Hardware Wallets are devices designed to hold bearer assets which can be trivially stolen if you leak the private key(s). There’s many, many people involved in the manufacture of each hardware wallet, each of which might wish to make free money by backdooring the hardware wallet.

This isn’t complicated y’all. We’ve had known protocol (implementations) for years that can prevent a malicious firmware upgrade from being enough to steal your coin, yet only a select few hardware wallets bothered to adopt it. That’s nuts!

“RFC 6979 is fine” is the worst take on the anti-exfil debate. It’s a deliberate attempt to distract by taking about an unrelated topic.

Anyone want to write an anti-exfil BIP with PSBT fields?

It’s almost like we’ve known about the class of attacks and general mitigation for years…. Most hardware wallet manufacturers just don’t care.

The media, governments, and the establishment continue to say Bitcoin is useless Unfortunately for them, I packed my Nashville keynote with dozens of specific Bitcoin use cases from across the world in the areas of commerce, freedom, and energy No price talk, all utility ✌️

the devs want to build {decentralized, private, trustless} stuff but you gotta use them

My thinking is that it's possible to achieve security in a narrow but important definition: security against a "covert" HWW attacker. A covert HWW attacker will not make the device behave in any way that a user can distinguish it from an honest HWW.

Another day, another demo on why hardware wallets (aside from BitBox02/Jade in USB mode/multisig-operated ones eg BitKey/Casa/etc) should not be trusted.

Meanwhile: Germany has ~18GW of coal on their grid. OMFG.

Remember Treasury’s Unhosted Wallet Rule from the end of the Trump Administration? It’s dead. Officially. To jog your memory, days before Christmas in 2020, FinCEN proposed rulemaking that would have required data collection and reporting on users of unhosted wallets.

When creating this big furry Bitcoin video, we wondered: which country would be first to dub it into their local language? It was Japan. It had to be この大きくてふかふかなビットコインキャラの動画を作った時に、一番最初に吹き替え版に対応する国はどこだろうと私達は考えていました。

There's now a standard way to encode Human Readable Names in PSBTs (github.com/bitcoin/bips/p…)! This means your wallet can resolve ₿[email protected] to an address and include a proof for your hardware wallet to verify, allowing it to display the name instead of gibberish!

Matt Corallo Ethan ✨"@[email protected]"✨ Heilman 🐱 took a scientific survey of myself, this is the new political axis

Strike now supports BOLT 12 Offers! BOLT 12 is an improved Lightning Network payments standard that enables more private, versatile, and user-friendly #bitcoin payments ⚡️ Our new blog dives deep into our journey of integrating BOLT 12 into Strike ⬇️ strike.me/blog/bolt12-of…

LDK v0.0.124 is here 🚀 This release features a new crate structure, a ton of features that various users requested, a pile of BOLT 12 improvements, faster route-finding, and a handful of small-moderate bug fixes. github.com/lightningdevki…

You can now pass a name to satsto.me to auto-resolve names. This means you can hand someone a link like satsto.me/?name=matt@mat… and it’ll automatically show them a list of payment schemes it resolves to, even opening their default wallet for them!