Friendly question: How is Nunchuk Assisted Recovery different from Ledger Recover?
Discussion
An encrypted backup of the multisig wallet configuration doesn’t let you steal the coins, it isn’t your key, it’s the wallet generated *from* those keys. The problem with multisig is you could generate a near infinite number of xpubs from the same 3 keys, so if you don’t save it properly, it’s kinda like a fourth key.
Your wallet configuration is critical, but doesn’t spend your funds. A saved backup attached to an account is a great feature one might expect with a mobile wallet service.
Extracting the actual seed from a hardware wallet is a night and day difference. The whole point of a hardware wallet is to have your keys never leave the device. Ledger has built a hot wallet feature into their cold storage product. It’s beyond stupid and a huge security vulnerability.
Sidenote: I don’t know much about Nunchuk assisted recovery and it could be storing an encrypted copy of a mobile key (which you should consider the trade offs for a hot wallet), but I do know they aren’t extracting keys from my hardware wallets and keeping them stored on their servers… because they can’t, I don’t use a Ledger 😉
See, this makes sense. Not having multi-sig seems to necessitate using the private key as the backup mechanism. At least they can “secure” shitcoins. 🤷♂️