Avoiding ColdCard Supply Chain Attacks
Recent public comments about hardware wallet supply chain attacks have me re-thinking my setup. Here are precautions I follow when using ColdCard in a single-sig setup.
- Only buy ColdCard from the manufacturer, and verify the bag serial number with the device serial number.
- Do not trust ColdCard to derive the seed. I provide my own seed by picking 23 words at random and computing the checksum word with seedpicker.net
- Do not trust ColdCard to derive the xpub. I type the same seed words into an Electrum instance on a raspberry pi and confirm that the same addresses appear at the correct derivation path.
- Do not trust ColdCard to derive the addresses. I import the descriptor into Bitcoin Core on my online computer and confirm that the watch-only addresses generated there are the same as the addresses in the ColdCard address explorer file.
- After verifying that the addresses match from Bitcoin Core and from ColdCard, I like to write down the validated addresses in a text file and write down the hash of that file on a piece of paper to check prior to using the addresses in the future.
- What about bad nonce attacks in signatures. Can that leak private key?
- What about a concealed radio chip broadcasting key material to an open wifi network? (True tin-foil territory here.)
- What about a back door that allows someone with physical possession of the wallet to extract the key?