Tag:

security

Microsoft’s August 2025 security updates are breaking recovery tools on Windows 10 and Windows 11 PCs

by admin August 20, 2025

Microsoft has acknowledged an issue with its recent August 2025 security updates that prevent users from resetting or recovering their systems using built-in Windows tools. According the company, the bug affects older versions of Windows 11 including 23H2 and 22H2 as well as Windows 10 22H2, Windows 10 Enterprise LTSC 2019/2021, and Windows 10 IoT Enterprise LTSC 2019/2021.

Installing this month’s security updates can potentially break the Windows recovery options for users. Those attempting to reinstall Windows without losing their personal files through the Reset this PC feature may run into failures. Similarly, the Fix problems using Windows Update feature, which attempts to reinstall the current version of the OS on your device while preserving all your apps, documents, and settings, is also broken. Microsoft has also warned that the bug could affect IT administrators who rely on the RemoteWipe configuration service provider to reset devices remotely.

According to testing by Windows Latest, attempts to reset a PC on Windows 11 23H2 using the Reset this PC feature causes the process to start and then roll back immediately, leaving the reset incomplete. After this failure, no personal files are lost, but the recovery feature becomes unusable. Additionally, Windows doesn’t give any warning that the reset process can fail, meaning most people won’t realize there’s a problem until they actually try to reset their PC.

U.S. House of Representatives memo reveals WhatsApp has been banned from employee devices, citing “a high risk to users due to the lack of transparency in how it protects user data” and security concerns

by admin June 25, 2025

Messaging apps are one of the banes of my existence. Every time I connect with someone new it seems there’s some back and forth on what app we should use to communicate. Often a part of this includes explaining to folks why I don’t use things like WhatsApp, due to the mix of ownership, security, and general distaste. It’s a horrible conversation where I look like an elitist jerk, but it warms my heart a little to know that now, everyone who works in the US House of Representatives will have to do the same thing.

According to Reuters, a memo went around the House of Representatives staff on Monday explaining that the popular messaging app has been banned. The Meta (Facebook) owned WhatsApp messaging service has been deemed too much of a security risk to be allowed on employees devices.

The memo reads the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.”

The ban actually comes just in time, as Meta gets ready to add ads to make the messaging app a bit more like Instagram. This memo has likely saved many in the House of Representatives from some pretty invasive targeted advertising.

Naturally Meta is none too pleased with this development and disagrees “in the strongest possible terms,” to the move to ban the app. A spokesperson from Meta also stated that WhatsApp has a higher level of security than other messaging apps that are still allowed. But it’s likely not just the security level, but also the likelihood of being targeted that singled WhatsApp out for this ban.

WhatsApp being so popular, and not exactly having the best security around has made it the target of bad actors in the past. This includes Israeli spyware companies like Paragon Solutions. It also means that it’s so much easier for hackers to get access via someone you know, due to the apps prevalence, especially with those not so security minded.

Other messaging apps were recommended as alternatives in the memo from the chief administrative officer. Weirdly we don’t see Discord, for the gamers in the House (of reps). Instead, these include Microsoft Teams, Amazon’s Wickr, Apple’s iMessage and FaceTime, and my pick of the bunch, Signal.

Signal is an end-to-end encrypted messaging app I’ve been using for years. It’s an independent nonprofit dedicated to privacy, so there’s no ads or tracking. Most importantly, they can’t see your chats and neither can anyone else, so it’s usually the one I push for in that “what messaging app do you use” conversation from earlier.

Hopefully this will see more people give WhatsApp the boot in favour of exploring some slightly less partial messaging providers. If it’s not good enough for the United States House of Representatives, then is it really good enough for you? I don’t think so! Maybe consider this the time to treat yourself to a safer, more transparent messaging system that isn’t owned by one of the world’s richest men.

Best gaming setup 2025

Our current recommendations

Source link

June 25, 2025 0 comments

Crypto Trends

ATOM Plunges 6% as North Korea Links Trigger Security Concerns

by admin June 17, 2025

The discovery of a North Korea-linked developer who contributed to Cosmos code between 2022-2024 has triggered enhanced security measures, while major exchanges expand staking options for ATOM holders despite market pressure.

ATOM is currently trading at $4.086 after losing 5.52% of its value over the past 24 hours.

Technical analysis

A sharp sell-off occurred during 22:00-23:00 hours on June 16th with exceptionally high volume (1.4M+), establishing resistance at $4.29.
Support emerged around $4.06-$4.07 with increasing volume, suggesting potential stabilization.
Overall momentum remains bearish with lower highs forming across multiple timeframes.
A notable recovery occurred in the last hour, climbing from $4.077 to $4.084 (0.17% increase).
Significant bullish momentum between 13:24-13:30 saw ATOM surge from $4.076 to $4.096 on elevated volume.
The hourly close at $4.084 suggests stabilization above the $4.07 support level.

Source link

June 17, 2025 0 comments

Gaming Gear

Suspect in Minnesota Shooting Linked to Security Company, Evangelical Ministry

by admin June 15, 2025

A man named Vance Boelter allegedly shot and killed Melissa Hortman, a Democratic Minnesota state representative, and her husband Mark Hortman at their home at some point early Saturday morning while, according to law enforcement, impersonating a police officer. He also allegedly shot state senator John Hoffman and his wife Yvette Hoffman at their home. They are alive, but remain in critical condition.

Law enforcement has said they found a manifesto and hit list in the alleged suspect’s car, which included politicians, abortion providers, and pro-abortion rights advocates. There were also allegedly fliers in his car for the “No Kings” protest against President Donald Trump, which took place in cities across the US on Saturday.

The 57-year-old, who has been identified as the suspected shooter by law enforcement, runs an armed security service with his wife, and has been affiliated with at least one evangelical organization, a ministry he has also run with his wife, according to a tax filing reviewed by WIRED. (His wife could not be immediately reached for comment.) According to public records and archived websites reviewed by WIRED, the suspect served for a time as the president of Revoformation Ministries. A version of the ministry’s website captured in 2011 carries a biography in which he is said to have been ordained in 1993.

According to an archived website for the ministry reviewed by WIRED, the suspected shooter’s missionary work took him to Gaza and the West Bank during the Second Intifada, where, the website states, he “sought out militant Islamists in order to share the gospel and tell them that violence wasn’t the answer.”

A later version of the site was designed, according to an archived copy, by Israeli web design firm J-Town. Charlie Kalech, CEO of J-Town, tells WIRED that the alleged suspect was, in his recollection, “clearly religious and evangelistic. He had lots of ideas to make the world a better place.” The suspect, whom Kalech said was “nothing but nice to me,” commissioned J-Town, Kalech recalled, because they’re Jerusalem-based, and he said he wanted to support Israel.

Over the previous several years, according to LinkedIn posts, he was also the CEO of Red Lion Group, which according to an archived copy of its website had aspirations in the oil refining, logging, and glass production sectors in the Democratic Republic of the Congo.

In a 2023 sermon reviewed by WIRED and delivered by the alleged shooter in Matadi, a city in the Democratic Republic of Congo that is on the border with Angola, he preached against abortion and called for different Christian churches to become “one.”

“They don’t know abortion is wrong, many churches,” he said. “They don’t have the gifts flowing. God gives the body gifts. To keep balance. Because when the body starts moving in the wrong direction, when they’re one, and accepting the gifts, God will raise an apostle or prophet to correct their course.”

”God is going to raise up apostles and prophets in America,” he added, “to correct His church.”

Source link

June 15, 2025 0 comments

Crypto Trends

Quantum computers could break Bitcoin’s security within five years.

by admin June 14, 2025

Opinion by: David Carvalho, founder, CEO and chief scientist of Naoris Protocol

Satoshi Nakamoto changed how we define money. In response to the 2008 collapse of the financial institutions in which millions put their trust, Satoshi created a decentralized monetary system built on elliptic curve cryptography.

This combination of cold math and decentralization was a powerful one, attracting not only diehard skeptics but also the world’s largest financial institutions, such as BlackRock.

In the 16 years of its existence, Bitcoin has never been hacked. All of that is about to change very soon, however, with the advent of quantum computing. This is the biggest single threat to Bitcoin since its inception from the ashes of the global financial crisis.

Once firmly in the realm of science fiction, quantum computers have become so advanced that they could plausibly rip through Bitcoin’s cryptography within five years or less. Some, like quantum pundit Michele Mosca, predict it might even be possible as soon as next year.

Government agencies like the US National Institute of Standards and Technology and the National Security Agency are aiming to fully transition to quantum-secure standards by 2030. Yet the Bitcoin community appears confined to theoretical solutions, like BIP-360 (Pay-to-Quantum-Resistant-Hash) or commit-delay-reveal schemes.

The time for theorizing is over. If concrete steps to adapt the Bitcoin blockchain aren’t taken now, Bitcoin’s (BTC) entire $2.2-trillion market cap could go up in smoke. All it would take would be one compromised wallet or botched transaction to erode 16 years of painstakingly built trust.

The rise of supercomputers

This year’s real breakthrough was Microsoft’s Majorana chip, which accelerated the timeline to creating a truly useful quantum supercomputer from decades to years. In simple terms, it did so by paving the way to scalable and stable quantum systems — two of the key issues standing in the way of this technological miracle.

Fast forward a few months, and we currently find ourselves with around 100 quantum computers operating in the world already. McKinsey estimates there will be 5,000 by 2030. These computers aren’t just faster than the machines we’re all used to — they’re an entirely new breed of computer that runs calculations in parallel instead of in sequence.

Recent: Is Bitcoin’s future at risk from quantum tech?

This is lethal to classical cryptography, like the ECDSA algorithm that protects Bitcoin’s private keys. At least 30% of Bitcoin, or around 6.2 million coins, are currently sitting in pay-to-public-key (P2PK) or reused P2PK-hash addresses, which are particularly vulnerable to this quantum threat.

A breach would be catastrophic for holders, whose funds would be gone forever, and the ecosystem at large. It would prove that the unbreakable system can be broken. That’s why BlackRock recently acknowledged the threat of quantum to Bitcoin in its updated spot ETF filing. That’s why the time to act is now, before it’s too late.

Prepping for Q-Day

“Q-Day” is the term given to the day that quantum computers are finally ready to break traditional cryptography. When this day comes, Bitcoin transactions validated and secured today, or even 10 years ago, could still be vulnerable because blockchain is fully transparent, and the data remains permanently accessible on this ledger forever.

On top of this, bad actors are already collecting encrypted data in preparation for Q-Day, in a move dubbed “harvest now, decrypt later.” It wouldn’t be unreasonable to assume that several attacks could happen simultaneously across the globe when Q-Day comes. When this happens, Bitcoin better be ready.

A post-quantum future

The problem with upgrading an entire blockchain from legacy to post-quantum cryptography is that it would require a hard fork, which has become almost a taboo subject in crypto communities. This huge step could break the UX, fragment liquidity, risk splitting the network and potentially alienate diehard OGs.

There are alternatives: hybrid solutions that focus on securing transactions first and foremost without touching the base layer, layered security models and quantum-secure key management, and infrastructure that can prepare Bitcoin for the onslaught that is certainly coming.

It isn’t a quick fix. Especially considering how conservative and slow-moving Bitcoin has been historically. Unfortunately, there is no longer any time to waste. Decisions must be made and solutions must be chosen because Bitcoin won’t survive as it is in a post-quantum future.

Satoshi gave the world a new monetary system but never said it couldn’t evolve. Now it’s up to the community to make the choice to evolve it and prepare for Q-Day, rather than waiting until it’s too late. It’s not quantum that’s the most significant risk to Bitcoin — it’s complacency.

Opinion by: David Carvalho, founder, CEO and chief scientist of Naoris Protocol.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Source link

June 14, 2025 0 comments

Product Reviews

Massive privacy concern: over 40,000 security cameras are streaming unsecured footage worldwide

by admin June 11, 2025

A major privacy concern involving more than 40,000 security cameras worldwide has been revealed by Cybersecurity firm Bitsight. According to the company’s TRACE research division, these cameras are live-streaming video feeds that are fully exposed to the internet — meaning that one can gain access without needing any sort of authentication, encryption, or even a basic password. In most cases, a person can access real-time footage from these exposed cameras simply by knowing their IP address.

Bitsight initially flagged the issue back in 2023, but recent research suggests that the situation “hasn’t gotten any better.” According to the latest research, these vulnerable cameras are not limited to one region or industry. The United States has close to 14,000 cameras that are potentially exposed, with states like California, Texas, Georgia, and New York having the highest numbers. Next on the list is Japan, with 7,000 exposed cameras, followed by Austria, Czechia, and South Korea, each of which have close to 2,000 vulnerable devices.

It is true that not every camera hooked up to the internet is a cause for concern, and some livestreams are set up intentionally to showcase scenes, like a beach or a birdhouse, for public viewing. However, some of these vulnerable cameras have been found in more private environments — including residential setups monitoring front doors, backyards, and even living rooms.

UPSC Adopts Aadhaar Verification, AI to Boost Exam Security

by admin June 8, 2025

To maintain the integrity of its examinations, UPSC has put in place Aadhaar verification and surveillance with AI. The latest step is a reaction to recent disputes such as the Puja Khedkar case and the NEET paper leak that have raised issues about competitive exam security.

As per the reports, with the new version of the UPSC online portal introduced on May 28, candidates must now take four steps: make an account, engage in universal registration, fill in the common form, and upload their documents for examination. Furthermore, checking your ICFR account with Aadhaar can be done by voluntary Aadhaar authentication (by pressing Yes/No or using e-KYC).

Before even a week was over, more than 92% of the registered users decided to use Aadhaar verification. As of June 4, there were 2.65 lakh users who created accounts, and among them, 1.13 lakh did universal registration; 1.05 lakh of these people confirmed their identity via Aadhaar.

The Chairman of UPSC pointed out that the new platform makes it possible for candidates to use the same saved information for tests like the Civil Services Examination, CDS, and NDA. The tender should be submitted by July 30 2025.

AI-enabled cameras will also be put in the exam rooms, making sure one camera monitors 24 candidates each. They are developed to find unusual or suspicious behavior like different movements from the candidates or exam monitors, along with unusual activities near the exam station. Immediate notifications and fees will apply for any case where something is wrong in the verification or equipment.

UPSC chairman Ajay Kumar said, “They have removed repetitive data entry, enabling candidates to reuse their details across exams for a seamless and efficient experience.”

Although using Aadhaar is voluntary, people who do not use it may see their votes counted later because the process involves manual checks. UPSC protects disabled candidates’ data and makes the application process simple and honest for all Group A and B central services.

Also Read: OpenAI Seeks Indian Partnership Under ‘OpenAI for Countries’ Plan

Source link

June 8, 2025 0 comments

Crypto Trends

ALEX Protocol Loses $8.37M in Hack Due to Security Flaw

by admin June 7, 2025

On June 6, 2025, ALEX, the leading Bitcoin DeFi platform on Stacks, was exploited because of a bug in its self-listing verification process. They managed to steal assets worth more than $8.37 million, including 8.4 million STX, 21.85 sBTC, 2.8 WBTC, and several types of stablecoins like USDC/USDT.

According to the official announcement from ALEXLabBTC, the issue stemmed from an on-chain limitation on Stacks, which allowed the exploit to bypass listing rules. Even though there was a breach, ALEX is covering the losses and will pay back all affected users 100% in USDC from the ALEX Lab Foundation’s funds.

On June 6, 2025, ALEX Protocol was exploited via a flaw in the self-listing verification logic (an on-chain limitation on Stacks). As a result, the attacker drained several asset pools, with the breakdown of lost assets as follows:

STX: 8,403,867.57 STX → $ 5,691,255.93
sBTC:…

— ALEX 🟧 No. 1 Bitcoin DeFi (@ALEXLabBTC) June 6, 2025

To calculate reimbursements fairly, ALEX will use the average exchange rates between 10:00 and 14:00 UTC on June 6, right around when the hack occurred. Affected users will receive a private on-chain notification by June 8, 2025, with a link to the claim form. The deadline to complete and confirm the wallet address is June 10, 2025.

Once verified, USDC payouts will be distributed within seven business days. The team emphasized that its priority is to make every user whole as quickly as possible.

The fast and open way ALEX handled this problem shows how much it cares about its users, which may help the DeFi project recover from the incident. Since hacks are becoming more common in the crypto industry, ALEX’s promise to fully reimburse users is very reassuring.

Also Read: Ukraine Police Arrest Hacker for $4.5M Cryptojacking Attack

Source link

June 7, 2025 0 comments

Wazirx Bitgo Partnership: Security Boost Or Just Smoke &Amp; Mirrors?

GameFi Guides

Security Boost or Just Smoke & Mirrors?

by admin June 2, 2025

After months of uncertainty, WazirX has announced a partnership with BitGo, a US-based digital asset custodian, in what the exchange calls a “foundational step” towards restarting operations. The collaboration is being promoted as part of WazirX’s renewed commitment to security, transparency, and trust.

BitGo is a trusted name in crypto security that’s been around for a long time. Many major financial firms and exchanges rely on them to keep money safe. WazirX partnered with BitGo to give users better protection for their funds.

In its official blog, WazirX stated that this move is more than symbolic. It’s an attempt to rebuild the exchange from the ground up, putting user safety at the core of its relaunch plans. The platform says it’s not relying on words this time, but “meaningful action.”

But for over 4.4 million users, that action still hasn’t taken the shape they’ve been waiting for: access to their funds.

On May 13, WazirX appeared in a Singapore court to seek approval for its moratorium extension. The court didn’t give an immediate green light. Instead, it requested that WazirX file another affidavit and rescheduled the next hearing for June 6, 2025. That affidavit was submitted, but since then, there’s been complete silence on what comes next.

Even in the announcement about the BitGo partnership, there was no mention of timelines for fund withdrawals. The word “safety” was used repeatedly, but it raised more questions than answers. What good is safety if the assets are still inaccessible?

Nischal Shetty, the founder of WazirX, said, “User trust and fund safety are our utmost priorities.”

He also added, “By partnering with BitGo, we are taking a decisive step towards rebuilding confidence in WazirX. Their expertise will not only enhance the security of funds but also facilitate a transparent and efficient process for distributing funds to creditors.”

Social media platforms, especially Twitter, which once a hub for WazirX’s real-time updates, remained silent on the development. No tweet accompanied the blog post. No clarification came from the founder. For many users, this silence continues to feel deliberate.

The frustration is compounded by the fact that the partnership comes at a time when users are still left guessing. BitGo may bring credibility and better security to the table, but that doesn’t answer the question millions have been asking for months: when will users get their money back?

Trust and safety are just words if there’s no real update or action to back them up. People want straight answers, not just words. With India about to roll out crypto rules in June 2025, WazirX can’t keep dodging the tough stuff. The real issue? Users still can’t access their money. That’s what needs fixing.

There’s growing anticipation around how exchanges will fit into the regulated ecosystem. Yet, for WazirX, once one of the most dominant players in India, the future still feels stuck in limbo.

The BitGo partnership might prove critical in regaining operational integrity. But as things stand today, it only addresses one part of the problem: security. The larger issue, user access, clarity, and communication, remains unresolved.

And for millions affected, silence isn’t security. Silence is the opposite of trust.

Also Read: WazirX Crashes 7% in a Week as Court Delays Repayments Again

Source link

June 2, 2025 0 comments

GameFi Guides

Cypherock X1 Review: A Crypto Hardware Wallet With a Slick Card-Based Security Model

by admin June 1, 2025

In brief

The Cypherock X1 employs a shard-based recovery model in which the private key is split across multiple cards with secure elements.
The cards and the X1 Vault hardware wallet employ secure elements with EAL6+ certification.
Any two components in the system can be used to recover the private key.

The Cypherock X1 is something of a newcomer in the crypto hardware wallet space, with an open beta in 2022 ahead of its full launch in 2023.

With an unusual joystick-based control setup, and promises of super-secure self-custody thanks to its NFC based cards and shard-based security model, the X1 has a lot to live up to as it tries to muscle in on a market dominated by wallets like the Ledger Nano X and the Trezor Safe 5. In this review, we’ll find out whether it can do exactly that.

What is the Cypherock X1?

The Cypherock X1 is a cryptocurrency wallet that’s designed with security in mind, aiming to free the user from the vulnerabilities associated with crypto seed phrases.

The problem, according to Cypherock, is that conventional hardware wallets store your private keys in a single location, with a paper backup—creating a single point of failure.

Cypherock X1. Image: Decrypt

The X1 aims to address this by splitting the private key into five parts using Shamir’s Secret Sharing (SSS), and storing them on the X1 Vault device and across four X1 Cards kitted out with secure elements and NFC connectivity.

Any two of the cards and the Vault can be used to restore the private key, which can be further secured with a PIN number.

It’s a bit like Voldemort’s Horcruxes—but without the evil intent.

Cypherock X1: Design and build

The X1 is a compact and portable crypto wallet that can not only fit in a pocket but is designed to attach a loop, allowing you to hook it onto a keychain, your belt, or your wrist.

The device itself is ultrasonically welded together, making it challenging for any attackers to access without leaving visible signs of tampering. Inside is a dual-chip architecture for offline computation and secure verification.

Cypherock X1. Image: Decrypt

The X1 Vault sports a 0.96-inch OLED display, which is able to display text clearly so you can interact with the wallet alone, without the need for the app all the time. It is a little dim, though—so if you want to use it in sunlight, you may struggle. That said, for indoor use it was plenty clear enough.

The joystick is one of the stand-out design features as it’s quite unique, especially at this small scale. It’s similar to that featured on the Nintendo Switch, and appears to be of high quality too, with five-axis sensitivity. It all makes for an effortless and very intuitive way to control the device using your thumb alone.

The X1 comes with a USB cable and an adapter so you can use USB-A or USB-C, making it ideal for both Windows and Apple machines.

The X1 Cards are made from plastic and feature NFC technology. They’re identical in size and appearance to a credit card, making for easy storage and secure distribution. They can be stored in the supplied hard case, which also acts as a Faraday cage to protect against remote electromagnetic signals.

It’s all built to last, with the company claiming that the setup is good for at least 500,000 taps using NFC and that your data is secure for at least 20 years.

You can also buy replacement X1 cards and Vaults should the originals be lost or destroyed—and if you lose a single card it’s recommended that you buy a complete set of new X1 cards, and replace the originals if you want to add new wallets to the system.

Cypherock X1: What’s in the box?

The box has a card outer that you tear to open, inside which is a container case with a zipper that’s been cable tied shut to keep things securely sealed.

Cypherock X1. Image: Decrypt

Unzip the case and you’re met with instructions on getting started, a USB-C- to USB-A shielded cable and that USB-A to USB-C adapter.

There are also four X1 Cards pouched together next to the X1 itself. You also get a lanyard to attach to the X1, a user manual and warranty documentation.

Cypherock X1: Getting started

Once you’ve opened everything and plugged the X1 into a power source, it immediately turns on and the display shows the website you need to visit to download and install the app. Once this is on your machine you are taken through the process of setting up your wallet.

Most of the interactions happen on the X1 device itself, with minimal app input. An extra step in the setup process is validating the four X1 cards, one at a time, which involves holding the device on them for a few seconds each.

Cypherock X1. Image: Decrypt

You can set up multiple wallets on the X1, and implement a pin code if desired, before setting them up in the app. Once set up in the app you have deeper levels of control.

You also have the option to view and export the BIP39 seed phrase, should you want to record it as a paper backup (or in case Cypherock goes out of business).

Cypherock X1: Cypherock CySync app

The Cypherock CySync app is available to download on Mac, Windows and Linux, with a mobile version for iOS and Android.

Primarily it serves as a point of contact for you to access your wallet from with a big screen view. The app is pretty minimal, making it easy to use, without overcomplicated menus that can put off the newcomer. It also enables you to buy and sell crypto securely, using a fiat on-ramp powered by Binance Connect.

Cypherock X1. Image: Decrypt

This app goes beyond the X1’s own wallet, though you can also import other wallets using their seed phrases to view and track them. The app also lets you connect to dapps via WalletConnect so you can swap over 1,000 cryptos across more than 15 networks.

It’s worth keeping in mind that if you want to buy and swap using the CySync app, you will be subject to its transaction fees, which can vary. That said, you can always buy and swap elsewhere, using CySync and the X1 as a base point to extract.

Cypherock X1: Features and assets

The X1’s standout feature has to be the four X1 Cards used to secure your wallet.

The use of Shamir’s Secret Sharing (SSS) private key storage adds an extra layer of security. The X1 Cards can be used to distribute shards of the private key across a range of locations, making physical access more difficult. Any two of the five shards are needed, lowering the risk of single point failure and meaning that if any one component is compromised, it should still not be possible to get access to the complete private key.

The fact that it only requires the vault and one card to access the private key is a limiting factor, though—many SSS schemes opt for a three-of-five threshold for additional security. With $5 wrench attacks on the rise, it’s something to consider as many users will likely keep the X1 vault and a single card close at hand for ease of use.

One helpful additional feature is the ability to use the X1 as a seed phrase vault, meaning you can back up seed phrases from any BIP39-supported wallet, with up to four available slots.

Thanks to a partnership with blockchain platform Near Protocol, users can manage existing wallets and create a registered account, and securely store account data on their devices, all via the CySync app. That means developers can create decentralized apps, or dapps, for use within the CySync app.

At time of publishing the Cypherock X1 and accompanying app offers support for over 9,000 digital assets ranging from big names like Bitcoin and Etherium to less known options including Starknet, Frax and more. A full list of supported assets can be found here.

Cypherock X1: Security

Cypherock is building its brand on security, so it’s worth taking some time to go over the hardware.

The X1 Vault uses an EAL6+ certified secure element with bank-grade hardware components, placing it on par with rivals like Ledger and Trezor. The X1 Cards likewise use EAL6+ certified secure elements.

The X1 uses open-source firmware, while audits have been conducted by firms including WalletScrutiny and Keylabs. The company also runs an ongoing bug bounty program as a way to spot potential weaknesses and address them before they become an issue.

Cypherock X1. Image: Decrypt

It’s worth noting that the Cypherock employs the older ATECC608A secure memory circuit, which Ledger Donjon claims to have penetrated on the Coldcard Mk3 hardware wallet using a Multiple Laser Fault Injection attack. The Coldcard Mk4 subsequently upgraded to the newer ATECC608B circuit, as recommended by Ledger Donjon.

In a response to Keylabs’ audit, which flags the X1’s use of an older circuit, Cypherock noted that, “ATECC608B is fully compatible with ATECC608A interfacing but wasn’t available when we procured it. We plan on using the latest versions based on the part’s availability.”

Decrypt has contacted Cypherock and will update the review should they respond.

There is a nice touch with the PIN where lockout times are progressively increased after each incorrect attempt—a feature the company calls CyLock. This should help to prevent any brute force attacks.

When it comes to recovery options there is that SSS algorithm, with the private key split across five points, where any two can be used to recover the assets. It’s worth noting that hardware wallets from rivals such as Ledger and Trezor provide the option to create Shamir backups, albeit in seed phrase form rather than leveraging the X1’s more user-friendly card-based interface.

Cypherock X1: Verdict

The Cypherock X1 is a relative newcomer to the digital wallet market, but the firm has aimed to spin that into a positive, by building its system from the ground up to address the shortcomings of traditional hardware wallet security.

And while its solution does introduce some additional elements of trust—in the manufacture and auditing of the secure bank-grade components in its X1 Cards—that’s mitigated against by the use of Shamir’s Secret Sharing to decentralize the wallet’s private key. In theory, even if one component in the system was compromised, the user could gather two of the others, reassemble the wallet, and extract their funds.

It’s a slickly-designed system, and one which does away with one of the more archaic features of the crypto user experience, namely recording your vitally important seed phrase on a bit of paper.

That, coupled with its suite of features such as CySync, make the CypherRock X1 a worthy contender in the hardware wallet space.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Source link

June 1, 2025 0 comments