Oddbean new post about | logout
minestr.app | 3 days ago (raw) | root | parent | reply | flag 
 How about Jade?
SimplestBitcoinBook | 3 days ago (raw) | root | parent | reply | flag +4 
 Jade is great except for one important detail - it is possible to open, replace the chip with a compromised one, close the device, and it will function!

The way to mitigate for this is to be sure to flash the firmware before setting it up, as it will not flash if the chip has been compromised.

While this is currently an unlikely supply chain attack vector, I don’t like that it is possible at all, and as bitcoin becomes more valuable supply chain attacks are more likely to increase.

I have spoken to the @Blockstream devs at a conference, and they know this is a problem and are working on a solution, but could not tell me when a new version would come out. 

As I see it, a simple solution is to make it such that if the device is opened, it cannot be closed again without breaking, like the ColdCard.
minestr.app | 3 days ago (raw) | root | parent | reply | flag 
 Interesting, I didn't know that. Pretty easy to mitigate, as you say.
SimplestBitcoinBook | 3 days ago (raw) | root | parent | reply | flag +2 
 Yes except most don’t know they should do so, which is unfortunate
minestr.app | 3 days ago (raw) | root | parent | reply | flag 
 I was referring to gluing the internals 👍
SimplestBitcoinBook | 3 days ago (raw) | root | parent | reply | flag 
 Oh yes 👍 Or Coldcard has these tiny plastic pins that break when you open it and prevent you from closing it again
minestr.app | 3 days ago (raw) | root | parent | reply | flag 
 Yeah, they put epoxy on the chip itself and also glue the whole case shut