Coldcard is not a solid HWW at all. I work on secure element design and several other people that also do agree.
Don’t use an exchange. SeedSigner so far is the best approach though it needs more code auditing.
Discussion
The entire ecosystem is not slop but a majority is, and especially the ones that push marketing hard. What they can’t do with skills they try to do with deception whether it be false marketing or gold-coating a turd.
Seedsigner only
Omg 😨
What do you think anout Specter DIY?
That also is a good option. Smart card as SE works pretty well.
Are there any good write ups on what the concerns are?
Yes. Do a quick search. It’s well documented
what's the issue though? need to know - was attracted by the PSBT signing
weak secure elements, bad architecture, UX is suboptimal, the designers of the architecture don’t know much about proper security, and not related but the company behind it has done a lot of shady shit.
Thanks I’ll look into further
This statement about Coinkite? If so, can you point me to the shady shit they've done?
well, an easy example would be NVK squatting domains relating to SeedSigner and lying about it, while also sending a takedown request to nostr:npub1k5f85zx0xdskyayqpfpc0zq6n7vwqjuuxugkayk72fgynp34cs3qfcvqg2's FOSS blockclock competitor
Oh yeah thanks for the reminders damn the list is longer than I remembered