benma - BitBox Blog

Anti-klepto explained: how the BitBox02 protects you against leaking private keys

The BitBox02 is the first hardware wallet that offers protection against the nonce covert channel attack, by supporting a protocol called anti-klepto.

Security

Remote multisig theft attack on the Coldcard hardware wallet

tl;dr: When registering a multisig wallet in a Coldcard, the Coldcard did not verify that it is actually part of the multisig wallet. This allowed a malicious computer wallet

Security

Coldcard isolation bypass

Responsible disclosure of a Coldcard vulnerability that allows an attacker to spend your bitcoins when you think you are signing a testnet transaction.

Security

How nearly all personal hardware wallet multisig setups are insecure

If you use hardware wallets in a Bitcoin multisig setup, using a single computer to handle them, you are likely to be exposed to remote theft or ransom attacks.

Security

A ransom attack on Trezor's and KeepKey's passphrase handling

Responsible disclosure of a remote ransom attack on Trezor hardware wallets where users are vulnerable when entering the passphrase on the computer.

Security

Theft attack on Trezor Model T

Responsible disclosure of a vulnerability affecting Trezor Model T multisig wallets that allow theft of all funds of an account.