Another amazing video. U master hardware wallets bro!! I have just learnt how to sign transactions knowing exactly from and where my funds are going. Thumbs up !! Underestimated youtuber bro
@CryptoGuide2 жыл бұрын
Thanks , glad it helped :)
@Xray007_2 жыл бұрын
@@CryptoGuide bro u are another level. Noone says and explains this stuff. U are a legend. Thank u. I will never again sign a transaction blindly
@CryptoGuide2 жыл бұрын
Thanks :)
@OPIXdotWORLD2 жыл бұрын
great vid thanx... this is still very advanced for most users...
@CryptoGuide2 жыл бұрын
Yea it's certainly not straightforward. (Though frankly defi is a security disaster across the board)
@hd9g2 жыл бұрын
Excellent topic and coverage.
@CryptoGuide2 жыл бұрын
Glad it helped :)
@jeremydefidance49682 жыл бұрын
Something that bugs me is that the smart contract ABI is just sitting there on the blockchain explorer just waiting to be used, but it's a HUGE hassle to actually use it. The person who wrote the contract must provide the ABI to verify the contract (so people can interact with it directly on the blockchain explorer). So the data is already there, just not in a way that hardware wallets can use. I feel like (which means I don't understand the technicalities involved) there should be an easier way to pull the ABI from all verified contracts so hardware wallets can use them. It's also a struggle because most solid projects use 3-8 different smart contract for simple things like the router and lending so you'd potentially need to 3-8 different ABI files.
@CryptoGuide2 жыл бұрын
Yea it's a complete mess and reflects the reality that the jury is still out on whether the approach that Ethereum went with will be workable over the long term. (Never mind that the incentives simply aren't there for projects to spend time ensuring that their platform is verifiable)
@AndrewPayne2 жыл бұрын
Excellent video, thanks 👍
@CryptoGuide2 жыл бұрын
Glad it helped :)
@sprtwlf93142 жыл бұрын
Nice video. Any thoughts on the new debank Rabby wallet? Also could there be an issue putting an SD card into your hardware wallet? It seems kind of freaky if you put in the wrong file and had issues from that
@CryptoGuide2 жыл бұрын
Haven't heard of Rabby but I'll certainly check it out. In terms of the SD card, it's still much lower risk than connecting a hardware wallet over USB or Bluetooth, in that you aren't creating a two way active connection. Exploits via malicious SD card data are possible, (especially given that the device runs Android, so higher risk than SD card in something like a ColdCard) but they would need to be very sophisticated to actually leak any data/keys given that signing all happens via QR.
@daslolo2 жыл бұрын
Keystone runs Android? Can the wireless be reactivated like on there ELLIPAL?
@CryptoGuide8 ай бұрын
.
@TheJezcol2 жыл бұрын
many thanks.
@CryptoGuide2 жыл бұрын
No worries:)
@stevolanddownunder89352 жыл бұрын
Very informative info i think ill stay away from smart contracts and just use hardware wallet for deep storage. cheers steve
@CryptoGuide2 жыл бұрын
Yea the whole defi space is a security nightmare. Fortunately it's not difficult to hodl securely with a hardware wallet :)
@fekraagabtny2929 Жыл бұрын
since keystone is based on android firmware, cant we put the wallet on a pixel phone with graphene os firmware? that would be a banger
@CryptoGuide Жыл бұрын
It's not just a stock android SoC, but actually has a secure element in there too. You can just graphine to run something like Airgap wallet if you want to go with this approach.
@jpp592 жыл бұрын
Great video. For people who cannot get keystone,there is no other ways like using a air gapped pc or airgapped Android phone ?
@CryptoGuide2 жыл бұрын
If you want to use Metamask with a a hardware wallet too then your best bet is to have a dedicated "clean" (ie: used for nothing else) system for Metamask. This could be a dedicated PC or a virtual machine. (Keeping it offline isn't really an option as it would need to pull down smart contract definitions for Metamask) Even just making a habit of checking the data tab in metamask is better than nothing. The other thing is that since Metamask has added QR based signing for the keystone, broader offline signing support for Metamask is now much easier to implement. (So a software stack that does what the keysone is doing is much easier to make/use, though don't expect a working solution any time soon)
@flaviojorge57912 жыл бұрын
Steve, how are you? Thanks for adding translation to the videos. I have a doubt. can you guide me better? " I have my address, because I have a transaction print. (I lost the HD). I'm lost in the videos on where to start to check the pk. It's possible to do this with the database I downloaded from your site. Could you guide me better , where to start?
@CryptoGuide2 жыл бұрын
Don't spam comments on multiple videos, once is enough. Replied to your other comment.
@fluxcapacitor46092 жыл бұрын
This doesn't seem to be the case with Ledger Nano X per a video on their channel, a second video from another channel shows setup: Ledger nano settings, Contract data, allow contract data in transactions, Allowed. Afterwards, there doesn't appear to be "blind signing." Does this sound right?
@CryptoGuide2 жыл бұрын
They recently (about 6 months ago) changed the language of the warning message to from "Data Present" (With the setting toggle being called "allow contract data") to "Blind Signing" (With the setting toggle being changed to match) Prior to this, the Nano also didn't even support basic smart contract interactions like "Transfer", meaning that you were not only blind for complex contract interactions, but for every ERC20/BEP20 transfer too. (You can see what it looked like early last year in this video here: kzbin.info/www/bejne/eqDSapR7i7JjmK8)
@fluxcapacitor46092 жыл бұрын
@@CryptoGuide Maybe the Nano S, not hearing, seeing any issues with the Nano X regarding "blind signing." Maybe it's an Ethereum issue?
@CryptoGuide2 жыл бұрын
Nano S and X behave the same way. If you go to do a swap with something like Pancakeswap, Uniswap, etc, anything beyond a basic transfer, you will need to enable blind signing (or contract data) and get a warning that you are either "blind signing", or that there is "data present". (Which language it gives you will depend on which Eth app version you are running)
@LucasPucas692 жыл бұрын
Do you think there will be a website one day where you can do this? For the less tech savvy out there.
@CryptoGuide2 жыл бұрын
I think there will need to be and it's certainly something that both hardware and software vendors are working on. Vendors like to throw around terms like "next generation hardware wallet" while offering basically the same thing, but I think the reality is that securing defi (not just standard transactions) is what will define next generation wallets.
@RajKumar-yi7ee2 жыл бұрын
Helo sir I use electum wallet but I don't have ledger nano I only have .wallet and password which video will help me can please suggest.
@CryptoGuide2 жыл бұрын
So what's the problem? What's stopping you from just opening the wallet file with Electrum?
@RajKumar-yi7ee2 жыл бұрын
@@CryptoGuide I remember password and I have the . wallet file backup in the pc but while sending the fund it's normal ask me to plug my ledger nano which I have lost also the seed phrase so in this situation what I can do
@CryptoGuide2 жыл бұрын
Well yea if you were using your Ledger Nano with Electrum then you either need your Ledger seed or the working Ledger. The wallet file in its own is useless.
@thechamboo2 жыл бұрын
Hey I understood partially but can a compromised metamask wallet be protected. 100 percent by a ledger..pls justify
@CryptoGuide2 жыл бұрын
At this time no, a Ledger doesn't allow you to fully verify smart contracts outside of a very small number of projects. (Paraswap, 1inch) If you are just sending and receiving funds normally, then it's not an issue. They talk about it in their own blog here: www.ledger.com/academy/cryptos-greatest-weakness-blind-signing-explained This is also what was the issue with the attack I mentioned at the very start of the video: medium.com/@hugh_karp/nxm-hack-update-72c5c017b48 (Ledger Nano + Compromised Metamask)
@davet5223 Жыл бұрын
If you sign a smart contract for unlimited spend on your hardware wallet and you have not revoked permissions to that account and at a later date that contract has a exploit or turns out to be malicious, can it at a later date drain those funds without any interaction with the hardware wallet? I know it could if there is a time delay in the code that you have allowed it can. Do you know much about unlimited spend and if it can at a later time take funds out without the hardware wallet when it has the permission of unlimited spend?
@CryptoGuide Жыл бұрын
Basically the permission means what it says, so it can take all of whatever you have approved it for without you needing to sign anything in your wallet. (Hardware or software)
@davet5223 Жыл бұрын
@@CryptoGuide I thought that may be the case. Someone told me it's not so I started to question it and thought I should ask someone more educated in the DeFi smart contract space. Thanks :)
@CryptoGuide8 ай бұрын
.
@Xray007_ Жыл бұрын
Hello man. Can you make a video on how to verify a smart contract using keystone and rabby? And how to upload the smart contract data from polygonscan instead of etherscan? Thank u
@CryptoGuide Жыл бұрын
Same process for both
@Xray007_ Жыл бұрын
@@CryptoGuide I have a macbook. I do not know if i am doing a mistake with the .json or if it’s something else, but i cannot decode the tx. I can only see the verified smart contract but not decode the last line which is important. What could be the error?
@CryptoGuide Жыл бұрын
So have you tested on some other smart contracts on other chains first? (To make sure you are getting the process right)
@Xray007_ Жыл бұрын
@@CryptoGuide on eth chain, it works perfectly with only the smart contracts I uploaded from the keystone github. But when i create one for the polygon, something is going wrong
@CryptoGuide Жыл бұрын
Did you try reproducing the custom contact I added in the video?
@Xray007_ Жыл бұрын
You should make a video of how to make a multi sig wallet with gnosis safe for eth with ledger, keystone and metamask 2 out of 3 to sign a tx. Just a request that will help a lot of people! Thanks
@CryptoGuide Жыл бұрын
Still very wary of Eth based multi-sig as they are quite dangerous compared to things like Multisig on Bitcoin, particularly if you are working on multiple EVM chains.
@Xray007_ Жыл бұрын
@@CryptoGuide oh thanks.
@Xray007_ Жыл бұрын
@@CryptoGuide the upcoming days gonna buy a device with 1 of ur affiliate links to help u out for all this amazing work u give for the community.
@CryptoGuide Жыл бұрын
Basically the issue is that they are only valid on one chain, so if you do something like create it on Eth and accidentally send funds there on Binance Smart Chain, then those funds are unrecoverable.
@CryptoGuide Жыл бұрын
Great, thanks
@bnightgaming8972 жыл бұрын
How would you cancel a sign contract on a defi wallet ?
@CryptoGuide2 жыл бұрын
You can't, though you can use tools like this etherscan.io/tokenapprovalchecker to revoke approvals which you may have granted.
@wlolw22 жыл бұрын
It’s weird, I have a ledger S and nano X , they are not acting the same as you in the video. When I sign a smart contact I can see all the transactions detail on the screen of my ledger ( address sending, address receiving, text into , fee, ect. ) So I can co firm that I’m signing the right contract
@CryptoGuide2 жыл бұрын
It's not just the contract address that you need, but you also need to confirm the what the contract will actually execute. If you aren't seeing warnings about "data present" or "blind signing" then your are just doing a normal transaction. (So send, receive, etc)
@wlolw22 жыл бұрын
@@CryptoGuide no I don’t have any warnings about blind signing, yes I see everything, i see all the message info, which function is getting called, slippage , ect.
@wlolw22 жыл бұрын
All the data you can see on the explorer of the blockchain (when you sign a contract) I see it on my ledger before I sign the contract
@wlolw22 жыл бұрын
Oh I see, did you know that there is an option on ledger to show contract data ?
@CryptoGuide2 жыл бұрын
Then you are using one of the few smart contracts that is supported natively.
@22illingworth10 ай бұрын
Just Fantastic content...
@CryptoGuide10 ай бұрын
Thanks, glad it helped :)
@22illingworth10 ай бұрын
@@CryptoGuide I have learnd more in the past couple of hours than I have in 4 years re wallets.... Thanks very much..
@CryptoGuide10 ай бұрын
I'm glad to hear it, thanks for the feedback :)
@22illingworth10 ай бұрын
@@CryptoGuideLiked and followed on Twitter also gave you a shout out..
@CryptoGuide10 ай бұрын
Thanks heaps :)
@JDSpartan20072 жыл бұрын
Can't someone put something malicious in the Keystone github?
@CryptoGuide2 жыл бұрын
Keystone still have to approve any PRs that come in, so it's not automatic. (And they are strongly incentivized to not merge malicious smart contract definitions) That said, a malicious project could create their own definition and send it directly to users to attempt to build trust. (A bit like how projects can distribute their own ledger apps or custom Trezor firmware) Also, if you are in the habit of checking the data tab in metamask then you are confirming the smart contract information from two independent sources.
@JDSpartan20072 жыл бұрын
@@CryptoGuide Thank you!
@jeremydefidance49682 жыл бұрын
@@CryptoGuide Correct me if I'm wrong, but could there even be such a thing as "malicious ABI"? It's just a bunch of variable definitions. So wouldn't anything other than the correct ABI spit out nonsense?
@CryptoGuide2 жыл бұрын
Basically yea, the ABI is needed to be able to interact with the EVM. That said, ABI function names are arbitrary, so you could deploy a malicious smart with corresponding ABI. (It would be obvious looking at the ABI that it didn't do what it said) That said, the smart contract verification is vetted by both keystone for what is committed to their GitHub and also by other entities for the definitions that Metamask shows you.
@Smosh8422 жыл бұрын
This is why you use a hot wallet for smart contracts and a hardware wallet to store.
@CryptoGuide2 жыл бұрын
Nope... That is even worse... You might as well just give your funds to scammers...
@Smosh8422 жыл бұрын
@@CryptoGuide you fail to understand what I mean, you use hot wallets for daily transaction and then transfer to your hardware wallet when you’re done. Why you’d even use a HD for smart contracts is beyond comprehension.
@CryptoGuide2 жыл бұрын
You are better off using a hardware wallet for both, just segregating out in to different accounts. Using a hot wallet for any meaningful amount of funds never makes any sense.
@brbubba2 жыл бұрын
You're exposing whatever funds are in your hot wallet to risk. Yes, it's only a portion of your portfolio, but if compromised, scammers will just wait until you transfer in and move your funds.
@s3lfFish2 жыл бұрын
@@brbubba what do you mean ? once transfered from the hot wallet to the cold one, how can they do anything to your cold wallet ?
@DerManuel339 Жыл бұрын
Hi, Can you make a video about the following problem: A coin (SPI) has changed to "SHOP" through a fork. I have the SPI on the ledger. I can only get the "SHOP" token via Metamask. I can't do it. Also not about adding a coin. Can you make a tutorial video how to do this?
@CryptoGuide Жыл бұрын
So if you can get both in Metamask then what's the actual problem?
@DerManuel339 Жыл бұрын
@@CryptoGuide i can not get them. I want to see them in my account and sell them but i can not see them.
@CryptoGuide Жыл бұрын
So can you see them on a block explorer? What happens if you just import the tokens in to Metamask?
@DerManuel339 Жыл бұрын
@@CryptoGuide just don`t know how. i tried often. Metamask don`t find it or something.
@CryptoGuide Жыл бұрын
Just follow the process in my video on recovery from Binance smart chain. Basically if you can see both on a block explorer then it's straightforward.
@xrpspaceforce16972 жыл бұрын
Was wondering if you could help me? I bought some NFT's on solo dex and All of a sudden they're gone with a 404 message saying nft cannot be found. Solo also has a message saying due to blah blah blah the nft has been removed from the dex but still exists on the block chain. Do you have any idea what's going on? Seems like solo scammed me!
@CryptoGuide2 жыл бұрын
So can you see them on a block explorer at your wallet address?
@xrpspaceforce16972 жыл бұрын
@@CryptoGuide ok, I'll try that. Thank you!!!
@xrpspaceforce16972 жыл бұрын
@@CryptoGuide nope, says " oops something went wrong cannot find what you're looking for
@CryptoGuide2 жыл бұрын
So if you look up your address on an XRP block explorer you see nothing?
@xrpspaceforce16972 жыл бұрын
@@CryptoGuide so i can see the transactions on xrp scan but not sure how to access or recover the nft's