looks like atomic wallet was compromised - used by millions of people around the world - not the first and will not be the last popular wallet to be compromised
if you are saving significant amounts of bitcoin consider upgrading your setup to coldcard + sparrow wallet - it is an accessible, powerful, and incredibly secure setup - in the future you can use the same setup to easily upgrade to multisig
my full guide is here: https://werunbtc.com/coldcard
What about Trezor + Wasabi β¦
I think the Trezor Model T is the most secureable. I heard something about wasabi making some devil's deal with some data analytics company..π
Did you see Peter McCormack's interview with the CEO of Ledger and NVK of Coinkite/Coldcard? They both agreed without a flicker of a doubt that the private key could be extracted from a Trezor within 10 minutes. I wouldn't be so sure about the Trezor.
Trezor also partners with Wasabi who in turn are in bed with chainanalysis π©
I read about that, and it's a concern. So I probably won't use Trezor's connection with wasabi. I'll use something else if anything.
Most of the popular HW's are probably fine for most of you. But they all have glaring vulnerabilities. Depending on how you use them. But if you have a high threat level, I think Trezor is the only way to go. For now..π€
Ref for some details. https://blog.trezor.io/our-response-to-the-read-protection-downgrade-attack-28d23f8949c6
Lol.. That's simply not true. After I create a wallet. I back it up and then verify it. Then I wipe it. You can hack something that isn't there lol.
But that's just one of many deterrents. I also use a high entropy passphrase\password. Which Trezor does not store. Even if I didn't wipe the device. The seed phrase is useless without the passphrase\password.
With Coldcard you have to trust not one but two closed source elements. Do you really want to trust you life savings to that..π
Well, it's true that you can extract the key. But if you wipe it after creating it, I think you have solved the problem. Just don't forget to erase it.
I don't have a good answer to the issue that I have to trust the secure element. That is why Coldcard uses two, so if one is compromised and the other is not, you are still good. But you still have to trust that they are not both compromised.
#Coldcard + #Nunchuk also pretty cool. With NFC support. Coldcard also mentioned this wallet in their examples..
Itβs cool. Itβs not air gapped though. Also no coinjoins, which you can do in Sparrow. And why have a mobile for really cold storage? Itβs an attack vector to get your npub imo. But a neat combo still
ColdCard + Sparrow is the goal imo. Next level. This made it super easy:
Coldcard has a big security vulnerability. Secure elements..π€
Just curious whatβs your recommendation?
I think The Trezor Model T is the most secureable. But you have to do it right. I don't trust secure elements. Because you have trust them lol. They're closed source.
So the Coldcard has two potential back doors. Instead of one. Still, most of these wallets are secure enough for most of you. But If your threat level is high. Then you need something more. Like the Trezor..π
The reason they have 2 (I believe shooting for 3 in new models) is to eliminate this trust.
Being skeptic is healthy, but for sure the threat vectors doesn't double with the addition of more secure elements. Rather the opposite, the difficulty to hack compounds.
Actually the threat does double. The government probably already has backdoor access to every secure element. They probably designed the backdoors. Our people are the best in the world. You don't know what you're dealing with. Did Snowden teach you nothing..π€π€π
Sounds like you may get it. They're trying to corrupt and capture Bitcoin. Much like has happened with the healthcare industry.
Step one is to normalize trust in secure elements. Which are all controlled by the man lol.
Step two is to corrupt the Bitcoin core nodes. With ordinals and other external scammy non Bitcoin garbage.
The Bitcoin full nodes defend the Bitcoin protocol. They defend It's quality and security. They are the power. The Knights of the protocol. Keepers of the faith, defenders of the realm.
Bitcoin core development has to further decentralize into at least two tracks.
Track 1) Bitcoin Pure. Hardcore Bitcoin. No external scammy elements.
Track 2) Bitcoin other. Questionable external scammy elements. Not really a part of Bitcoin Core.
Then the full node operators can choose which track they want to run and support.
For example, I don't plan on continuing to support ordinals. Or BRC-20 tokens with my full nodes.
This is the only way to protect Everyone's Bitcoin, and Everyone's savings.
Fun stuff..π»ππ§‘ππ¦ πβΎοΈπ€ π½πͺπ
EVERYONE!..π
#[4]β, build a #[5]β and sleep like a baby. Itβs the only HWW I can recommend for anyone with a good conscience. #Bitcoin #plebchain
Donβt trust anything
Coldcard and Electrum is great too
If one currently has multiple wallets could they all be moved to one Coldcard without sending onchain transactions?
But muh ten31
"Don't put all your eggs in one basket"
Would love to hear smart ideas here. Diversify wallets, keep some supporting lightning channels, maybe some on Liquid...?
I was going to do a Passport + Bluewallet 2 of 2. I feel like once you have a multisig between 2 different wallets you are pretty well protected if one of them turns out to be evil or incompetent.
False security..π
Understand, but how will ordinary people with no tech knowledge save their bitcoin.
i think in the future bitcoin education will become more and more important
the key is to keep your own keys π§‘
Nice work! I think storage recommendation of seed/device is missing and may be helpful
Matt, that's not possible. Atomic wallet is decentralized and you can stake ETH for 5% APY, obviously cant be compromised. π
My question to you is this....β
Cuz I kid ya not. Sumtimes I'm too damn exhausted to think...
Education is key. Clear tutorials are very useful. When I first started I landed on ledger because it seemed to be the simplest. I recall watching a coldcard tutorial on YouTube at the time where the guy was uploading his xpub to dropbox for some reason and I recall thinking wtf, no way this is safer than ledger's usb. It took months until I looked into coldcard again and realized dropbox was not required at all. That video single handedly managed to delay my coldcard adoption by months.
All of that to say that I appreciate that you're providing great clarity into different solutions' trade-offs and a clear tutorial for coldcard and sparrow.
Coldcard has secure elements which make it inherently insecure.
The Trezor Model T is the most secureable HW on the market that I am aware of.
Good luck..ππ€
Dafuq is atomic wallet, lol
This doesn't seem to happen to Bitcoin-Only tech, financial products, or platforms.
Love Sparrow
anything wrong with this?:
!!!:verify and securely use:
https://github.com/iancoleman/bip39/releases/download/0.5.4/bip39-standalone.html
securely open iancoleman page, flip coin 128 times for entropy, get 12 seed words, generate two βBIP84β Account (β0β, β1β) zpubs
create two BlueWallet watch-only wallets from zpub QR codes
give Account β0β zpub to https://swan.com/ for DCA auto-withdrawals
use account β1β zpub wallet for other day-to-day bitcoin Receive addresses
save seed words, zpubs, and derivation paths to secure storage, bequeath to heirs
Would also recommend using a passphrase. This adds a fantastic layer of protection.
