LNURL-P indeed should be replaced…. But to replace it with a version of BOLT 12 reimplemented on nostr that misses out on ~all BOLT 12’s features (like, you know, recipient privacy, among many orders) just because NIH would be a massive disservice to Nostr users. View quoted note →

Today you can see the lightning nodes that ship fixes for novel attacks quickly (eclair and LDK, which did some force closures as a result of the fix) and those that don’t respond to security issues after months.

Look like @DETERMINISTIC OPTIMISM 🌞 is avoiding opinions he disagrees with on his podcast, so which one should I go on instead to talk about hardware wallet issues?

How about you have me on your bitcoin review show and we chat about it in detail so we can get into all the technical details and how realistic various attacks are :). View quoted note →

Oops, sorry, I forgot we can fix both sides of malicious hardware wallets - a malicious hardware wallet should not be able to steal your coin, it’s not complicated to force attackers to compromise both your computer *and* hardware wallet, but current devices just…. Don’t. That’s embarrassing! (Except for multisig setups). View quoted note →

To be fair to BitKey and one or two others, this attack doesn’t apply to Multisig wallets, anti-exfil doesn’t actually matter if you’re not doing single-sig. So the acceptable-security hardware wallet list is BitKey, Jade, and BitBox. View quoted note →

Hardware Wallets are devices designed to hold bearer assets which can be trivially stolen if you leak the private key(s). There’s many, many people involved in the manufacture of each hardware wallet, each of which might wish to make free money by backdooring the hardware wallet. For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. Sure, most hardware wallets have tried to be robust against these attacks, but there’s frankly just not that much that can be done. Wouldn’t it be nice if you didn’t have to trust the device at all, but rather an attacker would have to compromise *both* your hardware wallet and your computer? Well, we’ve had the tech to do this for many, many years! The fact that only two hardware wallets bothered to implement this boggles my mind. It’s impressive incompetence, bordering on maliciousness, honestly. View quoted note →

Stop using hardware wallets that don’t take security seriously (sadly, all of them except Jade and BitBox). This is a novel construction, but the class of attacks is very old. A laptop purchased in person, immediately installing Linux without ever connecting it to the Internet is a much better way to store coin than hardware wallets. Which, frankly, is just embarrassing incompetence for the hardware wallet industry.

Dark Skippy Disclosure - A Powerful Method For Key Exfil Attacks

A powerful method for a malicious hardware wallet to leak its secret keys.

Nothing beats left-side LaGuardia approach on a clear day/night. (This is a wide-angle lens, you’re really right over Manhattan)