[codetrotter]

Ok. I use Ledger. And I would not have thought of being suspicious of there being two addresses to confirm.

So rather than being “wrong”, maybe I am more similar to most regular user of hardware wallets, and that this kind of attack would indeed be a disaster for a lot of users who have hardware wallets. Myself included.

[pests]

But.... if you did confirm two addresses, wouldn't the second one be suspicious solely because... if you're confirming it... it means you actually did something besides click a button right? And if it wasnt an address you owned?

[codetrotter]

I would think one was the target address and the other was the change address.

And then if I went so far as to double check that the other address was a change address, I’d do so by looking in the list of addresses for my wallet in Electrum.

But in our scenario I am using a backdoored Electrum. And therefore it could be showing a mixture of the real addresses that belong to me in that list alongside addresses belonging to a different wallet that was set to show up there by whoever backdoored my copy of Electrum.

[elbear]

Does each address show the amount transferred? If it doesn't, with my current knowledge of how things work, I would maybe assume the second address is used for a commission. Depending on what funds I would be transferring, maybe I would be suspicious and cancel the whole thing to find out why 2 addresses are displayed.