pull down to refresh
0 sats \ 4 replies \ @joda 16h \ on: Why I am using Multisig over Singlesig bitcoin
Air-gapped hardware wallet with a passphrase mitigates all attack vectors you mentioned.
So lets imagine your device has malicious firmware (either malicious from HWW devs or from supply chain attack or evil maid). It has been modified so all spends go to an address they control despite the display on HWW shows that it will be directed to the address you provided.
How does the fact that it is air gapped prevent this?
reply
Because you don't broadcast a transaction from a hardware signing device.
You take the signed transaction and just look at it on any computer and you'll see the addresses. If it's not one you control, don't broadcast and stop trusting that particular signing device.
You should always check your transaction before broadcasting anyway, even if you're using multisig.
No offense intended at all, but if you don't know this already, you may be more likely to make a mistake with your multisig setup. Please make sure you understand the risks and best practices.
By far the biggest causes of lost funds are user error and scams. I understand completely the desire to be as cautious as possible, and multisig has uses, but I think you might be overestimating the threat of malicious hardware signing devices.
reply
The issue is with verifying 'which addresses' belong to that 'wallet' (really a keyring).
And it is not a great idea... to trust a computer screen. Of course you will need to trust a screen of course. But by storing the keys offline and air-gapping a HW wallet the safety goes up immensely.
Multi-sig just improves on that for certain situations, where you have 2 independent, separately manufactured devices sign 2 different keys. If both devices don't agree on exactly what they are signing... the transaction will not go through. This is even improved when the signing devices/keys are geographically separated.
reply
Wrench attack/bad cleaning lady?
reply