00:02:18 Also: looking at their website, they say that you get multiple cards, which "establish a secure connection with each other and transfer your encrypted private keys" between eachother. 00:02:43 That sounds like a setup vulnerability waiting to happen 00:06:30 https://tangem.com/en/help_center/security/#a5727744364445 00:06:30 "If Tangem Note is stolen, can a third party gain access to the wallet? 00:06:30 Tangem Note cards have no backup option or access code protection. For this reason, the cards can be compared to traditional banknotes: whoever owns the card can access the wallet. Like traditional banknotes, therefore, these cards must be physically secure at all times." 00:06:39 LMAO 00:06:57 omg lol 00:07:10 and you need the card each time you use the device 😂 00:07:38 I think I ear about them before 00:09:10 Oh wait, that's Notes, not Wallet 00:09:12 How so? When you create your wallet you basically scan 2 or 3 cards. either card can be used to sign a transaction. so they are like backup cards in case you lose your original. You also create a password for the card so even if the card is stolen no one can use it 00:09:42 "If Tangem Note is stolen, can a third party gain access to the wallet? 00:09:42 Tangem Note cards have no backup option or access code protection. For this reason, the cards can be compared to traditional banknotes: whoever owns the card can access the wallet. Like traditional banknotes, therefore, these cards must be physically secure at all times." 00:09:53 No access code protection... 00:09:57 wait wtf 00:10:04 if they have no code protection thats wild 00:10:09 pickpockets are gonna be rich 00:10:24 So they're supposed to be like crypto banknotes - but you have no actual way of verifying that there are no duplicates 00:10:26 There marketing pitch is "treat it like "cash" 00:10:52 If someone else get your 20000VND bill, well, he got your 20000VND bill 00:12:07 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/bGmgArKiDOEPLIKyDCxrDwDy 00:12:19 wait, they have another contradicting thing 00:12:29 You trust the manufacturer *and* the person giving it to you that there actually exists no duplicate of that same private key. The only safe way to use them is to immediately redeem them 00:12:31 "If the Tangem Wallet card is stolen, can a third party gain access to the wallet? 00:12:31 A third party will only be able to access your wallet if your cards are not linked (you have not backed them up). In this case, access code protection is not available: it is activated only when you link two or three cards to one wallet." 00:12:49 I did research it and there is a pin I saw someone who bought them make a video about it 00:12:52 So you have to make a backup to protect them, but you can use it without making a backup and so they are not locked 00:13:11 but you can set a PIN when you create a backup or something like that. 00:13:13 That's the Wallet, not the Cards (banknotes) 00:13:32 They sell the wallet in pair of 2 cards minimum, its impossible to create a wallet with only 1 card 00:13:38 "If the Tangem Wallet card is stolen, can a third party gain access to the wallet?" 00:13:38 Oh, it just said "card" so I was wondering lol 00:13:41 A Wallet = 2 or 3 "credit cards" 00:13:59 "That's why we recommend that you make backups before funding your wallet, ensuring that your funds are protected by the access code." 00:14:26 So the only issue I see here is that my phone can be compromised and then I sign wrong tx 00:15:03 chatgpt says "you can compare tx from phone" but if the phone is rigged then it can show correct details for a malicious transactions 00:15:17 "This isn’t supported. Once a backup has been created, all cards in the set have a single private key and become equal, so there is no technical way to identify which card has been lost. 00:15:17 When you activate a card and create a backup, you protect each card with its user password. Moreover, the card is protected against brute-force attacks. After the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered." 00:15:19 I hope they have a solid explanation for this 00:15:22 because them cards look cool af 00:15:46 So yeah, look like the main flaw would be the phone 00:16:19 Chatgpt has no clue what it's talking about, don't use it as a source when you need reliable information. Like, in general 00:16:24 I wish they would allow a pin of words rather than numbers lol. I would put the monero whitepaper in it or something 00:16:48 it has bing search which checks the faq section of the tangem website 00:17:10 but yeah always cautious when using AI 00:17:33 it has bing search which checks the faq section of the tangem website and provides source links for all claims 00:17:42 Doesn't matter. It's a text generator. It doesn't "understand" what it's actually talking about - in spite of its ability to mimick human writing very convincingly 00:18:55 oh yeah I agree, its like people who think AI can have feeling. I swear on my life in college I had a course about AI and ethics and a solid part of the class material was about whether or not AI should have rights 00:19:47 because they were like "Can AI be sentient? It is just like us, it consumes electricity, it is made of different materials but still have same composition" other retarded shit 00:20:08 I was losing my mind that some retards were arguing that AI should have rights because they can become sentient 00:20:38 but anyways, ill let you guys know what tangem replies 00:21:50 I see one use for there tandem thing actually 00:21:50 It can import other seed when you initialize the cards. 00:21:50 So instead of keeping text hidden in some form, you can just use the tandem thing as backup for you other hardware wallet seed. 00:21:51 Never use the tandem card except if you need to access the backup, in that case you will have to buy a new set as you will be able to recover the money, not the seed. 00:23:19 And unlike paper or steal plates, you need a password to access it (once you bruteforce the safe it's in or something) 00:23:19 Kind of 2FA :p 00:23:27 True, that can definitely be one way to do it. They are also making a ring that looks normal 00:23:37 so the ring can act as a card 00:24:00 I thought it would be useful since I need to pledge and invest at random times in the VC I am in for seed rounds 00:24:00 Create the wallet on a freshly wiped phone that never saw internet (sideload the app) 00:24:27 Dont we need internet to use blockchain? 00:24:29 Can it actually import a seed? 🤔 I read in the wallet description that "Tangem Wallet doesn't use a BIP-39 seed because we consider it insecure", and they generate a single private key during initalization instead 00:24:47 its a recent update. its new. Now you can import seeds 00:25:07 https://matrix.monero.social/_matrix/media/v1/download/monero.social/pbBmTNRBXcwdfqmgeLYjoZWK 00:25:29 I see 00:36:14 Is there any way the app can be anti tamperment or something? 00:40:45 https://www.coinspeaker.com/ledger-484k-fresh-hack/ 00:41:24 https://www.coindesk.com/business/2023/12/14/defi-protocol-sushis-cto-warns-of-possible-exploit/ 00:42:16 Yeah bunch of fuckers. The hackers put some code in the API that is used to connect Ledger to dapps 00:42:22 at least thats what I think I understood 00:42:27 I just read some tweets 00:42:49 so when users connect to a dapp the transaction displayed are not the real ones 00:43:02 or something of the sort I dont know didnt read 00:43:56 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/mbUSoFyGdHdznsfSfPPGodRt 00:44:45 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/SOPxfKdloQbOLBqtIkESYgyP 00:45:23 This is a joke really. All it takes for the most popular ledger to get fucked is one employee getting caught in a phishing attack 00:45:48 Ledger really fell off, and honestly its never been at the top, its only the most popular because it supports the most chains 00:49:04 Ledger really fell off, and honestly its never been at the top (closed source), its only the most popular because it supports the most chains 00:55:08 only $484k pffft 00:55:48 the announcement of hack spread super fast on twitter so most users were aware of it before they fell victim to it 00:56:24 every single crypto twitter account and every single crypto project tweeted about it 00:56:45 i haz no tweeter 00:57:12 you were about to be part of that 484k 00:57:32 how, I haz no ledger 01:00:27 Thanks plowsof 01:09:35 https://twitter.com/NewEnglandNews8/status/1737232463502426613 01:11:28 what account is that? 01:12:34 <1​23bob123:matrix.org> Caught the disease 01:17:09 Wait, theses Tandem cards, you can't even buy them with crypto. 01:17:09 It lost all the credibility instantly 01:26:31 they used to have crypto payment they removed them for some reason due to some problem 01:26:47 lol 01:26:52 they just said it is removed for now no ETA on when its back they will bring them back once issue is fixed or whatever 01:27:03 😂 01:27:13 I am also waiting on that, not buying with FIAT 01:27:22 They loas a sale (mine) 01:27:51 it's 2023 and it's a crypto wallet designer / store, and they can't manage simple crypto payment? 01:28:28 "we listen to our customers" is like a good part of their marketing, so if we harass them enough theyll bring it back lol 01:51:37 thats their answer: When using the official app, the risk of compromise is removed. We advise users to prioritize their digital hygiene by maintaining a secure device environment, running the most up-to-date version of their mobile device's OS, and downloading apps only from official sources. 01:51:37 Additionally, we're actively working on redesigning the token sending page, and will soon introduce it. 01:51:49 so basically the CIA can fuck you up 01:55:15 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/DIqbiRPWQgzODjgzxRfftvha 01:55:16 customer support is probably thinking I am fucking with them 01:55:31 Smh 01:56:25 I think _youre_ fkn w us 🙃 01:56:32 Hey everyone 01:56:39 Lets get freewallet to support xmr 01:56:46 Nobody has ever used them 01:57:00 whats freewallet 01:57:00 And nor heard of them, aside from me 01:57:06 Its the best 01:57:15 link? 01:57:22 they actually already have xmr deposit support 01:57:27 someone recently used freewallet and lost some montero 01:57:47 Well, they don't have _withdrawal_ support.. 01:57:56 freewallet is a long running scam 01:58:46 and goo goo playstore keeps recommending it 01:59:30 Tandem is new - dont discriminate 02:00:08 Is it really a "scam" if they never claim to offer support for withdrawing? 02:01:01 Tldr: i dont think its beneficial at all to come to this room to shill stuff you havent DYOR on 02:01:08 Legally speaking they are not guilty 02:01:39 If all you know about tandem is "they are too good to be true but dont support xmr" 02:01:54 Well then you need to do more research 02:02:00 Or -offtopic it 02:02:14 Foundation devices 02:02:34 Now there is an open source hardware wallet that can be recommended 02:02:37 I did do my research I just didnt think of the vulnerability point that was mentioned here 02:02:56 Research != reading their promotional materials 02:03:10 right lol 02:03:44 have you seen their source code for yourself? (are you sure it exists?) 02:04:18 yes iz on github 02:04:27 signal and session claim to be open source - doesnt mean they always post their source code for the binaries they ship 02:04:45 Whats a binary that is shipped 02:07:29 Btw 02:07:35 This is possible on monero 02:07:50 plowsof: wrote a script for it 02:08:04 A proof on concept 02:08:08 Of* 02:09:24 Its just an encrypted monero URI 02:11:09 On an nfc card 02:12:52 1 direction loads it with private keys or specific txids, other direction sweeps [an amount] the card to another address. Could use a view key etc 02:14:03 maybe tandem wants to do it if you tellem to buy dan some xmr 02:27:57 they said this: Within the token sending window, you have the ability to observe and verify the address to which you are sending the funds. An attack that involves falsifying an address is only feasible on devices that have rooting capabilities enabled. If you are concerned about potential compromise, it is advisable to refrain from enabling rooting on your device. 02:27:57 I think we should move this conversation to #monero-offtopic:monero.social though 02:28:08 they said this, not sure what it means: Within the token sending window, you have the ability to observe and verify the address to which you are sending the funds. An attack that involves falsifying an address is only feasible on devices that have rooting capabilities enabled. If you are concerned about potential compromise, it is advisable to refrain from enabling rooting on your device. 02:28:08 I think we should move this conversation to #monero-offtopic:monero.social though 02:30:24 they said this, not sure what it means: Within the token sending window, you have the ability to observe and verify the address to which you are sending the funds. An attack that involves falsifying an address is only feasible on devices that have rooting capabilities enabled. If you are concerned about potential compromise, it is advisable to refrain from enabling rooting on your device. 02:30:24 Rooting: https://wikiless.org/wiki/Rooting_(Android)?lang=en#Disadvantages 02:30:25 I think we should move this conversation to #monero-offtopic:monero.social though 02:32:23 why does everyone keep saying tandem instead of tangem? 02:32:40 Bcuz i dont have a clue what it is 02:33:11 because tandem is a word probably 02:33:30 so I dont have that red line under it when I write it 02:33:37 I blame my non-existent auto-correct 02:35:36 Agree with offtopic 03:29:19 You would not want a mobile phone 03:29:38 You would not want a mobile phone for cryptocurrency 03:29:53 If it still has the modem, then all defenses are useless 03:37:38 <1​23bob123:matrix.org> I use 5110 03:45:58 What is 5110? 04:36:30 <1​23bob123:matrix.org> https://matrix.monero.social/_matrix/media/v1/download/matrix.org/krmbTKBIZYHDIrTTHYMxhlCX 04:44:32 41hzbgqgkrYijnRVBLzr1KHsYc1iUBBCJYeeT9d3eiYE2PhbohxxwJLZCNVbTzvAMkhtYGF3RQcr2Ea187AJn8af149UG1G plz search for numerology 04:51:19 Ah, ok 04:51:36 I still don't trust them. Same reason why you wouldn't trust an airgapped computer with an 802.11 card 05:01:59 <1​23bob123:matrix.org> isnt really airgapped is it 05:02:28 <1​23bob123:matrix.org> new ccs wallet is in faraday cage? 05:20:14 I microwaved it 05:21:32 Just remove the wifi/bt card 05:22:52 <1​23bob123:matrix.org> but how will i use my bluetooth mouse! 05:23:09 <1​23bob123:matrix.org> back to ps/2 05:23:24 Use a mouse for adult. 05:23:24 They have cables.. 05:23:24 But if we talk about a laptop, I assume it's a Lenovo and it have a trackpoint so mouse not needed 05:23:48 <1​23bob123:matrix.org> but i will use X11 for tracking 07:11:21 On a serious note, luigi1111 - no bluetooth keyboard 07:15:07 https://yewtu.be/watch?v=actbJx7oEZU 07:26:08 Bt disabled in bios 07:35:16 <1​23bob123:matrix.org> de solder it 08:48:01 Dont forget soundproofing (AI can guess your password if someone records you typing it) 09:56:32 Only use in vacuum pls luigi 09:56:58 Vibration sensors can guess your pass from cpu vibrations 10:42:16 guess my password 10:42:17 fluffychat wont send the voice msg fuaark 10:48:31 <1​23bob123:matrix.org> 1234 22:50:53 Etherium network fees are outrageous. Cost me $15 US in total to buy USDC on an exchange and transfer it to a non-custodial USDC wallet on the ETH chain. Which platform has the cheapest fees for a USDC to XMR swap? 22:54:38 You get one order of magnitude more fee just by **sending** the USDC via ETH, extra fees on exchanges are probably irrelevant at that point. 22:54:38 Next time use TRX USDC if you want USDC, TX fees way lower. 22:54:39 For swap, you can look at trocador.app and set it up, it will compare rates 22:56:17 fatcontroller: 23:15:06 do these trocador prepaid card work with any site? 23:15:24 would it work for protonmail? 23:15:41 Check the FAQ. I did not test them myself. 23:18:48 they dont answer that question in faq 23:24:28 They should work everywhere not requiring 3DS, I think 23:24:44 whats 3DS 23:25:02 CC 2FA scam I think 23:25:36 And you can't use them in OFAC sanctioned countries 23:50:23 I hate to say it but TRX is popular for stablecoins for a reason 23:50:55 also ProtonMail takes BTC so why bother with a prepaid card?