Early this morning I woke up and noticed on my watch only wallet in BlueWallet and Sparrow desktop that someone has initiated an unauthorized transfer of all of my UTXO's to a BTC address that is not ...
OK so final rundown. Cold Card is the shit. No signing device and I’ve been air gapped since day 1, so despite the unauthorized TX showing “signed”, it would not progress to completion. Did a Replace With Fee to override the unauthorized TX and send sats to a temp address. Renewed my HW wallet seed to re-establish it is good. Looks like I am in the clear. Unless there is something fundamentally wrong with Cold Card’s security model, or with Sparrow desktop.
Cost: my seed plates and $50 in TX fees.
Fuck you hacker.
Cost: my seed plates and $50 in TX fees.
Fuck you hacker.
1
