Most people don't check software signatures (and never will), so hardware wallets like Coldcard, Trezor, Ledger do it for them.
Does this require trust? YES
Is it better than the alternative? YES
If your wallet doesn't also check firmware signatures for you, you are at risk!
Replies (25)
I check, so does it check twice?
People really don't remember how bad things were before hardware wallets.
Lots of hypothetical attacks that require access to hardware, but it's still MUCH better than how things were.
We should keep improving, of course.
Most definitely… the majority of plebs weren’t even around back then lol
This is me.
Does jade check?
Most of which can be mitigated with multisig. Why people refuse to upgrade to multisig is beyond me.
Collaborative multisig with inheritance planning is such a good product. With some you can even manage your wallet with Sparrow if you wanted to. Can’t ask for much more
Multisig is a pain. More to manage. Can’t be the answer.
Have you ever used a multisig?
Yes, and it’s stressful to have multiple signatures/devices to worry about, keep track of, along with the increased complexity of making a simple transaction. This is not a solution for the masses.
Something like the bitkey is a good multisig solution for the masses. There’s more of a trust trade off there. But I view it as a good onboarding tool.
True, there is trust and possibly some custodial risk. I can't wrap my head around thier security model, like how can I conform on the device the transaction is what I want to do.
Making changes to an existing setup is scary, and isn't without risk. But better to set multisig up, play around with it for a few months, and then move your funds to multisig cold storage.
Takes time and effort!
💯. We’re working to change that. Slowly but surely.
You guys are great. I use you as my mobile with a tap signer
Yeah i think changes to custody set ups should be slow and orderly
Well, I am a little afraid I loose control with multi sig 🥺
that's with 5/3 3 possible defaults 🫢😱
I know, this is nonsense.
still I have to have 3 out of five working ...
ahmmm... how I delete my nonsense here?
🫣
There need to be no trust tradeoffs or onboarding tools. Needs to be out of the box trustless security and privacy for complete idiots.
You don't if you use several hardware wallets you own.
I mean that’s probably impossible
My thoughts exactly. I always worry about the long term viability of hardware wallets. Multisig with passphrase combination seems like a good middle ground imo.
Sparrow wallet checksum UI very helpful in this regard.
bit what about the shipping company??
Thank you! Have you tried setting up a multisig wallet on Nunchuk? Would love to hear your feedback / any pain points you run into.
Tip: you can have the Tapsigner as one of the keys in the multisig.
