Is the above true? If an attacker were to randomly come across my private key, he can move the funds without requiring the origin keys that resulted in the multi sig?
I never heard of a single case of anyone losing coins with multisig setup with attack like you mentioned, and I couldn't find anything about reddit topic talking about this, so maybe you should post a link for us to see.
I know that more more co-signers you have in multisig setup, the harder it will be for attacker to stole your coins, and I don't see any real threat with this.
With new taproot addresses all transactions like the same, so there is no way you could know if transaction is single or multi sig, but that is not the case with older address types.
This is the post and the other comments that follow it.
My primary concern is dictionary attacks. I know and have tried using
rotorcuda and
fialka to run random private key attacks and trying to find private keys. In fact, I have already found a few private keys (unfortunately they were already emptied before by someone else). However, this is very much a possibility. The fact that me, an individual can run such brute force attacks for random keys with little knowledge concerns me. I'm sure that North Korea and other big malicious actors would be running far bigger operations to brute force random keys. I may go so far as to even say that these whale alerts that we see on twitter (that some bitcoin was moved after 10-11 years) may be such crackers stumbling on these private keys.
I want to protect myself from such attacks by using multi sig. My assumption was that the Bitcoin chain requires the 2 signatures and this enforcement is done on chain. However those reddit comments and the ones in this thread too suggest otherwise.