You should use a passphrase with your Bitcoin signing device / hardware wallet. This would have most likely stopped this attack from being successful as the passphrase is not stored on the device.
Discussion
You mean like a 25th word? I have a friend who needs to do that.
Yes. If they do, be sure to tell them that doing so will create a new wallet. They'll need to send from the old wallet to the new one.
You can do that after the fact, correct? Not just at initial setup?
It’s a new wallet essentially. You’d have to transfer your stuff to the new wallet. I’m an idiot and could be wrong.
you are right! it will be a new wallet and a transfer has to be made
It doesn't need to be just an additional word. It can be many words. A phrase. To be safer.
Do consider that it will be a single point of failure. The passphrase will not be in de bip39 directory. So one character or capital letter misplaced or forgotten is all of nothing.
This isn’t really new news. This has been a known vulnerability for several years now, and you still need physical access to the device.
Yes.
In fact, use a few.
Be creative and distribute your stashes.
All these years of decentralization and we go back to single points of bitcoiner failure.
Sigh.
Getting the seed is useless unless he gets your passphrase too
Use multisig