Hi everyone,
One of the main reasons I love Bitcoin is having
peace of mind knowing that my money is safe.
Throughout the years, I have gone from using closed source hot wallets like Coinomi to using hardware wallets, running my own node and generating my own seed using dice.
Lately I've seen several users on Twitter that oppose hardware wallets heavily. They claim that the wallet manufacturers can eventually rugpull everyone and there's nothing we can do about it.
The argument is that there is no way for users to know that the firmware signed by the maker is the one that is actually running on the device (only that the device claims that its running that).
In addition to that, we might be leaking our private keys through our signatures because of malicious nonce generation. This means that everything appears to be fine to the user, but the attacker can scan the blockchain for signatures generated using these nonces and could potentially figure out our private keys. This is explained here:
https://shiftcrypto.ch/blog/anti-klepto-explained-protection-against-leaking-private-keys/ and here:
https://medium.com/blockstream/anti-exfil-stopping-key-exfiltration-589f02facc2eI am no expert in these topics so this is why I came here.
Are these worries warranted? What are the chances of losing our bitcoin even if we do everything right: buying the wallet from official website, running our own node, generating our own seed, checking app signatures, etc.
If all of this is true and COLDCARD can suddenly rugpull everyone, what hope does Bitcoin have?
If using Bitcoin Core on an airgap device with Linux is what's needed to keep your money safe, how will this ever be adopted globally?
Are these FUDers being overly paranoid? Or are we all dumb for trusting hardware wallet companies?