Version 3.2.2 Update Recommended (Multisig Security Update)
Security Fix (Multisig Users)
Version 3.2.2 fixes a security issue that could allow an attacker—who has compromised your computer during multisig wallet setup process—to divert funds. Please upgrade ASAP.
This issue can only affect multisig wallet users, and would only be an issue for wallets created while under attacker’s control. It does not affect wallets after creation time. It is not a remote attack as claimed in the headlines from our competitor’s FUD factory.
Regardless, we strongly recommend immediate upgrade and generally keeping your Coldcard firmware up-to-date.
There are other useful new features in v3.2.2 too!
Now that the non-disclosure period has ended, we can discuss the security issue this release fixed back in January. The problem was reported by Hugo Nguyen who discovered the issue when integrating multisig Coldcards.
He has created an excellent writeup on the issue here and it covers the technical details best.
Coinkite immediately fixed the issue and has greatly tightened the security around multisig wallet creation and operation, but we did not talk about the bug itself until now. You may have noticed the Coldcard is much more “picky” about multisig XPUB’s during wallet setup and also PSBT details during signing, in versions after 3.2.1.
These changes have created some interoperability issues and we’ve been working with software wallet vendors to address those over recent weeks. As of now, most of those issues are resolved, but some wallets do require you to “re-import” your multisig wallet into Coldcard.
Coinkite has also taken part in a new initiative to standardize the multisig wallet setup process, hopefully as a BIP, announced today on bitcoin-dev.
The other party was aware from previous interactions of our well documented Responsible Disclosure Policy.