" Don't connect your main cold storage wallet to dapps.Use a burner wallet..." you said.It's not a question of using a burner wallet.It's a question of moving asset from point A to point B.Say you wanna trade/swap on a dex...or you wanna stake on a smart contract or other stuffs that you wanna do with your hardware wallet each time you're online .Yupp ! That's right ! You need to move the desired crypto asset that you wish to swap or stake or whatever...from point A to point B. Meaning..from the main cold storage wallet to a burner wallet. That alone requires our signature from the hardware wallet.Why? Because we moving from point A to point B. We haven't even connected to dapps. Just moving the desired crypto asset from main cold storage to a burner wallet.That alone is a loophole.Why? Because we need to sign the txn. And that's where ' Dark Skippy ' comes in place.
Yeah but that’s to avoid the most common scam in crypto which is a phishing attacks. And it’s still effective for that. Basically all cold wallets on the market are immune to Dark Skippy. You need to understand: Unless you install the malicious firmware, you won’t be affected by dark skippy.
Back in 2018 I bought a Ledger hardware wallet on Amazon and during the setup phase something didn't work correctly. Looking back I might have gotten a corrupted device.
As you probably now understand, these wallets should ALWAYS be purchased from the actual company. For the benefit of others reading this: If, for some reason, you end up buying one on Amazon or elsewhere, a reset should be performed before using it. Never just use a seed phrase provided with the Amazon purchase. Most wallets will have some sort of "reset" function, with which you can create a fresh seed phrase or private key to improve your odds of having a secure wallet.
@@cyberscrilla agree. Once i decide to add real money wanna add a bit to safety. Same as you buy brand New phone...but you dont wanna buy case or protective glasa. Xoxoxo. But Great video
So if you use a Tangem wallet, then you’re good from this hack, since the scammers can’t install their shady firmware on your Tangem. Is that correct??
CTO at Ledger tweeted about it on the day of disclosure (5th Aug 24), its good practice to follows these types of security researcher to stay up to date.
I saw that. But no public announcements from the hardware wallet brands themselves. The average consumer doesn’t follow the CEO/CTO/CXOs of these companies.
Thx Alex! Can we use Face ID along with Access code fir Tangem? Requiring both to log in? And if I wanted to disable Face ID could I do that too? Thank you for your hard work! 💪🤩
Hi Alex. This is great info. I'm based in South Africa and we can only buy from resellers in SA. There is no shipping from the manufacturers in our country
i just found you videos, so much is been said in the world about the crypto ., so i am now giving it a try, and want to learn about crypto, so i can invest, are you offering any course for new bees to learn about crypto etc
I was a victim of the Atomic Wallet attack. All my crypto was drained. I'm wondering if my private key's were derived from my transactions? I've joined a class action lawsuit but who knows what outcome this will bring.
Just to clarify, a secure element, a secure bootloader or verifying your firmware is authentic, does not prevent this attack. The attack occurs with malicious firmware, and if the manufacuture of the hardware wallet it malicious, then the firmware can be malicious, even if it is shown as "authentic". To prevent this attack, the hardware wallet needs to support the Anti-klepto protocol. Only a two hardware wallets I know of support this. The BitBox02 and Jade.
Are the private keys getting compromised or is the Seed phrase to the wallet getting compromised? It seems a lot more difficult to somehow steal multiple private keys compared to only having to steal one seed phrase/recovery phrase.
@@cyberscrilla I have a very unpopular theory which is that the safest way to hold crypto is to use The Exodus desktop wallet on laptops and PCs only, and to forgo creating a password when it prompts you to which means you can't access or see the seed phrase, and then when you're done sending crypto to the wallet just write down each one's private key onto paper accurately, then do a factory reset on the device making it impossible for anyone to ever access that wallet again. The seed phrase was created locally on the machine, and no communication made two outside servers so after the reset the seed phrase remains a mystery forever. Of course the crypto is safe thanks to the piece of paper with the private keys. Can import those into a new wallet anytime, and I wish I knew of other desktop wallets that worked like Exodus does. Since the crypto itself doesn't leave the blockchain and is governed by a long and complicated password called the private key, doesn't it make sense the most secure method would be to reduce the footprint of that password down to just a piece of paper that is governed by you and is unhackable because it doesn't exist online or in any device, or continue relying on the seed phrase (possibly compromised) and neglect the long and complicated passwords that actually control things, so that you can use a third-party companies tools to create additional password barriers, starting with the PIN code or password creation that is instantly imposed on us on mobile. Doing it my way makes it a 2 person thing, me and my money, but creating a pin word and or password in using two-factor authentication... you're telling the wallet maker to keep anyone who can't cross these barriers away from your money including you. If the password equals the money and I can keep the password safe, as long as I can transact as needed there's literally no reason to involve anyone else at that point and additional passwords that stem from involving a third party makes me fundamentally less secure. Whatever. Good luck people. I'm confident that my method is the only method proven to be 99% "probably" safe. I think all the other wallets, including Exodus once you have created a password, are far less than 99% probably safe. In my opinion they are like 44% probably not safe. Lol.
I need some advice, If you make a new SOL token and its not yet listed on a cold wallet, how can you send it new to you're new cold wallet, and what is the best SOL supported cold wallet besides ledger? In you're opinion.
Nice video thanks 👍 Good to know about 😊 Will having a passphrase (25th word) change anything - if you did get this malicious firmware code installed? Just wondering 😊🤔 Update: I see in another comment you did answer this would not help - just can't quite wrap my head around how that works, but kindda see that once wallet is "open" for signing, it's the malicious code that works on the signature end of the transaction, hence a passphrase is not really of any added benefit 🥴🤪👍
Which tokens have been shown to have this malware on it? thats the only way I could see this effecting hardware wallets, transaction/smart contract interaction itself
I explained it in the video. It’s a malicious firmware. If you install it on your device, it could potentially affect any transaction. The example shown on the Dark Skippy website is BTC
Yep, no firmware updates on Tangem. Also, Ledger is not at all high risk. And I’d recommend Ledger to anyone looking for a secure wallet. Don’t fall for the FUD. I covered my reasoning as to why Ledger is solid in this video: ruclips.net/video/gQB0by9NDh8/видео.htmlsi=O38X8RRTSr9qsjm8
Neither. I’m saying an air gapped wallet does not provide any extra security against this attack or other types of attacks for the most part. There are more important security features your should look for, such as the ones I mentioned in this video.
@@cyberscrilla awesome, thanks for the clarification., much appreciated ❤️ Also I often wonder, with technology evolving so fast, who knows how safe any of the current standards will be in 5, 10, even 20 years time. I guess U could keep up with the evolving tech, but if you pass away and leave millions in crypto to a loved one.
Definitely keep up with all the scams and hacks out there I feel like this is only going to get worse going into the bull market we need to stay on top of this as much as possible
The reason why no ones talking about it... is because its common knowledge buy from a manufacturer website and only update firmware from the manufacture.....The whole point of a hard ware wallet is security.
Ive been in crypto 4 yrs and barely getting to buy a cold wallet, I looked up BEST BUY but did more research and stumbled on to here. Its not common knowledge to me lol but makes total sense.
Ellipal is fine. Not my favorite wallet though. But since you can verify ellipal firmware, Dark Skippy isn’t a threat to it. Just don’t download any malicious firmware and your good-that’s the moral of this video
Best place to keep your crypto is on the exchanges. Seriously too many moving parts, too many point of failures with cold wallets. No need this stress. You bet on one good exchange, your chance of failure will be significantly less.
@@cyberscrilla why? everyone says ooh don't do that etc. but your worst enemy is yourself. Plus I just learnt Trezor doesn't even hold more than 5-6 coins. You need metamask etc. Such a scam this cold wallet market.
Keeping your crypto on an exchange defeats the point of owning crypto since you don’t actually control it. And it sounds like you just haven’t found the right wallet yet. There are plenty of really good /user friendly options out there. But my friend, please do not trust these exchanges to manage YOUR money for you. There are WAY too many horror stories and they generally happen on “good exchanges”. I’ve seen it myself, and it doesn’t matter how much money you have on them. They will lock your account. They will make it so you can’t sell. It happens EVERY SINGLE DAY. All exchanges are the same. I’m more than happy to help you find a cold wallet. This video will help you learn what things to look for to find the right now: ruclips.net/video/d-9OYPT0JLk/видео.htmlsi=20KMJSihwwxxOoBq Or just get something like Tangem which supports over 70 different blockchain networks and thousands of coins natively-no third party wallet required. If you want to learn more about Tangem: ruclips.net/video/bPZpzjJl3ts/видео.htmlsi=gN0fzybJQG9uCn4h
Apparently IOS and Android have to be careful with updates right now especially. I guess hackers are mimicking updates on those phones that are not regular updates it's just mailware that they are just installing on your IOS or Android. Hackers are definitely getting clever.
Hmm ... to check if one's hardware wallet has been compromised it might be a good idea to do a small on chain transfer and then to run the skippy attack to see if the seed phrase can be reconstructed, right? Maybe certain shady sources/wallet resellers can be exposed.
Trezor goes through this when I set up a new wallet 💯 I got it from Amazon, the seals were intact and still wiped and flashed Trezor firmware better safe than sorry
As long as you confirmed the device/firmware is genuine, you should be good to go. I’d still never recommend buying a hardware wallet from a third party though.
@cyberscrilla Is Amazon a third party if the store within Amazon is the orginal company? Example, I looked up the "Amazon choice" Trezor and the seller is "the Trezor store".
@@cyberscrillaclosed source is a good way to not allow hackers to study the code for weaknesses and exploit them. Isn’t ledger closed source as well? Btw, safenet is also closed source…
Closed source means we don’t know what happens in the backend of the wallet. We don’t know how the seed phrase is generated, or if it’s safe, as the code is only known by the manufacturer. There’s no way to verify any of the company’s claims are true
What's a crypto hardware wallet? A signing device.And that's where it is targeted at.When signing txn.Doesn't matter when connected to dapps etc...we're screwed altogether eventually.
You can’t connect an exchange to dapps. It’s simple. Have 1 wallet to hold all you coins (this is never connected to a dapp) Have another wallet only for transactions with just the amount of money you need to transact. Once you’re done doing whatever, send back to your storage wallet for safe keeping.
Keystone lets you verify that the device and firmware are authentic, so you’re likely okay. However, it's still best practice to avoid ordering wallets from third-party sellers.
The problem is they dont ship to my country..keystone only available on 3rd party in my country..tho the 3rd party is listed in the official keystone website...thanks for the reply!
Trezor is good. Passphrase doesn’t help in the case of this attack. But like I said, most wallets have security features in place to prevent it-including Trezor
My guy. Ledger does not have a backdoor. Look up the definition of a backdoor. Then go “research” how Ledger Recover works-which anyone can do considering it’s 100% open source. If Ledger truly had a backdoor they would have gone out of business a longtime ago. Also, your comment was directed at all cold wallets, not just Ledger, so your statement is a bit misleading. But for real, don’t fall for the FUD. 99% of the crap online is misinformation. So if that’s what you’re consuming (without doing your own due diligence) then you’re being mislead. Careful..
The solution to not losing your crypto. #1 don’t own too much crypto. AKA XRP, own under 10k. #2 keep your XRP on the xrp ledger and having the most regulated crypto exchange.
Storing crypto is actually harder than anything else in this field. The only reason why ppl are chasing crypto is because of high returns. Apart from this crypto is actually useless
@@cyberscrilla it's not about trusting the manufacturer , their servers that send firmware updates could get exploited by a hacker who could then upload a fake firmware update if you have automatic firmware downloads then the attacker has all your funds and it wouldn't even be the wallet manufacturer's fault at that point this attack has happened with several firmware servers for several other electronic products allowing hackers to hack various computers and I believe this attack will happen to hardware wallets next
Because that’s not going to save you from this attack. It’s at the firmware level. An air gap device doesn’t protect you from downloading a malicious firmware. You need other security features in place.
Ledger and Trezor are crap. In fact, the absolute best cold hardware Bitcoin wallet is simply this : Take USB drive, flash latest verified TAILS on it (which automatically will include latest verified Electrum wallet), and *only* connect it to Linux pc which are connected to router via ethernet cable.
A USB drive? No thanks. Ledger and Trezor have several security features that not only prevent a person from physically accessing your device, but also prevents various types of digital attacks.
@@cyberscrilla Ledger and Trezor had been hacked before - they're tainted and can never be trusted again. No other hardware wallet can claim to be safe, they may or may not be, only the future will tell (including open-sourced ones - who really inspects these codes ?) - I will not trust any of them with my BTC. It's not about the USB obviously, the whole drive is wiped & formatted and encrypted by TAILS, there are no other software on it, your BTC is safely in the verified Electrum Wallet inside TAILS, you boot directly into TAILS, bypassing the host pc, it connects only via TOR, and like I said - avoid wifi and only connect via ethernet. There is not a single weakness in it, there simply is no safer alternative.
These cold wallets will keep your crypto safe from this hack: ruclips.net/video/DFHS1kGHCEk/видео.html
God bless,
Alex
@cyberscrilla This is a lot more than just a _"scam"_
...but for once I appreciate the clickbait title so thumbs up!
Every hardware device I bought came straight from the manufacture. No third party what so ever. Not even from Amazon
THIS is the way.
Good luck when the manufacturer leaks your address.
@@tobiuchiha8370 you can’t prove that. What if someone from the manufacturer is a hacker? What now?
Boom@@Spearoman
@@tobiuchiha8370 nothing is 100% safe!
BUY cold storage from the manufacturer only
" Don't connect your main cold storage wallet to dapps.Use a burner wallet..." you said.It's not a question of using a burner wallet.It's a question of moving asset from point A to point B.Say you wanna trade/swap on a dex...or you wanna stake on a smart contract or other stuffs that you wanna do with your hardware wallet each time you're online .Yupp ! That's right ! You need to move the desired crypto asset that you wish to swap or stake or whatever...from point A to point B. Meaning..from the main cold storage wallet to a burner wallet. That alone requires our signature from the hardware wallet.Why? Because we moving from point A to point B. We haven't even connected to dapps. Just moving the desired crypto asset from main cold storage to a burner wallet.That alone is a loophole.Why? Because we need to sign the txn. And that's where ' Dark Skippy ' comes in place.
Yeah but that’s to avoid the most common scam in crypto which is a phishing attacks. And it’s still effective for that.
Basically all cold wallets on the market are immune to Dark Skippy. You need to understand: Unless you install the malicious firmware, you won’t be affected by dark skippy.
Back in 2018 I bought a Ledger hardware wallet on Amazon and during the setup phase something didn't work correctly. Looking back I might have gotten a corrupted device.
As you probably now understand, these wallets should ALWAYS be purchased from the actual company.
For the benefit of others reading this:
If, for some reason, you end up buying one on Amazon or elsewhere, a reset should be performed before using it. Never just use a seed phrase provided with the Amazon purchase. Most wallets will have some sort of "reset" function, with which you can create a fresh seed phrase or private key to improve your odds of having a secure wallet.
@@mtnvortex Fortunately I didn't use it. A friend wanted to buy from me so I sold it.
Thx Alex!!!!! Question! If I am transfering crypto from Uphold to Tangem do I sent it to XRP or XRP Ledger? As always, we appreciate you!!! thank you!
Tangem + pin + biometric. I dont see how this can affect IT. Not to mention card
Yep, Tangem is safe. More so because the user can’t install firmware on Tangem nor are any firmware updates required.
@@cyberscrilla agree. Once i decide to add real money wanna add a bit to safety. Same as you buy brand New phone...but you dont wanna buy case or protective glasa. Xoxoxo. But Great video
I use my Tangem wallet on my every day phone. I just use a different phone when recording videos 😉
So if you use a Tangem wallet, then you’re good from this hack, since the scammers can’t install their shady firmware on your Tangem. Is that correct??
@@roysams8483 yup
Good information.
THANK YOU 🙏
God bless
CTO at Ledger tweeted about it on the day of disclosure (5th Aug 24), its good practice to follows these types of security researcher to stay up to date.
I saw that. But no public announcements from the hardware wallet brands themselves.
The average consumer doesn’t follow the CEO/CTO/CXOs of these companies.
Thx Alex! Can we use Face ID along with Access code fir Tangem? Requiring both to log in? And if I wanted to disable Face ID could I do that too? Thank you for your hard work! 💪🤩
Hi Alex. This is great info. I'm based in South Africa and we can only buy from resellers in SA. There is no shipping from the manufacturers in our country
I understand. Make sure to buy a device that allows you to verify firmware authenticity (Tangem, Trezor, Ledger, Onekey, Keystone)
Its a best practice to always reset your cold Wallet to factory settings before you start using it
As long as the device asks you to setup a new wallet (generate a new seed phrase) no need to rest it.
Well done Alex. Much appreciated
Thanks for watching
🙄😬...this made me think of canned (smoked) skip jacks...I hope they get smoked...😂...thanks for the heads up!
i just found you videos, so much is been said in the world about the crypto ., so i am now giving it a try, and want to learn about crypto, so i can invest, are you offering any course for new bees to learn about crypto etc
First step is to assume everyone in the comments is a clever scammer
@@CJStrykr ohhh ok yes i seen before some or many talks about a particular person who trades etc , so its a scammer . thanks
I was a victim of the Atomic Wallet attack. All my crypto was drained. I'm wondering if my private key's were derived from my transactions? I've joined a class action lawsuit but who knows what outcome this will bring.
Just to clarify, a secure element, a secure bootloader or verifying your firmware is authentic, does not prevent this attack. The attack occurs with malicious firmware, and if the manufacuture of the hardware wallet it malicious, then the firmware can be malicious, even if it is shown as "authentic".
To prevent this attack, the hardware wallet needs to support the Anti-klepto protocol. Only a two hardware wallets I know of support this. The BitBox02 and Jade.
But those mechanisms prevent downloading a malicious firmware, thus it helps to prevent this attack
Thanks for make this video i asked for im new in this channel and love the content 🚀
Yes, thank you for bringing this to my attention and thanks for watching!
Until Tangem Pay Visa comes out. Is there another option for spending via a credit card or pre paid card with funds from cold / hard wallet?
Are the private keys getting compromised or is the Seed phrase to the wallet getting compromised? It seems a lot more difficult to somehow steal multiple private keys compared to only having to steal one seed phrase/recovery phrase.
Seed phrase.
@@cyberscrilla I have a very unpopular theory which is that the safest way to hold crypto is to use The Exodus desktop wallet on laptops and PCs only, and to forgo creating a password when it prompts you to which means you can't access or see the seed phrase, and then when you're done sending crypto to the wallet just write down each one's private key onto paper accurately, then do a factory reset on the device making it impossible for anyone to ever access that wallet again. The seed phrase was created locally on the machine, and no communication made two outside servers so after the reset the seed phrase remains a mystery forever. Of course the crypto is safe thanks to the piece of paper with the private keys. Can import those into a new wallet anytime, and I wish I knew of other desktop wallets that worked like Exodus does. Since the crypto itself doesn't leave the blockchain and is governed by a long and complicated password called the private key, doesn't it make sense the most secure method would be to reduce the footprint of that password down to just a piece of paper that is governed by you and is unhackable because it doesn't exist online or in any device, or continue relying on the seed phrase (possibly compromised) and neglect the long and complicated passwords that actually control things, so that you can use a third-party companies tools to create additional password barriers, starting with the PIN code or password creation that is instantly imposed on us on mobile. Doing it my way makes it a 2 person thing, me and my money, but creating a pin word and or password in using two-factor authentication... you're telling the wallet maker to keep anyone who can't cross these barriers away from your money including you. If the password equals the money and I can keep the password safe, as long as I can transact as needed there's literally no reason to involve anyone else at that point and additional passwords that stem from involving a third party makes me fundamentally less secure.
Whatever. Good luck people. I'm confident that my method is the only method proven to be 99% "probably" safe. I think all the other wallets, including Exodus once you have created a password, are far less than 99% probably safe. In my opinion they are like 44% probably not safe. Lol.
@@cyberscrillahow about the pass phrase?
I need some advice, If you make a new SOL token and its not yet listed on a cold wallet, how can you send it new to you're new cold wallet, and what is the best SOL supported cold wallet besides ledger? In you're opinion.
If the wallet supports SOL, then you can send any token on SOL to that wallet as it’s supported.
For SOL, I like Tangem, Ledger, and Trezor
Nice video thanks 👍 Good to know about 😊 Will having a passphrase (25th word) change anything - if you did get this malicious firmware code installed? Just wondering 😊🤔 Update: I see in another comment you did answer this would not help - just can't quite wrap my head around how that works, but kindda see that once wallet is "open" for signing, it's the malicious code that works on the signature end of the transaction, hence a passphrase is not really of any added benefit 🥴🤪👍
Exactly. If you get the malicious firmware, it’s game over.
I use Ballet is that still safe? Bought directly from them.
ANY WALLET THAT USES THIS CHIP WAS MENTIONED IN THE VIDEO.
These attacks are always evolving.
@@GalutiaFamilyChannel Exactly! Gotta remain vigilant
Thanks for the heads up Bro!
Thanks for watching man!
Verify transactions on Sparrow before broadcasting.
Or never connect your hardware wallet to anysite.
I try as much as possible to use only secondary software wallets to interact with websites
"air gap wallet which is completely useless against this attack" i am lost, can you please elaborate?
Simple. An air gap wallet wouldn’t protect you from this attack.
Which tokens have been shown to have this malware on it? thats the only way I could see this effecting hardware wallets, transaction/smart contract interaction itself
I explained it in the video. It’s a malicious firmware. If you install it on your device, it could potentially affect any transaction.
The example shown on the Dark Skippy website is BTC
Good thing I used a Tangem wallet , you can’t change the firmware. Also ledger is at high risk . Which why I stopped using ledger
Yep, no firmware updates on Tangem.
Also, Ledger is not at all high risk. And I’d recommend Ledger to anyone looking for a secure wallet.
Don’t fall for the FUD.
I covered my reasoning as to why Ledger is solid in this video:
ruclips.net/video/gQB0by9NDh8/видео.htmlsi=O38X8RRTSr9qsjm8
You don't verify the firmware on Ledger, just show them trust. They have stated this.
@@cyberscrilla if I am a 🐑 I will trust ledger , ledger is a risk
I think the key phrase is “ air gapped”
thanks, another great video.
Thanks for stopping by!
So you saying a Air Gapped wallet is good or bad? Cheers 🙂
Neither. I’m saying an air gapped wallet does not provide any extra security against this attack or other types of attacks for the most part.
There are more important security features your should look for, such as the ones I mentioned in this video.
@@cyberscrilla awesome, thanks for the clarification., much appreciated ❤️
Also I often wonder, with technology evolving so fast, who knows how safe any of the current standards will be in 5, 10, even 20 years time. I guess U could keep up with the evolving tech, but if you pass away and leave millions in crypto to a loved one.
Definitely keep up with all the scams and hacks out there I feel like this is only going to get worse going into the bull market we need to stay on top of this as much as possible
THIS. Cybercrime is a massive and lucrative business. It will only continue to grow.
what about trezor model t
The reason why no ones talking about it... is because its common knowledge buy from a manufacturer website and only update firmware from the manufacture.....The whole point of a hard ware wallet is security.
There’s no such thing as common knowledge or common sense in crypto. Or at least if there is, it’s few and far between
Ive been in crypto 4 yrs and barely getting to buy a cold wallet, I looked up BEST BUY but did more research and stumbled on to here. Its not common knowledge to me lol but makes total sense.
How safe is ellipal?
Ellipal is fine. Not my favorite wallet though. But since you can verify ellipal firmware, Dark Skippy isn’t a threat to it.
Just don’t download any malicious firmware and your good-that’s the moral of this video
@cyberscrilla thank you for your reply.
Thanks for watching the video!
Best place to keep your crypto is on the exchanges. Seriously too many moving parts, too many point of failures with cold wallets. No need this stress. You bet on one good exchange, your chance of failure will be significantly less.
@@colinpowda No. This is bad advice.
@@cyberscrilla why? everyone says ooh don't do that etc. but your worst enemy is yourself. Plus I just learnt Trezor doesn't even hold more than 5-6 coins. You need metamask etc. Such a scam this cold wallet market.
Keeping your crypto on an exchange defeats the point of owning crypto since you don’t actually control it.
And it sounds like you just haven’t found the right wallet yet. There are plenty of really good /user friendly options out there.
But my friend, please do not trust these exchanges to manage YOUR money for you. There are WAY too many horror stories and they generally happen on “good exchanges”.
I’ve seen it myself, and it doesn’t matter how much money you have on them. They will lock your account. They will make it so you can’t sell. It happens EVERY SINGLE DAY.
All exchanges are the same.
I’m more than happy to help you find a cold wallet. This video will help you learn what things to look for to find the right now: ruclips.net/video/d-9OYPT0JLk/видео.htmlsi=20KMJSihwwxxOoBq
Or just get something like Tangem which supports over 70 different blockchain networks and thousands of coins natively-no third party wallet required.
If you want to learn more about Tangem: ruclips.net/video/bPZpzjJl3ts/видео.htmlsi=gN0fzybJQG9uCn4h
Apparently IOS and Android have to be careful with updates right now especially. I guess hackers are mimicking updates on those phones that are not regular updates it's just mailware that they are just installing on your IOS or Android. Hackers are definitely getting clever.
Interesting…
Where did you hear this?
Pass phrase can be extracted too?
Yes.
I use D'Cent with the biometrics, I should be fine right?
@@nowheretorun2857 Not sure as DCENT is 100% closed source. So we don’t know anything about the wallet other than what to company tells us.
@cyberscrilla oh thank you.
I just watched your follow up video on best wallets, and Tangem is very interesting.
Tangem is one of my favorites. And a lot of people would agree! Definitely the most enjoyable hardware wallet I own
@@cyberscrilla it's done. I used your code. Thank you.
Wow, you’re quick! Thank you. Let me know if you have any questions
keystone pro is secure against dark skippy?
It has the security features to keep you safe from this attack.
Password managers... proprietary hardware wallets n firmware... targets.
Big money involved.
What could go wrong
Hmm ... to check if one's hardware wallet has been compromised it might be a good idea to do a small on chain transfer and then to run the skippy attack to see if the seed phrase can be reconstructed, right? Maybe certain shady sources/wallet resellers can be exposed.
Alex nice information thanks 🙏
Glad you liked it! Thanks for watching
Trezor goes through this when I set up a new wallet 💯 I got it from Amazon, the seals were intact and still wiped and flashed Trezor firmware better safe than sorry
As long as you confirmed the device/firmware is genuine, you should be good to go.
I’d still never recommend buying a hardware wallet from a third party though.
@cyberscrilla Is Amazon a third party if the store within Amazon is the orginal company? Example, I looked up the "Amazon choice" Trezor and the seller is "the Trezor store".
Can you look into Dcent wallet ?
I have DCENT. I don’t like it. It’s 100% closed source. Would not recommend it
@@cyberscrilla can u look into Ryder wallet? As of now tangem might be my wallet soon
@@cyberscrillaclosed source is a good way to not allow hackers to study the code for weaknesses and exploit them. Isn’t ledger closed source as well? Btw, safenet is also closed source…
What does that mean & What makes the Dcent unsafe?
Closed source means we don’t know what happens in the backend of the wallet. We don’t know how the seed phrase is generated, or if it’s safe, as the code is only known by the manufacturer. There’s no way to verify any of the company’s claims are true
Great video!
Thank you for watching!
Buying Ledger nano x from Best buy would be safe right?
I wouldn’t do it. But you’re likely okay
This is a lot more than just a _"scam"_
Yep
What's a crypto hardware wallet? A signing device.And that's where it is targeted at.When signing txn.Doesn't matter when connected to dapps etc...we're screwed altogether eventually.
Don’t connect your main cold storage wallet to dapps. Use a burner wallet.
@@cyberscrillacan u help me understand what you mean by burner wallet?
Any wallet that doesn’t have all your crypto stored on it, just one you can use to transact. Could be a hot or cold wallet.
@@cyberscrilla So if I transfer coins from cold storage to an exchange and then connect the exchange to dapps I should be good?
You can’t connect an exchange to dapps.
It’s simple. Have 1 wallet to hold all you coins (this is never connected to a dapp)
Have another wallet only for transactions with just the amount of money you need to transact. Once you’re done doing whatever, send back to your storage wallet for safe keeping.
Good job ...thank you 😊
Thanks for watching!
How does one know the firmware is malicious?
Your hardware wallet will tell you. Or if you’re not downloading it form the manufacturers website you can just assume its malicious
pls more of this Alex
More of what exactly? Or what did you like most about this video? Thanks for watching!
@cyberscrilla I mean this kind of video where you tackle scams and crypto security threats in general
What if its only available from 3rd party in my country...but the 3rd party listed on official keystone website..
Keystone lets you verify that the device and firmware are authentic, so you’re likely okay.
However, it's still best practice to avoid ordering wallets from third-party sellers.
The problem is they dont ship to my country..keystone only available on 3rd party in my country..tho the 3rd party is listed in the official keystone website...thanks for the reply!
I understand.
@@cyberscrilla unrelated to coldwallet...do you use yubico key to secure all of your digital information/media etc?
No, I use my Ledger flex, which is similar as it offers U2FA.
PROTECT YO SCRILLA......thanks fam✌️
Always! Thanks for watching man 🤜🤛
Great video
Thanks for watching!
Thanks for Tangem !
Tangem rocks!
What about dcent wallet
Likely fine when it comes to this attack.
But I don’t like DCENT in general though because it’s 100% closed source.
@@cyberscrillawhat do u mean closed source?
@@cyberscrillacan you do a video about open source and closed source hardware wallets…I don’t know the advantages and disadvantages of
Super information
Thanks for watching!
What about Trezor with Passphrase?
Trezor is good. Passphrase doesn’t help in the case of this attack. But like I said, most wallets have security features in place to prevent it-including Trezor
This guy loves saying, "Dark Skippy".
So… have you heard about dark skippy? 😆
There called gateways. Your crypto isn’t safe with cold wallets.
Source: you made it up
@@cyberscrilla Ha! Research…the ledger is completely safe. But there called Gateways, back doors. Research!!! 🧐
My guy. Ledger does not have a backdoor.
Look up the definition of a backdoor. Then go “research” how Ledger Recover works-which anyone can do considering it’s 100% open source.
If Ledger truly had a backdoor they would have gone out of business a longtime ago.
Also, your comment was directed at all cold wallets, not just Ledger, so your statement is a bit misleading.
But for real, don’t fall for the FUD. 99% of the crap online is misinformation. So if that’s what you’re consuming (without doing your own due diligence) then you’re being mislead.
Careful..
@@cyberscrilla wow, that’s a long response. Who are really trying to convince? You googled it didn’t you…😂😂😂
Exodus?
Phantom?
You’re fine. But you shouldn’t be storing crypto in a hot wallet in the first place. Huge risk
What about safepal S1 ?
Safepal is fine
@@cyberscrilla thanks
Everyone is talking about it
Technically ledger is safe due to simplicity of device?
Ledger is a secure wallet
Backdoor? Not sure which cold wallet company it was.
@@a1toppgno back door. Just don’t use those apps allowing to access you walllet directly . Use it as a wallet only like I do.
@xtophgerard1169 how do u use yours?
Ledger never had a backdoor. That was misinformation that keeps getting spread. Don’t use Ledger Recover if you don’t want and you’re good
Do I throw away my ledger Nano x? Sheesh
No way! Ledger Nano X is solid.
Scammers in these comments. Stay woke
Don’t worry. I delete/ban them. Just takes me a minute to notice them sometimes
The solution to not losing your crypto. #1 don’t own too much crypto. AKA XRP, own under 10k.
#2 keep your XRP on the xrp ledger and having the most regulated crypto exchange.
Just, no…
This is .... the worst crypto advice in the history of crypto advice.
With tangem is zero percent hack
With most wallets on the market that I can think of
love my tangem card
Fuck I’m still paper Wallets 😮
This is why GOLD
Ledger wallets suck!!
Why? Ledger has nothing to do with this attack
unpopular opinion:
i just keep everything in trust wallet in a dedicated smartphone with no app/email , equipped with antivirus and vpn 🤷♂
Yikes… not worth the risk in my opinion
Storing crypto is actually harder than anything else in this field.
The only reason why ppl are chasing crypto is because of high returns.
Apart from this crypto is actually useless
❤
❤❤❤❤❤❤❤❤❤
This why you should never allow automatic firmware updates
Mmm. Not exactly.
If you don’t trust the manufacturer, then sure.
But if you don’t trust the manufacturer, why use their wallet in the first place?
@@cyberscrilla it's not about trusting the manufacturer , their servers that send firmware updates could get exploited by a hacker who could then upload a fake firmware update if you have automatic firmware downloads then the attacker has all your funds and it wouldn't even be the wallet manufacturer's fault at that point this attack has happened with several firmware servers for several other electronic products allowing hackers to hack various computers and I believe this attack will happen to hardware wallets next
you mention AIR GAP WALLET NO GOOD IT WOULD BE GOOD IF YOU EXPLAINED WHY CHEERS
Because that’s not going to save you from this attack. It’s at the firmware level. An air gap device doesn’t protect you from downloading a malicious firmware. You need other security features in place.
Is trevor vulnerable?
Did you watch the video?
👍👍👍👍
🤜🤛
👍👍👍😁
Ledger and Trezor are crap. In fact, the absolute best cold hardware Bitcoin wallet is simply this : Take USB drive, flash latest verified TAILS on it (which automatically will include latest verified Electrum wallet), and *only* connect it to Linux pc which are connected to router via ethernet cable.
A USB drive? No thanks.
Ledger and Trezor have several security features that not only prevent a person from physically accessing your device, but also prevents various types of digital attacks.
@@cyberscrilla Ledger and Trezor had been hacked before - they're tainted and can never be trusted again. No other hardware wallet can claim to be safe, they may or may not be, only the future will tell (including open-sourced ones - who really inspects these codes ?) - I will not trust any of them with my BTC. It's not about the USB obviously, the whole drive is wiped & formatted and encrypted by TAILS, there are no other software on it, your BTC is safely in the verified Electrum Wallet inside TAILS, you boot directly into TAILS, bypassing the host pc, it connects only via TOR, and like I said - avoid wifi and only connect via ethernet. There is not a single weakness in it, there simply is no safer alternative.
Great video thank you!!
Thank you for watching!!
I don't care 😂😂I can't even access to my own cold storage
lol why not?
@cyberscrilla idk I tried to access it but kept saying connection error I don't think it's big of a deal I use ledger
@@csrtwolegends1265 So it’s an issue with Ledger Live, not your wallet or loss of seed phrase
@@cyberscrilla no not at all
@@cyberscrilla yes just ledger live
🫡👏👏👏
🤜🤛
Final DUMP ahead😫😩🦢🦢
What are you talking about
Hfsp