1. Home
  2. seed phrase

seed phrase

Dormant Bitcoin wallet moves $536M after over 5-year hiatus

The Bitcoin whale didn’t even send test transactions before moving their 8,000 Bitcoin.

A Bitcoin whale has transferred 8,000 Bitcoin (BTC) worth $536.5 million from a Coinbase cold storage wallet after five and a half years of dormancy.

Bitcoin address “1ABww1…mCSKq” received the entire 8,000 BTC stash at block 847,490 on June 11, 1:26 pm UTC, according to blockchain analytics firm Arkham Intelligence.

That wallet then transferred all the Bitcoin to the Binance deposit address “15u4H…rMsLa” exactly one block and 11 minutes later, Arkham data shows. No test transactions were made prior to the two transfers.

Read more

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Ledger Crypto Hardware Wallet Launches Subscription-Based Backup Service for Secret Recovery Phrases

Ledger Crypto Hardware Wallet Launches Subscription-Based Backup Service for Secret Recovery Phrases

One of the biggest crypto hardware wallet providers is rolling out a new service for users who want to have a backup of their secret recovery phrase. The secret recovery phrase is used to restore access to crypto wallets in case the hardware device gets lost or destroyed. Without the recovery phrase, users lose access […]

The post Ledger Crypto Hardware Wallet Launches Subscription-Based Backup Service for Secret Recovery Phrases appeared first on The Daily Hodl.

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Ledger hardware wallet rolls out cloud-based private key recovery tool

Ledger emphasized that the ID checks required for its private key recovery tool are not like KYC checks as they require “much less” information.

Hardware wallet firm Ledger is rolling out its cloud-based private key recovery solution despite facing significant criticism from the crypto community.

Ledger Recover, an ID-based private key recovery service for the Ledger hardware wallet, is launching on Oct. 24, the firm officially announced on X (formerly Twitter). The release comes in conjunction with Ledger finalizing the open-source code for the Ledger Recover on GitHub.

Provided by blockchain protection platform Coincover, Ledger’s seed phrase recovery solution is a paid subscription service allowing users to backup their Secret Recovery Phrase (SRP). SRP is a unique list of 24 words that backs up the private keys and gives users access to their crypto assets.

Ledger Recover was designed for users who “want to add an enhanced layer of resilience” in case their SRP is ever lost or destroyed, Ledger’s chief technology officer Charles Guillemet said. He also emphasized that Ledger Recover is an optional recovery service, adding:

“If you don’t wish to use the service, no worries — it’ll always be 100% optional. You can simply continue using your Ledger as you did previously — nothing will change.”

At launch, Ledger Recover is compatible with Ledger Nano X, with Ledger Stax and Ledger Nano S Plus integration coming in the near future. The solution is not compatible with Ledger Nano S, according to the Ledger Recover FAQ.

Ledger Recover is initially available to passport or identity card holders in the United States, Canada, the United Kingdom and the European Union. “We will be covering more countries and adding support for more documents,” Ledger said.

The firm emphasized that Ledger Recover’s identity verification “is not the same” as Know Your Customer (KYC) checks carried out by centralized crypto exchanges. Ledger noted that its recovery system only requires a “valid, government-issued document,” stating:

“Identity verification inherently collects much less information compared to KYC [...] KYC involves ID verification but it can also include revenue information, record of criminal activity, citizenship check, etc.”

According to social media posts, Ledger Recovery service will be available at $9.99 per month, or about $120 per year. If a user fails to pay the subscription, the subscription will be suspended, allowing the user to reactivate subscription in the next nine months.

Related: ETF filings changed the Bitcoin narrative overnight — Ledger CEO

“You will need to pay an administration fee of 50 EUR along with any outstanding balance,” Ledger Recover FAQ reads.

The rollout comes months after Ledger paused the recovery service in May 2023 in response to community backlash. Ledger CEO Pascal Gauthier subsequently said that the firm will launch the product once its open source code is released.

Ledger’s largest competitor, Trezor, has stayed away from introducing a cloud-based private key recovery solution, opting for a physical backup solution. Trezor launched its own physical seed phrase recovery tool, Trezor Keep Metal, in mid-October 2023.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Trezor releases new hardware wallet and metal private key backup

Trezor is celebrating its 10th anniversary by releasing three new self-custody products, with a focus on providing entry-level devices.

Trezor, a major provider of hardware cryptocurrency wallets, is celebrating its 10th anniversary by releasing three self-custody products, including a new Trezor wallet, a proprietary private key backup solution and a Bitcoin (BTC)-only wallet.

The Czech Republic-based company officially announced the launch of Trezor Safe 3, its brand-new hardware wallet supporting more than 7,000 cryptocurrencies, on Oct. 12. The firm highlighted that the new wallet launch marks an important milestone in Trezor’s provision of entry-level hardware wallets.

The release of the Trezor Safe 3 wallet comes nearly five years after the hardware wallet firm rolled out the Trezor Model T in February 2018. Retailed for $79, Trezor Safe 3 is available in four colors: solar gold, stellar silver, galactic rose and cosmic black.

Trezor Safe 3 hardware wallets. Source: Trezor

The new wallet device maintains Trezor’s commitment to open-source development, applying open-source principles in using the security component, the announcement notes. Trezor has chosen a third-party secure element vendor that allows it to publish any potential vulnerabilities it discovers.

In addition to the Trezor Safe 3, Trezor has also introduced its own physical private key storage solution, Trezor Keep Metal. As previously reported by Cointelegraph, the safety of a seed phrase or a private key is far more important than the safety of a hardware wallet device itself, as users can restore access to the wallet even if a hardware wallet is lost or damaged.

Trezor Keep Metal has much in common with similar physical backup solutions in the market, allowing users to keep their recovery safe under any conditions against fire, water, acids and impacts. The backup tool is made from corrosion-resistant stainless steel with a watertight seal.

Trezor Keep Metal backup tool. Source: Trezor

According to Trezor CEO Matej Zak, Trezor Keep Metal is another important component of Trezor’s commitment to enhancing usability to boost global crypto adoption.

“It is very easy to use in the way that it is because all the other solutions usually have some kind of conversion so that you need some numbering system against the word,” Zak told Cointelegraph reporter Gareth Jenkinson in an interview.

“Whereas here, it’s very intuitive in a way that you just punch in the actual letter from the word onto the steel,” the CEO added.

Related: Ledger lays off 12% of staff, citing ‘macroeconomic headwinds’

Available for $99, Trezor Keep Metal allows users to store 12-word and 24-word standard backups. The Trezor Keep Metal catering for three 20-word Shamir backups sells for $249.

Finally, Trezor’s Bitcoin-only hardware wallet was released to mark the company’s anniversary, featuring a limited-edition run of only 2,013 devices. In recognition of Bitcoin’s ability to empower individuals in underprivileged and marginalized communities, Trezor will donate $21 from each sale to support the Trezor Academy, a Bitcoin education initiative, the announcement notes.

Founded in 2013, Trezor is one of the largest global providers of hardware wallets, allowing users to store cryptocurrencies like Bitcoin. Trezor’s first wallet, the Trezor One, was released in 2014 and is still for sale, offering the basic functionality of storing multiple coins long-term.

Magazine: Web3 Gamer: Minecraft bans Bitcoin P2E, iPhone 15 & crypto gaming, Formula E

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Victim of 90 ETH exploit set to claw funds back after hacker was blacklisted

The hacker’s wallet with more than $100K worth of USDT was blacklisted and frozen, while the Victim had been drained for almost $170K worth of NFTs and other assets.

With the help of police and cyber authorities, a victim of a hack worth 90 Ether (ETH) has gotten the attacker’s Tether (USDT) address blacklisted. As a result, they may be able to get most of their funds back.

The victim, who goes by @l3yum on X (Twitter), was initially drained on March 16 after the hacker managed to get a hold of their hot wallet seed phrase. Several Yuga Labs-related NFTs were stolen, alongside some crypto and other NFTs from smaller projects, and then promptly swapped or sold off.

In an Aug. 11 X thread, L3yum highlighted that the hacker’s Ethereum-based USDT address had been blacklisted, as he noted that: “Today after working with the police and cyber team in my country, I was able to get the stolen funds sitting in USDT frozen and black listed.”

At the time of writing, 90 ETH is equivalent to roughly $166,000 and the blacklisted wallet has $107,306 worth of USDT locked up in it, suggesting the victim may not get the full value of their stolen funds back.

While it is also not yet 100% certain if the victim will be reimbursed, in previous instances in which a USDT address has been blacklisted under similar circumstances, Tether has burned the blacklisted USDT and re-issued equal amounts of the asset to the original owner.

It is also worth noting that the blacklisting of a USDT address by Tether generally comes after a court order.

Related: How easy is a SIM swap attack? Here’s how to prevent one

When asked if this was the case in the comments, L3yum confirmed this was the likely path forward, but suggested it hasn’t been confirmed yet.

“This is the part I’m unsure about but yeah from my understanding this is how it works and the funds that are blacklisted are essentially burnt. Don’t quote me on that though, but that is my understanding!” he wrote.

It is not entirely clear how the hacker got access to the seed phrase in March, however the general thought at that time was that the victim had either been SIM-swapped, mistakenly had their seed phrase backed up on iCloud, or had been using the wallet across several devices.

Magazine: NFT Collector: On-chain music sounds off with latest raise, artistic duo Hackatao find their lane

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Hidden as colors, crypto seed phrases could hide in plain sight, says dev

Speaking to Cointelegraph, Entero Positivo argued typical seed phrase storage methods are too obvious, so he devised a way to hide a crypto wallet in plain sight.

A newly released tool called “BIP39 Colors” is turning Bitcoin (BTC) and other crypto wallet seed phrases into colors — giving users a potentially new way to hold their funds in cold storage.

The developer, only known as Entero Positivo — Spanish for “positive integer” — released BIP39 Colors on June 25, which helps translate a 12- or 24-word wallet seed phrase into an unassuming and seemingly random array of colors.

Speaking to Cointelegraph, Positivo said he created the tool because seed phrases will always need to be backed up somewhere physically and someone “seeing something with 12 or 24 written words is very obvious. [...] Many people know what it means.”

“Where and how do I store my words? Written on paper? On a titanium plate? What if a thief thoroughly searches my house and finds the paper with 12 words written on it?” he said.

Explaining how it works, Positivo said the tool converts BIP39 words — the 2,048-long list of words used to create seed phrases — into eight or 16 colors alongside their hex codes depending on if a 12- or 24-word phrase is used.

An example of a color palette generated using 12 random BIP39 words. Source: Enteropositivo.github.io

However, the hex color codes don’t just represent the BIP39 word, explained Positivo. It also dictates the position of that word in the seed phrase.

Related: Bitcoin has entered a civil war — Over ‘art’

“The colors are generated in such a way that they carry part of the information of the position occupied by the BIP39 words and information related to their position,” he explained.

This allows for the phrase to be backed up “in a disorderly way and in several different places,” and as “colors are everywhere,” it can make storing a seed phrase “less obvious to any hacker or thief who gains access to our house or computer.”

AI-generated image depicting what artwork designed using Positivo’s tool could look like. Source: Stability.ai

To ensure the utmost safety, Positivo suggested that users should not use his tool on an internet-connected device. Rather it should be downloaded and used offline, or better yet, the color swatch can even be created manually using a calculator.

Though it happens infrequently, crypto users have had their entire seed phrases exposed publicly before.

In a viral video in late 2022, a Nevada police officer’s body camera footage inadvertently caught a glimpse of a suspect’s seed phrase written on a slip of paper. The footage later became part of the public record, allowing anyone to see the phrase.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Ledger co-founder clarifies “there is no backdoor” in Recover firmware update

Ledger Recover is an OTA firmware update, which would allow users to back up their seed phrases by third-party entities only if a user chooses to opt-in to the new service.

The launch of Ledger Recover, a service that allows users of the Ledger hardware wallet to back up their secret recovery phrases, met with immense resistance from the crypto community. Ledger co-founder and ex-CEO Éric Larchevêque took the criticism against Ledger as “a total PR failure, but absolutely not a technical one.”

Ledger Recover is an OTA firmware update, which would allow users to back up their seed phrases by third-party entities. If a user chooses to opt-in to the new service, the recovery phrase fragments get encrypted and are stored by 3 different parties, which can be used to recover the phrase in the future. However, the idea of the seed phrase leaving the hardware wallet did not resonate with users that considered Ledger as a trustless service for storing cryptocurrencies.

Addressing the rising concerns of users worldwide, Larchevêque posted on Reddit clarifying that Ledger was never a trustless solution:

“Some amount of trust must be placed into Ledger to use their product. If you don't trust Ledger, meaning you treat your HW manufacturer as an adversary, that can't work at all.”

He argued that the Ledger Recover update has no impact on the hardware wallet’s security model. He added:

“My mistake as a CEO during my tenure was probably not be relentless enough about explaining the security model, but at some point you just give up as people don't care at all. Until they care again, like now.”

Larchevêque believed that the only thing that changed is the general user’s perspective on trustlessness and that the Recover code in the firmware is not a malicious code:

“Ledger is still safe, there is no backdoor, the Ledger Recover is not a conspiracy, no one will ever force anyone to use Recover.”

Trusting Ledger with sharding the seed phrase is just like trusting Ledger with signing a transaction, he added. Addressing a user’s recommendation about having two different firmware to eradicate ‘backdoor’ concerns, Larchevêque said that “it wouldn't change anything” and would be saddening for him personally.

The firmware update in question is not available for Nano S — Ledger’s cheapest hardware wallet offering — as the chipset does not have enough memory to store the new firmware.

Related: Crypto community reacts to Ledger wallet’s secret recovery phrase service

Amid the rollout of Ledger’s controversial firmware update, competing hardware wallet provider GridPlus decided to open-source its firmware for its users.

Turning the Ledger controversy into a marketing opportunity, GridPlus announced plans to open source its device firmware in the third quarter of 2023 to deliver greater transparency.

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

I run a Ledger competitor — but I support them in blow-up over keys

Ledger’s latest update — aimed at making private seed phrases on its wallets recoverable — was simply an attempt to innovate and improve user security.

It’s counterintuitive for a CEO to defend a competitor, particularly when that competitor is rolling out a feature similar to one we pioneered years ago. But given the debacle around Ledger’s new “Ledger Recover” feature, it’s time to provide a balanced perspective.

The company is under fire for releasing an update to its wallet firmware that allows it to send a version of the wallet seed phrase to third parties. But the outrage feels out of proportion. The perception that Ledger is carelessly “sending seed phrases to a server” is fundamentally misinformed. Let’s be clear: The new system is opt-in only. There is no forced participation or hidden backdoor. The seed is locally split into three encrypted shards using Shamir Secret Sharing, a well-respected cryptographic process, and sent encrypted, a practice the industry has been familiar with for years.

One of the corporations hosting the shards is EscrowTech, a company we brought into the crypto sector four years ago. I’m confident that Ledger, despite our rivalry, can successfully implement a system that matches its claims. They’ve shown commitment and seriousness in the past, and there is no reason to expect otherwise now.

In the face of backlash, it’s essential to remember: If you don’t like it, don’t use it. Period.

We have always strived to provide an upgrade to such systems, but for those who choose to stick with seed phrases, Ledger Recover is undeniably a step forward. I’m giving credit to Ledger where it is due: To truly onboard billions, and move assets to our self-custodial universe, Ledger Recover is a potential solution. Securely encrypted secrets stored in the cloud are the future, not pieces of paper or steel plates stored under your mattress or worse in a bank vault (the irony…)!

Related: Elizabeth Warren is pushing the Senate to ban your crypto wallet

That being said, there are a few things Ledger got wrong. Their suggested solution identifies a fundamental problem that cannot be fixed by Ledger Recover: seed phrases. I dislike them and consider them outdated and unfit for personal security. An estimated $100 billion in Bitcoin (BTC) (alone) has been lost or stolen in the last decade because of seed phrase mismanagement. And it’s not getting any better: Every day, new stories of key misplacement and loss appear on forums, such as Reddit and Twitter.

Seed phrases represent a single point of failure, which puts too much burden on the user and is prone to human error, phishing attacks, account takeovers and so many more disasters. Multiparty computation (MPC) wallets and other battle-tested cryptographic techniques offer vastly superior trade-offs where seed-based approaches seem archaic in today’s rapidly advancing digital landscape.

Ledger’s current users, mostly hardcore crypto enthusiasts, feel betrayed, but the existing seed model simply doesn’t work for everyone. Even Ledger acknowledged it on its own website.

Beyond ignoring the fundamental seed phrase vulnerability, Ledger Recover itself has its own share of issues: The one-way firmware update, the closed-source sharding, the Know Your Customer (KYC) gating, the pay-to-recover scheme and, most of all, the “trust me this is opt-in only” without ways to verify the source code. The closed code, dependence on external custodians and the seven-day cut-off if payment ceases will absolutely surface more questions (and already has).

The introduction of Ledger Recover might also invite new attack vectors on and off systems: From local malware to government coercion, social engineering (already deployed at scale in their last e-commerce breach) and fake KYC recovery, which need to be addressed. Lastly, Ledger’s communications and timing could have been better articulated and managed to avoid the current uproar.

Related: Cryptocurrency miners are leading the next stage of AI

However, this doesn’t take away from the fact that they are trying to innovate and improve user security, albeit in a different way than we might.

To Ledger, I suggest providing a comprehensive demo video end-to-end, a documented white paper with possible third-party audit reports, and a thorough explanation of how Ledger Recover works. The FAQs leave questions unanswered, and customers are left guessing or misinterpreting the service. The community thought they could trust you blindly, but you need to earn this back after this episode.

This is not a clear-cut case of right or wrong. Ledger is making strides in the right direction and has built a remarkable track record in an incredibly hostile environment — we know that first-hand. But they also have room to learn and improve.

Imposing a new security path, even optional, is like asking to believe in a second religion you did not choose in the first place. It’s a divisive issue, certainly, but it’s vital for the crypto community to focus on facts rather than interpretations. Eventually, our words here (or on social media) will not matter, and people will vote with their dollars (I mean their crypto). As competitors, we may not agree on every detail, but we can all agree on the need for innovation, security and transparency.

Ouriel Ohayon is a co-founder and the CEO of ZenGo, a consumer MPC wallet established in 2018. He’s a former executive at ICQ/AOL; the founder of TechCrunch France (sold to AOL); and the founder rof Isai.fr, a leading French VC. He was general manager of the Gemini’s internet lab and Lightspeed Ventures.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

Crypto Hardware Wallet Ledger Responds to Criticism of New ID-Based Seed Phrase Recovery Solution

Crypto Hardware Wallet Ledger Responds to Criticism of New ID-Based Seed Phrase Recovery Solution

Crypto hardware wallet firm Ledger is pushing back against critics who say their new seed phrase recovery option indicates the company has a potential “backdoor” to obtain user data. Ledger says their new product, “Ledger Recover,” is an optional subscription for users who want a backup of their secret recovery phrase. The product encrypts a […]

The post Crypto Hardware Wallet Ledger Responds to Criticism of New ID-Based Seed Phrase Recovery Solution appeared first on The Daily Hodl.

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump

What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes

If the words of a 12-word seed phrase are known, it’s deceptively easy to enter the wallet and sweep the funds.

A systems architect cracked a seed phrase and won a 100,000 Satoshi bounty, or 0.001 Bitcoin (BTC), worth $29, in just under half an hour. Cointelegraph spoke to Andrew Fraser in Boston, who underscored how critical it is to keep a Bitcoin wallet seed phrase secure and offline. 

A seed phrase or recovery phrase is a string of random words generated when a wallet is created that can access the wallet, similar to a master key. Fraser brute forced a 12-word seed phrase that Bitcoin educator “Wicked Bitcoin” shared on Twitter:

As shown, Wicked’s Tweet challenged users to decipher the correct order of the 12-word seed phrase.

"Anyone wants to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84'/0'/0'…no fancy tricks. GL.”

It took just 25 minutes to unlock the 100,000 Satoshis–or just under $30. The incident serves as a timely reminder for Bitcoin users and crypto enthusiasts to take crypto security seriously.

Fraser cracked the code using BTCrecover, a software application available on GitHub. The software offers a range of tools that can determine seed phrases with missing or scrambled mnemonics and passphrase-cracking utilities. Over Twitter DMs, Fraser told Cointelegraph:

"My gaming GPU was able to determine the correct order of the seed phrase in about 25 minutes. Though a more capable system would do it much faster.”

He noted that anyone with a basic knowledge of running Python scripts, using the Windows command shell, and understanding the Bitcoin protocol–particularly BIP39 mnemonics– should be able to replicate his success.

Cointelegraph queried Fraser about the security of 12-word seed keys. Fraser explained they are "perfectly secure if the words remain unknown to an attacker or there is a passphrase '13th seed word' used in the derivation path of the wallet."

Moreover, he emphasized the superior security of 24-word seed keys.

"Even if an attacker knew the out of order words of your 24-word seed key, they would never stand a hope of discovering the correct seed.”

Fraser broke down the entropy calculations to explain the difference in security between the two types of seed keys. A 12-word seed has approximately 128 bits of entropy, while a 24-word seed boasts 256 bits. When an attacker knows the unordered words of a 12-word seed, there are only around half a billion possible combinations, which is relatively easy to test with a decent GPU. A 24-word seed, however, has roughly 6.24^24 possible combinations–and that's a lot of zeros. 

Related: The worst places to keep your crypto wallet seed phrase

Even the probability of an attacker cracking a 12-word seed phrase is borderline absurd. 24-word seed phrases may be superior, but as Wicked points out in a post-mortem to the seed phrase challenge; “it’s not going to be hacked tbh.”

Ultimately, it’s a timely reminder to readers to ensure seed phrases are never published or shared online. That means a seed phrase should not be stored in a password manager, a cloud storage solution, and they certainly should not be typed out into a phone. 

Fraser also stressed the importance of keeping seed keys secret and to take advantage of a passphrase that functions as part of the derivation path. As for the 100,000 Sats Fraser took home? Fraser tweeted that he spent them on dinner that night: Chicken Marsala. Talk about circular economy. 

Cointelegraph Magazine: Bitcoin in Senegal: Why is this African country using BTC?

Charles Schwab plans to offer spot crypto trading as US rules evolve under Trump