Funds of every Trust Wallet browser extension could have been stolen
blog.ledger.com > Creating good randomness is a daunting task - Ledger devices rely on dedicated silicon logic in our certified smartcard chips that have been the gold standard of secure industries for the past 40 years to guarantee high quality randomness and tamper resistance.
https://web.archive.org/web/20221030030843/https://cointeleg...
https://web.archive.org/web/20220901153130/https://www.coind...
https://old.reddit.com/r/ledgerwalletleak/comments/ki1nsz/re...
https://old.reddit.com/r/CryptoCurrency/comments/rts1w2/got_...
Which is why we transfer small amounts to the wasabi hot-wallet, coinjoin, and then spend. Each spend is then joined with another spend to obfuscate every purchase.
It requires careful budgeting for future purchases (as the coin-join takes time).
Trezor now has experimental support for directly coin-joining bitcoin that is stored on the cold-wallet, but I don't think anyone should trust it.
Not to be snarky, but this sounds real convenient.
Why don’t we just admit these tools are just fundamentally broken?
When your funds get low just open your hot and cold wallet apps and type in how much to transfer, wasabi takes care of the rest.
It's easier than merely logging into my bank. Or paypal (which unintentionally locked me out for over a year after a broken tos update that I couldn't accept).
People have had hot and cold wallets forever, they just call them wallets and banks. It is the same workflow, except without:
Driving, operating hours, showing ID (oops my (hot) wallet got stolen/left at home. Now I can't withdraw from my bank until that's sorted.), the horrible password requirements, barely usable websites, and spyware apps that may or may not work on rooted/libre operating systems.
It's the legacy banking system that is fundamentally broken.
>It's the legacy banking system that is fundamentally broken.
I can't think of one time funds from my checking account were wiped out because of a browser extension.
Yet many merchants are the victims of chargeback fraud, and many others have had funds frozen with no recourse. A paypal glitch left me unable to access my funds despite spending far too much time and energy trying to resolve it.
How many employees does trust wallet have? How funded are they? I am completely unsurprised that this happened to web3 trash. This is more of an indictment of the vc funded 'move fast and break things' attitude that pervades this site and 'web3' than it is of the greater cryptocurrency community.
"It's everything else that's broken, not us!" is the battle cry of crypto. You may as well cry, "wolf!"
Is it really a "cold wallet" if you can quickly transfer funds out from a smartphone app, and that process is easier than using a banking app?
Compared to what? The only realistic alternative here is mailing cash, which is arguably more inconvenient.
Why not use those gift credit cards loaded with cash if you want anonymity for less effort?
with the caveat that I dont personally use bitcoin, I still think the above description is simpler then using gift credit cards, for a couple of reasons:
- gift cards involves getting in a car and driving to a place to buy them, which introduces annoying logistical issues
- the purchases made on a single card are linked together, so you have to keep track of cards you use for x store and what cards you use for y product (this is also true with bitcoin though, which is why I prefer other more privacy-focused cryptocurrencies)
- with gift cards there is a very high chance that your funds will be rejected or flagged as suspicious. which also limits the amount you can spend to around 100-200 dollers, since any more risks having all the money you put into that card flushed down toilet
I do personally keep a couple of gift cards on hand for the rare occasion I find myself needing to pay for something online and there is no alternative vender that accepts cryptocurrency (usually event tickets or membership subscriptions), but its a pain and I much prefer paying for things with cryptocurrency.
Cryptocurrency is an unregulated and environmentally disastrous ecosystem rife with monopolistic vender lock in, fraud and abuse, and little to no accountability or legal recourse for end users. But that's also true with the credit card / debit card / other electronic payment ecosystem.
At least with cryptocurrency I get a modicum of privacy.
Not to mention that you can't do peer to peer transfers with credit cards. The recipient needs to have a merchant account.
They’re broken b/c they’re having difficulty doing something no other electronic payment even attempts to do?
They’re making up for the fact that the history of every transaction input is public, something no other payment system even attempts to do.
Because people are still HODLing their dIaMoNd HaNdS.
These data leaks are indeed very bad, but in what way do they make the actual core product and its security goals "worthless and entirely irrelevant"?
What good is all this super reliable gold-standard encryption when its provider has shown to be so incredibly careless with the exact sort of information this solution is meant to protect?
Whatever security goals they claim to pursue exist only in their marketing copy.
The point of good randomness is to keep other people from just directly draining your funds by breaking your key. That has nothing to do with any data held by Ledger, since they never see your key.
The data leaks don't affect that, though they're still a serious problem since they exposed customers to different sorts of attacks.
Properly operating/securing a web shop and developing a secure embedded device are two pretty different skill sets, and I'm quite impressed with the quality of their security team's research concerning the latter.
Of course they should be doing both, but there's an easy, pragmatic workaround until then: You can just buy their devices on Amazon. (This does somewhat increase the chance of supply chain attacks, but that's always present, and I believe Ledger devices support hardware attestation in addition to tamper protection.)
Wait, that's neither worthless nor irrelevant. You can't take all my money using my personal and purchase data.
They sell security, whilst habitually neglecting to secure their shit. Who knows what it'll be that's compromised next.
For being offline wallets, their products sure do come with many connectivity options and live/online service integrations.
Ultimately the point of a hardware wallet is to connect it to a blockchain somehow, without losing security.
I’m not sure why there is such fascination with this tech when it’s complex to understand and implement, prone to break in a thousand different ways, and has an ecosystem which is absolutely crammed with bad actors. This requires a deep understanding of cryptography to even understand if you’re safe. Why do people take the risk? Is it because they like to feel smart?
Crypto has a one-two punch that causes it to really stick tight in some minds: it's a get-rich-quick scheme (and those have a long history of bypassing the rational parts of the brain), together with ideological appeal: it feels like you're striking a blow against the Man (even though in practice all crypto goes through a small number of centralized actors that the Man can shut down any time he likes).
> Is it because they like to feel smart?
I believe that that's actually a big part of it. Many people have a desire to be (or at least feel) smarter than the average, to be ahead of the curve.
Cryptocurrencies, and its marketers, sit in a particularly effective sweet spot of finance- and technobabble (with a sprinkle of defiance of authorities and the status quo on top), catering to that desire.
Do you have a deep understanding of how the stock market works?
In the stock market there is a long history of regulatory protection of unsophisticated investors, starting with the Securities Act of 1933 and Securities and Exchange Act of 1934. The whole point of these acts is to protect unsophisticated investors so they can invest in the stock market without fully understanding the details of how it works.
Given that another large bank just failed, you could have picked a better day to say that.
I understand that anything I buy is backed by ownership in an institution, that there are onerous regulatory and reporting requirements, centralized institutions managing it, ample liquidity if I want to get out at any point at that people get sent to prison if they try to manipulate it…
Is that a no?
You are asking the wrong question.
"Do you have a sufficient understanding of stock markets?"
For most people that's a "yes". They know what stocks are, what they represent, who the big players are to buy stocks on your behalf, and can be assured that the money is going to get to the right place.
This is just not the case for crypto (yet), not remotely. Tons of tech people hardly know how these things work.
> You are asking the wrong question.
I'm responding to the way the op phrased their initial statements. They implied that just because they did not have a deep understanding of something, it must be bad.
Crypto is something for them that they don't understand, just like the stock market is something that many people also don't understand.
Having known the space since 2011, I’d say there are different reasons for different types of investors who came at different waves.
- super early stage: curiosity + belief this could replace money as we know it
- early stage: speculation + elements of previous wave
- 2017-onwards: a mix of speculation++, a lot of ignorance, and the mass wanting to be “a part” of a technological future they often feel left out from + the quasi constant FOMO many experience when realizing they could have invested in FB, AMZN, APPL but didn’t. And many disingenuous (or delusional) crypto evangelists manipulating that FOMO and convincing people this is the next big financial movement of the century.
More than anything else, this is why I stay out of crypto: It shifts your trust from public institutions and the rule of law, to your own understanding of the security of the algorithms that implement the system (since there is often no public backup). And I don't trust myself to be able to identify such deep vulnerabilities.
Why anyone would hold any significant amount in a chrome extension is beyond my understanding. Even if you’re using Metamask, use it in hybrid mode with a Ledger.
Because it is used by people, not cybersecurity experts. From the vendor's website[0]:
> Our position is simple: Your wallet. Your keys. Your crypto. Built-in private key encryption and a password-protected login means you’re always in complete control.
An average person that reads this wouldn't think about needing to add more protections.
Still, it's disappointing how (understandably) inept the average person is at reasoning where they should and shouldn't be placing trust in tech. It's also disappointing to be involved worth the tech industry, broadly speaking, and frequently witness shit shows of security incompetence and outright charlatanism. We can all do better, right? How we do that is definitely a question.
The base level of knowledge for computing is poor because computing is new in history.
How do I know what you personally trust is trustworthy? Some people use Protonmail trying to avoid lawful prosecution, thinking they're protected, and they will tell you they know what they're doing. A lot of the time there is too much noise for the common human to make an informed decision.
There is absolutely nothing preventing a developer using a crap RNG in some other wallet...and indeed it's happened several times over the years on various platforms.
It does sound like wasm makes the misstep somewhat easier in that it doesn't try to provide an RNG sufficient for cryptographic usage, but that also applies to quite a few other development platforms.
Because the secure options are less convenient. I mean a yubikey is less convenient because it's another physical device you shouldn't forget to put in your device and take out / with you at all times, etc.
This is the fundamental issue with the supposed "trustlessness" of crypto. Unless you are interacting directly with the protocol layer (which is like 0.0001% of users), you actually have to trust a lot of people and software.
And the whole system has been built on anonymity because it is "trustless," so it can never work in its present form. Sure, there is someone, or multiple people, at Wells Fargo who can move your money. But they will never be anonymous, and all of their actions are logged and tracked, and we have laws on the books requiring banks to be liable for such fraud and return the money to the customer. And failing that, if the whole bank goes down from the fraud, your money is FDIC insured, and the government will make you whole. Whereas in crypto, if someone gets your private key, you are instantly and irrevocably fucked. Crypto can never be anything more than a gambling tool unless it drops this "trustless" myth.
First, the trustlessness in crypto, it is just a nice keyword. You trust the protocol and the protocol trust depends on specific nodes (e.g. miners). Would you trust more these actors that hundreds of well known companies using a BFT protocol? Or a mix of both groups?
Second, key(s) custody is paramount beyond the blockchain technology used. And... this was very basic: "Seed generation of Trust Wallet was flawed, the total entropy was only 32 bits. We have created a file containing all possible seeds."
Yeah, in fact for me the trust in a banking system (or anything else that keeps my money) is not in being in control, but in knowing that if things go wrong (regardless of whether it's someone else's fault or my own) I can complain and have a more or less realistic expectation to get my money back. For example, my main credit card was used fraudulently a couple of times, through no fault of my own (AFAIK), but the bank rolled back the charges, cancelled the card and issued a new one. This makes me trust using the card.
In the last few years, at least in my country, many banks seem to be transitioning from "patchy security, but take responsibility" to "better security, but blame the client". I.e., they add lots of mandatory over-the-top 2FA, etc. but if a client complains of a transfer they didn't make, surely it's the client's fault, because security is really good. This makes me trust such banks much less. Firstly, because even being a tech-savvy user that doesn't typically fall for scams, etc., nobody is perfect and I don't think anyone is 100% free of making a security blunder in a moment of being sleep deprived, ill, drunk, etc. And secondly, because what if they get hacked somehow and they make me responsible? No, I very much prefer worse security but listening to clients.
Similarly, in crypto, "your keys, your coins" doesn't give me trust. What if I lose my keys somehow? In the bank, they know who I am, as long as I have a means of ID I can get my money. And as you mention, even if the bank fails, the government has my back.
For all these reasons, while I do hold some crypto, I'd never keep a significant portion of my assets in that form.
Hah this happened to Debian a few years ago. Someone fixed a compiler warning and limited the entropy range for secret keys.
AMD also had a pretty bad bug: https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd...
Thank god, now the scam emails i've been getting about this exact scenario every day for months are finally true!
I always change a few words in the seed phase manually. To protect against this exact type of attack.
I was writing about this exact problem of bad RNGs in web cryptocurrency wallets a ~decade ago. It is profoundly depressing that so little has changed:
https://medium.com/mike-hearn/type-safety-and-rngs-40e3ec71a...
Browsers have a number of problems that make it difficult to build wallets, but I’m not going to try and convince you to stop making them here. Suffice it to say there are alternatives for writing cross platform wallets you could consider.
Browsers just aren't intended for doing things that require the generation and safe storage of private keys. The developers don't care about these use cases. Like with so many others, if you want to do it properly you have to go outside the browser.
Back when I was involved with the cryptocurrency world (pre-2016) I kept hitting this general reluctance to just write normal desktop apps, and whenever I advised people to do it for security or stability reasons they'd insist on writing something browser/JS based instead. I did write desktop based wallets, but was considered old fashioned for doing so (at the ripe age of 35). Way too frequently people would end up losing all their money to dumb and entirely predictable hacks as a consequence of using a web-based wallet, or even just lose because of sites going offline. Browsers improved a bit since but as this episode shows, they still aren't intended for it.
Part of why people wanted to write js was that it is easy to distribute the results. They optimized for developer convenience over security. Chrome offers a portability layer and keeps extensions up to date for you. Years passed and I saw the same problem crop up in other contexts too: the right approach was to write a desktop app, people tried to hack Chrome into compliance instead so they could let it handle distribution, it didn't work, and that sometimes led to disaster for their users.
These days I have a company that tries to solve this problem. We make Conveyor [1], which has the goal of making desktop app distribution as easy as for a web app. And it mostly succeeds: it can cross-build/package apps for every platform, and on Win/macOS it can provide update-on-start so you can iterate as quickly as with a web app. You pick your preferred portability layer (flutter, jvm, electron, something rusty etc) and can choose between more battle tested frameworks or more experimental frameworks depending on your appetite for risk. Whatever you pick, the distribution experience is the same. You don't have to compromise on UX either. Frameworks like Compose for Desktop, Flutter, heck even JavaFX give you nice solid 60fps animations and can be made to look good easily. You can store private keys in the user's secure keystores. If your site goes down it's not an emergency, your app still works, only updates stop until you're back online. Even if your certificates expire your app will still work!
I hope that people will take this stuff more seriously in future. It's got a lot easier to distribute apps without relying on browsers or stores over time. Browser developers do a good job but are ultimately constrained by the web's origins. It's not just cryptocurrency wallets that can benefit from escaping the browser either! Quite a lot of security bugs can be eliminated when you leave the browser. For example you can write apps that are immune by design to XSS, XSRF, SQL injection, phishing and other common bug classes.
At some point I should probably write these thoughts down in a more modern blog post.
> Browsers just aren't intended for doing things that require the generation and safe storage of private keys.
This sounds like webcrypto and it’s interface which is designed to make some data unexportable.
Last time I used WebCrypto the implementation in Safari was buggy in subtle ways. It was possible to work around it. I filed bugs against Apple so maybe it's fixed now.
These days you can argue that a browser is intended to do anything, as there seems to be no scope limit to what goes into HTML5. But it's not what they're really about. Why did this exploit occur, well, WebCrypto apparently isn't directly exposed to WASM as C/C++ APIs even though that seems like an obvious thing to do. Or an even more obvious possibility: expose it as a subset of some existing API like POSIX. But WASM is api-lite, so everything beyond pure computation requires invoking JS and that's not how any existing C++ is written.
Eventually people will blast through this stuff. But, it was worked out in other platforms in the 80s and early 90s.
> Last time I used WebCrypto the implementation in Safari was buggy in subtle ways.
Oh hell yes. I used maintain webcrypto code for a different job and yes Safari was broken forever. I don't have the codebase anymore (I sold the company in 2020) but we disabled keypair crypto features in Safari and told people to use a different browser. I believe it's since been fixed.
Congrats on selling the company!
This is very interesting and I agree about all the upsides of desktop apps. However, in web3, people’s blockchain credentials could be used to interact with many different websites. This seems hard to reproduce with desktop-based apps, right?
I imagine this should be possible with a very small connector addon that calls out to a secure wallet running on the desktop as a native application.
This requires some careful consideration to prevent phishing and other nastiness, but a native application could use native window prompts and techniques such as Windows Hello/TouchID as an authentication technique that's hard to spoof.
The complexity and risks are still there but you can hide away the important secrets much better with a native application than a browser extension ever could. It would also allow access to better sources of randomness and all kinds of sandboxing and exploit protection that aren't available with WASM.
Crypto wallets also have access to the secure enclave via webauthn. I develop a new wallet (Portal) which will have webauthn but I know Glow uses Windows Hello right now.
Yes, but WebAuthN can't be used for arbitrary signatures (which would be required to support various cryptocurrencies/blockchains), nor can it be used to decrypt data or derive keys, which would allow using it as an unlocking key for some hybrid solution.
I'm happy to be proven wrong if you've found a way around these fundamental constraints!
Interesting! Does the WebAuthn API provide enough of a cryptographic basis to fulfill the needs of cryptocurrency wallets?
I know it works through public/private key sharing but I wasn't aware that it provides such direct primitives.
It doesn't, at least not for generic/unmodified cryptographic applications.
WebAuthN signatures are of a very specific challenge/response format [1] that applications need to explicitly support. For example, SSH had to add new key and signature formats [2] to support it.
Theoretically, a blockchain/cryptocurrency application could adopt the WebAuthN signature format as its canonical or an alternative signature format, but I'm not aware of any popular one having done so.
[1] https://developers.yubico.com/WebAuthn/Concepts/Using_WebAut...
[2] https://github.com/openssh/openssh-portable/blob/master/PROT...
Thank you for explaining!
NEAR Protocol is interesting in this regard. Wallet users opt-in to create separate key pairs for each application. Key pairs are limited to specific contract addresses, function calls and gas limitations.
The traditional Web3 model is too open to abuse. It is as if they took the old "allow this Java applet outside of the sandbox? y/n " dialog and added banking.
Browser makers don't seem to really want people interacting with non-web stuff from the web, or extending web capabilities with desktop apps, as that reduces your dependence on them. Still, there are some ways to do it. Firstly, the much more common need is to log in to SSO services, not act as an auth provider. OAuth is kind of messy but can be done and Conveyor makes it easy to register URL handlers, there's a demo of how to package the GitHub Desktop electron app here [1] which uses "Sign in with GitHub". One feature we've considered adding is doing "Sign in with ..." for you, so you don't need to use OAuth libs, your app starts and there's a logged in token in an env var already.
To extend the web from a desktop app there are a few ways to do it. Chrome extensions offer native messaging [2]. By pairing a desktop app with an extension you can have the minimal logic needed in the extension to bridge between your app and the page. But you have to get the user to install the extension manually, as Chrome will try to block apps doing it for you.
Another way for credentials specifically is to use SSL client certificates. They were designed specifically to let you log in to services with cryptographic keys. There's a discussion of the extinct <keygen> tag running elsewhere on HN right now. The app can generate a client certificate, get it signed by some authority, and install it into the user's key store. Now browsers should use it automatically when challenged by a server (except maybe Firefox?). You have to pay attention to how it's used to avoid bad browser UX, e.g. you'd have to use an XMLHttpRequest to ensure you control error handling if the cert is missing. But this is one way to make phishing harder, for example (there is no password for the user to type in).
Another way is to use loopback connections, but that's not ideal.
Ultimately, yes, the web is controlled by the Chrome team and they want you to only write Chrome apps. If you name your project "web3" you have to accept that it's kind of meaningless because you're not Chrome so your views and ideas don't matter, in the end. That's why it never made sense to me and I didn't work on it. In the early days it made a bit more sense because the Ethereum guys tried to make a custom browser called Mist using Electron, but they gave up and did a talk/blog post on why they burned out on it [3].
In the end I concluded the web just isn't a good proving ground for experimental or new ideas.
[1] https://hydraulic.software/blog/8-packaging-electron-apps.ht...
[2] https://developer.chrome.com/docs/extensions/mv3/nativeMessa...
Thanks, very interesting.
> That probably means this vulnerability exists in some other wallet implementations which is concerning…
This song is almost as old as Bitcoin itself.
2013: https://bitcoin.org/en/alert/2013-08-11-android
All that trust I have to put in the non-crypto financial system doesn't seem too bad when you realize that the trust picture isn't all that different in the crypto world.
Do you trust that the exchange won't steal your money?
Do you trust that the software developers haven't intentionally or accidentally left any holes in the software you use to manage your money, or the smart contracts you interact with?
Do you trust the vendor you're buying from to not steal your money? If you're thinking "escrow services", do you trust the escrow service to not steal your money?
Do you trust in all that, and more, sufficiently to operate in a system where there is no way to undo erroneous or malicious transactions? Except for like when ETH rolled back the chain after the DAO incident...you know, going contrary to the immutable ledger concept this whole mess is built on...what you might even say is the most essential trust in crypto.
I'm just going to cherrypick one point here: the crypto version of escrow services can't steal your funds. The idea is to use 2-of-3 signatures, in some kind of smart contract (even a really basic one that Bitcoin can support). If buyer and seller sign the transaction, the escrow service never sees it. If buyer and seller disagree, then the escrow service decides whether buyer or seller gets the money. The escrow service never holds the money, the contract does that.
Why is in something so new (WASM), a such bad random generator?
Because if you read the article, you would have been informed that through WASM they did not have access to existing PRNG (e.g. /dev/urandom), and had to roll a mersenne twister. Which should not be used.
It is about implementation, not about WASM
Yes, that's my point. WASM is new. So why does it not just have strong cryptographic functions from the very beginning? Strong random generators are super important today. Why don't they just demand strong crypto functions in every implementation? I mean, this calls just for endless troubles, if you don't can trust a random generator in WASM (depending on the implementation).
WASM is a "pure" VM/execution environment without any standard system calls or library functions. Given that, you'll need to provide your own seed and your own cryptographically-secure PRNG implementation.
Trust Wallet seems to have botched the latter [1] (in fact, it looks to me like they aren't even understanding the implications of that decision based on the PR description [2]). How is that WASMs fault?
[1] https://github.com/trustwallet/wallet-core/pull/2240
[2] They say that their choice of using the Mersenne Twister is "inspired by emscripten", which does no such thing.
This means that WASM is a garbage tool for this purpose and they should have gone a different route.
No, you seem to be misunderstanding what WASM is and isn't. WASM is the specification of a bytecode format (i.e. something like a virtual ISA) and the corresponding execution environment.
It's perfectly possible to implement a secure PRNG in WASM and supply entropy/a seed as a parameter to that, and this is exactly what emscripten does. Trust just happened to provide a non-secure PRNG in their implementation (and ironically quotes emscripten's PR while doing the opposite).
They reimplemented low-level crypto primitives in an insecure way, and quite possibly without even realizing that they were doing so, and their users are paying the price. No language or framework can protect developers from that.
WASM in the browsers doesn't seem to have the full force of support from the browser vendors.
How so? WASM is supported in every non-deprecated browser: https://caniuse.com/wasm
Also, this was an implementation bug, not a WASM bug. WASM specifies an execution environment; what developers do in it is entirely up to them (and the vendors of the libraries they use).
Couldn't they have used CryptMT [0] instead of MT19937 (or whatever mersenne twister implementation they had)? Saying mersenne twister should not be used is a bit misleading as it all depends on the specific implementations and needs of the application.
Anyhow, they could still have used webcrypto through WASM or even through JavaScript (as they can send the data back). This is really not a problem with WASM but moreso with the stupid implementation of this wallet.
edit: According to this PR they were indeed using std::mt19937 [1]. In fact I would go further ahead and say this is a general issue of C++ itself which just does not provide good PRNGs in the stdlib at all, with multiple ways of achieving different (but similarly broken) PRNG results.
Ironically, they probably even did that (depending on their implementation of std::random_device).
The problem is what they did with that random seed once they had retrieved it (i.e. seed a non-cryptographic Mersenne Twister with only 32 bits of it).
That sounds incorrect, though WASM you have access to webcrypto getrandombytes which is native OS randomness.
Yes, but that wasn't even the problem.
Trust Wallet needlessly wrapped `std::random_device` (which might or might not be cryptographically secure by itself, depending on how it's implemented in whatever WASM-generating stack they use) in an instance of `std::mt19937` (which is definitely insecure, whether seeded cryptographically or not, due to being seeded with only 32 bits of entropy in their implementation; but even seeded properly, a Mersenne Twister would eventually leak internal state).
The Sales Pitch: "Crypto is going to take over everything, it's so secure."
The implementation: "Whoops there's something we did wrong on the way."
Imagine using a browser extension other than uBlock Origin. Now imagine using one as a crypto wallet. That's the height of stupidity.
Is it stealing, when „code is law“?
Depends on who you ask. This debate is why Ethereum (ETH) and Ethereum Classic (ETC) split. The hack against the DAO was either illegal or legal.
imagine using a chrome browser extension to do anything involving money/finances
not strictly any worse than e-banking or storing your bank details in 1password (with the exception of deposit insurance)
Not really, because bank transfers are often revocable, and hopefully also use more than just one authentication factor.
At some point there won't be any more suckers left. That's when crypto will really collapse.
The flaw here was in a dependency introduced by targeting WASM, and could apply to any project of any kind relying on random number generation for a cryptographic purpose. It is not a "crypto-currency" specific problem.
The flaw was not in a dependency but Trust Wallet's first party code [1]. They decided that Mersenne Twister would be sufficient for generating cryptographically random data and specifically called it "secure" [2]. Very unfortunate.
[1] https://github.com/trustwallet/wallet-core/blob/3.1.0/wasm/s... [2] https://github.com/trustwallet/wallet-core/pull/2240
Yes, a terrible decision - but still a decision left up to any developer in a similar position - which, with the trend to WASMify things may well happen again in other projects, until it's better addressed at the source.
Honestly, it's so bad it makes me wonder if a bad actor could have had influence over such a decision in this case. Reports of Trust Wallet accounts being randomly pilfered without some plausible other cause might go some way to figuring that out.
This makes no sense. What source should it be addressed?
This is an issue of standard libraries, whereas WASM is a specification of an execution environment. WASM doesn't have a standard library, since it doesn't even have a canonical source language!
It's like demanding that x86 or aarch64 offer better Unicode or SVG support.
Developers should never end up in a situation where they feel the best cryptography solution is to "roll their own". That's likely what happened here. And the situation needs to change. It doesn't matter where in the stack that change is affected.
So you're saying all languages (and in fact ISAs, because that really describes WASM more accurately!) need to come with a static analyzer that detects and prevents any attempts of implementing low-level cryptography rather than calling out to a high-quality library? Because that's what happened here.
What we can do is provide well-tested and ergonomic high-level cryptographic libraries; I don't see how we can enforce their use.
Well if you know of a simple way to target - reliably - a high-quality crypto lib that can access any underlying OS entropy source to generate a decently random number, with WASM, please inform us of it here; it'd be great to know.
Though admittedly, it seemed terrible if there wasn't, so I would be happy if the post can be proven deficient. I'd have ordinarily assumed many options available in the .js ecosystem, instead accepting it's a WASM OS-access issue.
It sort of is because cryptocurrency inherently makes the stakes so high (all your money). Currently software development is more an art than a science, and even very competent people make mistakes or have unforeseen problems/behavior in their programs
You don't think that your bank would get your money back if this happened to them?
Which bank? SVB? FRB?
You raise an important point though: crypto is not for the faint-hearted. "Be your own bank" has exactly that much responsibility attached. Many don't fully appreciate that.
Find a depositor that lost money from either bank.
Sure, but major banks failing one after the other might not exactly promote confidence in ones bank deposits.
You're working really hard in this discussion. Why?
Baha! What? It's a topic I'm interested in, like everything I comment on. I'm not sure how that's "working really hard". Interests I choose to engage in are a joy and relaxation.
Is it not that way for you?
I don't know...multi-level marketing still seems alive and kicking.
... as are casinos.
I don't think it will collapse. It has found product-market fit: mostly gambling, some money laundering and crime, and some legitimate use for international wires and payments under oppressive political conditions (this last part is the smallest amount by volume).
There will occasionally be attempts to pump some new use case (e.g. NFTs), but these are just casino advertising. They'll draw in some new suckers/players and the cycle will repeat.
The maximalist cult will continue to exist as well, patiently awaiting the coming of the space brothers in the form of a massive economic collapse causing Bitcoin to "moon" and become the new global reserve currency. This is identical to the goldbug cult of previous generations and involves many of the same types of people. Apocalyptic cults can exist for a long, long time and failed prophecies do not deter true believers.
https://xkcd.com/1053/ but instead it's the unlucky 10k per day learning about a scam the hard way
Even MMM Global seems to be operating still http://www.mmmglobal.in/
if we made international headlines for every phishing attack, you would feel the same about the tech sector or tangentially "computing" at all.
this was the case in the 90s pretty often.
now we choose to highlight properly run organizations and advances, while largely ignoring the rest. new problems presented by home computing and electronic funds transfer didnt go away.
its more likely the same will happen with crypto assets and industry. when I look at mainstream news like Bloomberg, thats what I see already.
That kind of argument can be applied to any value-based systems. s/crypto/ with /banks/, /religion/, /houses/.
The real question is how big the risk is relative to inflation, central banks collapses, bank runs and all other types of institutional risks.
That kind of argument can be applied to any value-based systems. s/crypto/ with /banks/, /religion/, /houses/.
No. False equivalence.
The other examples have a long history of applications that add value to people's lives (as well as disbenefits depending on your viewpoint and ideology).
Crypto-currency has never yet demonstrated any significant value to normal people, though plenty of the latter.
I believe that is wrong. If you keep your money as cash or in a bank deposit then you lose several percents every year because Western governments maintain a certain inflation rate. But inflation is basically stealing from everyone who has cash or bank deposits. You had 100 dollars and next year they become equivalent to 98 dollars.
Cryptocurrency is different. No government is able to steal your Bitcoins by printing some more colored paper.
Yes today there are issues with volatility, but conceptually cryptocurrency is better than fiat money for the reason written above.
But if you like getting robbed every year then of course continue using fiat money.
Do you really think inflation is the government's way of stealing from the population?
It's rate is not arbitrary, it is maintained at specific level, as they say, for better economy development. But it is unclear whether you will win from that or somebody else, what is certain that you lose money every year because of this. You had 100 dollars and year later they are only worth 98 dollars. What is it if not stealing?
Those 100 are worth less, not because it was stolen, but because it was devalued / diluted through minting of more magic beans.
Not all loss is theft.
So, by printing money the government takes money from citizens' pockets. Cryptocurrency is protected from this by design.
No, by printing money, the government dilutes/devalues the money they already have. You still have 100 dollars. Theft would be that you have 98 dollars.
Converting dollars into something that isn't dollars, which doesn't get you as much of that something, is a different concept. It is the value of the dollar is lower.
> Cryptocurrency is protected from this by design.
Not really.
Today, bitcoin dilutes holders through inflation tied to securing the network. Eventually, that inflation will end, but not in some of our lifetimes. Ethereum was inflationary but is now deflationary thanks to burning of transaction fees and the switch to PoS. The tokenomics of all chains can be changed over time, even bitcoin. It requires a fork of the chain that everyone follows. When inflation for bitcoin ends, I could envision miners agreeing on a fork that better protects their interests.
> No, by printing money, the government dilutes/devalues the money they already have. You still have 100 dollars. Theft would be that you have 98 dollars.
No, I cannot agree with you. If I had 100 dollars and then the government devalued them so that they are worth 98 old dollars then how is it different from taking 2 dollars out of my pocket? It is the same thing just called the other name. Of course, the government won't use words like "take out of the pocket" or "rob", they have scientific names for that like "monetary policy".
What is “worth 98 old dollars”?
What you’re complaining about is the price of 12 eggs going up by $2.
It isn’t that you now have $98. It is that eggs are more expensive.
Of course the solution to that, is to print more eggs.
Part of the reason why inflation rarely goes down.
Let's put the eggs aside. The government determines an inflation target and tries to control the inflation (e.g. by changing interest rates, buying or selling securities etc). So why not set the target to 0%?
For example, this site [1] states that in recent years the inflation in Japan was about 0% on average. This proves that it is possible to keep inflation around zero. Maybe it is because Japanese government unlike Western ones has respect for hard-earned money of its citizens. It seems that Japanese government doesn't put its hands into citizens' pockets.
I have also read this article [2] but it offers no explanation for outstanding stability of Japanese economy.
[1] https://www.worlddata.info/asia/japan/inflation-rates.php
As opposed to having 100% stolen by poor security - the subject of this discussion - or fraudulent exchanges, or heavily pump-and-dumped new coins, or... the list goes on.
So maybe instead of outlawing exchanges we should have more legitimate exchanges? Also could you please describe a better way to protect your savings from printing money by governments?
What are you talking about. Bitcoins has been working as a digital value exchange system for 10 years, and has a market cap of 539B USD right now.
Maybe you have a point with religion, but housing and banking are a necessary evil for everyone, regardless of their views on the market. I've contributed to the price of housing by virtue of existing and bidding it up in my city. That doesn't mean I'm buying a house to make money.
This could also apply to other financial instruments. At the core decentralization is about power. Crypto as we know it now could fail but the core tener is about new ways of power in the financial world.
From the technological level is also about the freedom to experiment with finances where regulations don't enable to. Even if it is at a sandbox level.
I feel exactly the opposite-
“At some point there won't be any more suckers left. That's when banking will really collapse.”
The news every day sends the message more urgently that a global hard money that can never be debased by money printing and that is free from the whims of governments and dictators is sorely needed.
> debased by money printing
Why is this a bad thing?
This is repeated by the crypto people as some kind of root of all evil, and it puzzles me.
I see monetary policy - including the ability of devaluing a currency - as a powerful tool central banks have to keep the economy working.
I fail to see how "hard money", which normally comes peppered with some vague desire for a deflationary economy as desirable. In my view this would very quickly turn into an intolerable distopia.
Central banks aren’t needed to keep the economy running, you really just need some areas of law (contract, commercial, etc) and an effective court system for that. The economy ran on its own prior to the Federal Reserve being created in 1913.
Central banks may be useful in preventing banking crises every ~20yrs as happened back in the 1700s and 1800s. But even that’s not a certainty since the two most severe banking crises in history - the Great Depression and Global/Great Financial Crisis - happened under the watch of central banks. Some even argue the latter occurred because of the central bank keeping interest rates too low too long.
One benefit of central banks is to depoliticize monetary policy by moving it away from the Executive Branch, and giving it a consistent, Congressional mandate that it must prioritize in its policy and operations - low inflation and high employment. That’s probably one of the few indisputable advantages they have.
As for whether inflationary or deflationary money is better, I don’t know. Both have their pros and cons. The more I go down rabbit hole on each of these, the less decisive I am about it. But this website makes a comprehensive case for deflationary money, fwiw: https://wtfhappenedin1971.com/
> this website makes a comprehensive case for deflationary money
After the switch to burn a portion of funds on every transaction as well as the switch from proof of work, to proof of stake, Ethereum is now deflationary [0].
Say what you will about the cryptocurrency experiment, it will be fascinating to watch the effect of this over time.
https://fred.stlouisfed.org/series/BOGMBASE
Does this seem normal to you? Imagine you are a patient and you took data like this to your doctor. Would he say you are healthy after having such a gradual rise all your life and then complete chaos?
If things have been going great the past few years I’d say maybe it doesn’t matter, but things don’t seem to be going great for anyone except the wealthy (those by nature closest to the money printer).
https://www.aspeninstitute.org/blog-posts/charts-that-explai...
>Since 2007, wealth has declined for all but the top 20%.
Oddly (or not oddly) enough that’s when the monetary base graph starts skyrocketing.
> Does this seem normal to you?
Yes. Currency is a mean of exchange, nothing more.
Economy is essentially how to satisfy the needs of its participants with the limited resources available. For the graph that you linked in a somewhat alarmist fashion to make sense, you need to compare it with a plethora of other information for it to make sense.
What is the productivity of people and corporations? What are the level of imports and exports? What is the cost of living? How much in taxes did the government earn? How adequate are the expenses in infrastructure? What is the level of debt held by the public and private sectors? Is that debt sustainable?
All those are just questions that I haphazardly put together while writing this reply, and they all tell other facets about the state of the economy that the money supply won't tell you.
>>Since 2007, wealth has declined for all but the top 20%.
>Oddly (or not oddly) enough that’s when the monetary base graph starts skyrocketing.
A deflationary economy would massively widen wealth inequality, as it heavily favors capital holders (as money itself gets more expensive over time).
A lot other things happened after 2007 that helped increase wealth inequality. I see the "skyrocketing" money supply as a side-effect of those things.
Correlation does not mean causation.
Wealthy people don't own money, they own assets. And they're usually in debt. Inflationary currency massively benefits wealthy people. Inflation is a transfer of buying power from poor people to rich people. That's the function of inflation. That's exactly the mechanism by which it makes poor people work harder, and makes the economy "grow".
Inflation makes people work harder, but it's not the right thing to do, and not good for the economy in the long term. Economy is not just the GDP; it's also happiness, freedom and mental health.
All productivity increases in the economy should belong to the people who are working and saving their money. They made the decision to limit their consumption and wait for cheaper products.
Inflationary currency is very unethical, and will result in total centralization of wealth when productivity keeps increasing.
Bitcoin will be the poor man's inflation hedge. Eventually others will wake up- see bhutan quietly mining it, and even family and private wealth offices (traditionally very conservative investors) are buying it.
Bitcoin is a complete failure as a currency. Your argument, not mine.
For all the talk and posture of it being a return to "hard money", all it is used for is as another investment tool for the wealthy.
And that is me giving it the benefit of doubt.
> imagine you are a patient and you took data like this to your doctor
As someone who knows a doctor or two in the Bay Area, where it's apparently common for self-diagnosed charts to be texted in panic by clueless patients at 2AM, this analogy is apt.
Would you be annoyed if you owned shares of a company and the company prints new shares to dilute the value of your holdings?
Why would I?
Either the company's board and leadership are trustworthy (i.e. are acting in the best interest of all, not just majority or voting, shareholders), in which case they'll have carefully weighed the cost (dilution) and benefits (additional capital) of issuing new shares.
Or they aren't – in which case dilution is one of many problems and it's questionable why I'd want to continue owning shares in that company.
You’ve just connected the hypothetical question to the current behavior in play on the global scale. USD is still technically the worlds reserve currency, meant to be the base unit of all petroleum transactions. Countries have been motivated to keep USD on hand for decades for that reason.
In 2009 and 2021, the USD’s “board and leadership” has shown it’s willing to massively inflate its existing liabilities to help it solve its severe problems.
It’s very questionable why any country with large trade surpluses would want to hold US treasuries at this point. That’s precisely why China has brokered energy deals denominated in RMB, and BRICS is exploring a basket of their currencies to act as a new reserve.
> It’s very questionable why any country with large trade surpluses would want to hold US treasuries at this point.
Fair point – then maybe they shouldn't!
But I'm not a large country; I need to pay for rent and food in USD, and my highest priority for the USD accordingly is short and medium term price stability for those two things. For long-term savings, there's other assets.
If the USD continues falling short on short term price stability as well, I agree that that would be a major problem.
Shares in a company is not currency. It's not supposed to be used as currency. It is not a means of exchange.
And companies sometimes dilute the value of shares. It's part of the risk in investing in a company.
I wouldn't even say sometimes dilute shares - isn't this pretty much what happens every single time there is a new round of investing?
On the other hand, companies can use buybacks for the exact opposite effect.
Because you probably live in a nice country without hyperinflation.
Oh, I come from a poor country that had its hyperinflation issues.
Hyperinflation is bad, but there are ways to solve it.
Deflation is potentially worse.
Money is fundamentally community based. It is based on exchange with your neighbors and colleagues and peers and anyone you do business with. You’re not getting away from the entity representing that community from exerting some control over it.
Precious materials like gold are probably the best you can get as the material itself has some value.
Why do precious metals have value?
They're relatively useless for other purposes. Eg, gold is rare, heavy and malleable. In situations where you need those qualities other options exist, like lead. It has the advantage of not oxidizing, so it makes for great jewelry.
But all of that is extremely contextual. If it turns out there's a huge reserve of it somewhere, it will crash in value. Or if things crash badly enough there may be other things to worry about. Eg, a community that desperately needs water is probably more interested in pipes than gold.
Gold is far from useless - I’ll wager whatever hardware you typed that comment on is made up in small part with gold.
Only a tiny amount of gold is used in electronics. Also, this doesn't explain why people were greedy for gold thousands years before.
>Only a tiny amount of gold is used in electronics.
That's what interesting - only a tiny amount of gold is needed. This wouldn't work with lead.
>this doesn't explain why people were greedy for gold thousands years before.
You're asking me to do this research?
They (i.e. materials like gold/silver) have inherent value as being relatively difficult to obtain without significant work and being useful in creating valuable objects.
Because of those properties they become a store of value (representing the work and rarity) which then makes them a useful proxy for trading that value, which increases their rarity/value by taking it out of circulation when used as a store of value.
Still, it should be said the vast majority of the value of gold is contextual. Just like aluminum before we perfected ability to make it cheaply.
Can we conclude that gold is similar to cryptocurrency because of this?
As a store of work, sure,
The difference being the currency in this case has no inherent value to fall back upon.
Why do precious metals have inherent value?
Because the community believes their value will outlast the currency system. People have believed the same thing about tulips, peppercorn, wine, and buildings (or rather, land).
Well there’s residual value in metals as you can build stuff with it. Agree that the vast majority of the value of precious metals is contextual, but I guess you can appeal to human’s love of shiny stuff plus history, beyond just community context.
Land is still very valuable today, especially if it is a land in the center of a city.
A metal such as gold has both intrinsic and extrinsic value from the time of antiquity to modern day.
For one, gold, enables the electronic device you used to post your comment.
Then why did it have value before semiconductor manufacturing?
Jewelry and it doesn't rust or erode.
They are precious
But for that, general population to be able (and willing!) to manage secret keys properly is sorely needed.
Yes, handling private keys is very inconvenient. I also can’t imagine my mother (although rather tech-savy for her age) handling all her financials with crypto wallets.
However, one of the next Ethereum upgrades (ERC-4337) will make it possible to safely recover wallets without a key seed phrase. Its implications seems to be huge but I am not deep enough into it to explain how exactly it is going to work. Perhaps somebody more competent than me can elaborate on that.
You can't eat your cake and have it too: Either you are the only party controlling access to your accounts – which then necessarily includes the possibility of losing everything – or you don't, in which case somebody else does.
This isn't a tradeoff unique to cryptocurrencies: Cash works exactly the same way (qualitatively, if not quantitatively, in terms of the risks of losing access to it) – if you store your life savings under your mattress, they can be stolen easily or burn down together with your apartment.
This is never going to happen, and nor should it. Any system that you can lose your entire life savings without any recourse by forgetting, revealing, or being hit by a wrench, for one number - is irreparably flawed and extremely unsuitable.
Interesting how these incorruptible currencies are always valued in terms of its debased fiat siblings.
Except for:
"There's a sucker born every minute" — P. T. Barnum
After that 'discovery' in the mid-1800s, there seems to be an endless supply, and at today's higher brithrates and infant survival rates... we can't really expect that they'll ever run out ;-P
"there is no evidence that he actually said it" -- wikipedia
https://en.wikipedia.org/wiki/There%27s_a_sucker_born_every_...
> At some point there won't be any more suckers left
As long as there is survivorship bias I think it will survive. Can think of it more as a poverty tax, like the lottery.
When there is a possibility of easy money, people will overlook every kind of red flag and inconvenience.
Yeah I’m sure one day those “suckers” will decide they don’t need financial privacy and have no problem with the state reaching into their wallets at will. Then they’ll go back to happily storing their money in a bank account that can get locked for having the wrong opinion, or restricted by alleged investor protections that aren’t even opt out.
Financial privacy on a completely open and visible block chain, that makes transaction analysis incredibly easy, that has resulted in the FBI etc. consistently being able to "de-anonymise" users?
That's a really weird definition of "privacy". Crypto currency makes it easier for them, not harder. They don't even have to go to the effort of getting warrants because you're literally giving them your data saying "Track me, please!"
The IRS says otherwise.
https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs...
Lol.
> will decide they don’t need financial privacy
The block chain is publicly auditable. That's the opposite of privacy.
> that can get locked for having the wrong opinion
Any actual evidence of this happening?
Canadian government did it last year.
Anecdotal stories are not evidence. Links?
Soo... Not "the wrong opinion" but disrupting major infrastructure. Im not sure I agree with it, but it's not the laissez-faire process you are implying. It's also pretty trivial to see how they can equally do the same with cryptocurrencies through the major exchanges, given the hurdles or actually using your crypto outside them
It’s the wrong opinion because this is the only protest where such measures have been taken, but not the only protest that disrupted infrastructure.
There is another sucker born every minute
I dunno - you ever met a banker?
Yeah, trust web 3.0...