BC CRYPTO
Saved by @Mollyycolllinss

ЁЯз╡Thread: 10 Rules for Verification on a #Bitcoin Hardware Wallet ЁЯСЗ

 Rule #1: DO NOT TRUST THE COMPUTER SCREEN.

The very reason for using a hardware wallet is that your computer IS compromised, trusting it makes using the hardware wallet an expensive security theatre (or 2FA at best).
Always verify on the HWW device screen!
Rule #2: Verify your "receive" addresses BEFORE accepting funds.

A compromised computer can be tricked into displaying addresses that belong to an attacker. The only way to make sure you own the addresses is to display them on the HWW device and verify they match.
Rule #3: Verifying change address should be done by the device when sending funds, not before like receive addresses!

It is pointless at best, and misleading at worst, to verify them beforehand like receive addresses...
All hardware wallets support verifying the change address belongs to you AT TIME OF SIGNING A TRANSACTION.
Verifying before that is pointless and error-prone.

Now let's talk some multisig...
Rule #4: Verify the xpub of each hardware wallet used in a multisig quorum on the device it belongs to.

This is not 100% mandatory - but if you're no expert - you really should do it.*
*If a hardware wallet doesn't support displaying the xpub, (like Trezor), it could be fine to just verify each address on it - so long as you verify consistency on all other devices as well, but I wouldn't recommend such a device for non-experts.
Rule #5: Verify "receive" addresses on EVERY device of the multisig quorum.

This is especially true for at least one address (see next rule) but recommended for all. If using a device that you haven't verified the xpub of on-screen, you should verify all receive addresses on it!
Rule #6: While it is best to verify each receive addresses on ALL devices in the multisig setup - you might choose to trust a specific one, verifying the xpub/ first address on all - then the rely only on the "trusted" device - ONLY IF YOU ALSO VERIFY XPUBS...
By that, I mean verify on the "trusted" hww used for general verification, that the xpubs are consistent for all cosigners.
This is needed only once with wallets like ColdCard, Cobo Vault, Bitbox02, and Specter DIY - since they allow saving the multisig xpubs on the device.
With Trezor T - you have to verify the xpubs of cosigners every time - which is why it's not recommended for that purpose - with Trezor One it's simply not possible...

So while you might use a Trezor in a multisig, I would not recommend it to non-experts.
Rule #7: Do NOT use Ledger in a multisig setup! (unless you are an expert or have a very good reason...)

Ledger currently does not allow verifying multisig addresses on the device - nor displaying the XPUB on its screen.
This means you have no way to verify it was not swapped by an attacker in your multisig setup - EVEN IF YOU DO A SUCCESSFUL TEST TRANSACTION!

It is still possible for a (very) sophisticated attacker to make you think it worked, while it was him signing for you...
Rule #8: For convenience, you may print out/ write down a large batch of your receiving addresses - verify all at the same time, and rely on that paper list for your day to day verification.
This is very useful for multisig! - where devices might be distributed in various places.
Rule #9: Multisig change verification should be the same as with Rule #3 - on the device at the time of signing.

Popular devices (besides Ledger as said), can verify that the address you send from and the change address used belong to the same multisig wallet (from same xpubs).
If they fail to verify the change address - they will show it as a standard, independent, recipient - in that case YOU SHOULD NOT MAKE THE TRANSACTION.
This is valid for both single sig and multisig! (although even more relevant for the latter).
Rule #10: Hardware wallets cannot verify your balances - and that's great!

Verifying balances requires getting information from the Bitcoin network - i.e. you need to be online - which would make hww more vulnerable...
This is where a full node comes in!
It is strongly recommended that you run your own Bitcoin full node - and use it as your main source for verifying your balances and transaction history!
For redundancy, you could double-check against block explorers or another node (use a different device for either!).
One last thing: These rules apply to any device you use as a segregated signing device - be it a "traditional" hardware wallet, an airgapped laptop, a mobile phone etc.

If you want to separate your keys without having a security theatre, you should verify on your signing device!
Please note: Some things here might not be fully accurate for the expert user (especially around multisig address verification), but for the less advanced users' sake, I have tried to be on the safe side when things get tricky...
That said, if you see inaccuracies or mistakes (or just have questions), please comment!!

Also check out some more info on multisig setups over at:
https://t.co/dwsl52QeD8 (@mflaxman guide)

More from Crypto

Willy Woo
Willy Woo
@woonomic
Let me indulge in a story...

Once upon a time there was a genius called Satoshi, this anonymous character laid down a block, it was called the Genius Block, but we we spell it wrong to this day.


Then along came your standard noob who believed in freedom, we know this because he went by the name NewLibertyStandard.

He created a site to buy and sell Bitcoins.

On his site, he priced Bitcoin on electricity.

The price went up, the price went down.


Then one day, he changed the pricing system.

BTC was no longer priced at the cost of mining.

He priced it by DEMAND and SUPPLY.

Geeks and legendary futurists, bought and sold the rarest commodity on the Internet for pennies.

Price teleported upwards.


Then came a Magic The Gathering gamer. He smashed together a shaky piece of software called Magic The Gathering Exchange.

It became the first widely used BTC exchange.

The whole world sent this kid money to buy BTC.

A new market had unlocked. Price teleported.


Let's fast forward 6 glorious years of price teleportation events.

Many of the story details remain unknown to me, though I see their impact on the blockchain.

But let me bring you to the year 2017 and save you lots of reading...
CRYPTO
Crypto Voices
Crypto Voices
@crypto_voices
Election day in US; to skip the politics and get straight to the money, here's our quarterly update. How do gold, silver, and government fiat money compare with bitcoin's 21 million? #Bitcoin is the 10th largest money in the world, ex-gold & silver. This is update #10.


2/ Bitcoin's monetary system marches on its continuously-lowering coin emission; meanwhile, other world monetary systems' units inflate, either naturally (like gold & silver ounces), or via monopolistic privilege (like government fiat money "printing").

3/ What follows isn't a lesson in stimulus or bailouts, whatever the world faces. It's an attempt at painting the monetary landscape around the globe. The dollars, euros, and yen we're all familiar with, collectively, are worth $25 trillion. This is an exercise in perspective.

4/ As many know, the response from governments worldwide to Covid-19 has been drastic, so expect big moves. Also interestingly, central banks have been much slower to update their data these days.

5/ Gold & silver is base money of the past. Government fiat is base money today. It comprises both physical cashтАж and a digital cash component. Bitcoin may be base money of the future. Before we get to the charts, it's important to clarify a few common misconceptions in money.
CRYPTO
Advertisement
Meltem Demirors
Meltem Demirors
@Melt_Dem
1/ crypto VC is going through an explosive ЁЯзи phase

there are big funds (>$500M AUM), a lot of small funds (<$50M AUM), and *tons* of prop firms + angels

iтАЩve done 15 deals in the last 3 months as an angel + small fund @CoinSharesCo VC.

observations + implications... ЁЯСЗЁЯП╛

2/ the big firms need to deploy in size - $5M checks and up

a $250M fund could do a $5-10M deal every month for two years and still be under-allocated

and there arenтАЩt enough companies raising series B / C / D rounds!!!

every deal iтАЩve done lately is under $50M valuation

3/ so we see firms competing to take down entire rounds.

a recent series A financing had two firms competing to take down the ENTIRE ROUND, and it eventually got upsized, a LOT.

if a company is putting up user acquisition / growth and a revenue story, itтАЩs highly competitive

4/ most projects and coтАЩs donтАЩt need money tho - why would a founder take 20-40% dilution when theyтАЩre banking cash and crypto? so they do 5-10%

so the valuations go up, but available allocations go down, resulting in an even bigger squeeze on allocators who *need* to deploy

5/ add in the onslaught of non-crypto M&A thatтАЩs coming, which is culling the herd of investable unicorns

add in the wave of SPACs and direct listings taking later stage opportunities out

there just arenтАЩt enough places to put capital in size rn

whatтАЩs a fund to do?
CRYPTO
Lee | The Winter Ouroboros
Lee | The Winter Ourob...
@WinterOuroboros
You are running out of time to get ahead in cryptocurrency.

You know what's coming:

ЁЯФ║я╕П Regulation
ЁЯФ║я╕П More shutdowns
ЁЯФ║я╕П Banks deciding who gets to do business

It's time you got your own crypto wallet.

Don't know how? I'll show you.

/////THREAD\\\\\

METAMASK

What's metamask? It's a wallet. That you -- I mean YOU -- own.

You see, when you buy crypto through an exchange like CoinBase, you own it but only kind of.

If they get

ЁЯФ║ Hacked
ЁЯФ║ Shutdown
ЁЯФ║ Servers crash

-- your money is STUCK.

We are gonna avoid that ЁЯСЗ


First thing,

Go to

https://t.co/JXAp9o5RzJ

You can download it on your computer. It's a browser extension.

Alternatively, go to the app store on your Android or iPhone. It's there too.

As part of the setup process, you will choose a password.

More importantly though...

SEED PHRASE

As you follow the setup process, you will be given a 12-word seed phrase.

WRITE. THIS. DOWN.

Take it down and guard it like the map to Davey Jones' Locker.

THESE ARE THE ONLY WAY TO RECOVER YOUR ACCOUNT.

DO NOT LOSE.

We good? Great.

Let's continue.


Once you're all setup, your MetaMask wallet is going to look something like the picture below.

See where it says Crypto Address? That's where your actual address will be.

It'll be a random arrangement of letters, numbers, etc.

Click on it to copy to your clipboard

NEXT STEP
CRYPTO
OtisA502 \u24d2
OtisA502 тУТ
@otisa502
Where should I start?
1) Is Blockfi profitable?
2) How much money does BlockFi have on its balance sheet?
3) Is the yield that BlockFi pays to its depositors earned or subsidized by billionaire investors?
4) Has BlockFi ever been profitable?
5) Are you planning to go public?
CRYPTO

You May Also Like

Vibhu Vashisth
Vibhu Vashisth
@VIBHU_Tweet
рджрдзреАрдЪрд┐ рдЛрд╖рд┐ рдХреЛ рдордирд╛рд╣реА рдереА рдХрд┐ рд╡рд╣ рдЕрд╢реНрд╡рд┐рдиреА рдХреБрдорд╛рд░реЛрдВ рдХреЛ рдХрд┐рд╕реА рднреА рдЕрд╡рд╕реНрдерд╛ рдореЗрдВ рдмреНрд░рд╣реНрдорд╡рд┐рджреНрдпрд╛ рдХрд╛ рдЙрдкрджреЗрд╢ рдирд╣реАрдВ рджреЗрдВред рдпреЗ рдЖрджреЗрд╢ рджреЗрд╡рд░рд╛рдЬ рдЗрдиреНрджреНрд░ рдХрд╛ рдерд╛редрд╡рд╣ рдирд╣реАрдВ рдЪрд╛рд╣рддреЗ рдереЗ рдХрд┐ рдЙрдирдХреЗ рд╕рд┐рдВрд╣рд╛рд╕рди рдХреЛ рдкреНрд░рддреНрдпрдХреНрд╖ рдпрд╛ рдкрд░реЛрдХреНрд╖ рд░реБрдк рд╕реЗ рдХреЛрдИ рднреА рдЦрддрд░рд╛ рд╣реЛредрдордЧрд░ рдЬрдм рдЕрд╢реНрд╡рд┐рдиреА рдХреБрдорд╛рд░реЛрдВ рдиреЗ рд╕рд╣реГрджрдп рдкреНрд░рд╛рд░реНрдердирд╛ рдХреА рддреЛ рдорд╣рд░реНрд╖рд┐ рд╕рд╣рд░реНрд╖ рдорд╛рди рдЧрдПред


рдФрд░ рдЙрдиреНрд╣реЛрдиреЗрдВ рдмреНрд░рд╣реНрдорд╡рд┐рджреНрдпрд╛ рдХрд╛ рдЬреНрдЮрд╛рди рдЕрд╢реНрд╡рд┐рдирд┐ рдХреБрдорд╛рд░реЛрдВ рдХреЛ рджреЗ рджрд┐рдпрд╛ред рдЧреБрдкреНрддрдЪрд░реЛрдВ рдХреЗ рдорд╛рдзреНрдпрдо рд╕реЗ рдЬрдм рдЦрдмрд░ рдЗрдиреНрджреНрд░рджреЗрд╡ рддрдХ рдкрд╣реБрдВрдЪреА рддреЛ рд╡реЗ рдХреНрд░реЛрдз рдореЗрдВ рдЦрдбрд╝рдЧ рд▓реЗ рдХрд░ рдЧрдП рдФрд░ рдорд╣рд░реНрд╖рд┐ рджрдзреАрдЪрд┐ рдХрд╛ рд╕рд░ рдзрдбрд╝ рд╕реЗ рдЕрд▓рдЧ рдХрд░ рджрд┐рдпрд╛редрдордЧрд░ рдЕрд╢реНрд╡рд┐рдиреА рдХреБрдорд╛рд░ рднреА рдХрд╣рд╛рдВ рдЪреБрдк рдмреИрдардиреЗ рд╡рд╛рд▓реЗ рдереЗредрдЙрдиреНрд╣реЛрдиреЗ рддреБрд░рдВрдд рдПрдХ рдЕрд╢реНрд╡ рдХрд╛ рд╕рд┐рд░ рдорд╣рд░реНрд╖рд┐ рдХреЗ рдзрдбрд╝ рдкреЗ...


...рдкреНрд░рддреНрдпрд╛рд░реЛрдкрд┐рдд рдХрд░ рдЙрдиреНрд╣реЗрдВ рдЬреАрд╡рд┐рдд рд░рдЦ рд▓рд┐рдпрд╛редрдЙрд╕ рджрд┐рди рдХреЗ рдкрд╢реНрдЪрд╛рдд рдорд╣рд░реНрд╖рд┐ рджрдзреАрдЪрд┐ рдЕрд╢реНрд╡рд╢рд┐рд░рд╛ рднреА рдХрд╣рд▓рд╛рдП рдЬрд╛рдиреЗ рд▓рдЧреЗредрдЕрдм рдЖрдЧреЗ рд╕реБрдирд┐рдпреЗ рдХреА рдХрд┐рд╕ рдкреНрд░рдХрд╛рд░ рдорд╣рд░реНрд╖рд┐ рджрдзреАрдЪрд┐ рдХрд╛ рд╕рд░ рдХрд╛рдЯрдиреЗ рд╡рд╛рд▓реЗ рдЗрдиреНрджреНрд░ рдХреИрд╕реЗ рдЕрдкрдиреА рд░рдХреНрд╖рд╛ рд╣реЗрддреБ рдЙрдирдХреЗ рдЖрдЧреЗ рдЧрд┐рдбрд╝рдЧрд┐рдбрд╝рд╛рдП ред

рдПрдХ рдмрд╛рд░ рджреЗрд╡рд░рд╛рдЬ рдЗрдиреНрджреНрд░ рдЕрдкрдиреА рд╕рднрд╛ рдореЗрдВ рдмреИрдареЗ рдереЗ, рддреЛ рдЙрдиреНрд╣реЗ рдЦреБрдж рдкрд░ рдЕрднрд┐рдорд╛рди рд╣реЛ рдЖрдпрд╛ред


рд╡реЗ рд╕реЛрдЪрдиреЗ рд▓рдЧреЗ рдХрд┐ рд╣рдо рддреАрдиреЛрдВ рд▓реЛрдХреЛрдВ рдХреЗ рд╕реНрд╡рд╛рдореА рд╣реИрдВред рдмреНрд░рд╛рд╣реНрдордг рд╣рдореЗрдВ рдпрдЬреНрдЮ рдореЗрдВ рдЖрд╣реБрддрд┐ рджреЗрддреЗ рд╣реИрдВ рдФрд░ рд╣рдорд╛рд░реА рдЙрдкрд╛рд╕рдирд╛ рдХрд░рддреЗ рд╣реИрдВред рдлрд┐рд░ рд╣рдо рд╕рд╛рдорд╛рдиреНрдп рдмреНрд░рд╛рд╣реНрдордг рдмреГрд╣рд╕реНрдкрддрд┐ рд╕реЗ рдХреНрдпреЛрдВ рдбрд░рддреЗ рд╣реИрдВ ?рдЙрдирдХреЗ рдЖрдиреЗ рдкрд░ рдХреНрдпреЛрдВ рдЦрдбрд╝реЗ рд╣реЛ рдЬрд╛рддреЗ рд╣реИрдВ?рд╡реЗ рддреЛ рд╣рдорд╛рд░реА рдЬреАрд╡рд┐рдХрд╛ рд╕реЗ рдкрд▓рддреЗ рд╣реИрдВред рджреЗрд╡рд░реНрд╖рд┐ рдмреГрд╣рд╕реНрдкрддрд┐ рджреЗрд╡рддрд╛рдУрдВ рдХреЗ рдЧреБрд░реБ рдереЗред

рдЕрднрд┐рдорд╛рди рдХреЗ рдХрд╛рд░рдг рдЛрд╖рд┐ рдмреГрд╣рд╕реНрдкрддрд┐ рдХреЗ рдкрдзрд╛рд░рдиреЗ рдкрд░ рди рддреЛ рдЗрдиреНрджреНрд░ рд╣реА рдЦрдбрд╝реЗ рд╣реБрдП рдФрд░ рди рд╣реА рдЕрдиреНрдп рджреЗрд╡реЛрдВ рдХреЛ рдЦрдбрд╝реЗ рд╣реЛрдиреЗ рджрд┐рдпрд╛редрджреЗрд╡рдЧреБрд░реБ рдмреГрд╣рд╕реНрдкрддрд┐ рдЗрдиреНрджреНрд░ рдХрд╛ рдпреЗ рдХрдареЛрд░ рджреБрд░реНрд╡реНрдпрд╡рд╣рд╛рд░ рджреЗрдЦ рдХрд░ рдЪреБрдк рдЪрд╛рдк рд╡рд╣рд╛рдВ рд╕реЗ рд▓реМрдЯ рдЧрдПредрдХреБрдЫ рджреЗрд░ рдкрд╢реНрдЪрд╛рдд рдЬрдм рджреЗрд╡рд░рд╛рдЬ рдХрд╛ рдордж рдЙрддрд░рд╛ рддреЛ рдЙрдиреНрд╣реЗ рдЕрдкрдиреА рдЧрд▓рддреА рдХрд╛ рдПрд╣рд╕рд╛рд╕ рд╣реБрдЖред
ALL
Anu Satheesh \U0001f1ee\U0001f1f3
Anu Satheesh ЁЯЗоЁЯЗ│...
@AnuSatheesh5
Samayapuram Mariamman Temple
#Trichy
#Tamilnadutemples ЁЯЪй

Samayapuram Mariamman Temple┬аis located in Samayapuram of
┬аTiruchirappalli district.┬а Mariyamman here is worshipped as Samayapurathal a form of Parashakti.
Amman vigraham here┬аis made of sand and clay so


no abhishekam done to the main vigraham. Samayapuram Mariamman Temple is one of the famous Shakthi Sthal of Tamilnadu.

Story says that paramashiva created Kali, out of the poison that he drank during samudra mathanam.┬а As Devi originated from the Kaalakoota/ halahala poison,


thus the name Kaali. Mariamman is believed to be a form of Kaali, and is also known as Mahamayi. It is also believed that Maharaja Dasharatha offered his prayers here.

Mariamman is Parashakti herself who blesses with prosperity and she is believed to cure all diseases.


Paramashiva, Mahavishnu and Brahma Deva are believed to have taken blessings of Mariamman here.

Om Shakti Para Shakti
ЁЯЩПЁЯХЙЁЯЩП
ALL
Advertisement
\u0936\u094d\u0930\u0940\u092e\u093e\u0932\u0940 \u0939\u093f\u0924\u0947\u0936 \u0905\u0935\u0938\u094d\u0925\u0940
рд╢реНрд░реАрдорд╛рд▓реА рд╣рд┐рддреЗрд╢ рдЕрд╡рд╕реНрдереА...
@HiteshAwasthi89
Sri Devi Karumariamman mandir, Chennai, Tamilnadu

Sri Devi Karumariamman mandir is in Thiruverkadu, a suburb of Chennai. It is said that God Muruga came here and obtained the 'Vel' (spear) from His mother, Goddess Karumari (an avatar of Parvathi) 1/n


to fight the demon Suran and hence this place was called as 'Vel kadu' and became as Verkadu. As per legend Devi Karumariamman once disguised as a soothsayer visited Bhagwan Surya, the Sun God, to predict His future. 2/n


Not realising that the soothsayer is none other than Sakthi Matha, Surya ignored Her. Angered by his indifference, Devi Karumariamman immediately retreated. Bhagwan Surya lost His glory and the earth plunged into darkness. 3/n


Bhagwan Surya then realised His folly and pleaded forgiveness from Devi Karumariamman. In order to pacify mother Karumariamman, Suryadev said that His rays would fall on Her directly twice in a year and touch her feet. (in the month of Panguni (March- April) & during (Sep - Oct)


Mother Karumari Amman is worshipped here in two forms.A swayambu (self manifested) with only head visible above the ground and another one in a graceful sitting posture with all Parasakthi features,with four arms holding skull, sword, trishul, udukkai (damru). 5/n
ALL
Novid Houellebecq (That's Hollaback)
Novid Houellebecq (Tha...
@GarouGothic
I want to explain what happened to tumblr overnight. And why Twitter as reached it's dream (or have come ever so close to it)

Yahoo, who bought Tumblr years ago, used to have a huge adult presence on the early net. They allowed adult groups and what not.

However, people and bots (just like now) misused the service, and Yahoo were forced to make a choice. They made private the groups (and later closed them down and sold some of it to other companies) and then ended their chatrooms on yahoo messenger...

after a incident with one of the chatrooms vid cams. The damage was done, Yahoo Messenger lost a lot of people - and with the closing of the groups - backpage and Craigslist came more important.

Now backpage is no more and Craigslist is slowly passing away. Tumblr had a semi strong community, but once 2014 came around and both porn, and political bots exploded the quality started to go down,
TECH
Seth Abramson
Seth Abramson
@SethAbramson
(THREAD) The Whitaker scandal is deepening, as it becomes clear that Sessions' Russia recusal was a coordinated sham and his firing an act of obstructionтАФand that his replacement is a White House plant inside the Mueller probe. I hope you'll retweet and read on for more details.


1/ From 2014-17 Whitaker worked for World Patent MarketingтАФwhich during his tenure defrauded consumers out of $26 million and was successfully prosecuted by the feds. His involvement in the scam confirmed he had loose morals and that the feds would never want to employ him again.

2/ Despite the seeming impossibility of a man with Whitaker's background getting a job at Justice ever againтАФhe'd been found to have used his former title as a US attorney to fraudulently threaten consumers with valid complaints with criminal penaltiesтАФWhitaker found an opening.

3/ Within 60 days of parachuting out of World Patent Marketing as it was being fined $26 million by the feds, Whitaker was working for CNN and telling a fellow attorney panelist that his purpose in working for CNN was to get noticed by one manтАФDonald TrumpтАФand thereby get a job.

4/ Whitaker spent his time at CNN making ludicrous statements about the Mueller probe: there was no obstruction or collusion, he said; Mueller had no authority to look into any aspect of Trump's finances or to subpoena him, he said. All the while, he hoped Trump was watching him.
POLITICS


Category Partner: Enkryptopedia