> Unless you can buy the hardware directly from the manufacturer, and ideally you walked into the factory and bought it at the source, the risk of compromise is too great.

That's an awful idea. If you're the type of person to worry about being supply-chain-attacked, then targeted supply-chain attacks are far more likely to happen to you than untargeted ones are. Specifically, you are more likely to be supply-chain attacked by an entity who has the power to either compel or blackmail the OEM into giving you a first-party-adulterated device (think: Huawei network switches), than by an entity who's supply-chain-attacking random strangers. This doesn't just include governments, mind you, but also any sufficiently-wide-reaching criminal gang.

Showing up in person to the factory — or to a retail store — means the intelligence operative planted there can recognize you, and give you the "special" device prepared just for you; or the employee can be compelled by certain training (required to be allowed to sell such devices in certain countries) to follow the special instructions that come up when they swipe your credit card.

So what to do? Don't show up in person. Send a one-time proxy buyer to show up in person. And have the proxy buyer pay in cash, or using their own card.

Think what an American diplomat stationed in China would do if they absolutely needed to get e.g. a new smartphone right away. Normally they'd just wait for something like that to be sent over from America via diplomatic courier, specifically to avoid this problem. But if they couldn't — then proxy-buying at retail is the next-best solution.

(Funny enough, this is also the same thing that computer-hardware reviewers have to do to avoid getting a "reviewer special" binning of the hardware. Counterintelligence is oddly generalizable!)

How do you feel about Yubikeys and HSM systems that corporations heavily rely on?

It’s like apples and bowling balls IMO. If the Yubikey directly stored hundreds of thousands of dollars of bearer assets that could be stolen remotely from an attacker anywhere on earth, then it would be a lot more risky. But that’s not typically what the Yubikey is for, unlike a crypto hardware wallet.

Installing a general-purpose hardware or software backdoor on OEM hardware enables general-purpose attacks, and in my view isn't necessarily less lucrative than attacking a cryptocurrency wallet's supply chain specifically.

Theoretically a nice idea, but where do you get your trusted software and hardware from?

The trusted codebase and set of OEMs seems an order of magnitude larger, and I'm not sure whether the lower likelihood of being specifically targeted as e.g. a crypto user by a supplier can make up for that.

I don't understand this. If you ever want to do anything with the funds in that wallet (e.g. sign transactions using the private key), you're going to need to connect it to a machine that can connect to the Internet. Otherwise, how is this any better than a cold storage paper wallet?

> If you ever want to do anything with the funds in that wallet (e.g. sign transactions using the private key), you're going to need to connect it to a machine that can connect to the Internet.

Not commenting on GP's point but... No, you don't.

You can prepare your transaction on an online machine, without signing it. With full access to the blockchain, the balance of every address, the "counter" needed so that you tx is legal (in Ethereum's case), which address you want to spend from etc.

Then you transfer that transaction, without using the Internet, to the offline computer and sign it there and transfer the transaction back to the online computer to broadcast it.

The computer preparing the transaction, the one signing the transaction and the one broadcasting it can be three different computers.

You can even do that with an hardware wallet: the hardware wallet does not need to be plugged to a computer that is online. It can be plugged to a computer that is offline.

There are still many issues, even when using airgrapped computers. For example it's possible that a hardware wallet vendor is using non-determinism in "random" parameters chosen to sign transactions to exfiltrate the seed hidden among signed transactions. So even an offline/airgapped computer and a hardware wallet hooked to that offline/airgapped computer wouldn't help.

I am somewhat technically savvy and find what is described hard. Now I imagine all those crypto bros saying banks are zeros and no one needs to use them and all should go into crypto and then regular people would just quickly lose all the money to scammers. I can't imagine a grandma following all the procedures to store her crypto or trying to send crypto to someone without messing up a letter in the wallet. I don't know what the solution is that is not centralized and yet secured and easy to use & understand for regular people.

Easy as one, two, three!

You don’t need to connect it to a networked machine to sign a transaction though? You sign the transaction in the airgapped machine, a signed transaction is just a hex string. Move it to the networked machine and broadcast it.

You can generate the coin movement operation in the air gapped machine, write it down on paper, and then use a normal, connected computer to transmit it to the network. The private key never left the air gapped machine, with this method.

The method I’ve read about is to print “the request” onto a QR code, have the air-gapped machine scan it, sign it and print off the signed transaction QR to be scanned into the networked computer to propagate to the network.

A bit more to trust but a lot less to type.

And then you get hacked anyway because the QR code generator was compromised and switched around a few bytes before creating the QR code.

Ideally it’s a functionality of the wallet, but I think only bitcoin armory has this function.

You don't, actually. Coldcard works without ever having to be online. You sign transactions on an SD card and just swap it.