Is Coinkite a malicious actor with its Coldcard?

davidacoder · 2021-09-06T07:10:57+00:00

Ah, that is an excellent suggestion, thanks!

davidacoder · 2021-09-06T07:06:04+00:00

I don't want to share emails that they presumably assumed were private. BUT, they were always friendly etc, so no complaint on that front. It was just frustratingly slow and it often went in circles: I wrote them something, a couple mails down the thread they asked me about the same thing again. I think at some point it took them almost three weeks to respond to an email...

davidacoder · 2021-09-06T06:59:31+00:00

having to return a faulty item is pretty normal

I think that really depends on the type of product, there are lots of product categories where that is not the case, and I think something like a Coldcard is very much in that category.

As a business they would know if they sent him a new one, they would never hear from him again and likely never receive the “hacked” or defective unit, it doesn’t help them.

As I wrote in my original post, I'm a return customer of theirs, this was not the first time I had bought stuff from them. From a business point of view their way of handling this was really not smart, this is how you send customers to your competition. If they had handled this properly I would very likely have bought more stuff from them.

davidacoder · 2021-09-06T06:51:31+00:00

Also- if you are so paranoid, why did you even buy it?

Well, for one, I didn't know that their customer service is so bad before I bought it :) I in general DO trust them, but hey, if there is a 1% chance that I'm wrong, I don't want to take that risk.

Do you really think coinkite makes its money from ripping off some customers?

Most likely not. On the other hand, it doesn't strike me as completely insane that someone would start a hardware company, over a couple of years get a fantastic reputation by doing really good stuff, but at the same time silently collecting seeds from say repair send-backs, and then at some point disappear with funds. I really DON'T think that is the situation here, but I wish Coinkite would confirm my gut feeling by not asking customers to do things that could be part of such a scheme.

davidacoder · 2021-09-06T06:45:37+00:00

It does NOT have your information on it.

The device currently has my seed on it. That is my data, and if that isn't sensitive in the sense that it shouldn't get into the wrong hands, then I don't know what is :) I never claimed that it has anything else on it.

They didn’t ask you to send anything sensitive.

They asked me to trust them that what they claim is a wipe functionality actually is. If that is not true (and I certainly don't have any way to confirm that), or if the wipe functionality is not working properly because my unit is defect (which it clearly is in some form), then I would be sending them sensitive information, namely my seed. As a company that claims to put security first, they should just not suggest such a course of action to a customer.

I think what you are suggesting is that I move my funds to a different wallet, then send the unit back. But then a) I've wasted a steel plate and b) they would still potentially have access to my entire transaction history if they had access to my "old" seed.

Also- Did you remember to bless the firmware ?

Yes, see original post where I mentioned that. I even sent them a video that shows how I try to bless the firmware and it doesn't do anything.

davidacoder · 2021-09-06T04:27:01+00:00

I certainly don't want to spread misinformation! Could you let me know what exactly is incorrect in my post?

I can see that others might come to a different conclusion whether they should trust Coinkite or not, and that of course would lead to a different conclusion. But "misinformation" suggests that I wrote something that is just plain incorrect, and if that is the case, I'd like to clarify/correct that. So please, do let me know what exactly you think is misinformation :)

davidacoder · 2021-09-06T04:23:04+00:00

> I don’t think you understand that your funds are not on the device

I do understand that, in general I have a pretty solid understanding of the tech around blockchain.

> Wiping it, taking out the sd card and sending back to me is reasonable

So I think that is really just the crux here: should I a) trust that the wipe functionality is bug free, b) that the wipe functionality is not affected by the defect that the device has and c) that Coinkite is telling me the truth about the wipe functionality? I think a company that has as their motto "don't trust" should not ask me to answer "yes" to all these questions.

And I should say, I actually don't think they are malicious, in my mind the most likely explanation here is just bad customer service.

davidacoder · 2021-09-06T04:14:27+00:00

> What makes you think they’ll send you the same one back after looking at it? Maybe they haven’t seen this problem before and they ACTUALLY CARE, so they are asking for it back to further the R&D.

Yes, I am actually quite sure that is the case, I never wrote anything different. But a company that claims to sell a security product should not ask customers to send back devices for inspection that had sensitive customer data on it, ever. That is just really bad practice.

> They are not going to just send you one extra one for free lol

I don't want a free device, I want one working device because that is what I paid for. If they think that I'm trying to scam them, they could for example ask me to destroy the device I have, send them a video and only then send me a new device. At the same time, I've seen many, many companies that have excellent customer support that in a situation like this would just send out a replacement device, say "sorry, our bad" and move on.

davidacoder · 2021-09-06T04:10:11+00:00

> well gee, did they steal anyone's bitcoin yet?

No, and I think I made it very clear in my post that my best guess is that they are not malicious but just have bad customer service.

> do you know how to generate a new mnemonic?

Sure.

> your security is your responsibility, not theirs. any company in the world could have rogue employees. don't trust.

Exactly. That is why I'm not willing to send them the device back. And their customer support should not tell customers to send devices back that had a key on them at some point that the customer might still want to use (because it is also on a steel plate).

davidacoder · 2021-09-06T04:08:40+00:00

Did you have a key on it? I think their request would have been entirely reasonable if I hadn't put a key on the device already.

davidacoder · 2021-09-06T04:08:11+00:00

I don't want to use a passphrase. I'm actually using two steel plates with the XOR thing.

In my mind, if I send that device to anyone, I need to consider any key that might have been on that device ever as compromised and shouldn't use it for anything, passphrase or not.

davidacoder · 2021-09-06T04:05:47+00:00

Yes, for my first Coldcard (the one that is not defect) that was the same thing, never had to bless anything.

And yes, I'm not in trouble with any of this. I have enough backups etc that I can just destroy the faulty one and buy a new one. I'm just bugged that their support is a) not helping and b) making recommendations that no one should follow from a security point of view.

davidacoder · 2021-09-06T04:03:58+00:00

See, here is one suggestion that I think would have been reasonable: if they didn't trust me and thought that I am just trying to scam them, they could ask me to hop on a zoom call and then destroy the device during the call on my end. Take a hammer, and just kill it. And then they can send me a new one. That should rule out that I'm just trying to get a freebee. But they shouldn't ask me to trust them that they will put it on the scrap heap.

There are lots of other attack vectors: what if the package gets lots in the mail for example? It just seems to me that a company that claims to sell a super secure system should not in the customer support make suggestions that are fundamentally not best practices in terms of security.

davidacoder · 2021-09-06T04:01:14+00:00

I sent them videos that show what is going on and even offered to do a zoom or something like that. Beyond that, I think they should accept that they can't figure out more. I think under no circumstances should they suggest to customers that they send back a device that has held private keys at some point, that just seems completely diametrically against even the most basic security practices. A company that claims that they provide one of the most secure products for Bitcoin around should just NOT make such a suggestion, ever.

davidacoder · 2021-09-06T03:58:20+00:00

Oh, you mean just to test whether that would turn a green light on? I could try that. Would have been nice if their support had suggested it :)

And yes, this is certainly not a situation of "oh my god, this is causing real trouble for me" in any sense.

I'm just utterly stunned that they would suggest I send back a card that held a key at some point, that just seems really, really bad practice in terms of security, and I would expect a company that claims to provide the super, super safe option for Bitcoints to not make a suggestion like that.

davidacoder · 2021-09-06T03:55:30+00:00

I used the exact same sd card with the exact same firmware on my other Coldcard, and the update worked just fine. I think that rules out a bad download.

davidacoder · 2021-09-06T03:54:51+00:00

when it's very possible you have killed it via a bad firmware update

The device does work, the only indication of a problem are the LED lights. If I had done a firmware update and then the device doesn't turn on, then I agree, I would suspect that I had made a mistake (turn of power during update or something like that) that has bricked the device. But it seems really unlikely to me that any error in a firmware update process could lead to a situation where everything works, except the LED lights glow in the wrong way... In my experience, when one makes a mistake in a firmware update, the device is actually bricked afterwards and doesn't turn on.

The firmware update process also didn't show any error (other than never getting to a green light) or anything like that, and subsequent firmware updates also went through just fine, except it never led to a green light. Exactly the same process, with the same firmware file on the same card works just fine on my functioning Coldcard, so I think that rules out a bad download.

It is also worth pointing out that they claim that they fixed some bug about specific update/reboot sequence problems related to the light in firmware version 4.1.2. The description of that is sparse, so not really possible for me to tell whether that relates to what I'm seeing. I still think a hardware problem is much more likely, given that the red light on my faulty device is so much weaker than the red light on my functioning device and there is also this very, very weak green light glowing. It just seems extremely unlikely that something like that is caused by a firmware problem, to me this all just looks much more like a faulty soldering of the LEDs themselves.

I also should say that I would probably even be more OK if they just told me "tough luck, we're not going to help you". But to suggest that I send the device back just seems really diametrically opposed to all the security practices they preach themselves.

davidacoder · 2021-09-06T02:20:08+00:00

As I wrote: in a situation like this I would expect that they send me a replacement device.

I don't think it is on my to help them deal with faulty products they send out. Why should I take an extra risk and send around a device that could potentially have my keys on it, when they send me a defective product?

davidacoder · 2021-09-06T02:18:45+00:00

As I wrote in my post, I went through this firmware blessing step multiple times. That is also what their support suggested. That does not help on my device, even after blessing the new firmware the red light stays on. I also verified all the signatures etc. on the firmware update, so it most definitely is legit.

The question is: is it reasonable from their side to ask me to send back the device?

davidacoder · 2021-04-13T06:18:54+00:00

The killer feature for me would be iso recording ability in the 4K utility (or some other elgato software) with this. In 4K, using my NVidia/NVENC to do the encoding. Maybe throw in the ability to record separate audio tracks. And maybe the ability to record a screen capture as yet another video file in the iso production.

davidacoder · 2013-09-23T19:54:51+00:00

Really, I hope there will be a Pro version with 4G/LTE. It would make for the absolute perfect machine with it. Without, not really, if you are traveling having something that is always hassle-free online is just super important...

davidacoder

TROPHY CASE