ColdCard의 PIN은 왜 Prefix와 Suffix 2개로 나누어져 있을까? 첩보 영화를 보면 흔히 호텔에 남겨진 보안장비를 해킹하거나 몰래 똑같은 다른 장비로 교체해서 암호를 빼내는 장면이 나온다. 이것을 전문(?) 용어로 Evil maid attack 이라 부른다. 호텔 maid가 방치된 device를 조작해서 나쁜 짓을 할 수 있다고 붙여진 이름이다. ColdCard는 이런 Evil maid attack을 방지하기 위해, 첫번째 PIN Prefix를 입력하면 2개의 BIP39 워드를 보여준다. 이 2개의 워드는 ColdCard 각 Device마다 고유하다. 사용자는 자신이 기억하는 워드와 다르면, 이 Device가 바꿔치기 되어졌거나 조작되었다는 것을 인지하고, 두번째 PIN을 넣지 말아야 한다. 만약 2번째 PIN을 넣으면, 이 PIN이 Attacker에게 보내지고, 이미 원래 Device를 가진 Attacker는 그 PIN을 사용해 Device를 엑세스하게 된다...

"I have this unshakeable conviction that Bitcoin is the only form of neutral internet money there will ever be." - David Marcus

Interesting... Blockstream has today announced the public rollout of its LaaS (Lightning-as-a-Service) solution, called Greenlight.

Coinbase mobile app has a bug that Maker fee rate is the same as Taker fee rate. Not sure if that's intentional^^ If you place large limit order, you'd better use Web site instead of mobile app.

[BlueWallet Tips] BlueWallet terminated its lightning custodial service (LNDHub) on 5/31/2023. I happened to create a Lightning wallet before the sunset deadline and added some fund there. I recently noticed that I couldn't send Sats from the BlueWallet Lightning since they did shutdown their lndhub. Well, this is the problem of custodial service! I thought I lost my fund. But fortunately... BlueWallet is providing "recovery service," with which you can recover all your lightning fund to your bitcoin address. Here is the link:

BlueWallet - Bitcoin Wallet for iOS and Android

Recover lndhub account

With the sunset of lndhub.io it is not possible to use the service anymore. However you can request to recover your balance.

I recovered my fund by using the link. In my case, it took one day and they sent all of sats (without any fees such as LN to BTC transfer fee). This incident reminds me of the importance of self-custody, even in Lightning.

Bitcoin as store of value is meaningful when and only when the holder has low time preference.