S4 E3: Lazy Ninja on Hacking Hardware Wallets (BitBox, Coldcard)

Security expert and hardware wallet hacker Lazy Ninja is best known in the Bitcoin community for finding vulnerabilities in the Coldcard and BitBox02 devices. In this episode, he talks about his approach to finding issues, makes recommendations for those who want to buy hardware wallets but feel undecided, and offers invaluable security advice. Topics also include joining the Bitcoin space, whether or not BIP 174 (PSBT, or Partially Signed Bitcoin Transactions) is much more secure than the classic alternatives, and why multisig setups are still hard to do. Follow Lazy Ninja on Twitter: https://twitter.com/FreedomIsntSafe --------------------------------------------------------------------------------- More details: https://bitcoin-takeover.com/s4-e3-lazy-ninja-on-hacking-hardware-wallets/ Listen on iTunes: https://podcasts.apple.com/ro/podcast/bitcoin-takeover-podcast/id1451766883#episodeGuid=https%3A%2F%2Fbitcoin-takeover.com%2Faudio%2F%3Fname%3D2019-12-27_s4_e3_lazy_ninja_on_hacking_hardware_wallets.mp3 Listen on Spotify: https://open.spotify.com/episode/45AGxS2CH3UgSSiNMIWILE Donate $1 on Patreon: https://www.patreon.com/bitcointakeover --------------------------------------------------------------------------------- 4:00 – Introduction 5:48 – When did Lazy Ninja get into Bitcoin? 6:45 – Lazy Ninja first heard about the Trezor 7:43 – When Lazy Ninja first started hacking hardware wallets 8:50 – Are hardware wallets secure at all? 11:00 – Lazy Ninja’s experimentation with hacking the Trezor 12:10 – Coldcard wallet and the age factor in hardware wallets 14:30 – Finding issues in the code/documentation before even touching the hardware wallet 15:25 – What does Lazy Ninja think about the ColdCard? 19:40 – Piece of advice for when your device stops working 20:10 – Is air-gapping the hardware wallet with PSBT important for security? 23:40 – Vulnerabilities found in ShiftCrypto’s BitBox02 32:40 – Which hardware wallet does Lazy Ninja recommend for newbies? 36:35 – Secure element chips, open source, and trust in manufacturers 43:00 – The 2018 wallet.fail Ledger hack 46:10 – On Trace Mayer’s criticism of hardware wallets 49:20 – General-purpose devices and DIY hardware wallets? 52:00 – On the security of Armory, Wasabi, Electrum & Bitcoin Core (hot wallets) 54:40 – Mobile phone security 59:00 – Hardware wallets vs cold storage 1:01:30 – Getting a backup device 1:05:00 – Are multisig setups safe and good for security? 1:10:00 – Is the Lindy effect relevant? 1:12:00 – On CoolWallet, Ellipal & other new hardware wallets 1:16:10 – Buying the cheapest device if you just plan to use Electrum & Wasabi? 1:17:50 – Cold storage vs hardware wallet 1:20:00 – Are Bitcoin-only hardware wallets more secure for your BTC than the ones with multi-coin software? 1:23:00 – YubiKey and general-purpose devices? 1:26:00 – Bitcoin vs gold 1:28:00 – Blind trust in exchanges vs the purpose of Bitcoin 1:40:00 – Governments turning Bitcoin into a surveillance system through KYC and blockchain analysis 1:42:00 – Switching to Bisq 1:45:50 – Tweet at us 1:47:13 – Ads --------------------------------------------------------------------------------- Season 4 Sponsor LXMI: https://lxmi.io/ “LXMI is a European Cryptocurrency exchange whose name is inspired by Lakshmi, the Hindu Goddess of Wealth, Good Fortune and Prosperity. It’s one of the regulated and legal Cryptocurrency exchange. On LXMI you can buy bitcoins with most fiat currencies and you can also do the trading for top Altcoins. They follow the “Not your keys not your bitcoins” philosophy with their integrated non-custodial wallet which helps you manage your own private keys. So if you’re into trading, then you don’t have to worry about having your Crypto frozen by whatever political decisions, since you’re empowered to hold and move your coins around whenever you wish. LXMI is launching in 2020 for more information please check out – www.LXMI.IO/ If you’re not trading, it’s recommended to move your coins to a hardware wallet or some other form of cold storage, and in this episode, you’re about to find why." --------------------------------------------------------------------------------- Season 4 Sponsor Phemex: https://phemex.com/bonus.html “Phemex is a Bitcoin exchange with derivative trading options which focuses on speed, robustness, and maximum uptime. Built by former Morgan Stanley executives, it manages o bring simple and accessible Bitcoin trading. In 2020, Phemex will also add S&P 500 stocks, stock indexes, FOREX, commodities, and more. Sign up today at phemex.com/bonus and receive a bonus of up to $72." --------------------------------------------------------------------------------- Disclaimer: Please keep in mind that these are sponsored ads. They're not financial advice, and you’re responsible to do your own research and make your own decisions. Embrace your financial sovereignty with agency and precaution.