[popol12]

No, you're wrong. The issue you're describing can't be exploited on Ledger devices at least. (Source: I’m a contributor to their bitcoin transaction parsing code) Their hardware wallet checks if the provided change output's address is actually owned by the device owner:

- if it does, then the change output is simply hidden from the user validation flow

- if it doesn’t it will appear as a second bitcoin transfer to approve, which require a second physical approval on the device. this is highly unusual and should trigger the user's suspicion.

I can’t say for other vendors but this is pretty standard security practice I’m sure, hardware wallets are fighting against attacks that are way more elaborate than this one.

[codetrotter]

Ok. I use Ledger. And I would not have thought of being suspicious of there being two addresses to confirm.

So rather than being “wrong”, maybe I am more similar to most regular user of hardware wallets, and that this kind of attack would indeed be a disaster for a lot of users who have hardware wallets. Myself included.

[pests]

But.... if you did confirm two addresses, wouldn't the second one be suspicious solely because... if you're confirming it... it means you actually did something besides click a button right? And if it wasnt an address you owned?

[codetrotter]

I would think one was the target address and the other was the change address.

And then if I went so far as to double check that the other address was a change address, I’d do so by looking in the list of addresses for my wallet in Electrum.

But in our scenario I am using a backdoored Electrum. And therefore it could be showing a mixture of the real addresses that belong to me in that list alongside addresses belonging to a different wallet that was set to show up there by whoever backdoored my copy of Electrum.

[elbear]

Does each address show the amount transferred? If it doesn't, with my current knowledge of how things work, I would maybe assume the second address is used for a commission. Depending on what funds I would be transferring, maybe I would be suspicious and cancel the whole thing to find out why 2 addresses are displayed.

[nvdr]

Ok, and what if you use your Ledger seed phrase to connect / recover on Exodus? Hardware wallet or not, if the recovery seed is exposed, are you in trouble?

[Quiark]

I'd say the fact that you can not enter a seed phrase into an app on computer or website should be like "level 1" required crypto knowledge. I understand that many are still failing at this daily.