CoinBuzzNow Logo

CoinBuzzNow

Home
/
Security measures
/
Wallet security
/

Concerns about multisig xpub similarities in coldcards

Concerns Rise Over Multisig xpub Similarities | Are Coldcard Wallets Trustworthy?

By

Lina Chen

Apr 22, 2025, 09:34 PM

Edited By

Fatima Elmansour

Brief read

An illustration showing multiple coldcard wallets with xpubs having similar prefixes, highlighting security concerns in a multisig setup.

A discussion on multisig setups with Coldcard wallets has left some people uneasy, as similarities in xpubs have raised eyebrows. A user discovered that the first 10-13 digits of their multisig xpubs are identical across three wallets, prompting questions about wallet security and randomness.

What Sparked the Debate?

It started when a user helped a friend set up a 2 of 3 multisig configuration with three Coldcards. They noted that while exploring the xpubs, the repetition in the initial digits was puzzling.

โ€œThat doesnโ€™t seem right,โ€ one commenter remarked. The user expressed concern, stating, "I thought xpubs are completely random."

How It Works and User Reactions

Coldcard wallets, produced by Coinkite, generate seed phrases using a combination of internal methods and dice rolls. These seed phrases drive the blockchain keys, like xpubs, which represent multiple receiving addresses.

  1. Common Protocol: Some users suggested that the matching characters might be a protocol signature.

  2. Confusion About Length: xpubs typically exceed 100 characters, leaving some uncertain about whether early repetitions are normal or indicative of a flaw.

  3. Trust Concerns: One comment pointed out, โ€œWould not be comfortable,โ€ questioning the integrity of the devices.

"Are the first 10-13 characters supposed to match for each xpub in a multisig setup?" questioned another participant.

Sentiment Patterns Emerging

The reaction to this issue has been mixed:

  • Confused/Vigilant: Many commenters showed concern, expressing doubts about the legitimacy of their setups.

  • Inquisitive: A few sought clarity on whether this repetition is a standard or a possible error in their configurations.

  • Neutral Queries: Users were hopeful for insights or guidance from those with more experience or knowledge.

Key Takeaways

  • ๐Ÿ“Š The first 10-13 digits of xpubs matching may reflect a standard protocol rather than a security issue.

  • โ“ Users remain confused about the implications of similar xpub beginnings in multisig wallets.

  • ๐Ÿ›ก๏ธ Trust in wallet security is a significant concern, prompting calls for verifying device cleanliness.

As the conversation evolves, one can't help but wonder: Could this incident spark a broader reevaluation of how people perceive multisig wallet security?