An app on my phone which I intended to use for setting up a watch only wallet for my cold card somehow managed to get at my cold card keys when I sent the QR of my wallet descriptor to it. Dumb move. Definitely a case of just enough knowledge being dangerous. It was able to sign and broadcast a transaction but the transaction couldn’t seem to confirm fully on chain. It was pending for three hours while I scrambled to figure out how to replace-by -fee all the UTXO’s to a temp location. I still don’t understand despite the app (or whomever harvested my keys off it) being able to sign the transaction and broadcast it, the transaction wouldn’t be added to a block even though the estimated time to confirmation came and went a couple of times. At one point the estimated time to confirmation was down to 10 minutes and no bars had filled to indicate that any of the one of six confirmations had occurred. Maybe because I’m always fully air gapped with my setup. I came very close to losing my whole stack. I just about had a heart attack when I looked at the unauthorized transaction and it showed a couple dozen UXO’s funnelling down to one unknown address in a single transaction. Not to mention the friggin heart attack I had moving all of my UXO’s to a temporary address all in one shot, knowing that if I got even one letter incorrect in the receiving address that I was going to lose everything. Then, once the cold cards were wiped and reestablished with new seeds, I had to move everything again. The whole thing freaked me out to the point where I found myself incessantly checking my wallets’ balances all week to make sure that I had indeed isolated the source of the exploit. If I had watched this week’s price action play out without my stack in my possession I would’ve jumped off the roof headfirst. Lol.