The operational security measures one has to take these days to secure crypto is insane. You have to build your own mini intelligence agency just to protect your digital crypto assets. You have to do:
- Principle of least privilege.
- Zero Trust.
- Compartmentation.
- Hardened Operating Systems with no malware and strong endpoint defense.
- Firewalls that whitelist only your IP and disavow everything else.
- 2FA/MFA/Biometrics auth for everything.
- Defense in Depth.
- Use crytography tools vetted from the community surrounding it, and use tools which are battle hardened.
Modern computing is very leaky and every node is malicious. You need extreme vigilance to safeguard crypto.
Are people up to the task of doing all this?
I'm asking because I lost crypto before, and now I'm more resilient and have better security posture.
If only some kind of institution that can hold coins safely existed. Some kind of central place with all the security measures. They can also offer you interest if you let them lend the coins to other people. We can call it a bank.
Great idea, but its inconvenient when you need liquidity but the bank doesnt have it. We should let the bank lend out more money than they actually have, and if there's a run the public can just bail them out
I am rather ignorant on the matter but indeed I don't like that some things/people are too big too fail in the system.
On the other hand, isn't that established that banks being allowed to issue more money than what is backed by their assets is universally recognized as "good" as in allowing for previously unseen economic development that benefits everyone (but not equally...) ?
In banking terms, the main assets are the outstanding loans. Fractional reserves (deposits as a percentage of loan balances) are no longer very relevant to modern banking. The limit in the USA was cut to zero in 2020.
Just to add, what's called "capital" in banking is basically the bank's equity. And there are proposals to force banks to carry a lot more equity (even if, my god, that reduces the return on equity earned - with a concomitant reduction in risk, though, thus making the equity no less valuable, theoretically speaking).
See for example The Bankers' New Clothes: What's Wrong with Banking and What to Do about It (2014) by Anat Admati and Martin Hellwig.
The best part about crypto is that it is always your fault.
Set up your own wallet and lose access? YOUR FAULT, DUMMY
Use an exchange and get hacked? YOUR FAULT, DUMMY
Use an exchange and they scam you? YOUR FAULT, DUMMY
Fall for a spearphishing email? YOUR FAULT, DUMMY
A flaw in the implementation that leads to an exploit? YOUR FAULT, DUMMY
Fail to maintain an EAL7-certified computing environment using only FIPS 140-3 level V cryptographic products in an ISO 27001:2022 Annex A.11.1-secured facility and something goes wrong? YOUR FAULT DUMMY-DUM-DUM!
It's never, ever, a flaw with entire concept-- it's always you.
This essentially boils down to not using Bitcoin. If Bitcoin ever wants to achieve its goal of becoming a usable currency, hiding pieces of paper in safes is not the way to go. But you can of course speculate that in a few years someone else is willing to pay more than you did to enjoy the fun of storing a piece of paper in a safe.
Use a hardware-wallet like the Bitbox2 for your big stash.
Use a lightning wallet like phoenix on your phone for smaller amounts which you could loose, like in a physical wallet.
At this stage bitcoin's main use case is storing large amounts of value for long periods of time.
Think of it as an alternative to investing in a house to let out to tenants, but without the inconvenience, risk and cost of buying/selling and owning it.
That sounds potentially problematic in the long run. If Bitcoin is primarily used for long term storage, then you need some [at least] constant flux of people moving money in and out of long term storage, otherwise your stored Bitcoins will depreciate in value. Therefore this is a kind of bet that Bitcoin will remain popular as a long term store or that some other use case emerges and maintains the price.
Another factor is that with decreasing mining reward transaction fees are becoming more and more important for financing the entire system. But by its very nature using Bitcoin as a long term storage will lead to a small number of transaction and the relatively few transactions moving money into or out of long term storage will have to pay for the network resulting in high transaction fees or alternatively the hash rate will have to go down which could itself be problematic for the system.
One would have to run the numbers - how many people are storing how much money for how long - to see how problematic or unproblematic it would be to use Bitcoin primarily for long term storage. My gut feeling however is that without other usages like speculation or actually buying and selling stuff, it would be a rather expensive way to store money long term.
EDIT: Back-of-the-envelope estimate. Bitcoin market capitalization is currently 1000B $, electricity consumption is an estimated 138 TWh/y, 13.8B $/y at 0.10 $/kWh. So if it was all long term storage financed by transaction fees and with a stable price and hash rate, it would cost about 1.5 %/y to store your money in Bitcoin, assuming hardware, infrastructure, labor and so on adds another 10 % to the costs.
> you need some [at least] constant flux of people moving money in and out of long term storage
This isn't necessary to maintain value (think of a rare painting), but it is important to provide liquidity when you come to sell, so that you don't have to wait weeks for someone to buy your bitcoin. Bitcoin has plenty of liquidity - no shortage of buyer and sellers. Coinbase alone trades ~$1 billion of bitcoin per day.
You're correct that the hash-rate is related to block subsidy + fees, but it's only one of the variables. Cost of energy for miners is an equally import factor (continuously decreasing as miners tap into wasted energy around the earth, and without geographical constraints), along with efficiency of the mining HW.
Bitcoin averages around 2700 transactions per block which currently provides miners with total reward of 6.25 + 0.3 (tx fees) BTC = ~$334,050. If we suddenly went to fees-only today, that would be ~$123 per transaction. Considering that this fee is independent of transaction amount, it is actually very cheap for large values of money (e.g. >$1M) considering it covers the cost of moving the bearer asset around the world within ~30 minutes, and also covers the cost of protecting your value against debasement and theft for however long you had it stored for (often years).
I'm not sure how you came up with a % cost per year - the cost of storage is a one-off tx fee at purchase and sale (just like physical gold, but bitcoin transactions are generally cheaper and independent of the transaction size)
Let's say two years pass and I want to sell my crypto. Is Tails still safe? Is it still maintained? Has it been "acquired" by a malicious party.
Crypto unfortunately requires people to be a lot more careful and knowledgeable than traditional fiat currency. And I don't think that will meaningfully improve anytime soon.
You need some software to make a paper wallet. It’s pretty hard to write it yourself from scratch, so you ultimately still have to trust a software distribution. Scammy paper wallet generators could make semi-predictable private keys that the author could recover when they see the public key appear on the blockchain.
and that's an attack vector/point of doubt that you bring in into the equation. You need a trustful source for Tails, the USB drive and the surrounding OS.
One can turn it as one wants: "cryptos" are not safe.
And I am saying this as someone who's holding a handful of values on different crypto currencies. And I know it is insane.
If you're daytrading you essentially need to be pricing that risk. If your strategy earns effectively 8% APY and you have to trust Sketchy Exchange Inc. it's probably not worth your time. If it's earning 600% APY then maybe it's worth keeping some amount with them.
No. Anyone who thinks they are is deluding themselves. There is no such thing as a setup that is 100% secure against human error (and nobody is infallible) or a sufficiently motivated and skilled attacker (and there are supreme amounts of motivation here).
The core problem is the lack of legal recourse. Anonymous, irreversible, distributed transactions for money are a really fucking stupid idea.
That is indeed the crux and the big advantage that traditional fiat currency has. And I believe that this is why crypto as a day-to-day currency won't surpase fiat.
The centralised trust and the government authority and enforcement of fiat is what enables millions of people to pay and transact so easily with strangers.
Still, most people who have a crypto wallet on their desktop computer don't get hacked. I always found this interesting because it puts an upper bound to how many machines out there are compromised (at least by an agency that's motivated only by money).
That's precisely why I never bothered with crypto. I figured even back in the days of early Bitcoin I would at the very least need a dedicated device like a mostly air-gapped laptop running my own wallet software to do transactions. Storing coins on an exchange had always struck me as fundamentally idiotic, even before MtGox occured.
The problem has gotten much, much worse, not better, over the past decade.
You don't really need to trust. For significant amounts of value, a multi-sig setup using a number of different devices means that _all_ the devices could be compromised, but providing they are not compromised by the same attacker your bitcoin is still safe.
When I said "different devices" I meant different types of devices (i.e. all running different SW) - sorry for not being clearer.
For example you might create and sign the transaction with Sparrow on your PC and then pass it to/from BlueWallet on a mobile to co-sign it via QR code.
Yes, and this will finally bring banking to poor peasants in the third world!!111!! /s
Seriously, the idea that crypto (with its concomitant key management problems) is a solution for the challenges facing the poor in badly governed countries is rather absurd.
Canonical should not have displayed a "safe" icon at scam app page. The proper text should be something like "Not verified. Review the code and check the publisher before using the app.".
The same should be at Google Play and Apple Store. Scam apps and sanctioned apps are regularly passing through reviews.
This is scary and even a hardware wallet might not help.
When I create a transaction with Electrum on my computer, I use a hardware wallet to sign the transaction. When I sign the transaction, the hardware wallet shows the amounts, and the output addresses.
But if my copy of Electrum was backdoored and smart about what it did, it could use an output address for the remaining amount that went to another wallet. And since I and most people mainly check the address we are sending to but don’t pay close attention to the change address, we could end up having our funds stolen that way.
I’ve been thinking about moving to a multisig setup instead, that would have multiple computers independently used for checking and signing the transactions.
So far I’ve been putting it off because a single wallet and being diligent about checking the output address that you send to seemed sufficient. But now I think moving to a multisig setup is something me and more people should do sooner rather than later.
No, you're wrong. The issue you're describing can't be exploited on Ledger devices at least. (Source: I’m a contributor to their bitcoin transaction parsing code)
Their hardware wallet checks if the provided change output's address is actually owned by the device owner:
- if it does, then the change output is simply hidden from the user validation flow
- if it doesn’t it will appear as a second bitcoin transfer to approve, which require a second physical approval on the device. this is highly unusual and should trigger the user's suspicion.
I can’t say for other vendors but this is pretty standard security practice I’m sure, hardware wallets are fighting against attacks that are way more elaborate than this one.
Ok. I use Ledger. And I would not have thought of being suspicious of there being two addresses to confirm.
So rather than being “wrong”, maybe I am more similar to most regular user of hardware wallets, and that this kind of attack would indeed be a disaster for a lot of users who have hardware wallets. Myself included.
But.... if you did confirm two addresses, wouldn't the second one be suspicious solely because... if you're confirming it... it means you actually did something besides click a button right? And if it wasnt an address you owned?
I would think one was the target address and the other was the change address.
And then if I went so far as to double check that the other address was a change address, I’d do so by looking in the list of addresses for my wallet in Electrum.
But in our scenario I am using a backdoored Electrum. And therefore it could be showing a mixture of the real addresses that belong to me in that list alongside addresses belonging to a different wallet that was set to show up there by whoever backdoored my copy of Electrum.
Does each address show the amount transferred? If it doesn't, with my current knowledge of how things work, I would maybe assume the second address is used for a commission. Depending on what funds I would be transferring, maybe I would be suspicious and cancel the whole thing to find out why 2 addresses are displayed.
Ok, and what if you use your Ledger seed phrase to connect / recover on Exodus? Hardware wallet or not, if the recovery seed is exposed, are you in trouble?
I'd say the fact that you can not enter a seed phrase into an app on computer or website should be like "level 1" required crypto knowledge. I understand that many are still failing at this daily.
Reading this, it is bonkers to me that people think cryptocurrencies are ready or appropriate for mainstream use, either as a currency or as an investment.
Line could go up, but if you aren’t extremely careful with processes that most people don’t and won’t comprehend—and don’t even realize are something you need to do—you can just straight up lose everything.
Do you not see the difference between a Venmo transaction and Bitcoin transaction?
With Bitcoin, a small mistake or oversight and you money is gone, and unrecoverable. So you can point and laugh at people getting scammed on Venmo, but you need "normies" to adopt BTC.
It's the same with Venmo, I have a few friends that have sent money to random people never to see it again.
There's really very little crypto-specific here, convincing someone to transfer funds to a scammer-controlled account is one of the oldest financial tricks in the book. It's still very common with bank wires.
Yeah, it's definitely not ready. I agree with everything you are saying.
Though, the industry is aware of this and working on it. There is at least one company (Chia Network) where the on-chain language (ChiaLisp) is both capable and secure enough to allow for the sort of management needed to allow for self-custody to happen in a safe, sane manner. GUIs for this sort of thing aren't ready for the general public yet, but are definitely on the way.
Solutions have been on the way for more than five years, but literally nothing has changed and all we've gotten is pyramid schemes and gambling. Chains and protocols have exploded in complexity and technical debt to the point where nobody fully understands the attack vectors. By now I am convinced that anything beyond pyramid schemes is never going to happen.
It's frustrating, I agree. People are obviously going to continue being people with pyramid schemes and the like. At the same time, there are enough who also agree that it's a mess, have closely studied the successes and mistakes of the past, and are building a solid foundation for doing this right. I mean, what we're really talking about here is creating a fundamentally new system for which the financial system operates upon ... it's going to take time ... longer than five years. And the progress that I've seen thus far is encouraging.
> there are enough who also agree that it's a mess, have closely studied the successes and mistakes of the past, and are building a solid foundation for doing this right.
People who "closely study mistakes and successes of the past" are in a very rare supply in the crypto space, and for a good reason: because people who actually closely study mistakes and successes of the past don't want to touch that space even with a 10-yard stick.
No, I don't. But Bitcoin also isn't particularly interesting because it's not (very) programmable and not useful for mainstream use anyway. I don't consider Ethereum itself a pyramid scheme, just useless. The protocols on top of these chains though, nearly all pyramid schemes. The best way to describe Ethereum is that it provides a platform for pyramid schemes.
What's the name of the function in ChiaLisp that returns true if this is an illegitimate transaction initiated by a hacker and false if it's being done by the real owner of the funds?
The same problem as with passwords that has been plagging the security industry for decades.
Passwords, credentials and other high-risk high value intangible data are not associated with high-risk high-value AND our memory is not designed for random junk.
Maybe an anthropologist can study this phenomenon further.
We already have hints of that: our memory has evolved for thousands year to easily memorize places and spatial navigation, in thr past for food, water and danger. Today you go in a foreign place, just one visit and you know where everything is. At the same time, people can usually hold only ~7 concepts/numbers/objects in their head.
In memory competitions people leverage our spatial prowess with a technique called the memory palace, that was already used in ancient Greece and Roman Empire to recall anything, from bard tales to the Iliad and Odysseus.
No, this is usually (apologies if not in your case) a straw man, and representative of the usual HN blind spot for cryptocurrency.
Ledger and Trezor hardware wallets do protect against this class of attack.
We are rapidly approaching a world in which those with significant assets or job responsibilities should be carrying physical 2FA tokens, which can allow use of private keys while protecting them (a hardware wallet).
This is more of the same. The base rule in crypto has always been “not your keys, not your coins” and to keep your recovery seed offline and only enter it with the utmost of caution.
The history of scams is long, requiring periods of societal learning and transition as e.g. credit card, identity fraud, and wire fraud have taken center stage.
Private keys will be something that a certain amount of the population will eventually be required to understand in my estimation, even if simplified as much as can be. The alternative is more middle ground solutions putting ultimate trust in a separate party managing the keys.
There isn’t much use for most first world citizens in maintaining direct control over their digital wealth, so they are best served by staying away or dollar cost averaging a small percentage of their portfolio into an offline wallet. Those who want to experiment with smart contracts can do so with much smaller amounts.
The ability to memorize 12 words and have direct ownership of your wealth anywhere with an Internet connection, independent of any party save those facilitating the network and the one accepting your payment, and the ability to cross a border or transfer to the other side of the globe without seizure, is already tremendously powerful to hundreds of millions of people who lack trustworthy financial services.
> The base rule in crypto has always been “not your keys, not your coins”
This is because blockchains have no way of enforcing laws, including property rights. Therefore it comes down to this. Imagine that whoever got hold of your car keys, automatically became the owner. This is what "not your keys, not your coins" means.
It's a bit more like 'possession is 9/10 of the law'.
The "not your keys, not your coins" is more the fact that someone else holding your stuff happen to them and your stuff goes away. Or they never had it to start with. i.e. Counterparty risk.
`Cash` doesn't inherently have any mechanism for enforcing rights either. The difference is that real-world identities are easier to establish in situations where cash transactions go awry.
“Enforcing laws” with regard to what? Censoring transactions? Freezing accounts?
If people want a system where this as well as excessive inflation are close to impossible, they now have an option, with the clear caveat of that ownership.
It’s not like there aren’t other options to choose - custodial services and multi-signature wallets. Banks are custodial services too, and that’s fine.
> The history of scams is long, requiring periods of societal learning and transition as e.g. credit card, identity fraud, and wire fraud have taken center stage.
And governments have enacted laws to protect people. With cryptocurrencies, they - by definition - cannot. Once you got scammed, your money is all but gone (sans a very VERY few exceptions).
> The ability to memorize 12 words and have direct ownership of your wealth anywhere with an Internet connection, independent of any party save those facilitating the network and the one accepting your payment, and the ability to cross a border or transfer to the other side of the globe without seizure, is already tremendously powerful to hundreds of millions of people who lack trustworthy financial services.
That's a societal problem, it can only be solved by society, not by cryptocurrency peddlers and tech-bros. And in any case: at some point that "wealth" has to enter the real world, and it's there that governments can step in and seize said wealth.
>That's a societal problem, it can only be solved by society, not by cryptocurrency peddlers and tech-bros. And in any case: at some point that "wealth" has to enter the real world, and it's there that governments can step in and seize said wealth.
People escaping oppressive regimes don't have time for their society to solve it, they need to leave to a different, less messed-up society. And this is one of the few ways that they can bring a decent fraction of their assets with them in a form that's not very easily stolen from them.
> And governments have enacted laws to protect people. With cryptocurrencies, they - by definition - cannot. Once you got scammed, your money is all but gone (sans a very VERY few exceptions).
Rollbacks being impossible doesn’t mean the government cannot legislate.
This is a double edged sword - the benefit and the drawback are inextricably linked. Caveat emptor. Do you want absolute control of your funds? If so, you can memorize 12 words and travel the globe. If not, look to custodial partners, ETFs, or multi-signature wallets.
> That's a societal problem, it can only be solved by society, not by cryptocurrency peddlers and tech-bros. And in any case: at some point that "wealth" has to enter the real world, and it's there that governments can step in and seize said wealth.
What? I assume by “this” you mean people who don’t have quality trustworthy financial institutions?
This is Hacker News. We brainstorm technological solutions to real world problems all the time. This particular problem can only be solved be “society” at large, not technology, because you say so?
You want to disparage those trying as “tech-bro peddlers” - do you simply mean any technology inclined entrepreneur who doesn’t present female? This is an absurd emotional invective.
I’d bring up Monero RingCTs and stealth addresses as an intermediate step and the offramp of direct purchases which that community has been building, as well as tools like Bisq, but I doubt the utility of continuing to reply.
In 1980 packet switching had existed for 20 years already. The public Internet wouldn’t emerge for more than a decade after that—and it would take yet another 20 years for the true power of packet-switched networks to be realized, in the form of mobile Internet.
In 2000 neural networks had existed for more than 50 years. More than 20 years later their full potential is finally being realized, and many would say it is still early days.
It’s naive to think that you can predict the future course of a technology simply based on the fact that it has already existed for a certain amount of time.
Those comparisons are incredibly mismatched. In 1980 a computer cost as much as a car, and network connections were incredibly expensive and slow. Bill Gates, child of wealth and privilege, famously had to use a shared computer paid for by his elite school because even the child of an IBM board member wouldn’t have access to a computer! The microprocessor revolution unfolded in the 80s, however, so even your timeline is off by over a decade because people paid money to get online because things like email, telnet, Usenet, and FTP were immediately useful. By 1995, the web was already multiple years into extreme growth – very little of which was directly related to selling as opposed to all of the things you could do with it. Nobody was saying you should buy a modem and sit on it before reselling it at a profit, they were talking about all of the things you could do once you had one!
Similarly, nobody doubted that neural networks were capable of very interesting things - the holdup was the level of processing power needed to run them. As soon as that changes, useful applications abounded.
Those make quite the contrast with bitcoin which has been universally available to a much, much larger population and had truly massive resources available, but almost no meaningful impact because it doesn’t give most people anything new or better. The few businesses which aren’t trying to market it and still accept it almost universally convert BTC into real currency as soon as they receive it, companies like Western Union and Visa haven’t felt the need to lower rates, and to the extent that PayPal is reconsidering screwing everyone so aggressively it’s because of Venmo and Stripe, not Bitcoin.
It's a political experiment centred around replacing the existing financial system.
And the mistake there is that people in the crypto space are ignorant about how that world works. Namely that there is such a large overlap with the government that you're in essence trying to disrupt governments. Which is a losing battle.
IMO, your timelines are way off and the goalposts are totally skewed. In 1980, the Commodore 64 hadn't even been released yet. Even so, 15 years later, in 1995, almost 15% of adults had dialup access to the Internet. The real goalpost here is the advent of the WWW.
TBL released his paper and source code for the WWW on April 30, 1993. On that date, all that existed was an idea and a command line browser. Most people only knew the web in those early years as "that thing you could reach by telnet to info.cern.ch".
So yes, you can determine something about the relative strength of a particular technology by the speed it is adopted in the marketplace. Fifteen years is a long time, and even taking into account the slow Internet speeds between 1993 and 2008, people found enough value in the Web to use it on a daily basis. I don't see the same adoption curve for cryptocurrencies.
People(old and young) give away their entire life savings to scammers every day, everywhere in the world. You don't hear about it on the internet all the time because we either got used to it or they don't want the publicity. You hear about big cryptocurrency scams more often because people invested are more into tech and spend time on the internet. Do you say that cash is not ready or appropriate for mainstream use? What about that cashier that never has that 1c of change back? Clearly a sign of not being appropriate for mainstream.
Those generic arguments can be applied to literally everything we already have. People get scammed via their bank accounts every day too, people literally get scammed by the phone. You have to use your brain when it comes to _anything_ that involves a real world value these days, saying 'crypto bad cause scams' is pointless as there are way more scams involving real world money everywhere.
The difference is that you need cash and bank accounts and phones to run a modern economy. They're useful for many many things, and you can't do without, and we our best to police and minimise scams.
Crypto, on the other hand, is specifically designed to evade regulation (permissionless setting), is useful for very little else, and you can do easily without it.
The story is not much different in Traditional Finance; though in some cases you can recover your money. The US (and to some extent EU) have some protection, but for the rest of the world it's not much different than crypto.
> The US (and to some extent EU) have some protection, but for the rest of the world it's not much different than crypto.
Do you have any citations to your survey of global consumer protection laws? Examples would be especially relevant if you know of cases where a bank granting access to a scammer left the victim with no recourse.
Beyond being an anecdotal point myself, you do read other people's experience online. I don't have concrete statistics; however, I do know that even big institutions get scammed with no recovery (ie: I recall the Bangladeshi central bank being swindled for tens of millions of dollars because of SWIFT and not being able to recover that money. If the Central Bank of a nation doesn't have a recourse for such an amount, I don't think the average person have that much protection either).
This is a great example: most of the fraudulent transactions were blocked by the NY Federal Reserve – $850M – and of the remaining $101M, a significant amount was recovered:
Not perfect, but 90-something percent better than no recourse. More importantly, it’s also not a given that individuals lose everything as opposed to higher operating costs for a bank. The kinds of crimes we see in the cryptocurrency world tend to leave individuals with no recourse other than very expensive private investigations, whereas a major financial institution at least had the resources to go after the money without going bankrupt.
> purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required [...]
Reality: The world's biggest financial institutions hold BTC as an intermediary for clients through trusted third party custodians for speculative purposes (rarely payments).
I'm sure he'd recognise that most of the population was not going to using bitcoin directly - what he has provided is a way for a population to
a) digitally pay peer to peer if they so choose
b) escape the enslavement caused by central banks' unlimited money printing if they so choose, hence the message in the genesis block
Of course bitcoin is rarely used for payments yet. Why would you sell the hardest money in existence, when you can sell junk dollars instead. And why would you price goods in something that's growing so quickly that its price changes dramatically month to month? It makes no sense.
Stage 1: prove ability to store value
once the value has grown to the point that it's stabilised enough to be a unit of account we will naturally move to
Stage 2: medium of exchange
The fact is we never even have to move to stage 2 for bitcoin to still be worth millions of dollars per bitcoin. Even if bitcoin only matches the market cap of gold, it will be worth ~$600,000/BTC and bitcoin has way better store-of-value fundamentals than gold.
The world has evolved, lot of phishing and scam on cryptocurrencies . its very important to know that a source is legit before investing and most importantly safe guarding and upgrading security concerning your crypto like two factors authenticators and all necessary precautions .. although there are lot of good coders and hackers like recovering ATusa com that make it easier to recover stolen cryptocurrencies and of course only few are able to get theirs in full......
Assuming the hardware wallet is safe, and that you indeed check all the recipient addresses and make no mistakes there, I don't see how the software should be able to fool you, though? I would assume that the hardware wallet is built to never leak your private key, at least not when signing a transaction, and the signature that it produces would always be for the exact transaction (recipient, amount, data,...) that you checked (since we assume the hardware wallet to be safe). Can you explain?
So many of these exploits boil down to "hardware wallets not providing enough/the right information".
The screen is tiny, and protocol devs don't usually put a lot of thought into making stuff easily human readable. Ideally a transaction can be fully understood and verified from the hardware wallet but we still have a ways to go.
Since BIP-32, receive and change addresses have been generated from a single seed, never from outside sources. Hardware wallets verify this.
It's much more likely you'll fall victim to malware that waits until you're on an exchange website, and substitutes the attacker's receive address for the exchange's. You think you're depositing funds in your account, but they vanish instead. This is basically the same attack as fake escrow instructions emailed to people buying a home.
While it’s not foolproof, it’s a good reason to compile things yourself from source instead of using the binaries. Unless someone trusted is validating build reproducibility, but that isn’t as common as we’d all like.
Bluewallet Vault makes multi-sig simple. And when co-signing a transaction, it calculates the amount to display on the screen by calculating the difference between inputs & owned outputs, and so for general transactions this means you only need to check the amount and the destination address to be sure the right amount of money is going to the right place.
> But if my copy of Electrum was backdoored and smart about what it did, it could use an output address for the remaining amount that went to another wallet.
Pretty sure this is not the case for Trezor (This was an angle that got addressed a long time ago). Also, Ethereum doesn't have a change address.
> So far I’ve been putting it off because a single wallet and being diligent about checking the output address that you send to seemed sufficient.
If you are too concerned and use Bitcoin, there is an easier/simpler way. Sign the transaction offline and don't broadcast it. Copy the transaction Hex and decode it. You can there read the details of the output addresses, fees, etc.. When you are sure, then you can broadcast the transaction.
What I don't get about the Snap store is why there's no verified link back to a website?
If you have the technical ability to create an app, you probably have the ability to upload something to /.well-known/ or to add a DNS TXT record.
That way the Snap store could say "This app came from this website."
OK, it doesn't help if someone goes to the trouble of registering a homograph address, but it would at least give normal users a chance to check out who the author is.
That seems to be how Flathub works. It shows a verified domain, or prominently says that it is a community released app.
I suppose the problem is that Canonical wants to make the Snap store the default place for users to get GUI programs, so they've been willing to take the risk of letting random community members maintain Snaps of popular software so the store looks more active.
Back in the day, we had long internal conversations about doing verification 'properly' with government-issued IDs, third-party verification agencies and the like. But that never amounted to anything, sadly.
They might consider it further if the store got to a decent scale (like the contemporaries like iOS, Play and Microsoft). But with "only" 6K applications published, and the money canon being pointed in other directions, I can't see it happening any time soon.
This assumes the user would actually pay attention to that. (spoiler: they won't)
> OK, it doesn't help if someone goes to the trouble of registering a homograph address
Doesn't even have to be homograph, it can just be something that has "exodus" in it (coming back to users not paying attention, this would work, and is also the reason phishing and other fake sites work), if "exodus-wallet.com" was verified then many people would still fall for it.
The entire thing would've been avoided if users paid attention and going to the official website instead of blindly trusting the Snap Store (and following VERY common advice, such as don't enter your secret phrase or password anywhere)
It would never work because of adoption and whatnot, but using a crypto system like ENS and requiring users to go through a special browser might make that a bit more in-universe. Or maybe a toggle in the browser to turn on ENS and disable DNS.
The point being - you should know when you want to access certain services so you switch on this mode, not allowing normal DNS name jacking or the like.
I imagine a launcher which hashes the binary before you run it and compares the hash to some kind of registry. Then it can tell you that 5 people you explicitly trust have encountered this hash, and 768 people that they trust have, and 5789 people that they trust...
If you're the first person to encounter the hash, or if the number of hops is very high before you encounter something besides 0 (eventually heading into sybil-territory) then you have cause for extra scrutiny.
Bonus points if the people who developed the app are participating, but still useful if they're not.
This is not necessarily right. The exchangerate-api.com site is hosted behind Cloudflare, so I don't know where it's actually hosted, but the IP addresses shown in bandwhich could be unrelated.
It is common for malicious sites to redirect to legitimate sites to help evade detection, so it is possible that exchangerate-api.com is an unrelated and legitimate site.
I'm the developer of the ExchangeRate-API.com service.
Obviously it's upsetting to have our API used by a scammer, but our service couldn't have been involved in this hack beyond fetching a JSON-formatted response of up-to-date exchange rates because that's the only functionality our service/domain provides.
My guess is that the scammer implemented a call to our API to fetch up-to-date exchange rates in order to make their fake wallet seem more plausible & real. Interestingly my API doesn't even support any exchange rates involving cryptocurrencies and so the scammer would have had to additionally integrate with a different API to get something like the up-to-date exchange rate between BTC and USD.
The API is a very simple service - it's just a few endpoints that supply JSON formatted exchange rates over HTTPS. Anyone with an email address can sign up to use the service for free and there are even some totally "open access" endpoints that don't require any authentication. One of these has been used in the GNU `units` converter software for a while.
With regard to proving it's a legitimate service, this is the point where I wish I had made more progress with the landing page update that emphasizes social proof I've been working on recently! The API is used by ICs/teams at hundreds of recognizable companies. There are tens of thousands of free users including some that have used the API consistently for free for over a decade. I guess you could check many instances of the service being archived on the wayback machine? https://web.archive.org/web/20240000000000*/https://www.exch... I'll definitely admit the domain does look a bit odd but back in 2010 when registering it the "Exact Match Domain" bonus was a big factor for SEO. The site has been a top 3 Google result for "exchange rate api" pretty consistently - presumably also how the scammer ended up using the service.
I've used Cloudflare since approx. 2019 and their "cloudflared" tunnel infrastructure since approx. 2021 to secure servers against DDoS.
I'll contact popey to see if we can get more details on the exact path/request they saw being made to our domain and if that leads to any further information or logging from our side.
I think what parent is saying is the DNS request could have gone to your domain but the TLS handshake and HTTP POST could have contained another domain, because your site and the bad actors server could both be behind the Cloudflare CDN, which would handle both transparently.
No, I mean the initial HTTP request can go to some other site, which can then issue a redirect to anywhere it pleases (i.e. to exchangerate-api.com).
If you're running a malicious service and you want to throw people off the scent, one common strategy is to redirect to random legitimate services so that anyone investigating thinks you're part of the other service.
Sure, there was a bit of guesswork on my part. I could analyse the traffic in more detail, but when I wrote this all up, it was Sunday evening, and I wanted to do the minimum analysis to get a response to the unlucky rube.
I still have the snap, and could test further, but I suspect the endpoint linode boxes will disappear and popup somewhere else sometime.
I further thought about your feedback and the comments from the owner of exchangerate-API and have removed that section from the blog and mentioned it in a follow-up post.
I appreciate your comments, as they made me think more about that topic.
Another way IPv6 could make things better: no need to point multiple domains at the same IP address, so you could have a one-to-one relationship between domain and address and prevent shady things from hiding behind legit things.
And, sadly, make it easier for repressive regimes like China and Iran to block access to websites that are currently accessible thanks to CDNs' reuse of IP addresses.
I'm still not exactly sure, to be honest, why Snap exists.
The desktop on Linux has gone Flatpak.
If I'm running a server, why the heck would I trust Snap, a platform that until recently didn't even let me control updates, over Docker? If something goes wrong, who do I call? If I need a custom storage arrangement, who do I call? If I need a custom network arrangement, who do I call? If I need to scale up, who do I call? Why would I subject myself to this?
Is it IoT? Maybe it has a market there - but why doesn't it focus on being the best it can be, solely for that market, then?
One more note: Snap even allowing unapproved repackaging of apps was, in my opinion, a very bad idea in the first place. Case in point: Even the Snap homepage is advertising a community repackage of a password manager ("NordPass" - developer not verified). Why the heck should Snap be proud of that?
(Edit: Apparently NordPass's website does point to it - but the developer remains unverified. What's the point of verification...)
For reference, I've checked the Flatpak app and can confirm that the Flatpak for Exodus is the correct Electron app. In Flathub it's as easy as going to the github of the store and looking at the package's instructions. You'll see what it does is basically downloading the ZIP from the offical Exodus website and run it.
> They likely saw a button like this in the "App Centre", which gave them some confidence in the application. [...] Furthermore the title of the Snapcraft web frontend says "Snaps are containerised software packages that are simple to create and install. They auto-update and are safe to run."
Sounds like assurances made by UX and Marketing, which engineering might've been able to tell them they can't make.
If it ends up costing them $490K plus legal fees, that's still a relatively inexpensive way to learn this lesson.
In which being your own bank continues to be undesirable.
(Never understood why ‘be your own bank’ was meant to be at all appealing. Being a bank is terrible. And still realistically less risky than this sort of thing; apart from truly bizarre edge cases (see the Citi/Revlon drama), this sort of thing simply can’t happen.)
Well, they have a lot of money, and if you're morally flexible, as anyone who's played the banker in a family game of Monopoly can tell you, you can just take some.
… Wait, what? I mean, possibly if you’re a large investment bank , those can be quite profitable (until they’re abruptly not; see 2008). Retail banks (which the ‘be your own bank’ people are presumably referring to; if you want to be your own investment bank you can just skip the ‘bank’ bit) are generally not particularly profitable.
Well, that's really unfortunate. I would never just go download a random crypto app, not even from the Apple App Store. But the "Safe" marker is a massive UI risk. It makes me think it was signed and verified in some way.
On a tangent, my neighbor came to me about a month ago and asked if I was a "hacker"?
He's around 75 and has known me for maybe 20 years, we're not close friends but we run into each other every now and then and he knows I work with IT; I'm about half his age.
Long story short, I find out he needs help to retrieve his bitcoin wallet because he's lost $300k. I spend an hour looking around his devices and find out he's been buying bitcoin from a young hip instagram lady in Florida.
Wait for it…
…they shared access to the wallet.
He had a chat log stretching back one year on whatsapp with her, he was now paying her smaller sums to cover the cost for some "hacker" to retrieve his wallet.
North Korea mostly focuses on large game: smart contracts with a lot of Total Value Locked, or other nation states and large companies that would contribute to those states economies
The sad thing is his wife was wondering where all the money has gone, I was the first one he told about this.
He was saving it for his grandchildren and he basically had a meltdown when I told him he's probably been scammed.
I felt really bad and also uncomfortable with the whole situation, I gave him a hug and told him to get in touch with his bank and tell them everything he told me.
Not likely that they'll help him but I just didn't know how to deal with the situation.
That is so sad. My partner’s father recently had a few $k’s scammed from them. She actually caught it before he had given the money but could not convince him over the phone to not go through with it.
Feel like there should be more extensive monitoring mechanisms for the elderly.
‘ I’m writing this in the hope Canonical will fix its processes so reputation-damaging events like this don’t keep happening.’
That is such a poor attitude. Instead maybe hope that canonical may fix the lax vetting and security of their store, but to care directly about their reputation and not the user who was scammed due to their weak practices goes hand in hand with everything else I’ve seen from snap.
Maybe I could have worded that sentence better. Thanks for the feedback. It wasn't intended the way you took it. But I appreciate you mentioning it anyway.
The strangest part to me is that it shows it as "Safe", based on what? It doesn't seem like any checks were done at all to make sure this was a real app from Exodus.
I suspect that the definition of "Safe" in this context is that it has limited ability to mess with your computer. From what I have read, the application didn't violate the security of anyone's computer, it didn't need to!
So we need to be careful with how we interpret "Safe!"
A wallet app like Exodus is not for keeping BTC, it's for transacting with it.
The wallet file is for keeping BTC, and whether you print it on laminated paper or copy it to multiple USB sticks that you distribute in multiple places (you can encrypt a USB stick, but not really a piece of paper, so beware who has access to your storage!), doesn't matter once you want to use your BTC.
Using your BTC requires a computer and a wallet app; there's no way around that besides online platforms.
The real solution for fake wallets is to independently validate signatures of wallet app releases or to build from source yourself. Also wait for a few weeks before jumping onto the latest wallet version. Who knows if the developer's supply chain got compromised.
Edit for completeness:
Last but not least, do offline transactions (send the signed transaction using an online device without access to the wallet).
It has been 10 years since I left Canonical (on good terms), but what popey describes (hi popey) about the intentional lack of human review in the Snap store sounds very Canonical to me.
I agree with all the recommendations - add human gates. Yes, it's expensive, but still far cheaper than the unbounded reputational damage that just occurred around the untrustworthiness of the store (hi Amazon).
The crypto industry has had a serious UI/UX problem, no doubt about that. I also presume this bitcoin holder wasn't a sophisticated one, because the main point of a cold wallet is NOT ever have your seed phrase (12-24 words) go online. That's the real exploit in here.
Crypto has a long way to go and some improvements are being made but it definitely is one of the main pain points.
when they said that these Snap packages were "safe" they probably meant from a "linux is secure" and "properly sandboxed" meaning, not "we've verified that this person isn't trying to scam you".
I founded a company that makes a distributed wallet that is immune to these types of problems. You might be scammed out of your specific keyshare, but the scam would need to compromise all nodes at once which is nearly impossible. It's called Gridlock.
Only if the attacker only transferred funds to one wallet.
I could also see a sophisticated attacker holding off on draining wallets until the amount contained started to drop or increased past a threshold. Draining funds as soon as a user attempts to setup the app gets you a few suckers but also means you'll be reported quickly. Giving everyone a failure message while recording the recovery key might let you go significantly longer before discovery.
No actually, official distribution repositories are preferable if they are properly maintained. Debian for example has provided such centralized repositories that can absolutely be trusted for decades. Otherwise you'd have to update each application manually and/or trust each application's update mechanism (also bad).
Snap is only bad because the people developing snap are incompetent. The idea itself isn't bad.
"One of the goals is to automate the whole Snapcraft publishing and review pipeline so there’s fewer (expensive and slow) humans in the loop." (from op article).
automation should not replace human judgement, it should
replace human drudgery.
If only there were some kind of system or network of long-standing institutions with a deep commitment to paper-trails and accountability that was overseen by some kind of community-managed regulation to control this type of thing.
Glad I'm not the only one who is thoroughly tired of this second coming of the financial system except with bonus insane energy waste and an absolute obliteration of consumer protections at seemingly every tier.
A security product built by people who have zero understanding of actual financial security and how financial crimes actually happen. Truly astonishing.
It turns out that with "electronic cash", the same as with physical cash, you do actually still need the banking system. Wow! Who could have ever guessed?
I feel the same exact way whenever I see a car crash:
"If only there was a mode or system of human transportation backed by long-standing institutions with a deep commitment to dirt trails and rideability that occurred at speeds which were safe for this type of thing."
I don't know what dirt trails and slow speeds have to do with trains and trolleys but I agree with you that we could drastically reduce motor vehicle accidents by re-building our systems of public transportation and walkable neighborhoods.
The world has evolved, lot of phishing and scam on cryptocurrencies . its very important to know that a source is legit before investing and most importantly safe guarding and upgrading security concerning your crypto like two factors authenticators and all necessary precautions .. although there are lot of good coders and hackers like recovering ATusa com that make it easier to recover stolen cryptocurrencies and of course only few are able to get theirs in full......
Even the real version is the app is a software wallet right? If you have almost 500k in BTC and do not have it on a hardware wallet and use their official software for it, I have to say it's at least partially on you if you lose it.
Indeed, the victim, in this case, did mention on the linked 4chan thread that they realised their mistake. While we only see a small part of their world through text communication on forums, I suspect they're kicking themselves in the real world.
Or perhaps not, and they have a ton of other wallets full to the brim with crypto-nonsense.
You sound like you do not understand hardware wallets. The point of the hardware wallet is that you NEVER EVER expose your seed phase you basically hammer it in some metal or buy something that survives fire with your seed phase, and you NEVER EVER type it into any program, nor to you write it down from a computer screen but only directly from the wallet device. If anyone is dumb enough to go through the setup process of a hardware wallet and STILL end up typing their seed phase into some software wallet, then it's on them.
So hell yeah, it would matter, because that setup process alone makes you understand crypto better and why it's isolated from your PC. As others mentioned, that person later realized this.
Bitcoin "wallet" is just a pair of public and private keys. Honest question - what is the difference between a "hardware wallet" and a thumbdrive with the keys on it, except for the price tag?
When you plug a hardware wallet into a computer it can't get the keys off the wallet. It can only ask the hardware wallet to sign a transaction, and the hardware wallet asks the user to confirm.
When you plug a thumbdrive with keys on it into a computer the computer can just take the keys.
It's the same as the difference between a YubiKey and a thumbdrive with GPG keys on it.
Bitcoin wallets are collections of private keys and corresponding public keys. They may or may not also be linked together hierarchically using ECDSA math, and possibly encrypted as well.
If it's being used as a "savings account", there really isn't a meaningful difference, although it can be superior because a hardware wallet is more likely to be targeted for an exploit than some rando thumb drive that no one knows the location of or knows exists. This goes against everything that r/bitcoin would say, but lots of those users are similar to those infosec guys who consider all electronics "unacceptably compromised" while completely ignoring the actual risk level in reality and accepting certain tradeoffs.
A hardware wallet can make sense for "checking" purposes, but if you're only moving around small amounts of money occasionally, then you have to ask yourself whether one is worth using over a wallet app on your phone when the latter is more convenient.
Well the big difference is that keys can't be accessed in a hardware wallet. If you accidentally plug in the USB drive into some untrusted box, you could potentially have everything stolen.
> some rando thumb drive that no one knows the location of or knows exists
You still have this option with a hardware wallet. eg:
> some rando hardware wallet that no one knows the location of or knows exists
> Well the big difference is that keys can't be accessed in a hardware wallet.
In theory.
> If you accidentally plug in the USB drive into some untrusted box, you could potentially have everything stolen.
This is like saying that no one should own a gun because you might point it straight at your own head and pull the trigger.
> You still have this option with a hardware wallet. eg:
Yes, that is true, but a hardware wallet is an extra piece of hardware that needs to be actively used to provide HD wallet keys for transactions. If all a person wants to do is store BTC for the very long term, then this approach is more complicated and hazardous than storing a non-HD wallet key pair on some physical medium; this is because a hardware wallet failure can result in loss of the ability to sign transactions, and chances are you're storing the seed phrase separately. Again, just for long term storage, there's next to no advantage between storing a seed phrase for an HD wallet and storing private and public keys. Depending on what a person intends to do with their money, a hardware wallet may provide zero value over the least complicated approach. Unless someone is paranoid over other people or the government knowing their balance, a single public address is more straight forward than managing an HD wallet.
- Principle of least privilege.
- Zero Trust.
- Compartmentation.
- Hardened Operating Systems with no malware and strong endpoint defense.
- Firewalls that whitelist only your IP and disavow everything else.
- 2FA/MFA/Biometrics auth for everything.
- Defense in Depth.
- Use crytography tools vetted from the community surrounding it, and use tools which are battle hardened.
Modern computing is very leaky and every node is malicious. You need extreme vigilance to safeguard crypto.
Are people up to the task of doing all this?
I'm asking because I lost crypto before, and now I'm more resilient and have better security posture.