Coldcard Users Alarmed by Similar xpubs | Concerns Over Security Risks

A recent discussion among users setting up multiple Coldcard devices has raised eyebrows over strange similarities found in xpubs. Users reported that the first 10-13 digits of the xpubs were identical across different devices, prompting concerns about both privacy and security.

Users Raise Red Flags

One user stated, "I was surprised to see such similar xpubs." This comment surfaced while helping a friend set up three Coldcards, all generated from distinct seed phrases. The discovery has sparked fears among users that these similarities could indicate a deeper issue.

Common Themes in User Feedback

1. Similarity in xpubs: Reports confirm nearly identical starts to xpubs among multiple devices, leading to suspicions of potential vulnerabilities.

2. Potential Solutions: Users are considering resetting the devices and generating new seeds to see if the problem persists. As one prominent comment noted, "I'll try resetting the Coldcards and creating new seeds. Thanks!"

3. Rising Concern: Many are left wondering whether the likelihood of such duplicates is a troubling sign of fault in the device’s randomization processes.

"This seems suspicious to me is this something to worry about?" - User inquiry

Key Points to Consider

• 🔑 Identical xpubs found in three different devices raises security concerns.

• 🔄 Users report plans to reset Coldcards to rectify xpub similarities.

• 🚨 A growing number worry this could reflect on device reliability and randomness.

In the meantime, the Coldcard community watches closely for updates and clarifications from manufacturers.

Are these xpub similarities a mere coincidence or a sign of underlying flaws in hardware design? Users remain vigilant as they await more information.