@cyberscrilla This is a lot more than just a _"scam"_ ...but for once I appreciate the clickbait title so thumbs up!

THIS is the way.

Good luck when the manufacturer leaks your address.

@@tobiuchiha8370 you can’t prove that. What if someone from the manufacturer is a hacker? What now?

Boom​@@Spearoman

@@tobiuchiha8370 nothing is 100% safe!

Yeah but that’s to avoid the most common scam in crypto which is a phishing attacks. And it’s still effective for that. Basically all cold wallets on the market are immune to Dark Skippy. You need to understand: Unless you install the malicious firmware, you won’t be affected by dark skippy.

As you probably now understand, these wallets should ALWAYS be purchased from the actual company. For the benefit of others reading this: If, for some reason, you end up buying one on Amazon or elsewhere, a reset should be performed before using it. Never just use a seed phrase provided with the Amazon purchase. Most wallets will have some sort of "reset" function, with which you can create a fresh seed phrase or private key to improve your odds of having a secure wallet.

@@mtnvortex Fortunately I didn't use it. A friend wanted to buy from me so I sold it.

THANK YOU 🙏 God bless

Yep, Tangem is safe. More so because the user can’t install firmware on Tangem nor are any firmware updates required.

@@cyberscrilla agree. Once i decide to add real money wanna add a bit to safety. Same as you buy brand New phone...but you dont wanna buy case or protective glasa. Xoxoxo. But Great video

I use my Tangem wallet on my every day phone. I just use a different phone when recording videos 😉

So if you use a Tangem wallet, then you’re good from this hack, since the scammers can’t install their shady firmware on your Tangem. Is that correct??

@@roysams8483 yup

I saw that. But no public announcements from the hardware wallet brands themselves. The average consumer doesn’t follow the CEO/CTO/CXOs of these companies.

I understand. Make sure to buy a device that allows you to verify firmware authenticity (Tangem, Trezor, Ledger, Onekey, Keystone)

Its a best practice to always reset your cold Wallet to factory settings before you start using it

As long as the device asks you to setup a new wallet (generate a new seed phrase) no need to rest it.

But those mechanisms prevent downloading a malicious firmware, thus it helps to prevent this attack

A passphrase wouldn’t protect you from this attack

Thanks for watching

🙄😬...this made me think of canned (smoked) skip jacks...I hope they get smoked...😂...thanks for the heads up!

Sorry to hear that! Hopefully they can help you out. Definitely worth looking into a solid cold storage solution for secure storage like Tangem

Or never connect your hardware wallet to anysite. I try as much as possible to use only secondary software wallets to interact with websites

First step is to assume everyone in the comments is a clever scammer

@@CJStrykr ohhh ok yes i seen before some or many talks about a particular person who trades etc , so its a scammer . thanks

@@GalutiaFamilyChannel Exactly! Gotta remain vigilant

There’s no such thing as common knowledge or common sense in crypto. Or at least if there is, it’s few and far between

Ive been in crypto 4 yrs and barely getting to buy a cold wallet, I looked up BEST BUY but did more research and stumbled on to here. Its not common knowledge to me lol but makes total sense.

Simple. An air gap wallet wouldn’t protect you from this attack.

If the wallet supports SOL, then you can send any token on SOL to that wallet as it’s supported. For SOL, I like Tangem, Ledger, and Trezor

Yes, thank you for bringing this to my attention and thanks for watching!

ANY WALLET THAT USES THIS CHIP WAS MENTIONED IN THE VIDEO.

I explained it in the video. It’s a malicious firmware. If you install it on your device, it could potentially affect any transaction. The example shown on the Dark Skippy website is BTC

THIS. Cybercrime is a massive and lucrative business. It will only continue to grow.

@@colinpowda No. This is bad advice.

@@cyberscrilla why? everyone says ooh don't do that etc. but your worst enemy is yourself. Plus I just learnt Trezor doesn't even hold more than 5-6 coins. You need metamask etc. Such a scam this cold wallet market.

Keeping your crypto on an exchange defeats the point of owning crypto since you don’t actually control it. And it sounds like you just haven’t found the right wallet yet. There are plenty of really good /user friendly options out there. But my friend, please do not trust these exchanges to manage YOUR money for you. There are WAY too many horror stories and they generally happen on “good exchanges”. I’ve seen it myself, and it doesn’t matter how much money you have on them. They will lock your account. They will make it so you can’t sell. It happens EVERY SINGLE DAY. All exchanges are the same. I’m more than happy to help you find a cold wallet. This video will help you learn what things to look for to find the right now: kzbin.info/www/bejne/ml6cgIyGiZV9gs0si=20KMJSihwwxxOoBq Or just get something like Tangem which supports over 70 different blockchain networks and thousands of coins natively-no third party wallet required. If you want to learn more about Tangem: kzbin.info/www/bejne/mIG9oa2gf9FmqtUsi=gN0fzybJQG9uCn4h

Thanks for watching man!

@@nowheretorun2857 Not sure as DCENT is 100% closed source. So we don’t know anything about the wallet other than what to company tells us.

@cyberscrilla oh thank you. I just watched your follow up video on best wallets, and Tangem is very interesting.

Tangem is one of my favorites. And a lot of people would agree! Definitely the most enjoyable hardware wallet I own

@@cyberscrilla it's done. I used your code. Thank you.

Wow, you’re quick! Thank you. Let me know if you have any questions

Yep, no firmware updates on Tangem. Also, Ledger is not at all high risk. And I’d recommend Ledger to anyone looking for a secure wallet. Don’t fall for the FUD. I covered my reasoning as to why Ledger is solid in this video: kzbin.info/www/bejne/nYKlYZWvbrN3nposi=O38X8RRTSr9qsjm8

You don't verify the firmware on Ledger, just show them trust. They have stated this.

@@cyberscrilla if I am a 🐑 I will trust ledger , ledger is a risk

I think the key phrase is “ air gapped”

Seed phrase.

@@cyberscrilla I have a very unpopular theory which is that the safest way to hold crypto is to use The Exodus desktop wallet on laptops and PCs only, and to forgo creating a password when it prompts you to which means you can't access or see the seed phrase, and then when you're done sending crypto to the wallet just write down each one's private key onto paper accurately, then do a factory reset on the device making it impossible for anyone to ever access that wallet again. The seed phrase was created locally on the machine, and no communication made two outside servers so after the reset the seed phrase remains a mystery forever. Of course the crypto is safe thanks to the piece of paper with the private keys. Can import those into a new wallet anytime, and I wish I knew of other desktop wallets that worked like Exodus does. Since the crypto itself doesn't leave the blockchain and is governed by a long and complicated password called the private key, doesn't it make sense the most secure method would be to reduce the footprint of that password down to just a piece of paper that is governed by you and is unhackable because it doesn't exist online or in any device, or continue relying on the seed phrase (possibly compromised) and neglect the long and complicated passwords that actually control things, so that you can use a third-party companies tools to create additional password barriers, starting with the PIN code or password creation that is instantly imposed on us on mobile. Doing it my way makes it a 2 person thing, me and my money, but creating a pin word and or password in using two-factor authentication... you're telling the wallet maker to keep anyone who can't cross these barriers away from your money including you. If the password equals the money and I can keep the password safe, as long as I can transact as needed there's literally no reason to involve anyone else at that point and additional passwords that stem from involving a third party makes me fundamentally less secure. Whatever. Good luck people. I'm confident that my method is the only method proven to be 99% "probably" safe. I think all the other wallets, including Exodus once you have created a password, are far less than 99% probably safe. In my opinion they are like 44% probably not safe. Lol.

​@@cyberscrillahow about the pass phrase?

Ellipal is fine. Not my favorite wallet though. But since you can verify ellipal firmware, Dark Skippy isn’t a threat to it. Just don’t download any malicious firmware and your good-that’s the moral of this video

@cyberscrilla thank you for your reply.

Thanks for watching the video!

Exactly. If you get the malicious firmware, it’s game over.

I wouldn’t do it. But you’re likely okay

Yes.

It has the security features to keep you safe from this attack.

Thanks for stopping by!

Don’t connect your main cold storage wallet to dapps. Use a burner wallet.

@@cyberscrillacan u help me understand what you mean by burner wallet?

Any wallet that doesn’t have all your crypto stored on it, just one you can use to transact. Could be a hot or cold wallet.

@@cyberscrilla So if I transfer coins from cold storage to an exchange and then connect the exchange to dapps I should be good?

You can’t connect an exchange to dapps. It’s simple. Have 1 wallet to hold all you coins (this is never connected to a dapp) Have another wallet only for transactions with just the amount of money you need to transact. Once you’re done doing whatever, send back to your storage wallet for safe keeping.

I have DCENT. I don’t like it. It’s 100% closed source. Would not recommend it

@@cyberscrilla can u look into Ryder wallet? As of now tangem might be my wallet soon

⁠@@cyberscrillaclosed source is a good way to not allow hackers to study the code for weaknesses and exploit them. Isn’t ledger closed source as well? Btw, safenet is also closed source…

What does that mean & What makes the Dcent unsafe?

Closed source means we don’t know what happens in the backend of the wallet. We don’t know how the seed phrase is generated, or if it’s safe, as the code is only known by the manufacturer. There’s no way to verify any of the company’s claims are true

Neither. I’m saying an air gapped wallet does not provide any extra security against this attack or other types of attacks for the most part. There are more important security features your should look for, such as the ones I mentioned in this video.

@@cyberscrilla awesome, thanks for the clarification., much appreciated ❤️ Also I often wonder, with technology evolving so fast, who knows how safe any of the current standards will be in 5, 10, even 20 years time. I guess U could keep up with the evolving tech, but if you pass away and leave millions in crypto to a loved one.

Interesting…

Where did you hear this?

Your hardware wallet will tell you. Or if you’re not downloading it form the manufacturers website you can just assume its malicious

As long as you confirmed the device/firmware is genuine, you should be good to go. I’d still never recommend buying a hardware wallet from a third party though.

More of what exactly? Or what did you like most about this video? Thanks for watching!

@cyberscrilla I mean this kind of video where you tackle scams and crypto security threats in general

You’re fine. But you shouldn’t be storing crypto in a hot wallet in the first place. Huge risk

Likely fine when it comes to this attack. But I don’t like DCENT in general though because it’s 100% closed source.

​@@cyberscrillawhat do u mean closed source?

@@cyberscrillacan you do a video about open source and closed source hardware wallets…I don’t know the advantages and disadvantages of

Keystone lets you verify that the device and firmware are authentic, so you’re likely okay. However, it's still best practice to avoid ordering wallets from third-party sellers.

The problem is they dont ship to my country..keystone only available on 3rd party in my country..tho the 3rd party is listed in the official keystone website...thanks for the reply!

I understand.

@@cyberscrilla unrelated to coldwallet...do you use yubico key to secure all of your digital information/media etc?

No, I use my Ledger flex, which is similar as it offers U2FA.

Thanks for watching!

Glad you liked it! Thanks for watching

Tangem rocks!

Yep

Safepal is fine

@@cyberscrilla thanks

Thank you for watching!

Trezor is good. Passphrase doesn’t help in the case of this attack. But like I said, most wallets have security features in place to prevent it-including Trezor

Ledger is a secure wallet

Backdoor? Not sure which cold wallet company it was.

@@a1toppgno back door. Just don’t use those apps allowing to access you walllet directly . Use it as a wallet only like I do.

@xtophgerard1169 how do u use yours?

Ledger never had a backdoor. That was misinformation that keeps getting spread. Don’t use Ledger Recover if you don’t want and you’re good

Source: you made it up

@@cyberscrilla Ha! Research…the ledger is completely safe. But there called Gateways, back doors. Research!!! 🧐

My guy. Ledger does not have a backdoor. Look up the definition of a backdoor. Then go “research” how Ledger Recover works-which anyone can do considering it’s 100% open source. If Ledger truly had a backdoor they would have gone out of business a longtime ago. Also, your comment was directed at all cold wallets, not just Ledger, so your statement is a bit misleading. But for real, don’t fall for the FUD. 99% of the crap online is misinformation. So if that’s what you’re consuming (without doing your own due diligence) then you’re being mislead. Careful..

@@cyberscrilla wow, that’s a long response. Who are really trying to convince? You googled it didn’t you…😂😂😂

Thanks for watching!

Thanks for watching!

Always! Thanks for watching man 🤜🤛

With most wallets on the market that I can think of

No way! Ledger Nano X is solid.

So… have you heard about dark skippy? 😆

Don’t worry. I delete/ban them. Just takes me a minute to notice them sometimes

Why? Ledger has nothing to do with this attack

Just, no…

This is .... the worst crypto advice in the history of crypto advice.

Yikes… not worth the risk in my opinion

Did you watch the video?

Because that’s not going to save you from this attack. It’s at the firmware level. An air gap device doesn’t protect you from downloading a malicious firmware. You need other security features in place.

Mmm. Not exactly. If you don’t trust the manufacturer, then sure. But if you don’t trust the manufacturer, why use their wallet in the first place?

@@cyberscrilla it's not about trusting the manufacturer , their servers that send firmware updates could get exploited by a hacker who could then upload a fake firmware update if you have automatic firmware downloads then the attacker has all your funds and it wouldn't even be the wallet manufacturer's fault at that point this attack has happened with several firmware servers for several other electronic products allowing hackers to hack various computers and I believe this attack will happen to hardware wallets next

🤜🤛

A USB drive? No thanks. Ledger and Trezor have several security features that not only prevent a person from physically accessing your device, but also prevents various types of digital attacks.

​@@cyberscrilla Ledger and Trezor had been hacked before - they're tainted and can never be trusted again. No other hardware wallet can claim to be safe, they may or may not be, only the future will tell (including open-sourced ones - who really inspects these codes ?) - I will not trust any of them with my BTC. It's not about the USB obviously, the whole drive is wiped & formatted and encrypted by TAILS, there are no other software on it, your BTC is safely in the verified Electrum Wallet inside TAILS, you boot directly into TAILS, bypassing the host pc, it connects only via TOR, and like I said - avoid wifi and only connect via ethernet. There is not a single weakness in it, there simply is no safer alternative.

Thank you for watching!!

lol why not?

@cyberscrilla idk I tried to access it but kept saying connection error I don't think it's big of a deal I use ledger

@@csrtwolegends1265 So it’s an issue with Ledger Live, not your wallet or loss of seed phrase

@@cyberscrilla no not at all

@@cyberscrilla yes just ledger live

🤜🤛

What are you talking about

Hfsp