard it it for 10 plus years and see what happens. Not financial advice by the way, but that’s right. But some of us do and that’s what our expectations are. Yeah.
Lazy Ninja (01:29:49):
Yeah. When I, when I got into that quiet, I did it, I did exit. You literally, and we didn’t talk about this at the time. I don’t think I did. It was like exactly what I did is what you listed I, well first of all, I, I like, I don’t know what the song, this crazy thing called Bitcoin. What is this? And I was immediately drawn to it. So I just sort of anti-government, but just libertarian mindset. I just didn’t want government controlling my money or anything. So I was instantly interested in this and I had sort of technical background. So I read the white paper, recognize this was pretty cool. This was right at the end of 2013. And yeah, the first time, first thing I did and like, well how do I get some of this to play with it? And I’m like, Oh, okay, if I Googled this thing and I found Coinbase.
Lazy Ninja (01:30:33):
So I think, I think Coinbase was like just open, I think just started. But so I got my Coinbase account and I’m like, well this is a really small one. I don’t know if I trust these guys. What’s the biggest, let me see if I can find the biggest X most popular exchange. Oh look, this exchange called Mt. GOC this thing is the biggest, most popular Bitcoin exchange.
New Speaker (01:30:53):
But I wasn’t oblivious. So like I just started recently cause I was really cautious at the time. So I started researching. I’m like, I don’t trust any of these places yet. And there’s all this stuff about people not being able to get their funds out and these delays. But then it looked like everybody ultimately was getting their money and this was just trial by fire. You know, people are like, well, I got to rebroadcast the transactions myself and I had no idea what’s going on.
New Speaker (01:31:17):
I’m like, I have no idea what that means or anything. And so ultimately I’m like, well, whatever. I’m just gonna we’ll, we’ll send, we’ll send my picture to Mount GOX and see what, see what happens. And sure enough. So I got my Coinbase account set up and then I got my Mt GOX account set up. And then a few days later, Mount Gox went bankrupt and then disappeared. So luckily it was before I put any money in. So, so I dodged a bullet on that one.
Vlad Costea (01:31:49):[Inaudible] Yeah. And we should not forget what happened there and what bad security can lead to because as far as I know, Mt. Gox was starting to information about and
Vlad Costea (01:32:00):
SQL databases and files, which is insane. It’s very inconsiderate for people’s privacy and for their all days.
Lazy Ninja (01:32:14):
Yeah. I mean it’s the whole reason. Yeah, it’s, it’s, it’s terrible. Like I sort of, when I did it, I sort of felt that too. I’m like, I just don’t, I don’t want this weird company having access to my bank account and my ID, you know, I just, I was just so hesitant about it. I’d just like, you know, just felt really uncomfortable. But I’m like, Oh, they’re the biggest one though, so we’ll just do it. Turn it turned out.
Vlad Costea (01:32:36):
I wonder what it’s like nowadays to KYC to buy Nance when you first start. I didn’t do it. I never signed up to bananas. I think the only exchange on which I did sign up and KYC is bit STEM possibly. But just think about that. There is this company from China and they want you to give them all the information and I know it’s complicated with by NAS that they’re from China, but they have offices in Malta and they have all sorts of operations in various tax havens around the world and possibly does how they were able to operate.
New Speaker (01:33:18):
And do the kind of stuff that they did, whatever it took them to become one of the top exchanges and list all sorts of shit coins and never be legally liable for all the pumps and dumps that happen. Yeah and I think they reject by default us customers so you cannot get burned
Lazy Ninja (01:33:43):
Know up a us branch. Now I didn’t see if that had went through and was working or not. But
Vlad Costea (01:33:49):
Anyway it seems so nice and friendly when you sign up and you have these interfaces which look a lot like what you see in your banking experience but it’s a lot more frightening and yet you have to be aware that these exchanges, sometimes they get hacked in Durkee, YC databases just like it happened with finance and they extract pictures and user information and the treads and the exchanges and try to extort some bit conservative them and say unless you pay us this amount, we’re going to publish all of this user information on the internet and that’s going to be bad reputation for it and bad press.
New Speaker (01:34:33):
And I have no idea how by Nance and BitMax and got away with it because they, they both had similar attacks with BitMax. It was that one of the employees sent out an email where all of the email addresses of [inaudible] he CC’d. Yeah. It’s insane. And he got away with it and people still use these platforms. They trade
Vlad Costea (01:34:58):
And they’re going to argue, Oh, but they did not lose any funds. Yeah, they didn’t. But they talked to their privacy. Yes.
Lazy Ninja (01:35:06):
Yeah. People don’t, people don’t realize how like careful you have to be. It’s just crazy. Like you remember the the Ashley Madison data leak?
Vlad Costea (01:35:18):
Lazy Ninja (01:35:20):
I mean it was so I, so I may have inadvertently downloaded that database by accident and it, it was like really like, I’m like, I probably shouldn’t be doing this type of thing. I was finding people that I knew in there. Like I’m like, okay, I’m just going to not tell anybody I did this anymore.
New Speaker (01:35:46):
Cause I just worried if you start being too uncomfortable. Like I just can’t even, I can’t even talk about this. But it’s like, it’s just scary what people will, you know, how, how much you’re reliant on companies to protect your privacy? Well, not in that case it’s
Vlad Costea (01:36:05):
It’s sort of required to KYC yourself cause you’re trying to meet other people. But like with the banks and exchanges, it’s just, you know, it’s just ridiculous. The governments and trying to protect us and requiring all those rules ultimately caused us to lose
Lazy Ninja (01:36:20):
All our privacy by forcing companies to protect all this sensitive data. That is, it’s really just impossible to protect. I mean, even so, even the NSA, right? Their their hacking tools got leaked. It’s like, what’s that called? Does that happen? It’s like a supposed to be one most secure places ever or that CA no NSA, NSA hacking tools
Vlad Costea (01:36:45):
And it has become so intricate. I spoke to Bruce Fenton or Bitcoin magazine and told me that she was selling stocks in the 90s and she was able to call up customers and say, would you like to buy 100 hundred IBM stocks?
New Speaker (01:37:01):
And they will say yes and only had to provide was a name and an address and they would send by mail some Florida of invoice and if the payment was made within one week, then the purchase was validated and they go on with the transaction. But they did not have to ask for any kind of social security number, driver’s license ID, whatever.
New Speaker (01:37:25):
They did not have to ask for this. They just ask our name and an address. And with this information, they were able to sell stocks and do financial operations. Yeah. Government governments would never allow anything like that. Nowadays they need to track, they need to protect you. They track everything you do. Oh, I feel so protected every day 11 that’s right. And I would never let government protected me from myself. When you’re fearful,
Vlad Costea (01:37:56):
It just means that you’re being protected.
Lazy Ninja (01:38:00):
Well, it’s funny is like, well maybe this isn’t even true, but these protections can, can start out as benevolent, right? Like somebody that literally says, Hey, we need to monitor this to protect these people. They actually might be thinking, we need to monitor this to protect these people. But ultimately the having that information and the ability to collect that information gives a future government the path to authoritarian rule type of thing. I mean, it’s, you know, even though the intent, you know, in the U S here, you know, it’s, people really fight for our, our gun rights.
New Speaker (01:38:40):
And a lot of the argument is, well, you know, the people against liberal gun rights, you know, you can’t if the government, you know, cause some of the argument is you need the guns to protect yourself from the government. And the counter is well, you know, you can’t, you can’t fight tanks and helicopters with you know, with a regular civilian rifle. [inaudible] But it’s, it’s more the government having the ability to take those things indicates that it has the power to do many other things and by, by protecting our rights such that we prevent the government from taking away some of these rights and abilities, it helps prevent sort of a slippery slope type of things in the future from the government taking more rights and other things in order to protect us.
Vlad Costea (01:39:37):
Yeah, it’s difficult. And when you have Bitcoins in the mix, it’s even more delicate. Any form of digital money, which is individual, you own the keys and whatever transaction you are making is both irreversible and written on a public ledger permanently. And if you think about it, it’s all very risky.
Lazy Ninja (01:40:02):
Vlad Costea (01:40:04):
It’s very delicate for Bitcoin because you can see some features as design bugs or flaws that maybe will never get fixed. And it’s frightening that if used by governments to make us, to push us to declare our public keys and addresses that we’re using is going to be a very effective surveillance system with CI now Asus right now they are already can track transactions. And in recent days I even saw that they were able to see through coin joins in the case of massive amounts that were being mixed and sent to one address. And I think that the mistake that they made at some point was to reuse some addresses and
Vlad Costea (01:40:54):
That’s how they were able to track the funds. But anyway, it’s frightening.
Lazy Ninja (01:40:59):
Yeah, absolutely. I yeah, I think, yeah, the biggest vulnerability, you know, as we discussed sort of earlier, I, I think the technology ultimately will get such that through coin join and mechanisms along those lines. We will end up with transactional privacy to a relatively good level. But one of the things that you, it’s really hard to fix in the short term is ownership. Privacy. So, you know, the government, you know, in the U S the government’s gonna government knows I own Bitcoin. And so at some point in the future a government can come and say, you know, Hey, you know, we’re mid this rule about going, you have to do this, that, or this. And yeah,
Vlad Costea (01:41:53):
Sort of a,
Lazy Ninja (01:41:55):
A scary, scary path, but they’re, you know, it’s, it’s, you’re buying on exchanges. There’s, you know, you’ve, you declared you own it. I, I’m actually trying to switch, so I’ve, I’ve sort of sort of stacked up now that I, I, I have the bulk of the coins I want. So I just sort of do regular buying, stacking sets, as everybody says. And I’m really working hard to switch to bisque. Mmm. So that that’s sort of my goal to at least protect some of my future earnings in Bitcoins. At least the government can’t precisely track how much I own. And I was actually what I known about this for awhile. I was actually really surprised at how easy it was. Like it was just sorta install and, and it just work. Did you know about this bladder?
Vlad Costea (01:42:52):
Yeah, I spoke to one of their representatives and I was blown away when I figured out how smart their application can be. And how would you found a work around and the landler you can’t get away from KYC, open source software that you download, run on your PC and make peer to peer transactions in the real sense. Yup.
Lazy Ninja (01:43:18):
Now one trick with it though, right now is still, I’m, I’m not fully not doxing myself cause I’m still making electronic. The popular method is sort of this electronic bank transfer. And ultimately, you know the counterparties name, they know your name, you know the counterparties name. And then there was a record in your bank account. You know, this money came from this person. So there’s all sorts of various risks from that. And so I’m like, well, how do we do this more anonymous Lee? I’m like, Oh, cash deposit. So you, there’s another way
Lazy Ninja (01:43:52):
You can just go to a bank, the account, your counter parties bank and just deposit cash into their account. You just walk up to the counter and just say, here’s the account number, here’s the cash. But so I’m like, Oh, this is way better. Let me look into this more. And it turns out like almost all major banks are starting to ban anonymous cash deposits.
New Speaker (01:44:13):
So I’m like, Holy cow, they’re really closing up all the loopholes. However, the good news is, at least my, I’m a buyer, typically not seller, but at least my bank does allow a relatively big bank does allow anonymous cast deposits still. So we’ll we’ll see if they all shut them down. But like Wells Fargo and bank of America supposedly, at least I’ve read, they’ve shut down counter anonymous counter deposits for cash. So it’s getting harder and harder. It just has to revert to peer-to-peer meetups at some point. But the having a broker in between a certain nice cause it just sort of alleviates a little bit of risk.
Vlad Costea (01:44:55):
I don’t recall ever sending anonymous cash deposits. I know that you can do it here in Romania but they ask you for a name and I suppose you can go up to Donna Mazu and just give out a fake name. But it depends on your luck because sometimes they ask for an ID. Other times they just look at you and say, okay well let me send this money. Just fill in this form and you’re good to go.
Lazy Ninja (01:45:23):
Yeah. For me it’s just you fill out the, he say there’s a deposit slip, you just fill out the name of the person on the account and the account number and the amount and the cash and you just hand it to them and they’re like, thanks. So still a tiny bit of privacy.
Vlad Costea (01:45:39):
So I feel like we have been talking for over two hours and I’m not sure how many people will get to this point, but now we can say anything. Glad cause nobody’s listening anymore. Yeah, exactly. If your deal, listen up to this point, just send a tweet and say, look at me. I’m special. Or something like that. Tag us. Just in case you haven’t heard the first time when I mentioned it, the dash of Lazy Ninja on Twitter is freedom isn’t safe.
New Speaker (01:46:10):
Just one word. No APIs, trove, no nothing, no dashes. Freedomisntsafe, so you can follow him. He is very active nowadays. I don’t think he’s always been like this, but it’s interesting that he gives away security tips and he hacks hardware wallets and has experiences with disc. That’s a good reason to follow him.
And do you have any last piece of advice or closing words or glisten or school will be tweeting at us? Hopefully if they get to display a nothing we probably haven’t already said buy Bitcoin, keep it on a cold, cold storage or a hardware wallet, then you’ll probably be pretty happy in 20 years. Okay, so thank you very much, mr Lazy Ninja. I hope you get a greater following because you deserve it and I’ll see you around. Thanks a lot.