Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Merits 1 from 1 user
Re: New crypto users, a few tips to avoid losing your hard earned coins
by
Lucius
on 23/11/2020, 11:18:17 UTC
⭐ Merited by stompix (1)
Quote from: Bitsaurus on Today at 08:17:06 AM
Has there been any case where a redirection malware has actually changed the destination address?

There are countless cases where user A has sent something to user B, and for some reason the coins ended up with user C (who in this case is a hacker with clipboard malware). If something like this happens we can be pretty sure it's clipboard malware, but most victims don't want to check what actually happened but follow the advice to format the disk and start with clean OS.

It should be noted that clipboard malware can hit the user of any crypto wallet, so it is an advantage to use a hardware wallet that will always ask us to confirm if the address matches. Of course, it is a good and desirable practice to always check several times if necessary, especially if we send large amounts.

Quote from: Bitsaurus on Today at 08:17:06 AM
When I purchased my Ledger I heard about the Trezor vulnerability. I assume they would have changed the chip since then - perhaps they have not updated it. My Ledger requires a pin to be entered to access the device and clears the seed if it fails 3 times. Are the Trezor's still hackable with a pin/password if physical access is available?

Trezor vulnerabilities cannot be literally fixed with new firmware, because the problem is in the hardware itself - which means that all existing devices that use current hardware will always be vulnerable. When and if the Trezor makes a completely new model, we can expect that it will not be exposed to that vulnerability.

As for PIN protection, Kraken has demonstrated that it is possible to create a script that will brute force a PIN consisting of 4 numbers in about 2 minutes.Therefore, one should not rely on PIN as protection because if someone has physical access to a hardware wallet and enough technical knowledge, it is only a matter of time before they will be able to extract the seed.

Quote from: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/
Additionally, because the Trezor firmware utilizes an encrypted storage, we developed a script to crack the PIN of the dumped device, leading to a full compromise of the security of the Trezor wallets. The script was able to brute force any 4-digit pin in under 2 minutes. This attack demonstrates that the STM32-family of Cortex-M3/Cortex-M4 microcontrollers should not be used for storage of sensitive data such as cryptographic seeds even if these are stored in encrypted form.