Replying to Avatar Harley

I’ve got a question for you guys and it might be incredibly dumb but anyway. nostr:npub1e85mms9s8ssm6vm6ztw0tdrr6j0a4l5gf2sjhw2scxpwnexmaxuqcev9em 2500

Obviously self custodial wallets are better than custodial because you have your own keys but surely if you rely on someone else’s node then you haven’t actually gotten rid of much trust compared to trusting them with your private key. My thinking is that if you trust their software to display the right number according to the Bitcoin blockchain then how easy is it for them to redirect a transaction meant for you to themselves and just display the number you were supposed to receive in your wallet.

Am I being retarded? +500 sats for good answers.

#asknostr

Avatar
Dikaios1517 7mo ago

There is always some amount of trust.

Even if you are using open-source wallet software, if you can't verify the code yourself, you are trusting someone else to have verified it.

Could wallet software show you a false receive address and just display what you assume to be the correct balance? Yup. It could, and it could do so regardless of whether the wallet is connecting to your own node or someone else's.

Only use wallet software that is tried and tested, like Sparrow, Nunchuk, or Spectre. You can also use multiple of these in conjunction. For instance, use a hardware wallet to store your actual private key, and then use Nunchuk on mobile and Sparrow on desktop, both only having access to your XPUB for generating receive addresses. Then you can confirm between the two that the addresses generated are indeed associated with your XPUB, and not being swapped out by the wallet software. As long as any receive transaction originating from Sparrow shows up in Nunchuk, and vice versa, you know that the address wasn't swapped out, because the chances that the developers of both Sparrow and Nunchuk are colluding against you are small.

Using your own node with the wallet software you use for transacting is still important, but not for the sake of false addresses being swapped in place of real ones. Rather, you should use your own node for the protection of your privacy. Using someone else's node with your wallet software means the node operator can potentially associate your UTXOs with your IP address, and with one another, so that they will know your full balance.

Reply to this note

Please Login to reply.

Discussion

Avatar
ppatel 7mo ago

I have asked a question in the past about trusting wallet software to correctly compute the fx rate at point of sale (fiat-BTC)price before. If you dont reside in the US, then calculation is BTC-USD-NZD for example. I do think its best to verify. I am working on a spreadsheet to check all past lightning transactions now.

I never questioned the wallet address though, but transferring money from one wallet to another should carry the same cautions when transferring fiat. If large transactions are done, then do a small amount first, verify and then trust the wallet address.

Avatar
Junghwan 7mo ago

Great explained