[annabellish]

What world are you living in? Software wallets are and always will be vulnerable to incalculable numbers of side-channel attacks that they cannot possibly defend against. It is intrinsic to running on a general purpose OS. Hardware wallets are the only method of having anything anywhere _near_ security here.

[45h34jh53k4j]

A world where an offline, encrypted data file offers exactly the same security level as an offline, encrypted memory cell.

You invoke side channels -- what about these side channels: https://jochen-hoenicke.de/trezor-power-analysis/

[hackerboos]

"The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key."

[kirillseva]

The browser with its plethora of extensions is arguably even worse than an operating system, and yet people keep using online banking and don't get hacked 24/7. Software can be reasonably secure and is basically as vulnerable as the human that's using it.

If you insist that one should err on the side of being paranoid when handling money, you can argue that hardware wallets are secure iff you manufacture your own hardware.

Want true security without going into hardware manufacturing?

Pick a private key and write it down on a piece of paper (ideally you'd do it in your head) along with the corresponding public key. Then send bitcoin to an address that's controlled by the keypair you just created. If you did all the calculations in your head while wearing a tin-foil hat your bitcoin should be reasonably secure.

[lawnchair_larry]

Software wallets have a lot of risks, but side channel attacks are not one of them. Hardware also does not necessarily mitigate that.