Ref for some details. https://blog.trezor.io/our-response-to-the-read-protection-downgrade-attack-28d23f8949c6
Lol.. That's simply not true. After I create a wallet. I back it up and then verify it. Then I wipe it. You can hack something that isn't there lol.
But that's just one of many deterrents. I also use a high entropy passphrase\password. Which Trezor does not store. Even if I didn't wipe the device. The seed phrase is useless without the passphrase\password.
With Coldcard you have to trust not one but two closed source elements. Do you really want to trust you life savings to that..😐
Well, it's true that you can extract the key. But if you wipe it after creating it, I think you have solved the problem. Just don't forget to erase it.
I don't have a good answer to the issue that I have to trust the secure element. That is why Coldcard uses two, so if one is compromised and the other is not, you are still good. But you still have to trust that they are not both compromised.
