pull down to refresh

Air-gapped hardware wallet with a passphrase mitigates all attack vectors you mentioned.
So lets imagine your device has malicious firmware (either malicious from HWW devs or from supply chain attack or evil maid). It has been modified so all spends go to an address they control despite the display on HWW shows that it will be directed to the address you provided.
How does the fact that it is air gapped prevent this?
reply
1000 sats \ 3 replies \ @joda 24 Dec
Because you don't broadcast a transaction from a hardware signing device.
You take the signed transaction and just look at it on any computer and you'll see the addresses. If it's not one you control, don't broadcast and stop trusting that particular signing device.
You should always check your transaction before broadcasting anyway, even if you're using multisig.
No offense intended at all, but if you don't know this already, you may be more likely to make a mistake with your multisig setup. Please make sure you understand the risks and best practices.
By far the biggest causes of lost funds are user error and scams. I understand completely the desire to be as cautious as possible, and multisig has uses, but I think you might be overestimating the threat of malicious hardware signing devices.
reply
Perhaps the malicious firmware and/or supply chain attack is more relevant given what you said.
So for example, you use a single sig HWW and it has malicious firmware (either malicious firmware directly from manufacturer, supply chain attack or malicious update). You set up the wallet with a passphrase. However, due to the malicious firmware, it does not 'respect' the passphrase randomness when generating the seed so private keys are known to the attacker.
You have no idea about this and therefore you use the receive addresses shown on both your HWW and computer screen to sweep your life savings or to receive payments, etc...
At some point down the line, attacker sweeps the wallet because they always knew the private keys.
I know there are ways to verify your seed creation using 3rd party software. So for example, do your 100 dice rolls and input into cold card and using another method, and now compare the seed words that are generated to ensure that a pre-determined seed wasn't given to you by the cold card. I just assume 99% of users wouldn't do this.
reply
That is a fair point about double checking the send address on the computer screen. It was beat into me early in my bitcoin journey to never trust the computer screen though and instead to trust what the airgapped HWW screen shows instead. But your point is still fair, if my coldcard said it is sending to address 123 and my computer screen Sparrow says its sending to address 456, I should know there is an issue of some kind before sending. So a malicious send would have to involve both sparrow and coldcard being compromised (or a user not double checking the send address in both places)
reply
The issue is with verifying 'which addresses' belong to that 'wallet' (really a keyring).
And it is not a great idea... to trust a computer screen. Of course you will need to trust a screen of course. But by storing the keys offline and air-gapping a HW wallet the safety goes up immensely.
Multi-sig just improves on that for certain situations, where you have 2 independent, separately manufactured devices sign 2 different keys. If both devices don't agree on exactly what they are signing... the transaction will not go through. This is even improved when the signing devices/keys are geographically separated.
reply
Wrench attack/bad cleaning lady?
reply