I've had a bug in my brain that I couldn't quite identify ever since I started researching these hardware wallets... A few minutes ago, it reached out from my unconscious mind and woke me up as it entered my conscious mind. As things my brain thinks of without my permission often do...



The only real weakness I see in devices like this, is the deterministic seed itself.



Take Trezor, for example.



I noticed this when I saw how they were touting the keyspace math for 24 dictionary words compared to keyspace of a single password with letters, numbers, and symbols.



It's not a true comparison because we know that dictionary words are being used, and we can even discover which ones simply by going through the setup process, or, duh, looking at the code. It's open source.



Since the process is deterministic, and the source is pseudo-random, at best, given that it's dictionary... We don't have to attack a given device. We don't have to possess a device, or have a target in mind.



All we have to do is possess a blockchain, and keep comparing addresses deriven from the same pile of dictionary words until we get a hit on an address that has been used somewhere in blockchain history.



The space we actually have to search, we ignore. We don't give one flying fuck about the mathematical keyspace. We simply generate seeds in the same manner as the code shows us, as fast as we can, and see if the first 10 deriven addresses appear in the blockchain. If so, we have a valid seed. Automate sends to own address. Owner no longer has any money.



The key is deterministic. The pseudo-random soucre can be thought of as pseudo-deterministic, because it's pattern is defined. Too many known rule sets...



The more products are sold, the more we divide the search... We're not attacking a certain target, we're just jamming numbers until we hit a seed whose addresses show up in the blockchain. Just like mining, except the "block" is someone else's wallet, and the "validation proof" is the ledger... Sure, the seller of this device really hasn't got any fear of his customers ever deriving the same seed. But a fuckton of GPUs that are no longer good for mining, following the same pattern outlined in the source code...



This indefinite pattern won't work on FPGAs or ASICs. All those GPU mining rigs tho...



Perhaps building and comparing seeds is the new black hat GPU mining? Even if we were searching raw keyspace, that much firepower would work... If you're just looking for a single random address, that's not worth it. But if you strike a seed that's got some money on it, you could just sit and wait for it to show some serious balance and then send it to yourself. We already know how to run mining pools... The collective power of every GPU mining rig ever made, following known dictionary patterns, generating the keys in the same way as the device does... Divided by the number of buyers... Compare the outcome of address to the blockchain history for use... How could you NOT find the same seeds twice? It's not merely possible, it's inevitable.



The antiquated crunching power that crypto depends upon could be the very thing that undoes the idea of deterministic wallets. And these hardware wallet devices use deterministic keys, invariably...