pull down to refresh
a phishing email is just a phishing email. not an attack,
Those idiots that click on phishing emails deserve what they get.
And that have nothing to do with the manufacturer. Could happen to all HW types.
I personally care less for any HW, including seedsigner. I simply do not use any. Are useless for me.
With all due respect @DarthCoin, this is indeed a very serious issue (for both Blockstream and any other HWW maker).
Yes, generic phishing emails are pretty "dur don't click on the link", but now imagine it's your mother or father, someone 60 years old, 80 years old or even someone very young that hasn't had the experience of seasoned technical people. They'll click it.
That's "phishing" emails. Now let's talk about "spear phishing" attacks. These are hyper targeted forms of attacks. Not just some generic spam email with questionable English grammar but ones directed explicitly AT YOU. With your name, email, from legitimate sources not "spammer69@fakeassdomain.com".
They might email you back and forth, quote your credit card number, address, previous purchase date, card number used, invoice number etc etc. All this info is hyper targeted and spear phishing attacks virtually ALWAYS are successful. Even against IT pros. These types of leaks allow for this attack vector and only a fool thinks that they're immune.
But it gets worse.
Even spear phishing is just an online attack. How about a group of thugs rock up to your home late one night with 5 baseball bats and start beating the shit out of you and/or your family until you give up the Blockstream Jade they now KNOW you own.
What's the solution? Don't use your real identity when purchasing a HWW. We've had this highlighted in our Advanced Bitcoin Privacy guide for ages now. So once again for those in the back...
Don’t buy a hardware wallet with your real world identity!Don’t buy a hardware wallet with your real world identity!
If the hardware wallet company gets hacked, your identity is forever linked to “this customer has so much crypto they needed to buy a hardware wallet” = huge target.
Most Hardware Wallet manufacturers will accept Bitcoin making this a relatively easy process. Make up a name, create a one time Proton.me email account via Tor Browser, pay via Bitcoin you obtained via a non-KYC source and get it delivered to an address that's not associated to you (eg. work, PO box etc) and you’re set!
As OP also states, any HWW that uses General Purpose Hardware (GPHW) or that you can go buy directly from the manufacturer in person in cash without identity is fine too 🙂
too much noise for nothing
I would just use both. HWW and SeedSigner.
deleted by author