The Aledged Problem
One of our competitors (thanks Marko) identified a serious issue where some hardware wallets (including Trezor and Ledger) will sign a altcoin transaction and that transaction could be valid on Bitcoin, where we keep our valuable coins.
Although Coldcard does not support any altcoins, we do support Testnet, and it is a little like an altcoin for developers.
The concern raised is that you might be socially-engineered into manually switching your Coldcard over to Testnet, and then signing a transaction, which would need to be provided by the attacker. That transaction, if it referenced UTXO on mainnet, would be valid there and so your funds could be stolen.
- Coldcard ships in mainnet mode, not Testnet
- It would have to explicitly switched over to Testnet.
- There is no remote (USB) way to switch to Testnet—explicit user action is required.
- Attacker needs to know your XPUB and UTXO on blockchain.
To strengthen this, we’ve added a warning screen, and moved the setting into what we call the “Danger Zone” which already has a number of risky settings, and private data for developers only.
The new screen is present in version 3.2.1 and later. However, we don’t see the need to ask for upgrades, since now you understand the problem, you wouldn’t fall for it.
Testnet Is Useful
Testnet support is useful for developers! Even as a hardware wallet already with wide wallet support, on many diverse Bitcoin projects, we still want to remove all possible barriers to outside developers.
This is considered a bug?— Andrew Chow (@achow101) November 24, 2020
... I've been using this behavior bug ever since the Coldcard came out then since I can't be bothered to switch to testnet mode when testing HWI changes.
There also isn't a regtest mode so when I do regtest experiments, I still just use mainnet mode.
Nice find & applaud to the professionalism all around :)— Hugo Nguyen (@hugohanoi) November 24, 2020
FWIW, I think Coldcard was on the right track by limiting the types of coins. Path-restriction is a good check against these sorts of attacks, but it adds overhead and easy to overlook. Reducing attack surface is better.
If anyone tells you some complex story about airdropped coins, or any other BS about why you should “just try” signing their PSBT with your real Coldcard … please tell them to get bent.