Avoiding ColdCard Supply Chain Attacks

Recent public comments about hardware wallet supply chain attacks have me re-thinking my setup. Here are precautions I follow when using ColdCard in a single-sig setup.

  1. Only buy ColdCard from the manufacturer, and verify the bag serial number with the device serial number.
  2. Do not trust ColdCard to derive the seed. I provide my own seed by picking 23 words at random and computing the checksum word with seedpicker.net
  3. Do not trust ColdCard to derive the xpub. I type the same seed words into an Electrum instance on a raspberry pi and confirm that the same addresses appear at the correct derivation path.
  4. Do not trust ColdCard to derive the addresses. I import the descriptor into Bitcoin Core on my online computer and confirm that the watch-only addresses generated there are the same as the addresses in the ColdCard address explorer file.
  5. After verifying that the addresses match from Bitcoin Core and from ColdCard, I like to write down the validated addresses in a text file and write down the hash of that file on a piece of paper to check prior to using the addresses in the future.

Remaining ideas:

  1. What about bad nonce attacks in signatures. Can that leak private key?
  2. What about a concealed radio chip broadcasting key material to an open wifi network? (True tin-foil territory here.)
  3. What about a back door that allows someone with physical possession of the wallet to extract the key?

More:

https://medium.com/cryptoadvance/hardware-wallets-can-be-hacked-but-this-is-fine-a6156bbd199