Perfect, thank you very much,
So QR Code doesn't work in the same way as with the SeedSigner.
USB doesn't work either because there's no plugin.
The only option is to try using microSD.

Is it the same procedure as the Foundation Wallet?
Or how exactly do I connect the Specter to Electrum via SD

OK, so it's just a matter of the computer knowing the seed when I enter it manually?

Could I still sign on the hardware device?

I will only use Electrum on an airgap computer, so it makes no difference whether the seed stays on the device or I enter it manually on an airgap computer.

I would like to use the hardware wallet (Specter Shield), unfortunately it is not compatible with Electrum, but if I enter the Specter Shield seed manually into Electrum, I could still use the Specter Shield as a signing device, right?

Hello everyone,

What exactly is the difference between:
I already have a Seed & Use a Hardware Device?

Isn't it the same if, for example, I simply enter the seed from the device manually under:
I already have a seed

Or does signing via the hardware device no longer work because I haven't entered it under:
Use a Hardware Device?

I can't find KeyStone among the plugins either, but KeyStone Bitcoin Only Firmware is compatible with Electrum.

Does anyone have a Specter Shield and can say more about it?

But it's more about Specter Desktop, for example you can use your Electrum Coldwallet or Hotwallet as a signature for the Specter Desktop.
What I meant is Specter DIY, it is a HWW and my question was whether I can use this HWW as a signature device with Electrum Desktop.

Thanks, I'll read through the thread

Good day,
I have a question regarding Specter Shield & Electrum.

I would like to put together a shield, but unfortunately I couldn't find anything online to see if it was compatible with Electrum.

Do any of you know if you can use the Shield together with Electrum?


Thank you

What if you can't store the public keys of all cosigners on the hardware wallet?
Or can this be stored at every HWW?
Would you then see the wrong address on all devices?

I know the script, it is a 2 of 3 MultiSig where all 3 wallets belong to me.
This is more about the fact that 1 wallet out of the 3 was infected with a malicious code.

what do I do in this case?
Is my entire setup unsafe then?
Or do the other two wallets then show me the correct address so that I know that something is wrong and I can set up the MultiSig again


All 3 are mine, and all 3 have been hired as CoSigners.
The problem here is based on:
If I install an update and that update infects my wallet with malicious code.

I thought that the 2 other wallets would show me the correct address, but the post I read says that all 3 wallets show the same address even if it is wrong.


All 3 CoSigners belong to me, but the post I read says that if 1 CoSigner was infected, then the security of the entire wallet is ruined, because the attacker can then display a false address to which I transfer money, and the 2 CoSigners have to accept it because they can't verify it, they can only verify their own xpub.

I thought that if 1 signer was infected and showed a wrong address, that the other 2 signers would show the correct address so I would know, okay, something is wrong here.
But the post says that all 3 signers then show the wrong address.

Are MultiSig wallets insecure and only intended for experienced people?

I just read a post and wanted to ask what you thought about it.
wanted to set up a MultiSig wallet for my security, but after this post I'm afraid of it.

Is what he writes true?
Do you have to put in so much effort with a MultiSig Wallet?
Or is this just scaremongering?
Are there solutions to these problems?

I thought MultiSig wallets were very secure, and I thought if 1 wallet was hacked, then I still have 2 wallets that show me the correct address, for example.


1)
An address of a 2-of-3 setup therefore contains the public keys of all three cosigners. In order to generate a correct address, you have to be able to rely equally on all cosigners.

Despite using two hardware wallets, the software wallet from the example above could contribute a fake public key to generate the receiving addresses.
The hardware wallets ultimately have to simply accept the other cosigners' information and have no way to verify it.
The resulting address would no longer have anything to do with your own multisig wallet and would belong to another wallet to which you do not have access.

This would mean that the operator, or the person who compromised the software wallet, would be in a position where he could blackmail the user with a ransom in order to release the third key, which was foisted by the false software. A very unpleasant idea that no longer has much to do with “gained security”.

Such scenarios are of course quite contrived and seem unrealistic at first glance. But it is precisely against such sophisticated attacks that you want to protect yourself with a multisig wallet! Otherwise, you can just stick with a simple hardware wallet, which already provides sufficient protection against the vast majority of threats.

The security of a multisig wallet is always measured by the “most insecure” cosigner, i.e. the greatest vulnerability. Therefore, all cosigners should always have a comparably high level of security. Mixing hot and cold wallets is therefore contradictory and not recommended.


2)
With an “xpub”, an extended public key, all addresses of an account in a Bitcoin wallet can be derived. In a multisig setup, the cosigners have to exchange these keys with each other in order to be able to generate addresses. This exchange is forced to take place via a software wallet on a smartphone or computer, as the hardware wallets cannot speak to each other directly.

An individual cosigner receives information about the other cosigners indirectly via the software wallet, which simply has to be accepted. It is solely up to the user to ensure that the other cosigners' information has been correctly passed on by the software wallet. If this is not done, the software wallet can give you fake public keys, similar to the first stumbling block.

This either makes a blackmail attack possible, as above, or even worse: in this scenario, the software wallet can forge two of the three public keys and thus gain full control over the addresses generated by the hardware wallet.

To rule out this vulnerability, the user must first verify each extended public key individually on the hardware wallet displays. This means that each cosigner can be correctly assigned to an xpub.

In the next step, the user must verify the public keys of the other cosigners on the hardware wallet, which will later also generate addresses, by comparing them with each other. The software wallet theoretically has the possibility of passing on incorrect keys, which would be immediately noticeable at this point.

Only after this successful verification can the address displayed on the hardware wallet, here in the middle, be trusted.

With multisig wallets, it is not that easy to establish trust in receiving addresses, as this always depends on all cosigners and their secure communication with each other. Careful verification of the individual public keys, as well as mutual checking to see whether they were passed on correctly, are crucial in order not to endanger the security of the setup.


3)
The steps just described for verifying receiving addresses are easier said than done. Because some hardware wallets do not offer the necessary functions, such as displaying the cosigner xpubs, and therefore should not be used in a multisig setup.

Furthermore, a completely manual check is anything but practical in the long term. As a user, you are unlikely to go through the procedure described above over and over again for every address you want to use. Sooner or later, users are likely to become careless.

Hardware wallets that are used for a multisig setup should therefore be remembered by all cosigners after setup in order to remain trustworthy in the future without additional manual verification. This is also referred to as the “registration” of a multisig setup.

If you are looking for a beginner-friendly option for more security, you should think twice about whether Multisig is really your first choice. Many tripping hazards are not obvious at first glance and you quickly feel like you are feeling dangerously safe.

Hello everyone,
I have a question for you

For example, I would like to leave Bitcoins on Specter and Ethereum on Safe.Global.

Are there any problems if I use my Trezor as a signing device for both providers?

Or should I create 1 sub-account for Safe.Global at Trezor?

I don't understand why you have to have internet to sign something, for example Jade doesn't need internet to sign either...
Theoretically it should work that you connect the Trezor with an airgap Electrum so that you can sign without internet or am I wrong?

But I would like to set up a multisig...

hmm so only Coldcard & Passport remains as an airgapped wallet which are open source.
Unfortunately, SeedSigner doesn't work with Electrum & Jade signs airgapped, but Firmupdate cannot be installed airgapped.


Is it possible to connect Trezor & Bitbox to the WatchOnly Wallet so that I can sign there, and then I do the final signing on the airgapped computer (Electrum Coldwallet)

So as I understand it, it goes like this:

I create the transaction on Electrum WatchOnly (Online)
Then I export the transaction file and paste it on my airgapped computer Electrum ColdWallet ( Offline )
There I  sign with the Electrum ColdWallet, Trezor & Bitbox.
Then I export the transaction file again and paste it into my Electrum WatchOnly and initiate the transaction.


The hardware wallets such as Trezor or Bitbox would have to be created online somewhere beforehand, right?
Or does it also work offline?

Good evening,
I have a small concern and would be happy if you could help me with it.

I would like to set up a cold wallet on a computer without internet access (Electrum) and a pure watch wallet on a computer where the fullnode is running.
Then I wanted to create the transaction in the watch-only, then move the transaction file to the airgap computer and sign it there.

Question 1)
Do the hardware wallets for the MultiSig function all have to support PSBT?
Or can I also use Trezor / BitBox, for example?

Question 2)
If it were also possible with Trezor / Bitbox, where do I sign?
On the watch-only or on the air gap?
I think you would need internet access for Trezor & Bitbox, or is it possible without internet access on the Airgap computer since the hardware wallets are linked to Electrum there?


Thank you and best regards

Is it actually possible to connect your own node to a public electrum server?

Or does that not work because the Electrum server itself is a node?

Good evening dear forum members,
I have 2 questions regarding Full Node and Electrum Server.

1) What can the owner of a full node see when I connect to his node?

2) What can the owner of an Electrum server see when I connect to his server?


That's actually it

Thank you very much and best regards

Thanks for the detailed answer.

Why does sparrow write that it would pose a risk?
What could a hacker do with the pub key?

Sparrwor writes:
Unfortunately, Bitcoin Core stores your public keys and funds unencrypted on the computer that runs it. If that computer is regularly connected to the Internet, it is at risk to hackers - making you a target once your balance is discovered.

Good evening,
I have a small concern.

Since Bitcoin Core stores the pub key unencrypted on the computer, I wonder whether there would be a risk if I connected Specter to the Core.
You could theoretically calculate the Prv key back if you had the pub key.
(I know, very difficult but certainly doable with a quantum computer)

What does it actually look like when you set up a multi-sig wallet at Specter?
Won't the whole thing be more difficult to calculate, or does it make no difference whether single-sig or multi-sig?

Nein gilt nicht für Sport, nur für Termingeschäfte war ein dummes Beispiel von mir
So meinte ich es eher:
Future Trading 2 Positionen, 1x BTC Gewinn 100.000€ und 1x ETH Verlust 30.000€.
Bei diesem Beispiel dürfte man nur 20.000€ gegen rechnen.

Aber soweit ich weiß gilt das nicht für Fees und Rollover Fees.

Mal ne andere Frage:
Die Rollover Fees unterliegen auch der Abgeltungssteuer richtig ?
Also kann ich diese komplett vom Gewinn abziehen ?
Wie sieht es mit den Maker / Taker Fees aus ?
Auch komplett absetzbar ?

Transaktion Fees von Wallets gehören ja zu den Werbungskosten, die könnte ich ja garnicht komplett absetzen da sie schon im Pauschbetrag geregelt sind richtig ?

Hier geht es um den Verlustverrechnungstopf

Ich mache mit BTC gewinn 100.000€
Ich mach mit Immobilie verlust von 30.000€
Dann kann ich nur 20.000€ anrechnen von den 30.000€.

Das was ich meine sind die Gebühren für das öffnen und schließen des Trades, für die Exchange Gebühren um USDC in Fiat zu wechseln und um die Gas Fees.
Diese haben mit dem Verlustverrechnungstopf nichts zutun.