Cracking Unsafe Bitcoin Wallets + Coldcard Mk4 Warning (Insecure Dice Based Seeds & Private Keys)

Рет қаралды 15,904

Күн бұрын

A short video that looks at unsafe Bitcoin wallets that were likely created using low numbers of dicerolls leading to poor wallet BIP39 seed security, making it easy for scammers to access the private keys. I also look at how many folk lost funds doing this and which hardware/software could have been used to create these insecure wallets in the first place. It also include a demo of how this can still happen with Coldcard Mk4, even running the latest firmware.
00:00 - Introduction
01:04 - Your Wallet Existed before you Created It
01:12 - About the tool used for cracking wallets (Modified BTCRecover)
01:29 - Which types of wallets were checked
02:09 - What I found
03:20 - The Dilemma of finding wallets with funds...
03:35 - Understanding the Importance of Entropy
03:51 - Ongoing risk for low numbers of dice rolls
04:52 - Checking Wallet Safety (Seedsigner, Krux, Jade, Bitbox02 & Ian Coleman's BIP39 tool)
05:15 - Coldcard Mk4 Issues & Warning
06:33 - Increased risk associated with wallets letting users choose their own seed words
06:54 - Important disclaimer in terms of identifying how these wallets were generated
07:04 - Alternatives
08:18 - Summary and Conclusion

Пікірлер: 250

@callumarif 2 ай бұрын

Steve, thanks for the video friend. Super important information, and good on you for trying to notify the owners of the insecure wallets! Much respect.

@CryptoGuide 2 ай бұрын

Thanks, it was certainly a bit of a conundrum :/

@SouthernBitcoiner 7 ай бұрын

Thanks for covering this. This is important information.

@CryptoGuide 7 ай бұрын

Glad it was helpful!

@Skydrops6 4 ай бұрын

More people need to be watching this. This guy's videos give excellent security advice.

@CryptoGuide 4 ай бұрын

Thanks :)

@normanmckay4593 6 ай бұрын

What a legend!! Hats off to you man, thanks for this video!!

@CryptoGuide 5 ай бұрын

Thanks, glad it helped

@asteriskesque 7 ай бұрын

Awesome content. I had a few questions, but you answered them as the video went along. P.S. Thanks for checking Krux! You introduced me to that project in another video & I've become a huge fan.

@CryptoGuide 7 ай бұрын

Thanks, glad it made sense and glad you found Krux, it's a great project :)

@charlesbanana4304 7 ай бұрын

Greetings from Argentina!!! always good to stay on top of these things. Always appreciate every video This man does. All the best to you .

@CryptoGuide 7 ай бұрын

Hola! Thanks and stay safe down there :)

@formetoknow540 7 ай бұрын

Argentina 🇦🇷 dam the inflation is crazy in that country I hear hope u store your value life energy in bitcoin and spend Argentinian pesos

@CryptoGuide 7 ай бұрын

Yea it's truly insane to see the inflationary stuff playing out there at crazy speed, at least with BTC there is a more accessible option for the masses to avoid the worst of it...

@formetoknow540 7 ай бұрын

@CryptoGuide The only solution to inflation is ₿itcoin thank god people have a option to opt out in countries like that

@CryptoGuide 4 ай бұрын

@maxvinella941 7 ай бұрын

Very useful information! thanks

@CryptoGuide 7 ай бұрын

Glad it helped

@kennethmiller8415 5 ай бұрын

Thank you soooo much! I just subscribed.

@CryptoGuide 5 ай бұрын

Thanks, glad it helped

@MrMonero 6 ай бұрын

Good work my friend 👏🏼

@CryptoGuide 6 ай бұрын

Thanks :)

@dtempst9462 7 ай бұрын

Great work.

@CryptoGuide 7 ай бұрын

Thank you! Cheers!

@kickinit333 7 ай бұрын

Another great video. Thanks.

@CryptoGuide 7 ай бұрын

Thanks

@jonathanarras1281 7 ай бұрын

Seriously this guys videos have totally helped me with self custody

@CryptoGuide 7 ай бұрын

Glad they have helped :)

@GummyONSolana Ай бұрын

@@CryptoGuidelol u took there crypto and gave it back hopefully if I ever get hacked he like u

@CryptoGuide Ай бұрын

Unfortunately most of the time it is simply taken and never returned :/

@chadwolf3840 15 күн бұрын

Great stuff bro.

@CryptoGuide 15 күн бұрын

Thanks, glad it helped

@eagleram13 3 ай бұрын

Great video, subscribed...1000 likes 👍

@CryptoGuide 3 ай бұрын

Thanks :)

@fpico1972 Ай бұрын

Thanks for the great informative video. Is there any way to self check the security of a hardware wallet, to ensure it is safe enough? thanks.

@CryptoGuide Ай бұрын

If you are buying one from the official store and it doesn't look like it has been tampered with then it's probably fine. :)

@sb-qs3vj 6 ай бұрын

Good afternoon Great video and great experiment! To quickly search through BTC, ETH and LTC, you probably had to download their blockchains to your computer? Approximately how much disk space did this take?

@CryptoGuide 6 ай бұрын

The Bitcoin blockchain is over 500GB, LTC is over 100GB and eth is terabytes.

@eggshi 6 ай бұрын

Great video!!

@CryptoGuide 6 ай бұрын

Thanks

@bpheard 3 ай бұрын

For coldca rd, it seems a simple message that says, “insufficient dice rolls”, after you proceed from your dice rolls, would be a very easy safety mechanism.

@CryptoGuide 3 ай бұрын

It actually did have a warning and newer versions of MK4 firmware don't allow you to proceed (Though Mk3 still does)

@bpheard 3 ай бұрын

@@CryptoGuide good to hear. Too bad for me. I must have had the old firmware.

@CryptoGuide 3 ай бұрын

I'm sorry for your loss

@Kerrington_John 2 ай бұрын

@@bpheardhow often did you roll? Do you still remember it?

@bpheard 2 ай бұрын

@@Kerrington_John unfortunately, only 6 times.

@hernannoceloni330 6 ай бұрын

Great data. Just one question is there any chance than your hardware wallet provider (like Trezor who is open source) would know your generated seed phrase? and/or passphrase? Thank you

@CryptoGuide 6 ай бұрын

There are two ways that this can happen with any wallet. 1) The wallet uses flawed entropy generation, meaning that there may only be a few billion possible seeds that it can produce. 2) The wallet leaks wallet information to another PC/App. Basically if you have a device that is both open source and uses deterministic builds, coupled with open-source companion apps, then the hope is that folk would notice something like 1 or 2 happening and raise the alarm :)

@hernannoceloni330 6 ай бұрын

@@CryptoGuide Thank you for the quick response. Do you know if Trezor is fully Open source and uses deterministic builds and the trezor suite app is also open source? To make it clear is Trezor one of the safest in that respect?

@CryptoGuide 6 ай бұрын

Trezor is both open source hardware and software with deterministic builds. :)

@aussieexpat 12 күн бұрын

I got goosebumps hearing this has happened. I'm a pretty seasoned software engineer but I'm also human.

@CryptoGuide 12 күн бұрын

Yea bad/inconsistent UX can make it such that even an otherwise advanced user can end up making a mistake like this.

@Esteban_5669 Ай бұрын

Hello and thanks for the informative video, If one has a low entropy wallet but with a passphrase, would the addition of the passphrase protect the funds?

@CryptoGuide Ай бұрын

It would add as much entropy as you added into the passphrase, but would mean the seed isn't identified as being in-use by automated tools that look for such things.

@Cloudstrider4711 Ай бұрын

A tip is not enough for this extremely valuable knowledge! 🙀😅

@CryptoGuide Ай бұрын

Thanks heaps for the tip, glad you found it helpful :)

@copycatt2579 6 ай бұрын

How much bitcoin did you find sitting in these wallets? I don’t think you said in the video. Great video!

@CryptoGuide 6 ай бұрын

A few thousand USD worth

@autohog 7 ай бұрын

Do you have a review on BC Wallet and the way that wallet creates entropy?

@CryptoGuide 7 ай бұрын

If you mean BC Vault, it's totally closed source, so there isn't anything to review beyond taking the vendors word for it that it's doing what they say it's doing.

@autohog 7 ай бұрын

@@CryptoGuide yes BC Vault, so you don’t recommend this wallets at all then?

@CryptoGuide 7 ай бұрын

It might be fine if you already have one, but I would suggest there are better alternatives :)

@anticharlatan5823 5 ай бұрын

So true 7:24 "letting the RNG in you wallet generate your seed is actually the most secure thing for most users". How many coins have been lost due to the RNG in the hardware wallet vs. those lost to brain wallets, not so random dice rolls, etc. I would guess zero vs. hundreds. Keep It Simple! Don't try to outsmart the wallet. I agree 100% with the words at 8:42

@CryptoGuide 5 ай бұрын

For sure, it's one of those instances where attempting to offset the theoretical risk of RNG issues will mostly increase the overall risk due to the possibility of messing it up somehow...

@CryptoGuide 3 ай бұрын

Stay safe :)

@Kerrington_John 2 ай бұрын

But how can you mess up "mixing" 5 dices, 20 time in a shoe carton?? What can go wrong???

@CryptoGuide 2 ай бұрын

Most folk don't do it that way.

@anticharlatan5823 2 ай бұрын

@@Kerrington_John unbalanced dice may skew the results, plus you have to enter them into a computer to calculate the checksum and that may expose your private key.

@kalkulusrampage 6 ай бұрын

if you are generating seeds from 2-3 different devices, and each time a new seed is generate you choose the 1st word or the positional word of the new seed generated each time that you need at that moment to complete the defnitive seed until getting the 12 words (11 + checksum), are we getting more entropy or less entropy?

@CryptoGuide 6 ай бұрын

The same, as each first word is representing the first few bits of entropy from whatever device you are getting it from. (And you are basically throwing away the rest each time) The matter of sourcing those bits from different sources is still a factor, but isn't related to the actual amount of entropy.

@RsZ789 2 ай бұрын

Thanks!

@CryptoGuide 2 ай бұрын

No problem and thanks for the tip :)

@__OL__ 6 ай бұрын

Given that the Trezor One is open source, is it safe to conclude that their RNG doesn't contain any (malicious or accidental) bugs?

@CryptoGuide 6 ай бұрын

Trezor mixes entropy from both the onboard MCU and the PC that you are connected, both source of entropy would need to be very flawed on both systems for it to be an issue. Trezor also has has deterministic builds, so it's perfectly safe and reasonable to conclude that it's working as intended and that entropy (and therefore seeds) from Trezor are fine.

@__OL__ 6 ай бұрын

@@CryptoGuide Thank you!

@Taqled 5 ай бұрын

@@CryptoGuide what about ledger? They are closed source, so is there no way to ensure the entropy of the seed is enough? They do cite AES-31 certification but I don't think that rules out bugs? Also do they mix entropy from another source like trezor? Would adding a long enough passphrase to the seed protect against such risks? Many thanks, much information is needed to be shared around seed generation entropy.

@CryptoGuide 4 ай бұрын

Ledger use a certified TRNG, but yea a passphrase also mitigates against potential entropy issues in the seed.

@CanesFan65 5 ай бұрын

So.....does this also affect users who generate a 24 seed then ADD additional Dice rolls or does that not apply?

@CryptoGuide 5 ай бұрын

No, but the main issue is that for the firmware up until Feb 2023, it was easy to think that you were in the "adding rolls" workflow when you were in the deterministic one. The "additional rolls" workflow is triggered by letting the device generate 24 words and then pressing a button at the step where you review the initial words. (Which then prompts you to add dice rolls)

@Anonymous-btc 6 ай бұрын

is there a way to add a bip39 passphrase to my cold card? I have the 24 word default RNG

@CryptoGuide 6 ай бұрын

There is nothing wrong with the default RNG, but yes you can easily add a passphrase with Coldcard. (Just be sure to include it in your backups too)

@Cloudstrider4711 Ай бұрын

How does the BIP85 standard work in concerning the entropy level - does a bad parent seed pass on its low entropy to its child seeds?

@CryptoGuide Ай бұрын

Child seeds have the same entropy as the parent.

@bpheard 3 ай бұрын

Having unfortunately lost some bitcoin because of low entropy, another suggestion I have for the coldcard interface would be, on the screen, where it says 1 to 6, change to one to 99. Simple fix.

@CryptoGuide 3 ай бұрын

Yea it's mostly sorted in the newer firmware on the Mk4 which enforces the minimum of 50 rolls, though this is only on the default workflow. (It's still possible via the temporary seed method)

@Cloudstrider4711 Ай бұрын

What a brilliant video! Suppose I had chosen 12 nice BIP39 words by myself and used them together with a PassPhase as a BIP85 parent seed - how secure is the entropy of the generated child seeds? Thank you!

@CryptoGuide Ай бұрын

What do you mean "chosen 12 nice BIP39 words", do you mean with dice or just chosing words that seem good to you? (If it's the latter then this isn't secure at all)

@Cloudstrider4711 Ай бұрын

@@CryptoGuide Ooops - I actually meant self-selected words + PassPhrase = ParentSeed This ParentSeed + Index = ChildSeed Such a ChildSeed is not safe at all? : ( And such a CS + PassPhrase then probably not much more? 😳

@CryptoGuide Ай бұрын

Self selection of words is a security disaster... Don't do it, humans suck at randomness... There is literally no reason to do this...

@Cloudstrider4711 Ай бұрын

@@CryptoGuide This is unpleasant to hear, but of course I am very grateful! I was aware that even selected words are not really safe. But I assumed that these human traces would be "obliterated" if they were combined with a PassPhrase and an index to derive a new (child)seed, which then also got a PassPhrase. The reason for this "recipe" is a brainwallet that is supposed to be bulletproof - but apparently this is cryptographic nonsense. Thank you for your many efforts to teach people and lead them into the new era as harmlessly as possible! 🙏🙏

@CryptoGuide Ай бұрын

Where did you get the idea that brainwallets are bulletproof? (They are one of the worst ways to secure your funds, for multiple reasons)

@rcsohnify 3 ай бұрын

Could you expand on the hacked cold card rolling a 5? What does that mean? How did the 24 words get hacked?

@CryptoGuide 3 ай бұрын

The video explains it but basically the Coldcard allowed the users to generate a 24 word seed based off a single dice roll.

@formetoknow540 7 ай бұрын

Would a pasphrase randomly generated prevent this (ahh u answered that question in the video thanks)also multi sig is a better option for security

@CryptoGuide 7 ай бұрын

Yes a passphrase does add a significant layer of protection, especially if you never made any transactions on the raw seed as there is simply no way for someone to know that that seed is even in use. Multisig does add even more security, but also adds significant complexity in terms of what you need to keep for the backups.

@Kerrington_John 2 ай бұрын

@@CryptoGuideCould you further explain how to keep a "clean" raw seed? Isn't even sending 0,1 BTC to it making it "dirty"? And if someone finds your seed, couldn't he see anything on it stored, doesn't matter if you were using it for transfer or not?

@CryptoGuide 2 ай бұрын

It isn't really a case of dirty or clean, but simply that if a given seed has never made any transactions without a passphrase, it's impossible to know it if has ever been used. (Either with a passphrase, with multisig, etc)

@Kerrington_John 2 ай бұрын

@@CryptoGuide But what does that change? It's only a problem if someone finds your seed ? And the probability is near 0 or am I wrong? How else will someone know your seed ??

@CryptoGuide 2 ай бұрын

That's right, it's only relevant if someone finds your seed.

@PandaFPV 4 ай бұрын

So do you recommend the coldcard or Trezor safe 3?

@CryptoGuide 4 ай бұрын

They are both very similar. Basically the Safe 3 is going to be a great option if you aren't an advanced user who will be doing stuff like Multisig.

@formetoknow540 7 ай бұрын

I let my hardware wallet generate the private key. Think I should use dice rolls (100) and add a pasphrase ?

@CryptoGuide 7 ай бұрын

There is nothing wrong with letting you hardware wallet generate the seed words, but if you are feeling paranoid then you could use 100 dice rolls. (Or just add a passphrase instead to also protect your backups)

@formetoknow540 7 ай бұрын

@CryptoGuide after watching this video I'm paranoid lol. thanks for educating us plebs on how to keep our btc safe and secure

@CryptoGuide 7 ай бұрын

Perhaps I should have mentioned it a few more times but basically the hardware or software key generation generally the best choice for the vast majority of folks, it's very difficult to mess up. ;)

@formetoknow540 7 ай бұрын

@CryptoGuide Yeah I understand what you mean it's the easiest & safest way for the average basic user not to mess up or over complicated things to much and lose funds due to technical capabilities. Thank you soo much you add value to the bitcoin community

@CryptoGuide 7 ай бұрын

Glad it helped :)

@grarx.elg60txkkl2d0fkalufgxrfe 5 ай бұрын

i did 214 dice rolls, still have my BTC!

@CryptoGuide 5 ай бұрын

Good job :)

@Kerrington_John 2 ай бұрын

What amount of dice rolls is enough?

@CryptoGuide 2 ай бұрын

50 at a minimum

@Kerrington_John 2 ай бұрын

@@CryptoGuide And this generated enough entropy?

@CryptoGuide 2 ай бұрын

Basically yea

@davef5916 2 ай бұрын

can adding a passphrase with low entropy to an otherwise high entropy seedphrase lower the overall entropy? Or can it only be additive?

@CryptoGuide 2 ай бұрын

Adding a passphrase is only additive. (And can add some benefits like plausible deniability)

@davef5916 2 ай бұрын

@@CryptoGuide thanks for the reply!

@CryptoGuide 2 ай бұрын

No worries

@CARLDUNGUS 2 ай бұрын

Could the method of rolling compromise the entropy even if lets say 99 rolls were made with one dice?

@CryptoGuide 2 ай бұрын

If you are using 99 rolls then there is a huge buffer of extra entropy above the minimum 128 bits, so as long as you are rolling an actual dice (even a crap one) it will be fine.

@travisoneal586 6 ай бұрын

Let’s say I want a 24 word seed phrase and I roll one di 99 time. Is there anything I can do while rolling the die that would make the wallet less secure? Also can the die be a normal six sided die?

@CryptoGuide 6 ай бұрын

Basically if you use a single die then it's bias could be an issue. That said, if you do the full 99+ rolls for a 24 word seed, even if the entropy out of a single dice isn't perfect, it will still be well above what is required for a secure seed. (This would only be a major problem if you were only doing 50 rolls for a 12 word seed, going for the full 24 gives you a significant buffer) For it to be a problem with 99+ rolls, the dice would need to be so bad as to be looking almost like a coin toss in terms of the outcomes that it is giving you.

@travisoneal586 6 ай бұрын

@@CryptoGuide thank you. How many dice should you use and can they be six sided dice? And would a seedphrase created by throwing a die (or two dice perhaps?) 99 times be as or more secure than a wallet created using a Ledger device?

@CryptoGuide 6 ай бұрын

2+ dice is fine and D6 dice are also fine. (And the dice don't all have to be the same) Just look at my video on making a zero trust wallet with dice and I talk about it more there.@@travisoneal586

@travisoneal586 6 ай бұрын

@@CryptoGuide I watched the video you mentioned. Thank you! Do you think that creating a seed phrase on seedsigner using a picture is more secure than by using dice?

@CryptoGuide 6 ай бұрын

The camera mode is about better convenience and speed, not better security. (Especially if compared against 99 dice rolls)

@mppetrov2012 Ай бұрын

Is multisig Coldcard with Electrum airgapped with 250 dice rolls better than Coldcard Q1 with Sparrow ?

@CryptoGuide Ай бұрын

This question doesn't make much sense... The Electrum vs Sparrow difference doesn't matter and the Coldcard Mk4 and Q1 are fundamentally the same in terms of security. What are your actually trying to achieve?

@IroniLucu 6 ай бұрын

If you have to choose one hardware wallet only. Which one will it be?

@CryptoGuide 6 ай бұрын

If I didn't have any and was starting out I would probably get a Jade. It gives you the most bang for buck by a mile and also supports the full range of advanced features. (While still being safe and simple if used normally) Being able to use it with a mobile over Bluetooth is also really nice.

@IroniLucu 6 ай бұрын

Than you

@CryptoGuide 3 ай бұрын

Depends on what I want to store and what device I want to use to access it. The best value retail option would be either the blockstream Jade or Trezor Safe 3. (Though only the former will work with an iPhone)

@chain_wizard 6 ай бұрын

what do you mean by a ''BIP-39 passphrase''. do you mean a single word from BIP39 word list or any word or phrase with symbols and numbers added in?

@CryptoGuide 6 ай бұрын

No, I mean a BIP39 passphrase see coldcard.com/docs/passphrase/ or www.ledger.com/academy/passphrase-an-advanced-security-feature

@chain_wizard 6 ай бұрын

@@CryptoGuide Sorry for asking but What is the difference if I use a random passphrase that I can only think? This isn't safer?

@CryptoGuide 6 ай бұрын

What does "I can only think" mean?

@chain_wizard 6 ай бұрын

@@CryptoGuideInstead of using a word from BIP -39 list, why not using a passphrase with numbers words and sumbols to make it much harder for someone to find?

@CryptoGuide 6 ай бұрын

A BIP39 passphrase doesn't need to be a single word or even words from the BIP39 word list. It can in include numbers, symbols, etc. Just be sure to include it in your backups somehow as well.

@garrettsur1055 5 ай бұрын

So which is the most secure cold wallet would you recommend? Thank you.

@CryptoGuide 5 ай бұрын

Depends on what you are looking to store and what device you intend to use to interact with the hardware wallet.

@Taqled 5 ай бұрын

@@CryptoGuidefor Bitcoin? Is jade entropy good enough? If used with green on phone?

@CryptoGuide 5 ай бұрын

Jade is a great device and there is nothing wrong with having it generate the seed for you. (This is the best approach for the vast majority of users)

@garrettsur1055 5 ай бұрын

@@CryptoGuide thank you for your reply. Im already using a hard wallet but also thinking of getting another cold wallet for BTC only and another one for alt coins only. What would you recommend for those?

@CryptoGuide 5 ай бұрын

Jade is great for Bitcoin, what you use for alts will depends on what you want to store and will mostly come down. To comparability

@123Noscope 7 ай бұрын

Is 50 dice rolls really that safe? Would it be safer to rolls 99 times for the 24 words?

@CryptoGuide 7 ай бұрын

99 rolls for a 24 word seed is even better, but 50 rolls gives you 128 bits of entropy (for a 12 word seed) which is sufficiently high to prevent it from being brute forced. (So 50 is the minimum, not the max :) )

@123Noscope 7 ай бұрын

@@CryptoGuide Okay thanks. Is there a best way to roll the dice? Perhaps shaking up 5 casino dice in a shoebox and then sliding them to one side and input their numbers going from left to right?

@CryptoGuide 7 ай бұрын

Yea basically multiple dice are better than one and mixing them up and reading them on a row is how you want to do it. The thing with using 99 rolls is that even if your dice have a bad bias, you will still have sufficient entropy to be way over 128 bits. (They would need to be almost as bad as a coin flip for it to be a problem with 99 rolls)

@123Noscope 7 ай бұрын

@@CryptoGuide okay so would doing it with 3 dice and reading them in a row be fine as well? I just realized I only have 3 casino dice

@CryptoGuide 7 ай бұрын

Shouldn't be an issue. Part of the advantage with multiple dice is that differences/bias between them is mostly cancelled out as the order in which they are read each time will change.

@reality-winner5759 4 ай бұрын

What if you just allow the Cold Card MK4 to generate your 24 word seed without using dice roll? Are there security concerns with those being cracked?

@CryptoGuide 4 ай бұрын

No, letting the device generate the seed is the best option for the vast majority of people

@reality-winner5759 4 ай бұрын

@@CryptoGuide thanks

@CryptoGuide 4 ай бұрын

No worries :)

@Kerrington_John 2 ай бұрын

@@CryptoGuideBut rolling 100 dices isn't that difficult. Just use a shoe carton, mix 5 dices 20 time and that's it. How isn't that for nearly everyone better/safer than letting cold card generating a seed?

@CryptoGuide 2 ай бұрын

Because too many folk don't take the time to do it properly, will just pick numbers themselves without dice, etc.

@jonathanlivingston7358 7 ай бұрын

Could you compare Trezor T vs Trezor 3?

@CryptoGuide 7 ай бұрын

I have ordered a Trezor 3, so will post when it arrives. Generally speaking it looks to have all the features of the T at a fraction of the price... (Though without the fancy colour touchscreen)

@jonathanlivingston7358 7 ай бұрын

@@CryptoGuide plus the secure element. However I’d like to know how you’d enter the passphrase without the touch screen. Do you have to use the computer keyboard and risk key logging detection?

@formetoknow540 7 ай бұрын

@jonathanlivingston7358 it's via the screen using the two click buttons like on the trezor one

@jonathanlivingston7358 7 ай бұрын

@@formetoknow540 oh I c. So that means that Trezor T and 3 have the same level of security to remote attacks but Trezor 3 is higher in security to physical attacks. I don’t know how I feel about entering a long passphrase with just two buttons. That must be quite difficult Thank you!

@CryptoGuide 7 ай бұрын

Yea you can see in both their announcements and their Github that passphrase entry can be on-device, so it will likely be a fairly painful exercise to enter with two buttons, though no worse than something like a Ledger.

@Kukulkan_Tours 5 ай бұрын

So coldcard wallet has a max of 24 dice rolls?

@CryptoGuide 5 ай бұрын

No, you need at least 50 for a 12 word seed and 99 for a 24 word seed.

@zakkfrieders6008 5 ай бұрын

How do you feel about cold cards?

@CryptoGuide 5 ай бұрын

They are a great device for advanced users, but not really suitable for beginners.

@murtazataha7177 3 ай бұрын

I used my coldcard and generated a wallet using two dice rolls. Transferred some btc to it and it immediately got transferred out. I guess this is exactly what happened?

@CryptoGuide 3 ай бұрын

Almost certainly, what version of firmware were you running?

@disco.jellyfish 3 ай бұрын

So its probably best to just think of a completely random number from 1000 to 100000 and then ask somebody random (a person you met on the streets and will likely never see again in your life) to tell you a number from 10 to 100. Then you take your number to the power of theirs and type in every other digit of their number until you cannot fit any more digits. Add a passphrase ontop of that. This should be safe, right? You might also want to use MultiSig and have your coins scattered accross multiple MultiSig Wallets, which are completely independant from each other and secured by hardware wallets from different brands.

@CryptoGuide 3 ай бұрын

Or just use the onboard TRNG and a passphrase of you don't want to trust it ;)

@disco.jellyfish 3 ай бұрын

@@CryptoGuide I also assume that this is probably the best choice. If I really started to hodl lots of Bitcoin, I should hodl my coins in multiple completely seperate wallets anyway to reduce damage in case one does somehow get compromised. The extra paranoid people could also compile the software themselves and flash it onto the device before setting it up to be extra extra extra safe.

@CryptoGuide 3 ай бұрын

I think that most people struggle to maintain one set of backups, so introducing multiple sets just complicates things further.

@disco.jellyfish 3 ай бұрын

@@CryptoGuide This method however literally decentralizes your risk of loosing everything. And as long as you carefully plan, what you are doing, keeping track of all your assets. Utilizing this method makes your assets as safe as horcuxes made Voldemort unkillable. Just make sure to not give anyone a proximity sensor for your hardware wallets and access to your memories around the clock. Then you should be as safe as Voldemort initially intended to be - at least financially.

@CryptoGuide 3 ай бұрын

Ideally sure, but don't underestimate the danger that complexity adds to your backups

@paralellosll3849 2 ай бұрын

Is any of this actually better than pen and paper?

@CryptoGuide 2 ай бұрын

A pen and paper used for what? (In terms of seed storage, a pen and paper is what you want)

@dominickbadial5980 26 күн бұрын

I did like 215 or so rolls on my wallet because of how scared and paranoid I was.

@CryptoGuide 26 күн бұрын

Nice :)

@parrotboss785 5 ай бұрын

how can you generate a wallet with just 1 roll ?

@CryptoGuide 5 ай бұрын

With the firmware from earlier this year, you just rolled once, pressed that you were done and you were good to go. You can achieve the same thing today, with the current firmware, via the "Temporary Seed" workflow.

@Kerrington_John 2 ай бұрын

How to roll the dices probably?

@CryptoGuide 2 ай бұрын

The key thing in this instance is the number, so you want to make sure that you have at least 50... (And 100 is better)

@Kerrington_John 2 ай бұрын

@@CryptoGuide Thank you very much for the answering of all my questions. You got a new subscriber !

@CryptoGuide 2 ай бұрын

No worries, thanks :)

@bpheard 3 ай бұрын

My dad recently lost his bitcoin likely due to low entropy- he just didn’t know. 6 rolls was all he used. Bitcoin was gone in 8 minutes. Happened January 14 2024.

@CryptoGuide 3 ай бұрын

Sorry to hear it, it was a really easy mistake to make with Coldcard for a while there

@dertrendtrader 3 ай бұрын

My English is not that good. What I understood is: roll with your own physical dice and you are safe, right?

@CryptoGuide 3 ай бұрын

No, that's exactly the opposite... The users who lost funds used dice (with too few rolls) and would have been better off using the onboard TRNG.

@dertrendtrader 3 ай бұрын

@@CryptoGuide ahhhh okay thanks 🙏

@CryptoGuide 3 ай бұрын

No worries, stay safe :)

@jonathanarras1281 7 ай бұрын

Damn 0.4 is no joke, I’d be gutted

@CryptoGuide 7 ай бұрын

Yea it's pretty crazy, the guy had no idea what bad happened, but was pretty good about the whole thing.

@formetoknow540 6 ай бұрын

Almost half a bitcoin

@CryptoGuide 4 ай бұрын

@murtazataha7177 3 ай бұрын

Lost my bitcoin yesterday like this. I just used two dice rolls.

@CryptoGuide 3 ай бұрын

I'm sorry for your loss...

@bitcoinbenobi 4 ай бұрын

Multisig FTW though

@CryptoGuide 3 ай бұрын

As long as you can manage the extra backups required :)

@simonmaersk 4 ай бұрын

Well shiii, I use 50 dice rolls just for my passwords alone 😅

@CryptoGuide 4 ай бұрын

Just because you are paranoid doesn't mean that you are wrong ;)

@simonmaersk 4 ай бұрын

@@CryptoGuide Haha well, to be fair, I use a password manager. Only my master password is generated with 50 dice rolls. All my other passwords are randomly generated by the password manager and are 50+ random characters long.

@CryptoGuide 4 ай бұрын

Nice, simply using a password manager is a great thing that far too few people do...

@bluefuzecom 3 ай бұрын

But why is your thumbnail implying this is the fault of the CC4? A “dodgy dice wallet” beside a CC4 image. This is a user issue… you need to do lots of dice rolls. Not the fault of the hardware.

@bluefuzecom 3 ай бұрын

Though I do agree that the CC UI/UX is kinda crappy

@CryptoGuide 3 ай бұрын

Because it's mostly related to a firmware flaw that was present in the mk4 and has mostly been an issue for mk4 users thus far.

@Kerrington_John 2 ай бұрын

@@CryptoGuide Cut you explain further what you mean with Firmware flaw?

@CryptoGuide 2 ай бұрын

Basically the firmware didn't enforce a minimum number of dice rolls for the deterministic dice process, which was made worse by the fact that this process was moved to so as to be far easier to find. It has been partially fixed, but the unsafe seed generation is still possible in older firmware (so Mk3) and also in the Mk3 if initiated via the temporary seed workflow.

@Kerrington_John 2 ай бұрын

@@CryptoGuide I understand. So it was a secondary security problem. You could always have created safe wallets by dice roll on the mk3/4, but only by rolling enough dices by yourself. So beginners and people without enough knowledge would be in danger. That's a grave mistake done by coldcart to be honest. Shouldn't have happened. Hope the rest of their software & hardware is ok.

@RealGFastlaner Ай бұрын

Just remove that damn dice from that thing

@CryptoGuide Ай бұрын

That isn't really the approach with Coldcard, it's basically a device by advanced users, for advanced users. (And is therefore often not really suitable for newbies to use)

@MissionFitnessCTC 5 ай бұрын

Great video. Just a bit of unsolicited advice. You might consider trying to speak slower. At times, you speak quite quickly and it is difficult to understand.

@CryptoGuide 5 ай бұрын

Thanks for the tip, I'll work on it :)

@liaoweien 3 ай бұрын

you can adjust the youtube video speed dude.

@CryptoGuide 3 ай бұрын

That's my standard advice ;)