We have a solution to supply chain attacks we would like the community to know about because it uses the same cryptographic algorithm using in Bitcoin to make sure the Secure Element isn't bypassed when it gets to you (and you end up with private keys that someone else has access to).

This is how it works:

Each hardware wallet has a pair of public and private keys pre-installed in the Secure Element during manufacturing that is used solely for the purpose of Web Authentication. This pair of keys has nothing to do with the public and private master key pair generated from physical entropy by the Secure Element for the HD wallet during initialization of the device. We will call this pair of public and private keys Web Authentication keys.

The backend of the Web Authentication page is operated by a hardware security module (HSM) server, which is a highly secure cryptoprocessing service offered by AWS. Like a Secure Element, it also has a pair of public and private keys. Each device’s Secure Element knows the public key of the HSM server, while the HSM server knows that device’s Web Authentication public key.

On the Web Authentication page, you will be prompted to scan a QR code. This QR code is a random string of numbers generated by the HSM which has been encrypted with your device’s Web Authentication public key and then signed by the HSM’s private key. When you scan this QR code, your hardware wallet will first use the HSM’s public key to verify the HSM server’s signature of the message. This is to ensure that the QR code you are looking at is from the official Web Authentication page, and not the victim of a phishing scam.

The device will then use its Web Authentication private key to decrypt the message that was encrypted with its public key by the HSM server. This results in the 8 digits you are asked to enter into the Web Authentication page after scanning the QR code. The HSM system will then check to see whether the digits align with the original random string it generated. If Web Authentication fails, you will not want to use your device at all. A failure message indicates that either your device is not operating the Secure Element it was manufactured with, or that your device was swapped out for a counterfeit entirely.

The most secure way to store bitcoin is offline in a hardware wallet or deep cold storage if you are not planning on touching it anytime soon. Anything touching the internet has a significantly larger attack surface because remote attacks are much less expensive to carry out than physical attacks. That being said, a mobile app is more secure than a desktop app because mobile phones come with lots of security features enabled by default that desktops don't have or require to manually enable.

If you're not ready for the jump to a hardware wallet, would still recommend you look into ways to generate your private keys from physical entropy rather than using the pseudorandom number generator (PRNG) from the Coinbase app -- not your keys, not your crypto. Type "using dice to generate keys" into Google and you can find some steps to get you there.

Curious - what do people feel is a good amount of BTC where you'd want to have at least one hardware wallet to protect it? Do you feel safer with a Secure Element and would you be willing to invest more in storing your keys with an SE?

Fascinating story - thanks for sharing and sorry for your loss. Those were the days. What are you storing in now?