You probably nuked your account already but if you didn't, it would be great for the community if you could answer some questions now that the worst has been prevented.
1. You said you never entered your seed to a internet connected device. Did you enter the seed to Blue Wallet or Nunchuck when you tried to create a "read only" wallet?
2. Is it possible a guest or even a family member has read the metal plates at your house?
3. Did you have the same seed on the ledger devices and the coldcards?
4. Did you pass any files or notes through a internet connected device when you cloned your ColdCards?
Things like this don't generally happen. Therefore it would put a lot of minds at ease to be able to narrow down the possibilities how this could have happened. Especially because it seems you did a lot of things "right".
I understand the urge to disappear from all social media right now. And it really isn't a good idea to post pictures of your living room and family members while trying to secure a considerable amount of bearer assets like bitcoin. But I would say right now it'd be prudent to try figuring out exactly where the problem was/is by giving more details.
I wonder how he cloned the hardware wallets as well. Might have transfered something through a internet connected device which was compromised? But yeah my guess is he either entered the seed to a "read only" wallet like you said, or someone read the plates at his house. Maybe even his kids or someone close to the family.
I'm guessing someone gained unauthorized access to the physical plates themselves.
Individual miners will be quick to change pools if necessary. I wouldn't be too concerned about that.
Regulatory arbitrage is highly recommended, for one country rarely meets the needs of an individual. Plant flags early because it may get harder over time.
Just having the option to self-custody is game-changing, though. The people who need to do it can, and will do it. That has not been the case for a long time historically speaking.
To my understanding loss of private funds from hacking is really rare. People have mainly lost funds by messing up their backup system by making it overly complicated or not making backups at all.
Custodial bitcoin credit cards don't help this at all. There's no incentive to install bitcoin specific hardware to stores if bitcoin can be spent with the current hardware. That's how the masses will probably spend "their" bitcoin anyway.
Luckily a significant amount of my paycheck is an insignificant amount. Checkmate, state.
It sounds like you understand privacy quite well. That is, the ability to reveal selectively. I always get triggered by that "I don't care if they collect my data" rhetoric tho.
Feeding the monster doesn't really help the ones getting munched.
That's a lot to unwrap. The most important thing, I think, is to realise that the Googles and Metas are not interested in *your* interests for social reasons, like people would be. They are interested because it gives them asymmetric power over a massive amount of people without them realising it.
To alter the behaviour of the so-called masses and the choices they make, even by a tiny fraction, is massively valuable to the companies themselves, but to state actors as well. And the way they get that power is by collecting vast amounts of user data accross the web. And making it incrementally harder to opt-out. That exact phrase "I don't care if X platform gets my data" is the product of a massive campaign against privacy, launched by Meta itself (back then called facebook), if I'm not mistaken.
If the personal loss of privacy doesn't trigger any feelings of disgust for you, I encourage you to think about the issue societally. Normalised data collection and KYC practices erode society at a deep level. It's a self-growing feedback loop of fear and polarisation. Do you want to support that or could you start being more mindful about it personally? Something to consider.
