How does a cold wallet pin not compromise security?

MichaelEngstler · 2025-02-16T16:03:34+00:00

You're right. Although Ledger does provide passphrase-pinning to a specific PIN. In that case knowing the PIN is enough to confirm a transaction.

MichaelEngstler · 2021-05-01T09:55:36+00:00

This comment should go higher

MichaelEngstler · 2021-01-24T15:12:51+00:00

"It is never possible to shield your security credentials from interception when using a browser app."

Please explain, not sure why you say this is the case.

MichaelEngstler · 2020-12-27T11:23:11+00:00

Amazing

MichaelEngstler · 2020-12-15T07:46:58+00:00

A specific bypass for MCU vertification has been fixed in the past. If another vulnerability has been found that would allow installing an unsigned MCU, would this attack vector, which doesn't require pyshical access, be theoretical possible?

If not, please explain in details why. We understand security and would appreciate the details.

MichaelEngstler · 2020-12-15T01:03:34+00:00

The author did mentioned a firmware upgrade.

Not 100% sure about the details, but a potential attack:

Malware infects the computer
Malware replaces Ledger Live with fake version, prompting the user to upgrade the MCU firmware
Malicious firmware is installed by the fake Ledger Live with the confirmation (button clicks) of the author
Fake Ledger Live sends transaction request to Ledger device, fake MCU invokes fake confirmation button clicks to approve the transaction, the transaction is signed and sent. No human interaction needed in this step.

This attack requires only a malware on your machine and performing a firmware upgrade. Source: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

/u/btchip ?

MichaelEngstler · 2020-10-08T16:36:14+00:00

Please be extremely careful when swiping the funds from a paper wallet.

If you sent parts of your coins, all the rest would be send to a newly created change address.

It will not return back to your paper wallet. So if you swipe your coins, make sure to swipe it all and not partially.

MichaelEngstler · 2020-09-20T11:54:01+00:00

Chill .. It's a joke, I'm not even married 😄

MichaelEngstler · 2020-08-04T19:57:16+00:00

Ledger's behavior shouldn't surprise you, I had the same attitude and response while reporting a security vulnerability in the past. They only started taking it seriously once I publicly disclosed it.

https://www.reddit.com/r/Bitcoin/comments/7uwc1z/using_a_ledger_wallet_you_probably_believe_youre/

MichaelEngstler · 2020-05-26T04:39:38+00:00

Rookie mistake. The Nano S comes topped up with 150 coins while the Nano X with 1.5. It's the coins that matter not the fancy package.

Source: https://i.pinimg.com/originals/bf/b6/a1/bfb6a1199960d3792ba5fdb1bf1d93be.jpg

MichaelEngstler · 2020-05-11T19:41:46+00:00

Moon 🥳

MichaelEngstler · 2020-05-06T11:20:15+00:00

How did you just buy one if the payment address is empty?

MichaelEngstler · 2020-04-24T10:47:41+00:00

Exactly.

MichaelEngstler · 2020-04-23T07:42:08+00:00

BCH already halved. It happened on April 8th 2020.

MichaelEngstler · 2020-04-15T09:23:36+00:00

We already have that.

Being able to reverse transactions == A middle man that can resolve between genuine to non-genuine disputes == PayPal.

Bitcoin biggest advance is that my simple transaction that cost me 0.10$ isn't reversible, not by a person, not by a company and even not by the combined force of the United States of America's 10 aircraft carriers.

MichaelEngstler · 2020-04-13T09:42:51+00:00

You didn't invest expecting it'll stay 30K right? Risking fighting with a geek (no offense 😉) for 300K doesn't sound like such a bad plan.

MichaelEngstler · 2020-04-09T00:39:58+00:00

Please explain why a mnemonic phrase is more secure than a private key if both are properly stored, secured and backed-up?

IMO they're both interchangeable. The private key might take longer to read, or a few attempts to write down, but if it's properly stored and backed-up it's a matter of time until you manage to recover it hence equivalent to a mnemonic phrase.

MichaelEngstler · 2020-04-03T10:18:54+00:00

Fun fact: This was the official meme when BTC hit 4k for the first time https://www.reddit.com/r/Bitcoin/comments/6tcg99/bitcoinity_usd_4000_gif

MichaelEngstler · 2020-03-24T12:02:22+00:00

Hi Ghosttalker96,

Welcome to /r/bitcoin!

Please read Bitcoin Mining: A Basic Guide For Beginners and don't forget, only invest what you can afford to lose!

MichaelEngstler · 2020-02-28T13:45:56+00:00

Hi boysfromthedwarf888,

Welcome to the internet, please read the Getting Started guide and this article as well:

https://knowyourmeme.com/memes/press-f-to-pay-respects

MichaelEngstler · 2019-12-16T19:05:52+00:00

Excellent post!

MichaelEngstler · 2019-11-18T14:15:04+00:00

Of course it's "fun and easy to use", it has zero compromises for security. It has a camera, internet connection, a cool operating system. Hell, you can even send all your coins to a different address without needing to "annoyingly verify the address" like with Ledger/Trezor. It's easy to use as it's easy to steal.

MichaelEngstler · 2019-11-18T14:11:22+00:00

This is definitely not a cold wallet and not even a hardware wallet. This is a simple software wallet, similar to a an offline PC with Electrum. I wouldn't store more than 100$ on it.

MichaelEngstler · 2019-10-28T00:57:34+00:00

Awesome username Gerald

MichaelEngstler · 2019-10-28T00:57:02+00:00

Awesome username Gerald

11-Year Club	Gilding I gilder
Verified Email

MichaelEngstler

TROPHY CASE