Ben Ma, a security researcher who works for hardware wallet manufacturer Shift Crypto, discovered that the Coldcard hardware wallet has a flaw: An attacker could trick a Coldcard user into sending a real bitcoin transaction when they think they are sending a “testnet” transaction – or a payment on Bitcoin’s testing network, which is not the same as the mainnet.
Both testnet and mainnet bitcoin transactions, though, “have the exact same transaction representation under the hood,” Ma writes in his post disclosing the vulnerability. An attacker, then, could generate a bitcoin mainnet transaction for the hardware wallet but make it look like a testnet transaction. The mainnet transaction is presented like a testnet transaction on the user’s wallet, making it difficult for users to recognize the error.
Ma learned of the vulnerability after a pseudonymous researcher discovered the so-called “isolation bypass” attack in the French-manufactured Ledger hardware wallet.
Unlike Coldcard, Ledger supports many coins, so the bypass attack could work by tricking wallet users into sending bitcoin when they mean to send litecoin and bitcoin cash, in addition to testnet BTC.
When the initial vulnerability in the Ledger wallet was disclosed, Coinkite founder and Coldcard creator Rodolfo Novak said, “Coldcard doesn’t support any shitcoins, we find that to be the best path,” implying that his bitcoin-only wallet would be safe since the flaw (in part) resulted from the fact that Ledger devices previously managed different coins using the same private key.
Since Coldcard doesn’t support multiple coins, it theoretically shouldn’t have this problem. And it wouldn’t, if it weren’t for the fact that it can be exploited with bitcoin testnet addresses, as well.
If a user’s computer is compromised – and their Coldcard device is unlocked and connected to that computer – then an adversary could trick them into sending real bitcoin when they think they are sending testnet bitcoin.
“The attacker merely has to convince the user to e.g. ‘try a testnet transaction’ or to buy an ICO with testnet coins (I’ve heard there was a ICO like this recently) or any number of social engineering attacks to make the user perform a testnet transaction. After the user confirms a testnet transaction, the attacker receives mainnet bitcoin in the same amount,” Ma writes in the post.
Seeing as an attacker could execute this attack remotely, it met Shift Crypto’s criteria as a critical issue, triggering the responsible disclosure process.
According to the post, Ma disclosed the vulnerability to Coinkite on Aug. 4 and Novak acknowledged it the next day. On Nov. 23, Coldcard released a beta firmware to patch the vulnerability.