pull down to refresh

That is a risk albeit a small one. Since they only hold one of three keys, the hacker can't do anything with it, unless they also hack you.
It's a pretty clever solution! :)
So it’s enforced by Block server: it won’t sign larger transactions than what’s in their config, right?
That means fairly low trust for the “large transactions require hw key” guarantee.
It’s ok, just making sure I understand it. Still useful if you wanna guard against your kids/spouse taking your phone and sending everything somewhere you don’t like, but that’s about it.
reply
Yeah, enforced by Block. So there'd have to be a bad actor at Block getting access to the key somehow or some hacker that accesses it. Or a bug of course. I'm sure they'll have some kind of "X sats per day" thing as well. So if someone does get ahold of your device they won't get more than X.
I'm 99% sure there'll be a button in the app that lets you freeze the signing as well, would ben uts if they didn't have something like that.
I think this is a great step towards safer mobile wallets. The dream would be if they also open sourced it and made it easy to self-host so you use your own "Block" server.
reply
reply