Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Trezor One vs Ledger Nano S-which one is safer?
by
o_e_l_e_o
on 27/03/2021, 09:31:12 UTC
Quote from: Chris Redfield on March 26, 2021, 09:00:13 PM
I have anitvirus,but I also use,well...pirated websites very often and I often have viruses,but I remove them frequently.
I know there is a morality issues with that,but I mostly use them to try product before I decide if I'll going to buy it or not.
You said there is a chance I'll be hacked by copy paste address attack,what did you mean by that?
So either Trezor or Ledger will work similarly in this case. They protect your coins from any malware which might be on your computer, and prevent an attacker from being able to immediately steal your coins as they could on a software wallet installed on a computer infected with malware. I would recommend using a different computer altogether for your crypto which you do not use for pirated software, but if that's not an option, then a hardware wallet is a reasonable next option.

The way both Trezor and Ledger wallets work is that any time you want to make a transaction, you first create the transaction on your computer, your computer sends this transaction to your hardware wallet for approval and signing, you double check the transaction on your hardware wallet's screen, confirm that it is correct, and then your hardware wallet signs the transaction and sends the signed transaction back to your computer to be broadcast. The signing process is protected from malware since it takes place on the hardware wallet itself, and once the signed transaction is sent back to your computer it cannot be altered or changed by malware, since doing so would invalidated the signature and mean the network would reject it. So the only way for malware to attack this process is in the first step, where you create the transaction on your computer.

The most common way for this to happen is via what is known as clipboard malware. Let's say you want to send some coins from your hardware wallet to an exchange so you can trade them. You log in to your exchange account and highlight and copy your deposit address - bc1YOURDEPOSITADDRESS. You then head over to your hardware wallet interface, paste the address, and choose how much funds to send. However, when you paste the address, instead of your computer pasting bc1YOURDEPOSITADDRESS, it instead pastes bc1MALWAREADDRESS. You don't notice, you hit send and your computer sends this transaction over to your hardware wallet. You then check the details of the transaction on your hardware wallet. Now, thankfully, you notice that it is showing bc1MALWAREADDRESS instead of bc1YOURDEPOSITADDRESS, so you can reject the transaction, and your coins are not stolen.