Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can't put money directly into a cold wallet, if I understand correctly. If you can manipulate it directly then it's hot by definition.


Yes, you can, as long as you have an address (Public key). A wallet is just a private key.

The transaction history, and thus the ballance of an address is held in the blockchain, in the ether.

To spend the coins, you must have at hand:

* the current blockchain

* the private key

* a connection to the network.


However, these can be on different devices. Transactions can be signed on an offline machine. Also, you need just the unspent transactions to sign a new transaction, not the whole blockchain. Bitcoin Trezor works this way, http://www.bitcointrezor.com/


Is that true even if you only spend some of coins and not all the coins? I seem to remember there being something very tricky about this if you are using a paper wallet.


You can add coins to a paper wallet many times.

What is considered risky is spending only a fraction of the paper wallet, for the following reasons:

- you just used the private key for creating a transaction, so the chances of it being compromised increases

- the client you used might have sent the change to another address while you're thinking the remaining coins are still in the paper wallet

But if it's done well, yes, it's possible to spend a fraction of a paper wallet.


You can deposit directly into a cold wallet; you can't withdraw directly from a cold wallet.


Let's say I have a machine that's not connected to the Internet, but I develop a serial protocol that allows the transfer of bitcoins across RS-232, and build a cable that only has the receive signals connected at my "secure" machine.

If I wanted to take it further, the "secure" machine could print that wallet onto paper or could robotically insert flash drives into a USB port (in such a way that removed keys were dropped into a bin the robot couldn't reach into.

This is only one of many ways I can think of that would allow the automatic creation of cold wallets ... the only way to attack such a system is to gain physical access.


You could still attack the stuff talking that RS232 protocol. Maybe it has a buffer overflow that allows me to gain control and change the software to write any money coming in not only to those flash drives but also out to my account (writing it to the flash drives makes it harder to detect this hack) In the limit, that doesn't require much. For example, I could flash a control LED and attempt to read it from across the street. Even if that succeeds in only a small fraction of transactions, it might still be worthwhile.

TL;dr version: anything that is connected to the outside world, no matter how small, is an attack target.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: