Hardware Wallets are devices designed to hold bearer assets which can be trivially stolen if you leak the private key(s). There’s many, many people involved in the manufacture of each hardware wallet, each of which might wish to make free money by backdooring the hardware wallet. For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. Sure, most hardware wallets have tried to be robust against these attacks, but there’s frankly just not that much that can be done.
Wouldn’t it be nice if you didn’t have to trust the device at all, but rather an attacker would have to compromise *both* your hardware wallet and your computer? Well, we’ve had the tech to do this for many, many years! The fact that only two hardware wallets bothered to implement this boggles my mind. It’s impressive incompetence, bordering on maliciousness, honestly. nostr:note16748fqunfxq63y980gl7me3u7d6zklvg8tscg45fpfw2lhzpv05qw2l5y4
Coldcard?
Nope.
What's wrong with coldcard?
It's missing anti-exfiltration, vulnerable to supply chain attack
Personally I think trusting a single hardware wallet provider is nuts. This is why Multivendor multisig is the way.
its stupid to use a hardware wallet
they can die anytime
Indeed any device (signing or otherwise) can die at anytime, but that doesn’t negate its use case.
Isn't multisig or even just having a passphrase mitigating this?
Multisig is, passphrase is not.