pull down to refresh
related posts
447 sats \ 0 replies \ @gnilma 15 May 2023
In a case like this, with a compromised device where the private key are already generated and known to the hacker, the victim had no chance. It is true that multi-sig could have mitigated this hack, but the tradeoff is that multi-sig adds another layer of complexity to the setup, which might not work well for non-technical users.
When it comes to buying signing devices, the source of the device is utmost important. Had the victim bought the device directly from Trezor, this hack could probably have been avoided.
Also, there should be a way to check the authenticity of the signing device with software from the vendor? Not saying something needs to do this, but something as simple as installing the wallet software from the vendor's site, plug the signing device into the computer, and have the wallet software check the device's authenticity before putting bitcoin into it.
But yea, if you're paranoid and willing to take the extra precautions, definitely do this.
reply
366 sats \ 2 replies \ @Pine 15 May 2023
That’s why Multisig is safer, the worst case the hacker got 1 key
reply
50 sats \ 1 reply \ @k00b OP 15 May 2023
Assuming you get them from different manufacturers.
reply
10 sats \ 0 replies \ @nerd2ninja 15 May 2023
Somebody read Glacier protocol
https://glacierprotocol.org/docs/overview/
reply
10 sats \ 0 replies \ @nerd2ninja 15 May 2023
But what's wrong with signing devices that plug into your computer? The device is so secure nothing is getting past that hardware right?
Creates a look alike that infects your computer
lol.
reply