The Audit - Presented by IT Audit Labs
Brought to you by IT Audit Labs. Trusted cyber security experts and their guests discuss common security threats, threat actor techniques and other industry topics. IT Audit Labs provides organizations with the leverage of a network of partners and specialists suited for your needs.
We are experts at assessing security risk and compliance, while providing administrative and technical controls to improve our clients’ data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, while our security control assessments rank the level of maturity relative to the size of the organization.
The Audit - Presented by IT Audit Labs
Understanding Cryptocurrency and Wallet Security with Matt Starland
The Audit - Episode 29 - Ready to uncover the world of crypto? Join us in our latest episode as we dive into the realm of cryptocurrency with Matt Starland. Let's embark on a journey from the origins of Bitcoin to the frenzy of meme stocks making headlines. Tune in to understand how cryptocurrency is shaking the foundation of economies with unstable governments, and how secure, hardware-based crypto wallets can be your ultimate safe vault.
We didn't stop at Bitcoin. Matt Starland, our resident crypto expert, took us on a ride through the volatile landscape of cryptocurrency trading, tackling the challenges of its mainstream adoption and the potential risks. Discover how to set up a hardware wallet and get an inside scoop on the cryptographic algorithms that are its backbone and the all-important recovery seed. By the end of this, you'll be well-versed in the nitty-gritty details of crypto trading and equipped to safeguard your digital assets.
In the final leg of our crypto exploration, we help you navigate the process of setting up a new cryptocurrency wallet, emphasizing the significance of secure offline backup and tightening the security measures. We shed light on the workings of a Bitcoin wallet, the associated fees, and how to maximize its security. Then, we take you through the features of hardware wallets, the processes of buying and selling from a wallet, and the risks of leaving money on an exchange. So sit back, tune in and prepare for a deep dive into the thrilling world of cryptocurrency!
Thanks for listening to the audit presented by IT Audit Labs. Today, we will be speaking with Matt Starland about all things crypto, including a brief history of its mysterious origins. We'll also talk about how to secure your cryptocurrency with a hardware or software wallet. You're not going to want to miss a moment of today's episode, so get comfortable and stay tuned.
Speaker 2:So I'm going to kick off by saying we have Eric Brown, we have Nick Mellum representing IT Audit Labs. My name is Joshua Schmidt. I'm the producer of the show Today. We have a reoccurring guest, matt Starland, who works for Ramsey County, and we are going to dive into all things crypto. It's going to be a bit of a crypto guide today, but stick around because Matt is going to show us how to use a hardware wallet. I think most people are probably familiar with Coinbase software wallets, which is what I use, but I think we're going to do a little bit more of a deep dive on those hardware wallets hardware wallets, maybe, the difference between them and then learn a little bit about crypto in general. So thanks for being on the show today, matt. You want to kick it off and tell us what you know about the history and the origins of crypto.
Speaker 3:Yeah, sure, Thanks again for having me on. Well, before we start getting into all this financial legal type discussion, my lawyers and all that stuff well, not really my lawyers and say anything. I don't even have a lawyer, so maybe I shouldn't say that one.
Speaker 2:You should always say my team yeah my lawyers.
Speaker 3:I got lots of them. They're all on my crypto and anyways.
Speaker 3:So we've been advised yeah we've been advised to say this, so anyways we'll just say this the information discussed on this podcast is not intended as, and shall not be understood or construed as, financial advice. We are not attorneys, accountants or financial advisors, nor are we holding ourselves up to be, and the information discussed is not a substitute or financial advice from a professional who is aware of the facts and circumstances of your individual situation or your organization's situation, and sometimes it's just a little political. So we might as well cover our bases. So the views expressed by Matt Starlander, solely his views. Those views and opinions do not necessarily represent the hosts of IT Audit.
Speaker 3:Labs, or IT Audit Labs in general. Okay great, I think I got the lawyers off our backs now.
Speaker 2:Absolutely. All about it.
Speaker 3:All right, so well. Yeah, crypto. You know it started back around late to 0908 somewhere around there by someone going by the name of Satoshi Nakamoto. You can go to bitcoinorg, where all of this starts, and download this anonymous person or group's white paper on why they started cryptocurrency. Guests, to give you a high level overview of it is really to create a form of currency that does not devaluate or is not able to be. I should say not devaluate, but it doesn't devaluate based off of because more of it can be made and made and made and made. For example, the United.
Speaker 3:States dollar it's all centrally controlled and it can be printed as needed. You start to get into inflation and other things, market issues, and so their point, what their goal, was to create a currency that is solid and once it meets the full amount of currency that exists, this cryptocurrency that you can purchase there won't be any more made. So it'll be done and I think they've got. From what I heard, the mining that's left on it is maybe got 100 years left, and then all crypto, or all bitcoin at least when we look at when we're talking specifically about bitcoin here will be done. So, but there's many other flavors of cryptocurrency out there and that's where we're going to talk about today. How do you trade and how do you send it, how do you receive it with a hardware wallet. But why would you choose a hardware wallet versus a software wallet? Well, like you were giving an example before, josh, about Coinbase and even bringing up PayPal, and there's other financial companies out there too.
Speaker 3:I think Fidelity was one that I just saw come across. I believe they're starting to now get involved with their clients being able to trade crypto. Well, with a software based wallet like that, you can go to the web page, go to Coinbase, whatever, download the app on your computer or even your smartphone, sign up for an account and away, tie it to your bank account and start trading right there and then.
Speaker 1:I saw that there was over 22,000 different cryptocurrencies. I think you were mentioning bitcoin had like a what was it? Maybe 100 years or so, but there's a lot of other cryptocurrencies. I think there's like a. We've heard of Dogecoin or Dodgecoin however you want to pronounce it but Ethereum and certainly the more popular ones, but there's also like a pizza coin and other kitschy crypto currencies as well. Have any of you other guys tinkered with any non kind of mainstream crypto?
Speaker 4:I have quite a few actually, but Dogecoin is one that I do have. And then what's it called? There's some their names are so random but Dogecoin was one that I had a bunch of. It was like two years ago where that really spiked. I did have a good chunk of that then too. But yeah, I've had some random ones. Did you make money? I did. Oh good, yeah, I totally did.
Speaker 2:I myself was late to the Dogecoin game and lost a few bucks on Dogecoin. I was mostly just in it for the memes and the yucks, as they say, but I got on the back end of that way too late. So I think that was around the time that the meme stocks were the stonks were kind of going crazy with AMC and GameStop and nothing like a good news cycle to pump and dump some crypto and kind of inflate prices and stuff like that. Matt, are you just into Bitcoin? You got Litecoin, Ethereum. What are you working with, man?
Speaker 3:Well, I think, if you can see my screen sharing right now, I've got three on there. So this is my Bitcoin cash in Ethereum and just Bitcoin. So those are the ones that I've played around with, whether it's for a long-term investment or just kind of a quick turnaround. Let's make a quick buck and send the kids off to a vacation spot down in Texas somewhere.
Speaker 2:Maybe you could tell us kind of what your trading strategy is, because I got in early enough where I could kind of pull the principle out, so everything I'm working with at this point is kind of fun money, which I make me feel a lot better about some of my bad decisions.
Speaker 3:I've split it up into two different kind of state pots. One here's my fun money and you know like hey, I'm going to just throw $100 at this and see what happens, or a few hundred bucks or whatever, and then watch it go up and down, but I kind of look for those big spikes. If you look at the long-term history, the long-term charts of Bitcoin or Bitcoin cash, usually when crypto comes out, you always see this giant spike.
Speaker 3:Yeah everyone's getting involved. You know something that, or if it's a very seems like it's going to be a mainstream one, then of course it settles down. But it seems like whenever there's certain market fluctuations, there's always this giant spike for a period of time, but when you look at the chart it never seems to settle back down to where it was just before that spike. You know, it's always.
Speaker 2:you know it might come to here level out, and then it might sit here, it might go down, up, but then there's another spike, but then it levels out a little bit higher.
Speaker 3:So you know, that's been my own little personal strategy for the main ones here. Otherwise, when you start getting into some of those other one offs that are just trying to spin up here and there, I couldn't even tell you much of anything on so what I've done is the long-term stuff like I don't touch, Like I look at that as almost kind of like a retirement in a way.
Speaker 3:But then the other pot is I'm kind of watching those waves seeing how they go wait for that spike, and then I'll just kind of pull the trigger and oh great. I made a little bit of cash here, so how about you, eric?
Speaker 2:When did you get in and where? How are you sitting?
Speaker 1:I got in around the same time as you when Musk was making some noise about the doge coin or dodge coin, and it was, you know, down around like 16 cents and then it was really going up. So I grabbed a little bit, then got in, got right back out, made a little bit on that and then, rather than going in on the wallet because I never really dove in enough to figure out the wallet piece and I'm looking forward to hearing how Matt talks about how you know he'll manage the coin in the wallet I did it through a brokerage, so it was just easier for me to let them hold the currency and then I could easily translate it into cash and not have to worry about going through the marketplaces myself. But that only works on the mainstream, the handful of mainstream currencies. I think if you want to get into some of the more niche currency, you do need to have the wallet. So I'm looking forward to learning about that today too.
Speaker 2:It's been my experience that some of the niche currencies are a little more volatile and I've even had red articles that say you know, a lot of them are Ponzi schemes or just kind of cash in, quick money making schemes for some of these corporations, the companies that are coming up. Nick, have you had any experience with the niche coins?
Speaker 4:Yeah, I'm looking at my wallet right now and the ones that I was previously trading was Shiba Inu, if you guys have heard that one, and then Dojalon Mars I think that's how so definitely the meme coins, but those are the ones that really had a giant kickoff. So, if you're in, if you can get in right before that and then dump after that, I've had good luck with those ones, but I'm far from an expert. I just you know, it's just fun and tinker around with it.
Speaker 2:So, matt, you've been in this game for a little while now. Maybe you could give us a little more insight on how we got from the early days of crypto and the white paper for Bitcoin to where we're at now and kind of an overview of that.
Speaker 3:Yeah, so I think a lot of it comes down to just the financial stability of government financial systems of just being able to print money, what they call fiat currency, and so I believe that, as more and more people are starting to get aware of that aspect of it, to try and maybe diversify their funds into another form of currency Okay, something that never, ever happens, you know, I guess, going back, you look at the Weimar Republic back in the early 20th century, so right around the time that Germany was going through World War, just post World War One, they had hyperinflation where their currency would just go up thousands or not go up, but they were printing money like crazy to try and stave off certain economical issues. And you know, in the morning, a loaf of bread, for example, we'll just say it was a thousand-Deutsch mark and at the end of the day it might be 10,000-Deutsch mark.
Speaker 3:And so and that's kind of, I think, the point we're getting at here is that this decentralized currency is no longer being held by just one governing authority and they are the sole owner of how it's managed and maintained. And we trust that it's accurate all the time. Where now you've distributed these ledgers through hundreds or thousands of computers and all of them have copies of each other and can make sure that they're corrected and accurate.
Speaker 3:So I think that's one part of it, but the other part is too like what we're just talking about all these little one-off currencies coming up that people are maybe seeing how it has some wild swings. They're hearing about what these things were. You know?
Speaker 1:Bitcoin's worth $30,000 now and it was worth $5,000 last year you know.
Speaker 3:So let's get into it. So there's also those looking at it from the quick buck perspective, you know. So I think those are probably the main two views or reasons behind why we're starting to see so many different cryptos, you know, getting starting to show up and also the increase in value of the main ones.
Speaker 1:It seems that there's a couple of countries using cryptocurrency, or specifically Bitcoin, as an official currency in that country. El Salvador and the Central African Republic are two that use it, and I know there's other countries too that also use the US dollar as their currency I think a few more than those two, but I think that's real interesting, just showing the times that we're in, that there are countries actually using crypto as an official currency because of runaway inflation or corruption or whatever in that country.
Speaker 3:Yeah, so to that point, eric, is that you know, you look at, the American dollar was based on the gold standard, and I believe it was like in the late 70s where we we, the US divorced ourselves from the gold standard, so we had to keep the right amount of dollars to correspond with the amount of gold we had. And then after that it became a faith based, we'll say, currency where people invest in the United States dollar because they're putting their trust in the United States government and economy, and so then they base their currencies off the US dollar, keep making sure, hoping that, you know, the dollar will stay stable. And so what? People are starting to see the difference. You know government instability that might be coming around, or different, the swing and party views.
Speaker 3:So the distrust possibly here from the United States government and starting to falter or is is not as strong as it was. So these countries, like you're saying, are looking at other ways to be able to tie their currency to something that's much going to be more stable. And again, this is where cryptocurrency comes in, because it's there's no one governing authority. Everyone has to keep each other in check.
Speaker 2:Now, eric, you said you use a brokerage. I've been using Coinbase since the beginning. I know there's a few other options out there. Matt, do you know much about? You know other other exchanges or what do you like to use For some of my fund money I'll say I like to use like software based wall, which is Coinbase.
Speaker 3:You know there's PayPal. Like I said, some of the other financial firms like I've heard of is like Fidelity is getting involved with it. So the only two ones I've really played around with this PayPal and Coinbase. Yeah, it's nice because it's just how quick it is. You know, fire up your iPhone, oh yep, bye and away you go. That you got it there instantly.
Speaker 3:But there's risk there, and this is kind of why we have that topic today of the hardware wallet With the software wallet. It's not the same as, like your bank, in US dollars. So you know your bank is FDIC insured up to what $250,000, I believe it is, and so if something never happens to that, you'll see up to that amount If you got a lot of money in your software wallet and when I say money it not in cash reserves like US dollars, but it's actually in that crypto.
Speaker 3:If that software wallet everybody's hacked, or the company gets hacked in general and somehow they get ahold of all the private keys that is being held by all the different wallets, or something happens to the company in general, that money's gone.
Speaker 1:So so, Matt, you say it's gone. I've certainly heard that concept. Let's say you have five Bitcoin, equating roughly to the $100,000 that you're talking about foreign change, I think, in today's conversion. That coin is registered to the blockchain. How is it gone if something happens to that brokerage?
Speaker 3:It's not gone per se in the blockchain. So so this is where public and the cryptography comes in. The Coinbase and PayPal, they have your private keys and so, in order to generate a public key, you take your private key, run it through an algorithm. We'll say, for example, shot 256, that spits out a new key. Well, that new key is, we'll call it your public key, and the public key is what the ledger has. It has no idea about your private key. It only knows about your public key. If you don't know what that private key is or add any access to it anymore, your public key still has that money associated with it, but there's no way you'll ever get it back because there's no way for you to prove to the ledger anymore that you can reproduce that public key based off of the private key you had.
Speaker 3:Because, as you know, with that public private key cryptography, once you run your key through that algorithm, it is a one-way algorithm, like there's no way you can reverse that public key to figure out the private key. It's not even. It's like with all the computing power in the world it's not even possible. Maybe if we get to quantum computing someday it might have the ability to reverse that, but the number is so ridiculously complex that it cannot even be reversed.
Speaker 4:Good thing. We had an episode on quantum computing recently, Matt, what you're talking about losing your crypto. Wasn't that recently in the news? Like last November, like FTX, didn't they suffer a big loss?
Speaker 3:I don't remember exactly who it was, but I remember hearing something about that. But that's exactly what happened. They lost their private keys. So the ledger will have the public key forever, but until the day you can find your private key, that's the only way you'll ever be able to move those transactions. So it will sit there for eternity on the ledger, assuming the ledger never just something happens to all computer systems in the world or everyone gets rid of that ledger system.
Speaker 1:So if you're going through a brokerage like Fidelity that you mentioned or Robinhood, they are holding all of those private keys. You don't have access to them. You're trusting them to hold them in a secure and reproducible way.
Speaker 3:Yeah, and I haven't looked deep enough yet to see if there's a way to export those. So that would be something to look into and I'm definitely going to have a takeaway from this. But from what I understand, though, if you don't have control of those private keys, and it's all up there, yeah, if you lose your account, access to it, or a hack or something happens to them, that's gone.
Speaker 2:We're obviously still in the wild wild west of the crypto days. How long, in your opinion, do you think it will take to get to a spot of legitimacy where it's ubiquitous, everybody's hip? Everybody knows how to use the wallet. We're using it for daily transactions because you have Sam Brinkman Freed got to jail. You have the scandals with Robinhood and their user agreements shutting down the meme stocks. I don't think this is under contention, but when everyone started piling into AMC and GameStop, robinhood shut it down and a lot of the rhetoric going on online in the crypto community or in the meme community or Reddit or whatever you want to call it, was that top down, the man was stopping the masses from taking control over the market. So you know, and then you've seen crypto being used in nefarious ways. I mean that's kind of an old story. Now I think people are kind of losing interest and it's starting to gain legitimacy. But how long do you guys think it's going to take? You know it's still kind of wild.
Speaker 1:Companies like Dell used to take bitcoins so you could go on to Dellcom and buy a computer with Bitcoin, but I think they stopped that somewhere in 2017. Tesla used to be able to buy a car, I think at one point, very limited time, with some form of cryptocurrency, but I haven't seen that. It seemed like it was popular for a while and now it's on the down swing, Like wasn't there something where you could buy like coffee or pizza? And I'm talking way back in the day like 2009 or 10, when Bitcoin first came out and a pizza might have been like two Bitcoin. And now people are just freaking out because if they saved those Bitcoin, you know they'd have a substantial amount of money. Instead they have two pizzas.
Speaker 2:I've also seen it being used for recently for campaign contributions or donations. Are we on track to getting this to a spot of ubiquitous use and legitimacy, or do you think it's going to stay on the fringes?
Speaker 4:I feel like it's going to be out there and then never in the fringes for a while yet. It's just because of the kind of buzzword we use not too long ago. It's so volatile that it's all over the place. It's so hard to control it right now. And, for example, what Musk just said they pulled the money out of. What SpaceX they pulled out Look at how big that just affected that market right. So to me it's too up and down, I think, for it to be so mainstream. But that's obviously just. It's very subjective.
Speaker 3:Yeah, even my viewpoint too. I've seen. You know, when it comes down to trading it, it's mostly my fellow we'll call it geek friends, whatever cyber friends, you know, those who are involved in the IT industry and know how to really use that stuff and you know like you know, being able to throw up your you know software wallet on your phone.
Speaker 3:All right, what's your public key? Or scan my QR code Okay, we'll trade some money. But I feel like, at the same time, too, that people don't want to always give up their crypto because they're like well, if that goes up all of a sudden.
Speaker 3:I gave away that crypto for I was at the garage sale and the dude was accepting Bitcoin cash and I gave him 10, you know, like one tenth of a Bitcoin cash for that share and all of a sudden now it was at 90 bucks for that, but now it's 300 bucks. So I think there's also that aspect too. It's, I think people don't want to also miss out and just give up their crypto. So it's, I feel like it is still a little Fringe, but, um, I mean it's gaining more awareness because clearly here we are on a podcast, uh, but it's still not to the point where I'm going to go to neighbor to neighbor and when I go to their garage sale, we're going to be swapping bitcoin cash for items.
Speaker 1:And Josh to your point. I think both. What what matt and nick, we're talking about is the volatility. So country like al salvador who's Takes that as a as a standard currency if something is a dollar and and the equivalent of that is, just say, you know one one hundredth of a bitcoin, and then the next day it's still a dollar, but the value of the bitcoin changed. That makes it really tough to use as a mainstream currency if the value is fluctuating.
Speaker 1:So I don't know what you guys think, but I'm thinking, in order for it to be mainstream, there needs to be a cryptocurrency that is less volatile. But I think the reason behind the volatility is because it is not a government backed currency and there can be trust in the cryptocurrency unassociated with one particular government, which makes it really nice. Where you have governments that have corruption and, uh, not having currency tied to a regime is really nice and having a cross-border currency Is really nice, but the downside of it is the volatility piece and one thing to bear in mind there too is that you know the volatility piece isn't the fact that it's the, the currency itself.
Speaker 3:You know, like we're going back to the example of where you just print dollars, print dollars, print dollars and now there's more dollars into the system.
Speaker 3:It's it's a supply and demand volatility, so the united states dollar would have the same issue if countries were constantly Dropping and gaining. It, dropping and get you know, it'd be like all over the place, and so that's kind of the same viewpoint we have to have at. You know, look at, this is that it's got a volatility because people are investing, not investing, investing, not investing. So there's a supply and demand Thing that's causing it to go up and down, but that up and down Is based on a different currency, which is the united states dollar.
Speaker 3:So so if we had, if there were other, countries all over the world like I said, dropping in the united states dollar and we would see that same thing, I would think, with the united states dollar and be just all over the place. It's worth it, even more so than what we see with inflation.
Speaker 2:Let's move it over to matt, and maybe you could show us how you set up your hardware wallet and maybe talk about some of the differences between, other than the obvious, software and hardware wallet. Yeah, exactly.
Speaker 3:So, as we touched on earlier why one would go into a software wallet because of ease of use. You know the quick ability to trade, but then the risks that were associated with it. So this is where your hardware wallet comes in.
Speaker 3:So, for example, mine that I'm showing right now that I've got connected. So this is the trezor suite. Um, there's other brands out there. Another popular one, for example, is ledger. But what you're doing is now storing your private key on a Little device like this. You don't have somebody hacking An infrastructure to get your private key now. They have to somehow get a hold of your Hardware wallets. You can put a pin code on it up to like 50 characters long to lock it.
Speaker 3:What I'm going to show you is my treasure here and how to set up the how to wipe it first, because clearly you can see here there's some you know some cash in here and it's blurred out, and so I'm going to wipe this for your entertainment, the possibility of losing Some good chunk of money, and for this audience's education. I am risking the money that is associated with this that I have for bitcoin, ethereum, bitcoin, catch, and then we'll go through what it looks like to set up even a brand new wallet. What is that I mean it's?
Speaker 1:the same wallet right.
Speaker 3:Or is it? So I should have the same private key no.
Speaker 3:When you wipe it and you start up a new wallet, it regenerates a brand new unique private key on there. That's using those algorithms as cryptographic algorithms that now will have even a different recovery seat, and so that's kind of something I'm going to show later too. Was we're going to recover my wallets. It's using a recovery seat that I have on here, because every wallet that you get you need to do a backup recovery seat. That where you manually write down A bunch of words that uses a format Not format, but a standard called bit VIP 39, 2048 different words.
Speaker 3:That can exist up to 12, 18 or 24 combinations of those words. So I was trying to do the geek out and get into the math of that and it was like something like how many different combinations can you have with those words? It was like, I think 41 to the no, 10 to the 18th power, something like that. So that's you know, a 10 with 18 zeros after different combinations. It was just ridiculous, um and so uh.
Speaker 3:And if you. That's that's why that's so protected, because it's almost impossible to try to regenerate this. You know a manual area and having a computer try to figure this out. So so this recovery seat is tied to your private key, so that way, if I destroy this particular hardware wallet, I have this stored somewhere super duper safe, locked away, um that I could then buy another ledger or, excuse me, another treasure or even a ledger. Throw this 24 Different words into that are all in the right, in the right order, and it will able to regenerate my private key so I can get my money back.
Speaker 3:So you could actually put this on three or four different hardware wallets, if you want. I wouldn't recommend it because then you got a lot flipped around, but so what do you call the list of words?
Speaker 3:Uh, it's called bit 39, bip 39. I I know the B stands for bitcoin. I don't remember what the other two letters stand in that acronym, um, but it is. There's 2048 different words and then it's a matter of how they're combined into that 24 Different word sequence and that's your backup, is your, is your BIP 39, is your backup of your hardware wallet.
Speaker 1:So presumably you want to store that BIP 39 In a few different places, including one printed out somewhere.
Speaker 3:I wouldn't even recommend and they don't recommend even in a digital format, because, again, the whole point of it is to keep it from out of the digital world or hands where that if your computer gets hacked, your One drive, a Google Drive or whatever, maybe you have a text file, you got a password code. Somehow it ever gets out there that they now have those 24 Words that they could restore it.
Speaker 1:So they recommend not even having it digital, only a hard copy, locked away, hidden wherever that you know about and if you look at the the recent Situation in Maui, terrible situation where people's homes were completely destroyed by fire if you had printed this out and you kept it at home even in a fireproof safe, depending on the level of safe and you may have lost the contents of the safe because it might not have been able to withstand the fire, you then could have a real problem.
Speaker 3:Yeah, so there's definitely different levels of risk here, and so that's something that you know each individual needs to assess and maybe make, like said, a second paper copy and store it Offsite somewhere that we send them to.
Speaker 4:Nick, yeah, yeah, I'll give it a say. Matt, actually think about that. Are you picking those Nope the phrases, or do they give you a lot and they?
Speaker 3:They give you. It's not an instant specific to the device. It's specific to how the device is initiated, because the device itself has that algorithm and I'm not sure what the algorithm is off the top of my head, but it is always generating a new private key. That's unique because, again, going back to even looking at a bit 49 Excuse me, bit 39 2048 different words and you throw them into 24 word secret. The amount of different variances that you can get are just Astronomical. So I'm kind of curious what is the likelihood that another Treasure could generate? Maybe the same private key? I don't know.
Speaker 2:Or maybe there's some kind of a backstop from that happening. Yeah.
Speaker 3:And maybe it's because something with the serial number on the treasure device and that the treasure device has a unique serial number and then when it goes through a white, it reruns that through another, maybe some sort of assault? Or something like that's hash and generates a new one. But either way, however, it generates that new private key. When you wipe it, it has a new sequence of words that it gives you, and so we'll demonstrate that today here and to take a quick cheap shot at Gen Z.
Speaker 2:If you're looking for an extra level of protection, you can just write it in cursive.
Speaker 3:You know what, but they are smart enough to use chat GPT now, so that could interpret it for him. There you go to.
Speaker 2:Shea.
Speaker 3:All right, you want me to get now into the hardware wallet? Yes, I think that's good time now.
Speaker 1:Are you actually gonna wipe out your thing so?
Speaker 3:Yeah for this. For this demonstration, I am going to wipe out my hardware wallet for your Entertainment and education.
Speaker 4:Wow, is Eric reimbursing you for when you lost?
Speaker 3:no, so I am trusting folks. I'm trusting I have on this piece of paper is going to restore because clearly you can see there are funds in that Our chart there, yep, that are associated with my crypto down there.
Speaker 4:So here we go.
Speaker 1:Hold on before you do that right there, bad before you start.
Speaker 4:Oh, eric, may I ran you?
Speaker 1:over. Yeah, go ahead, go ahead the green line.
Speaker 4:What is that? Do you just have one crypto, or is that just?
Speaker 3:it was all I'm imported from my, from my software wallet at that date and time. I was just curious before we started again.
Speaker 2:I just want to try out this feature. I've been waiting patiently and I'm gonna give you a little drumroll here.
Speaker 4:I mean, eric, were you gonna say something before you? Yeah, hold on.
Speaker 1:Before you do that, do you have this backed up somewhere else, matt?
Speaker 2:No, Eric's really worried.
Speaker 4:He's, he's really.
Speaker 3:It is on this. It is on this piece of paper here. Have you done this before? I Am not obliged to say that that's something we're gonna cut out of the podcast for entertainment of the folks watching.
Speaker 1:Okay, I'm concerned. I don't want you to lose.
Speaker 3:I am. This is all that. This is the web track. This is all what I want you guys. I want to show you that I know demonstrate this for your enjoyment. And so here we go, drumroll.
Speaker 2:Okay, okay ready yeah that's a joke. That's a joke we want.
Speaker 3:we want the rent to submit to our yeah, you can save that other drumroll for when I can't restore it.
Speaker 2:We'll save the laughing for that.
Speaker 3:No, alright so we're hitting settings here, we're hitting device, we are going down To factory reset folks.
Speaker 2:Oh, this is exciting. Yeah, oh my god, resetting this device.
Speaker 3:You know it's data. Reset your device only if you have a safe offline backup of your recovery seat which allows you to restore your funds. I understand this action. Is there a way?
Speaker 4:that you could check on here that what you have on that paper matches Just for somebody else. Right, they were gonna do this. Is there a way to verify it on that paper?
Speaker 3:You can In the app. Here there is a live. I've been testing that you can check to make sure it's still as good. But you know what we're not even gonna do that. We're just gonna risk it for the best kid. Yep. So here we go, folks. So now it says follow the screens on your treasure and it's you know, confirming on here. Do you want to delete? Confirm? It just gave me a status bar and there you go, it's gone, it's.
Speaker 1:I'm uncomfortable.
Speaker 3:It's gone. It's gone like. So right now, eric the ledger has my, has the has the public key. I have no longer a private key on a digital device to be able to interact With that public key anymore, now that everyone is can see that we got a fresh device. So when you go to the store or you go to your favorite online retailer or whatever, and buy a Treasure or ledger, it's going. One of the first things that they it wants to do is, you know, check that you got the latest firmware is installed and go through all that fun stuff.
Speaker 3:So Yep we'll went through and made sure I had a firmware. It's ready, great.
Speaker 4:It's visibly uncomfortable body, palms all over.
Speaker 3:I hope this works. So create new wallet folks. We're gonna create a cover new one Yep, so this is where that paper seed comes in.
Speaker 1:Are you doing create or you doing recover? You're not gonna recover, you're gonna do a new one.
Speaker 3:Yeah, I'm done. I've done with that money. It's gone. I don't care about it. No Standard seed backup.
Speaker 1:All right so now.
Speaker 3:Choose the backup process. So now it's asked me Do you really want to create a new wallet? It's got a little nice little looking CGA style text there from 1987. All right, confirming Great, so needs backup. So now the treasure shows like, hey, we need to create a backup. So this is where it gets, this is where you get your 24 seed. You know different words, so we'll do create backup here. Recovery, seed, back, series of randomly generated words created by your treasure. So it's important that you write it down.
Speaker 1:Matt, you can't put like so in Nick's case. Nick has a lot of cats. He would probably pick the cat names.
Speaker 4:Ordee cat, yeah Texas.
Speaker 3:Know all those different words. Yeah, the first cats.
Speaker 1:I think they were named after handguns at one point.
Speaker 3:Okay.
Speaker 4:Yeah, you know if in Western.
Speaker 3:Springfield Ruger yeah, yeah, we're good, we have a new dog's Ruger story recovery seeds. Yeah, here we go. So now it's generating. So just give you an example here. So write down the seed. First word shows control. And then this is where I'd be writing it down, on that nice Piece of paper or another piece of paper that I'm gonna store away somewhere far away. So if my house burnt down, maybe you can still get to it.
Speaker 2:So now it gave me a second word venue.
Speaker 3:I'm just going through this because otherwise we have 24 words or third word, panther. Fourth word, cabin. Fifth word, position, six word, basic, and then it now even goes again through it One more time. So here we are back to the first word again control, because it wants to make sure that you wrote those down the first time accurately. So I'm just gonna fly through these words again.
Speaker 4:Which cats your favorite. We'll go with Smith and Weston, maybe All right so?
Speaker 3:now. This is where I Got my theoretical Seed on paper now and now. This is where I create a pin for the wallet to unlock it, and so this is so. If somebody steals the actual wallet itself and tries to plug it into another computer, they would also have to know my Memorized pin in order to unlock it and then make it be able to communicate with the different ledgers out there and blockchains.
Speaker 1:So I confirm now.
Speaker 3:This is a really cool feature. So for this isn't being hidden just for the youtubers view or your view. This is actually how the software functions. So you actually have to look at your screen and it's got Nine digits in a particular order. They're not one, two, three, four, five, six, seven, eight, nine in order, they're all different. So that way, if you have malicious actor on your workstation that's like trying to maybe do some sort of a click or you know monitor where the clicks are happening at, they can't Grab the pin that you were entering into this. So and that actually does this, every time you connect your Hardware wallet to the software to be able to communicate with blockchain it, it will always display the nine digits in a different order on your hardware wallet screen.
Speaker 3:So I'll do that again. So now one is up here, one one and nine is now over here enter and. So now I've set the pen on this wallet blank brand new private key wallet and then I can choose what coins that I want this software, you know what blockchain that I wanted to communicate with and Confirm my you know private key with. So we'll just do like going with the wrong there. We'll do Bitcoin cash.
Speaker 3:You know, dogecoin, and Please set up.
Speaker 1:So, matt, that only allows you to pick a handful of coins, correct you?
Speaker 3:only work with a major, major coin. So, oh my god, this is where, if you want to get into the fringe or call it coins, you'd probably you'd want to have a software wallet for, so Maybe I you know, I haven't looked to see if there's a way to enable more coins on here, but this is running the latest firmware, so, and the firmware is what allows the wallets to, and software to, communicate with that particular crypto blockchain.
Speaker 3:So, now this is where you can even have multiple wallets on here. So a standard wallet you can have where it is kind of think of it is, it's just a wide open wallets. Somebody steals your regular Bible wallet that you have, or whatever, or your purse, manbag, whatever you have, open it up and there's all your cash and you can do it that way too. Standard wallet, but of course it's still protected by that pin that we set up. But you can even add another like sub wallet that even has a pass phrase to protect it even at that level. So I could put maybe some fun money into my standard wallet that I don't Air if it, if seriously. Somebody figured out my pin on my device and got you. But then I could even have a sub wallet that's protected, even with a pass phrase as well, and I could put funds into that.
Speaker 3:So now you're looking at one the malicious actor has to get a hold of my wallet to. They got to figure out the pin. And then three If they got a hold pin, they could maybe get into my standard wallet, assuming I even put funds in there. Or I can throw another, even pass phrase on top of that to even make that lockdown. So we're just gonna go for the sake of this, for simplicity. Just a standard wallet here I view, will unhide everything here, so you can see that there is. You know it's with the private key that it has on here. It's checking all those blockchains to see if my Public key that is associated with my private keys exists up there, and you can see there's nothing that exists with the public key that would be generated. So this is where you can also see.
Speaker 3:If you go to accounts here, you can get a few more details into it but let's say, you know, for the sake of Somebody watching this video, if they want to send some random Bitcoin to this, I could hit receive here, show the full address, and this will be exposed to the entire world. Now on YouTube and watch. I'll probably. Wipe this and somebody will throw in like 500 bucks and it's gone.
Speaker 3:But, if here's the public key, so if anybody watching this could send money to this public key. But I'm going to be wiping this those of you out there and it is going to be gone. So if you gave this a dollar worth of Bitcoin, it's gonna be lost on the blockchain forever.
Speaker 1:I'll put my wallet in the chat for everybody who wants to donate, like the Venmo address or your PayPal address, where you give it to somebody and then they pay you that way and exactly, and just to show you that it is different.
Speaker 3:You know this, this public Key. So what are we looking at here? The last four KQ4x. So let's just do this for sake of fun. Again, we're gonna wipe this. Won't take long to go through that process again not reset app, but device Start and access the blockchain. Of course, still no money in there, because this is a brand new. Again, private and public keys. And If I go now to my accounts and go back to my, the Bitcoin receive, show that is a totally different number now so there you go yeah, to send and receive.
Speaker 3:You can hit so if I, if one of you, if I had Bitcoin in here, I get it, send and then you give me your you know public address. If I had enough you know Bitcoin to send you in or enough dollars to convert it to, etc. I can hit review and send. And then, you know, it takes a little bit of time to communicate with the blockchain and finally show up, but you would see that on your either software wallet or hardware wallet, so you can find your public address, so you can you know switch money just like Venmo, you know where you have a QR code is there a man?
Speaker 4:is there a fee to send the funds back and forth? Yep, there are fees.
Speaker 3:I think it's a couple of dollars, it's. It's usually a base. I think it's a certain person. Yeah, I believe it's a certain percentage on how much you're sending, but there is fees to do that, and, if I recall, those fees actually, though, are somehow provided to the blockchain keeping that up and running, or whatever. But, yeah, don't quote me on that dual digging, but I believe those fees, because each, each soft Heartwall has a different fee than even hardware wallets too. So I mean, I don't know if that's because the software wallet Might have a discount, because they are a software wallet working with the blockchain Frequently, but then they add their own fees on Twitter building make money, where, maybe, with the block, when you have a hardware wallet, you're interacting with the blockchain directly, and that's just the hard number that goes directly to that. You know, block change resources. So, like I said, don't quote me on that dual digging on that, but I believe that's what it is.
Speaker 4:I kind of want to see the restore. All right, well, I'll give a little bit more.
Speaker 3:I'll give a little more tour of just kind of the interface here. So I'm pretty straightforward. Buying and receiving here you can have. When you go into the settings of the application you can change. You know what language the just you know the interface is showing what fee. I love it. What even fiat currency is, even heads considered fiat. Many different currencies from all over the world here you can choose from. And Color scheme application log.
Speaker 3:Yeah, updating the suite, you know different feature sets that might come out. But then if you go to the device now this is where you have a little bit more Control or the device, so if you want to update the firmware, you can also switch the firmware on the device. So if you were only using Bitcoin on your device, you could switch it to a Specific Bitcoin firmware. Why you would want to do this? Because then there's less Firmware updates, because you don't have to deal or worry about all the other coins that the whole wallet has to support. So if you only care about Bitcoin, you could switch it to just that firmware and it just means that there's less updates and less likelihood that your hardware wallet could become correct.
Speaker 3:So there's always that potential to, with you know, crop firmware. That's what this is for, hopefully we're gonna see my money again.
Speaker 4:Man, I suppose that's also a good. Another security. I mean, if you're only gonna use the Bitcoin, you could switch that type right. That might be an extra layer of security.
Speaker 1:No, yeah, did you have to Install any software or drivers on your computer? Is compatible with Mac, pc, linux. What have you?
Speaker 3:Yeah, no, I didn't have to do any special drivers. I mean for the example of even this podcast. I quickly connected this to my iMac because I couldn't get camera and video working on a different computer or actually have the software installed, and it just detected it right away, and so all I had to do is install the Tresor sweet software and the way it went after I plugged in my pin code and and then does it have some sort of Internal battery or something like that?
Speaker 1:and what I'm thinking of is, if you're storing it there and then say you wanted to keep this off-site in a safety deposit box and not touch it for 10 years, do you have to worry about periodically recharging it or anything like that?
Speaker 3:It's all these be powered through the USB connection, so so that's something to consider too, because maybe the USB standard changes over time and you did put it away for some long-term safekeeping. Make sure you've always got some sort of an adapter or some way to build again. Wink, wink, recover your paper. Steed on the new version because you can install it, assuming it still supports that bit 39 standard at that point in time.
Speaker 2:History so is a hardware wallet similar to the software wallet, where you to get it off the get your assets off the exchange, you have to send it to the wallet address, just like you'd be sending someone else money or making a payment. Does that work the same way with the hardware wallet?
Speaker 3:Because of your private key being directly connected to your wallet or your computer being connected directly to your wallet right now and it's interacting with the private key and the software able to translate that in public key on the blockchain. Yeah, so when I hit buy here, I could just type in how much I want and it'll just, you know, show up here on my wallet.
Speaker 3:So there isn't really a way the only reason why I would need to produce my Public key is if somebody wants to send me, you know, from their own personal Wallets money, but otherwise, just going on the ledge, you know, going on the actual blockchain itself and just kind of just randomly going to the market and pulling it down, I don't have to produce my, my public key or anything like that at least when I say produce it.
Speaker 3:I don't mean via the, the algorithm and what it's doing behind the scenes of the software, but just you know, giving it out to the market and hey, somebody give me some money here that I want one tenth of the Bitcoin.
Speaker 2:So so do you keep any money on the exchange or do you Trade in within your wallet and keep all of your assets there?
Speaker 3:um, I Trade. All of it was in the wallet, so I mean it's In. Just to be clear when we say exchange and you know wallets. So if your wallet isn't, you know there's nothing being held on here except for the private key. So this, this has no idea how much Bitcoin I have, you know. So that's all on the blockchain. Only the blockchain is aware of that. So, again, if this thing gets destroyed, your, your, your Bitcoin, your or crypto isn't destroyed with it, assuming you have a backup, because it's it's you, your, your information is all stored on that blockchain. So so the same thing goes for your even software wallet. You know you're, you're, when you're viewing how much money you have, your software wallet is just interacting With the blockchain and doing a lookup to see how much your public key has associated with it out there so.
Speaker 3:That's that makes a difference when I say exchange and kind of block, you know, and how are those funds reviewed?
Speaker 2:Yeah, that makes sense. I just know there's a lot of people that I interact with that just keep their money on the exchange because they're afraid to move it into the wallet or For those security reasons, obviously much more secure in a wallet, whether it be software or hardware, than than leaving it on on the exchange.
Speaker 1:And that wallet, matt, that's a wallet that you're gonna destroy, right.
Speaker 3:Well, I've technically already destroyed it twice.
Speaker 1:Where is the hardware? So like if you wanted to write down that hardware key, not the words, but like the key itself. How do you find that that's a good?
Speaker 3:question. This is where you know some of my red team. You know kind of how do we hack this thing though.
Speaker 1:That's like how do I?
Speaker 3:get into this thing to See if I can view the private key. I have not tried to go about those that methodology like I Cannot. I, from what I can see in the software suite here, I've not been able to find a way to do that Clearly on the computer, to be able to somehow read the contents on here. Because, for example, you know, one thing that comes to mind is like a Ubi-key here. You know this is very similar Technology to a I'm using Ubi-key as an example, but fight-o-two security keys. It's a private, public key situation. So on this Ubi-key, our private keys that are stored and tied with public keys with an identity provider as your octa wherever, and With the Ubi-key Software you can or command, command line software you can interact with the Ubi-key to view the private keys on there.
Speaker 3:So, but I have not come across that yet with the hardware wallet. I haven't played around with that enough to see if there's something like that. So Maybe that's another episode some days. How do we know the dark side of hardware wallets? How do you get into one?
Speaker 1:Yeah, how do you get into that? Because the I also heard like you have those words written down, but also having the Private key written down would work regardless if you had a hardware or a software wallet. As I understand it.
Speaker 4:Yeah, shall we restore.
Speaker 1:We're all waiting for the.
Speaker 3:Okay, I'll probably have to. I will have to Stop the screen sharing, because it will. It does want the words and put it into there. So while I trust you to maybe block this from the general public's view, I still don't trust you.
Speaker 2:We don't need that on the Riverside cloud either. That's fine. I think that's a good idea. Let's get a drumroll here we go folks.
Speaker 3:So, as you can, I mean, here we are, we're in the dashboard, right, and there is Zero dollars there. So, first off, I'm going to well, let's, let's wipe this thing again. So go back to the device.
Speaker 1:We're going to factory reset this for a third time and wants me to confirm yet I Remember back in the day when I had first started in IT, we had a couple critical backups that we're pulling from tape and it was always like you know, your brow is sweating when you're all yeah, and from that Dat tape that you had to stick in the, you know the base and then you've got your incrementals and I mean you were just rolling the dice if it was gonna work.
Speaker 3:So recover wall, see. So now it's asking what you know, what words were generated with that particular Particular recovery. And so it was a 24 words, nice and secure, great, into your cover. See word by word on your computer, or if you want to get advanced. So the reason why, the reason, what?
Speaker 3:Here this goes back to again, you know that red team, how do you hack a hardware wallet? So if you're still concerned that you have malicious software doing screen scraping or something keystrokes, click, strokes, you name it you could go to an advanced recovery where you're entering it in into the hardware wallet itself and that would take a long time, not being some sort of a touchscreen. So I am gonna trust that my safe. And it's saying do you really want to recover the vice? Yep, confirm on my device. And so now now it's giving me that Jai Gannick's 300 or 2048 list, word, word list. Now I have to choose. You know the right words that I wrote down in the appropriate order. So this, I'm sorry folks, I'm going to have to Stop the screen sharing temporarily and then Look at the reflection in his glasses.
Speaker 1:Let's see if we can suck it out. Chat.
Speaker 3:GPT too. I got a careful with all this the click thing. If you guys all heard about that, you know no. What was it with chat? The AI is able to detect via audio password keystrokes.
Speaker 1:Oh, yeah, that was that black hat last week or two weeks ago where they above 95% accuracy, I think they showed it could tell what keys were being pressed. They were using a MacBook Pro. I believe that's what you're talking about, right, matt?
Speaker 2:Yep, I think we stumbled maybe upon a great marketing business idea there AI, safe keyboard, yes and next. Maybe it could just be like We'll take a shark tank.
Speaker 1:This cat makes his keyboard, makes cat noises.
Speaker 2:To mask the keystrokes.
Speaker 1:Oh, he muted.
Speaker 4:Matt go, matt, now he's gonna screw it up the recovery because we're screwing with them or he's flat now Look at this guy coming on his forehead.
Speaker 2:The title of this video might be watch an IT expert lose thousands of dollars in crypto.
Speaker 4:I love this buddy now thinking about it.
Speaker 1:Josh, what about that episode we were gonna have where Jaden tattoos somebody or somebody tattoos Jaden? I'm all about it tattoo challenge yeah well, there was some sort of like lock picking bet in there or something that was gonna be good.
Speaker 4:Every time. If you don't get it, you have to take a shot, and then the tattoo artist should have to take the shots.
Speaker 2:I think, though, the tattooers should be just regular IT people doing tattoos for the first time. Oh, yeah, yeah, all right man how'd it go?
Speaker 3:Well, we're gonna find out. Here's the drum roll.
Speaker 4:Can you share your?
Speaker 3:screen now for this one. Yeah, I'm trying to get the pleasure screen here. So now, oh, there we go, look at the bar. Ha ha, ha ha. I gotta go change my drawers now because that was a little too, wow. So yeah, so clearly you can see that it was now.
Speaker 3:The thing is that the reason it took me a while is because when we first started this, I was actually going in order of those 24 words when it was asking me for the next word, next word. But what you have to do is you have to look at your treasure screen and it'll ask you what's the 13th word what's the?
Speaker 3:fifth word. So it does go through all 24 words, but it goes through them in random order. So I started off going one, two, three, four and like, oh crap, I forgot to look at the screen, so then I had to restart and then, of course, with you guys talking, yeah, I am sweating like wait, what word is that? Oh, it's so, okay, this one. So.
Speaker 2:so now Did the music help though.
Speaker 3:A little bit. I mean I started, I mean it's a good jam, but I started getting a little distracted though too. But yeah, clearly I went directly off that piece of paper. So yeah, I got my money back.
Speaker 2:So that's nice.
Speaker 1:All's well that ends well.
Speaker 2:Cool. Well, thanks, matt, so much for doing this today. I think we should do another one on crypto down the road. You know there's all endless amount of chat and we can do about crypto and the crypto world.
Speaker 1:You have been listening to the audit presented by IT Audit Labs. You can find more episodes and information at ITauditlabscom Spotify or by visiting our YouTube channel. Don't forget to like and subscribe. In this current technology landscape, managing risk, among other operations, can be incredibly challenging. Let IT Audit Labs experts provide a detailed, thorough examination and preparation for your upcoming audit. Contact us to learn more. Thanks to our producer, joshua J Schmidt, and our audio video editor, cameron Troy Hill. Thanks for watching.