Trezor Review: Stop Blindly Trusting Hardware Wallets
After my disastrous COBO Vault experience I decided it was smart to diversify my hardware wallet options. I was going to get a Nano but then at the last second they tried to tack on a $16 shipping fee onto the $60 cost. The Trezor was $55 & free shipping so I opted for it first. It's nice that these things no longer cost $100 because there is healthy competition and the new models coming out ($160) reduce the cost of the old ones.
I was very surprised to receive My Trezor within 5 business days. The creator, SatoshiLabs, is located in the Czech Republic or something like that (Prague) and when I ordered it they even said it would take a while because of COVID.
Return address
So this whole adventure started right out with a big bang. My girlfriend randomly scanned the return address and thought it was for her.
6010 N. Cajon boulevard, San Bernadino, CA
Then she noticed it was for me (didn't open it or anything), but that return addressed irked her a bit. She actually knows where that is and knew there was nothing there because a friend of hers works a few blocks away on the same street.
She Googled the location while I was at work just to make sure.
Hm, yep
That address doesn't exist. I'd like to think that SatoshiLabs has some kind of secret underground facility. lol.
In any case, when you're target market is a bunch of paranoid conspiracy theorists trying to be their own bank, why are you going to put the a super sketchy return address on there and not say anything about it? Ha! I mean I'm sure it has something to do with buying these things from small companies outside of the United States, but whatever. Know your customer.
Isn't it random that my girlfriend knew this was an empty lot? Honestly pretty funny, I wouldn't have even questioned it or checked. That's what you want to see when you're securing your own bank, right? lol
What's next?
I plug in the device and I need to upgrade the firmware.
If your firmware is not correctly signed by SatoshiLabs, your Trezor will display a warning.
Gee, so you mean that once again, I have to trust a corporation in order to trust this hardware wallet? Why do people blindly trust these fucking things? This is crazy!
Why does everyone just assume that a government can't come in and co-opt these small corporations just like they've done with Microsoft, Google, and all the rest? How do you know they haven't done that already? Seriously!
SERIOUSLY!!!!1
I just don't get it. These are the first hardware wallets I've ever owned. I had no idea everyone was just blindly trusting these companies to secure their money for them. Truly mind blowing!
What's next?
Alright, so I've upgraded the firmware. No problem. Whatever. Now I need to create a new seed or import and old one. I opt to import one of the seeds I used on the COBO Vault just to see if they were compatible (they were).
Guess where you enter the Seed code?!?!
ON YOUR COMPUTER.
Are they for real?
I actually knew they were gonna have to do it this way in advance, I was just in confused disbelief of this obvious necessity. I mean the device only has 2 buttons for crying out loud: true/false, yes/no, 1/0. Those are the only real answers one can enter into it directly.
Luckily, the seed was scrambled and I entered it in a random order. On top of that "security" I also entered fake words that weren't part of the seed, so if my machine was compromised someone may or may not be able to brute force it (I have no idea; haven't done the math).
https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
You know what math I can do?
Check out this list of 2048 words (2^11). This is the list of possible words in a seed phrase. Imagine taking these 2048 possible words and reducing that to like 24 words on a 12 word seed phrase. That is how badly Trezor is reducing your security by forcing you to type it into your machine... so bad. Does seriously no one question this ridiculous bullshit?
I feel like an idiot
Sharing the seed phrases between my two hardware wallets worked. The same public/private key combinations were created with both the Trezor and the COBO. Interesting and kinda cool.
At the same time, I'm now trusting two different shady companies with my master password. If either one fails, I lose all my money in that wallet. I do not recommend this strategy.
What's next
I set up my pin number on my Trezor in case anyone gets physical assess to it, but then I notice something. The website says my firmware is out of date!
BITCH!
I literally just updated it with the same website to get it up and running in the first place. So fucking shady to tell me I need to upgrade firmware again after I've typed in a master password with money int he wallet. Seriously, why/how are we trusting this bullshit?
Conclusion
The idea that hardware wallets are somehow way more secure than other options is ridiculous. You are fully trusting the company that made the product and hoping that it didn't get hacked as it was being shipped to you (unlikely but noteworthy).
The information coming out of the COBO is encrypted for no reason. The information coming out of the Trezor is completely unknown because it is connecting directly to their centralized servers and broadcasting whatever the firmware tells it to. These products are not secure and they force you to trust in a so-called trustless environment.
Remember how I said I didn't do the math? Well, there it is! Trezor forcing users to input 24 words on a 12 word seed phrase means that a compromised machine will simply get brute-forced by a hacker because there are only 2.7M combinations. Yo, Trezor: I'm not sure if you know this, but computers these days are pretty fast. Arranging 12 words 2.7 million times is not hard. I could easily do it on the same machine I'm currently writing this blog on in minutes.
I'm just going to come out and say it: these people are morons for thinking this is acceptable security.
What the actual fuck?
Exchanges aren't that bad
We've all been told, "Not your keys, not your crypto." However, everyone seems to think that having a hardware wallet seems to satisfy the requirement of owning your keys. It very obviously does not.
Why would you trust SatoshiLabs, COBO, Leger, or any centralized hardware manufacturer more than say Coinbase or Binance? At least Coinbase has FDIC insurance.
It's true, centralized exchanges create a honeypot for hackers around the entire globe. I believe FDIC insurance is going to fail soon in the wake of unprecedented bank runs. I also believe that at least one big centralized exchange will be hacked during the peak of the next bull run. The honeypot is simply too tempting for an outside attacking force or even an insider saboteur.
IF hardware wallet companies do their jobs correctly, surely using their product is much safer than keeping funds on an exchange, but why are we just assuming they are doing their job correctly? Clearly, they aren't, and they can be strong-armed by governments to become more incompetent by design (backdoor).
Decentralize your holdings
I wrote this post two years ago, May 2018.
Exchanges may be centralized, but they are also a great way to decentralize your holdings.
When I wrote that, I remember thinking,
"Wow, I hope I don't sound like a fucking idiot for telling people they should keep money on the exchanges."
Turns out my initial instinct was totally right. If you want to have the best security you absolutely need to secure your money in as many different places as possible. Isn't that obvious? It's like the definition of decentralization.
I would advise someone to put all their crypto on 20 different centralized exchanges before I told them to put it all on a single hardware wallet.
That is a fact. If I had to put a number on it, I'd say it's "safe" to keep anywhere between 1%-5% of your holdings on a single exchange.
Safety is an illusion.
Don't forget, there are many other ways to lose your crypto besides getting hacked by a malicious bad actor. It's just as easy to lose funds by sending money to the wrong address or botching your own security. We see these happenstances time and time again. No one said being your own bank was easy.
Silver lining.
These experiences I'm having with hardware wallets are actually really exciting. We see that the space is still new and full of cracks, just waiting for competent people to come in and corner the market with a product that isn't absolute dogshit.
https://peakd.com/utopian-io/@edicted/steem-airgap-hardware-wallet-utopian-io
My idea for an airgapped hardware wallet using open-source Raspberry Pi tech is more golden than ever before. If you set up the device yourself you don't have to trust anyone but yourself. If the device never has access to the Internet you'd still be safe even if it was compromised (extremely unlikely).
I continue to dream about starting a decentralized business, and this path seems the most likely. Imagine me starting up a little operation in my garage or something selling airgap Raspberry Pi wallets.
What happens when I need to scale up? Do I start hiring people? Renting office space? Paying salaries and figuring out taxes? Or do I simply turn to the Hive community and get other people to help me by starting up little operations in their own garage?
Bitcoin may have been around for more than a decade, but the open-source Web 3.0 economy does not exist yet. This is an exciting time to be alive.
Thinking to the future.
Imagine what happens when crypto goes mainstream. If you leave a DLT wallet out in the open... on your nightstand, on your keychain, in your phone, on a browser... everyone is going to know what that is. Everyone is going to know money is just sitting there. I guarantee there will eventually be a push to make wallets look like other devices/apps so no one simply knows where everyone stores their money.
With Raspberry Pi, we hit the ground running.
It is already an open source computer that can do whatever. Imagine secretly holding crypto on one but also using it as a retro gaming device with a Ninentdo emulator. When crypto is mainstream it will be downright foolish to broadcast where the money is secured.
It is my opinion that devices that are specifically designed to hold crypto will be targeted for theft with much more prejudice going forward into mainstream adoption. The thing that we believe makes them so secure (specialized ASIC device) is ironically the thing that will make them less secure against localized social-proximity attack.
Actual Conclusion
It is mindblowing to me how early in the game we are. Just wait until the company behind a hardware wallet becomes compromised and users realize they can't even trust these companies to be competent/trustworthy. A centralized hardware wallet attack is inevitable, and no one will see it coming (apparently).
I imagine the next big hack will come during the next bull run when the honeypot is at its sweetest with fresh new all time highs (likely even 10x current ATHs). However, in the wake of such a "devastating" attack what are all the noobs going to be told? "Get yourself a hardware wallet to avoid this tragedy in the future." Of course the bubble after next will be the one that a hardware wallet company becomes compromised.
Like clockwork...
Don't worry about all those pesky forced firmware updates and unknown information being transferred to/from the wallet to centralized servers. You can trust 'them'.
lol, trustless environment my ass.
I thought for sure that I could trust Trezor more than my COBO Vault, but that is absolutely not the case. Trezor costs $55 for a little piece of plastic that feels like it cost a couple bucks to create. It seriously has the feel of my Blizzard Authenticator (RSA SecurID) that I used to secure my World of Warcraft gold ($2000) back in the day.
At least with the COBO ($100) I got a touch screen and a camera with airgap security paired to my phone. Both devices make it completely unclear what kind of information is being broadcast, although we're meant to assume it's just public transaction info (except COBO encrypts it to hide what they are doing and Trezor is completely opaque as well behind the private node connection).
In addition, I got the COBO tablet for free with my purchase; a product that I value for at least the sticker price ($40). When comparing the physical tech you're paying for, the Trezor is a complete ripoff compared to the COBO. That is a 100% provable and obvious fact.
Live & Learn
While disappointing, this whole experience has given me a lot to think about, and hopefully I've helped others as well with this post and given them a lot to think about in return. It's becoming quite obvious: if you want to be your own bank, security is the #1 priority. So far, I'd say the current security being provided that many think they can trust is a complete farce.
When you are your own bank, the only person you can trust, is yourself. That's the entire point of this whole movement. It is our responsibility to point out that, while hardware wallet security seems pretty good at the moment, we've still fallen into the same trap of trusting a centralized corporation to secure our bank for us. It's not a matter of if, but when one of these business will fail due to the cracks in their own business model.
This is why I still trust the Hive network to secure my biggest chunk of crypto by a HUGE margin. Not only do I get 4 layers of security and private-key permissions, I also know how to sign cold transactions and I have a recovery account backup combined with locking the vast majority of my wealth in a staked smart contract. Graphene security is better than the competition, and it will continue to be so as we evolve; end of story.
Cold wallet I find is better as it designed for off the computer use. But what you said is fair. Why trust when exchanges do it so much better. But then we just back at banks which is an oof.
Luckily I did the math wrong on the 24 choose 12 (2.7M combinations).
That is simply the chance of choosing the correct 12 words.
You'd still have to find the correct order of them afterwards.
I believe this would add a multiplier of 12P12 (12! factorial)
So 24 choose 12 (2,704,156) times 12! (479,001,600) = around 1.3 Quadrillion (10^15) possibilities.
Hopefully that's correct.