Nice find. 🙌 to @ShiftCryptoHQ & @COLDCARDwallet for how this was handled.
This vulnerability perfectly demonstrates the security principle that the smaller the attack surface, the safer.
Without adequate checks, HWW are more vulnerable the more types of coins they support. https://t.co/lfBgDVztiM
One of the key principles of @CasaHODL is to have no single point of failure. That's why HW wallet diversity when creating a multisig is important. Even if you used a Cold Card, other HW wallets who've patched this such as Ledger and Trezor would've caught it. https://t.co/Uj0H4YiNct
I wonder if this bypass exploit affects Trezor devices as well. Does Trezor currently allocate separate private keys to separate coins for BTC Testnet vs BTC mainnet described in BIP144?
Also, what about other similar cryptos like Litecoin? Considering that this attack was first performed on the Ledger's LTC app https://monokh.com/posts/ledger-app-isolation-bypass which makes it look like a Litecoin transaction was initiated but infact spends Bitcoin UTXO's.
I've read through the referenced BIP144's Coin type constant and I was wondering if Trezor already implements this.
Nope, this is saying you need to update your software or else.
A bitcoin transaction can be disguised as a litecoin transaction on the hardware wallet. So the hardware wallet will display a litecoin address on it, however on the back end, it's secretly sending a large btc transaction. Rip.