Yeah, I've been generally moving more towards airgapped devices and away from hardware wallets recently. With the unpatchable critical vulnerability in Trezor devices, and Ledger being unable to encrypt a simple database, there are just too many risks to using them.

As I said in another thread, the big appeal of hardware wallets is that they are (were?) a good balance of ease of use and security. A newbie could buy a hardware wallet, follow the set up guide, and store coins very securely without really any technical knowledge. They didn't need to know how to use a live OS, or airgap a device, or use encryption, or verify PGP signatures, or any of the other necessary steps to correctly use an airgapped wallet or a paper wallet.

To use a hardware wallet safely now, you need to use a disposable email, a pseudonym, a burner phone, find a neutral but secure shipping location, and pay in anonymized bitcoin. None of that screams "ease of use" to me, especially not for a newbie. If newbies are going to spend the time to follow all the steps in this thread to buy a hardware wallet, they would be better off just learning how to set up a proper airgapped cold storage wallet instead.

He's talking about the critical vulnerability whereby if someone has access to the device, the (encrypted) seed mnemonic can be extracted in a matter of minutes using relatively cheap tools (and then the 1-9 digit PIN encrypting the seed mnemonic can be trivally bruteforced). Unless you're using a BIP39 passphrase, your funds are effectively unprotected if the device falls into the wrong hands.

It's an issue with the hardware used in the ONE and the T, and the only "workarounds" are to use a BIP39 passphrase (or the SD card encryption option on the T, which requires trezorctl, Python and commandline "skills").


Refer:
https://www.ledger.com/improving-the-ecosystem-disclosure-of-the-trezor-recovery-phrase-extraction-vulnerability?utm_source=Social&utm_medium=Twitter&utm_campaign=Donjon%20Trezor
https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

You may have a point for newbies.  Anyone hanging out here should know to cover their security with a LONG password, and further anybody with a Trezor T should be aware of the SD encrypt protection.  In reality I guess WE sometimes forget how far out of the mainstream beginner circle we have gone.  LOL!

Unrelated but back to the thread:

I thought of another privacy weakness for Trezors where more experienced attackers are concerned:

Bear with me here.  For Trezors that are used for long term storage I like to configure them for privacy.  One item I like to conceal is that I use passphrases at all.  As mentioned above, newbies likely don't use passphrase enhancements.  By logic then if someone has a Trezor in their hands and passphrases are activated, by default there is the ASSUMPTION that multiple wallets are likely in play.  This is true for most I would think.  So, I place a minimal (but believable) amount of BTC in the default wallet (no password needed) and leave it there.  Long PIN still of course.  My feeling is seeing passphrase activated is a BAD thing for privacy and even worse for a potential "$5 wrench attack".

If you connect a Trezor to a computer using trezorctl, which I use, it clearly displays whether the passphrase feature is activated. This means I don't need to know your PIN to know you have passphrase activated.  Try it if you want and you'll see I am correct on this.  trezorctl is much more powerful than the website experience, but most attackers I think would know that!

Therefore; I always take a couple of seconds, again using trezorctl, to turn off the passphrase feature when I am finished using my Trezor.  Turning passphrase on and off using trezorctl is seconds in either direction.  So this is a hardware wallet weakness in my view.  Its easy to correct as I just described, but most newbies or users in general would never have thought of it.

My suggestion then for Trezors not used daily/mobile on the go, would be to protect your privacy by turning off passphrase when in storage.

Lastly, become familiar with trezorctl and take advantage of its power/features.  A biggie that comes to mind is to enable wipe of the entire hardware wallet by entering a code you set to offer as a fake PIN.  You can't do such an important thing using the limited web experience.  My .02

Where did you see that banner? When I visit their website, the only banner I see is an advertisement for their new stablecoin lending service which is being integrated with Ledger Live.

Honestly, I think I'm done with Ledger at this point. Should we maybe work on securing out databases against hacks? Should we maybe work on finally allowing proper coin control or address management for bitcoin? Nah, let's first launch a shitcoin exchange service with ridiculous fees, and then launch a shitcoin lending service (with I'm sure more ridiculous fees). I haven't used Ledger Live with my Ledger devices in a long time, but it seems Ledger as a company are going the same way Brave did - start off with a good product and great intentions, and gradually pay less and less attention to what is important to their customers and more and more attention to whatever makes them the most profit. Such a shame.

I'm still hoping someone can recommend a secure and easy to use storage solution which we can recommend to newbies in lieu of hardware wallets. Software wallets are not secure enough, and airgapped wallets are not newbie friendly enough.

To paraphrase a known meme - secure, easy to use, cheap - pick two.

I think there are no official retailers, and only way would be to contact Coldcard support and ask them: support@coinkite.com
They are based in Canada, but I found some stores in Europe, Germany, United Kingdom and others, that are selling ColdCard.
Search locally and buy with cash.

I also thought of this as well.  When you buy a hardware wallet like nano ledger s and have it shipped to your address.. well there is risk of data breach like what happened with ledger live... but not only that... what about the ppl who are handling your packaging like the people who shipped it to you from france or say dhl or fedex etc in the US?  I mean i know postal workers bring packages to many places but im sure when they look at that package and see the france address... they probably know its a nano ledger s?



Like how could you order one securely without address information?  Only thing i could think of would be like those amazon locker etc?  But of course if you do it that way, isn't there a risk of it being manipulated if somehow the place or postal office knows what is it?  Like imagine a tech savy person having access to it for a bit.  But of course putting it back in the original packaging will make it look obvious something was done to it.   

I never heard about that overheating issue and short lifetime for BitBox02 wallet and I know warranty is 2 years for them (CoboVault is offering one year warranty, Trezor waranty has two years, ledger has one year warranty), but people reported problems for other hardware wallets also, like display not working after some time or they just die without any explanation, so there is no perfect device and it is important to keep your seed words safe.

If you purchased it one year ago than you can probably replace your BitBox.

Do most of you have at least two hardware wallets in case?


Thinking of ordering another one and will most likely stick with nano ledger s.  Do most agree just get another one as oppose to get a nano ledger x or trezor?  I heard trezor there is security issue right?  Nano ledger x uses a battery so wouldn't that mean it would go bad after a few years?  But also its much more noticeable as compared to a nano ledger s which look like a keychain?


So do you say its good idea to get a PO Box at your local USPS then to order this?  Or it doesn't matter since i already ordered from nano ledger before?  Also i got to assume the fedex or dhl drivers know what the package is right when you bring the item and see its from France?  Then again many of them probably never even heard of hardware wallets right?

Honestly, i wouldn't rely on the tablet being completely air-gapped by simply just turning everything off in the (user-mode) settings and enabling airplane mode.
You'd be always better off removing any wifi and bluetooth chips etc.

Further, this device would still lack the actual hardware security a hardware wallet offers.
If you want the hardware security and convenience of a hardware wallet, such a tablet solution is not even close to being good.
If you want a air-gapped cold wallet setup, there might be some better alternatives (e.g. old laptop with an open and verified OS installed).