It's not about money, it's about power. If you hold a physical item, you have the maximum power over it as possible. If you want to entrust someone else with it, go ahead, but at the end of the day your access to the item will be subject to their whims and those of the greater political establishment / woke clergy / corrupt and powerful.
Nope, not at all. Your hardware wallet is useless without the bitcoin trust frameworks and the implicit agreement among many people that these particular bits on your hardware denote anything of value. Both of these are completely beyond your control and reliant on mechanisms not fully understood. It’s a system boundary question: yes, your wallet is under your control (how do you know what’s baked into the silicone or firmware, I do not know), but the whole system is not.
There is a huge amount of vested interest in persuading people bitcoin or ethereum require no trust in third parties. This is not true, as illustrated by this case: the person writing code that’s supposed to secure your money made incorrect assumptions about security and was thus robbed. If you own bitcoin, you necessarily need to trust this person and his colleagues are neither malicious nor stupid. Why that’s better than making the same assumptions about state institutions and banks is, to me, not clear.
>There is a huge amount of vested interest in persuading people bitcoin or ethereum require no trust in third parties.
It requires trust that third parties will act rationally in accordance with the incentives provided by the system, which is very different from trusting someone to custody assets for you.
At a larger level it requires trust that people will continue to see BTC/ETH/etc as being worth something, but that isn't a unique problem to blockchain based digital currency solutions.
Sure but is a rationally acting financial institution operating in line with the incentives of the system they operate not also inclined to do everything to keep your money safe?
I think the key phrasing here is "the incentives of the system they operate" — it isn't completely unfair to say that large financial institutions have had a hand not just in operating, but in creating the system. They act according to broader financial incentives and are constrained by regulations (so disincentives), and their time horizon is much longer than the tight feedback loops produced by a blockchain. Their disproportionate influence over the financial system coupled with a feedback loop in terms of consequences that, compared to blockchain, is glacially slow and basically toothless, effectively gives them a ton of latitude to do shady stuff with your money.
A hardware wallet is a physical device that stores some private keys in a tamper-proof secure element. Those private keys can be regenerated from a recovery phrase[1] which acts as a seed to regenerate the keys in a deterministic way.
The hardware device is typically itself secured by means of a pin. Without the pin, the device can’t be unlocked so can’t be used, too many incorrect pin attempts will brick the device.
So the answers to your questions are:
1) If you entrust it to a safe deposit box then if someone steals it, it is worthless without the pin.
2) If the safe is itself destroyed and with it the device (this is also the case if you have it in a safe deposit box and the depository is burned down or something) then the private keys (and transitively the funds) can still be recovered using the recovery phrase. So if you have securely stored your recovery phrase and are able to retrieve it even this kind of problem won’t cause the accounts to be lost.
So what people tend to recommend is choosing good secure storage for your pin, keeping reasonable physical care of the device, taking the recovery phrase and splitting it into parts and storing those parts separately. If one of the parts is destroyed then you will need to urgently replace the hardware wallet, move the funds and securely store the new recovery phrase because if not you don’t have a fallback if the hardware wallet is destroyed, but otherwise you are good.
Yes you absolutely do[1]. But that’s true of any wallet (software wallets also have the exact same recovery phrase system so for example if you lost the hardware wallet you could configure a software wallet by using the recovery phrase and get your crypto back).
Someone else using your recovery phrase to steal your private keys wouldn’t actually brick your hardware wallet. It would still work but obviously since the thing that it was there to secure (your keys) had been stolen that would be moot.
The subtext is that keeping all this stuff secure is hard and depending on your threat model may not be worthwhile. This is similar to the way in which for most people it makes sense to have a bank look after their funds. In the world of crypto though we’ve seen obvious examples of these centralised custodians being untrustworthy and since they are not regulated or FDIC insured or anything of that kind it’s much more risky.
[1] If you want the ability to recover your funds if the hardware device becomes inoperable, lost, stolen etc. If not you could just burn the recovery phrase so you don’t need to secure it.
I wonder, couldn't a such "wallet" be built on top of secure element (i.e on iOS/android)? Carrying around an additional device just for "wallet" features is very inconvenient.
Presumably yes, although some people prefer having a special-purpose device even if it is an extra thing to carry around. It does depend on your threat model I guess.
You're not holding anything in your wallet. It's just fancy login systen to a transaction system that is bitcoin.
It's no different from bank login in the end, once someone has it, it can be transferred at will.
Sure, the difference is that in banking system bank doesn't need your credentials to do stuff with money but even that when big crypto bois money are involved stops being immutable as DAO ethereum fork proves, fuck with important people money and nothing is sacred.
> It's no different from bank login in the end, once someone has it, it can be transferred at will.
Bank login credentials do not confer undisputed ownership of an account. If someone unauthorized gets ahold of them, the bank doesn't throw up its hands and say "welp, nothing we can do now, the account just belongs to the hacker".
At least partly because they're not allowed to do that because there are specific rules about it. If banks could just say "so sad, too bad", they absolutely would. I know someone who had to resort to the financial ombudsman to get their money after a hack because the "bank" (Revolut or Monzo) would not engage with them to even acknowledge anything had happened.
Getting the correct phone number and pin combo is step one. That's the four digit pin.
Step two is as many tries at the 2FA as you would like. The format is 0#####. It will take some time for sure, but you get to control the phone number as your prize
Alternatively, the 4-digit pin is the security for their support line. You can obtain that without guessing the 2FA. Social engineering takes care of the rest.
Mobile account authorization is critical for national security because of the rampant requirement to use cellphones as 2FA / password reset for everything else, including GC Key itself. The government needs to step in. The question is what particular person in the government has the power and motivation to do so. Have you tried the CCTS? CSE? They might have some power, but the upcoming potential Cyber Security C-26 act should spell it out for them.
It should be doable to find some big fish to take this on, especially since everyone is vulnerable to SIM swaps assuming every other Canadian phone company has such lax security.
I worked with the Office of the Privacy Commissioner of Canada(OPC) on this a few years ago. I don't have credentials and that's enough for them not to take it seriously.
I'm the only reason the 2FA is there. That change was the only change they would commit to. A few days ago is the first time since that I've logged into my account.
I'm planning to contact the Competition Bureau tomorrow with the information. They are currently looking at Freedom's viability under a significantly less powerful company than Shaw Communications Inc.
I dunno, but it doesn't really seem like Privacy or Competition is the right angle for this, they're luxuries after all, and it's not really relevant for those political maneuverings. Security is more important. The right actors could hack the entire financial system and more with these kinds of vulnerabilities, with targeted sim swaps. Take for example, the currently unfolding Twitter hack that puts 400m Twitter users' phone numbers up for grabs - including every big fish there is.
Call yourself an anonymous Russian hacker and that might get their attention.
There's no timing limits but your own, the only limit I could note is 10 per code. You have to guess a lot, but you don't get stopped. There's also nothing you can do as a target, even if you know you're a target. Support cannot disable your account.
If you are competitive, ambitious, and meritocratic you're supposed to move to the USA and leave the rest of us alone to be mediocre in peace. Brain drain is the Canadian way.
