No matter if we are using Eternal, Lace, Yoroi, or Nami, most of us are using hardware wallets like a Ledger or Trezor to sign transactions.
During the signing process we look carefully at the display on the hardware wallet to check that the receiving address and the amount we entered into the computer is what the computer submitted to the hardware wallet for signing. In other words we use the hardware wallet to be sure our computers aren’t lying to us.
So now the hardware wallet signs the transaction and asks us to press a button on the device to submit the signed transaction. But how do we know that the hardware wallet signed the transaction the way we asked it to before we submit it to the blockchain?
I understand that hardware wallets fall under the category of “trusted hardware” but sorry, I don’t trust hardware wallets.
We know that Ledger made it possible to export private keys using Shamir backup without telling the community.
And we know that their codebase was very recently hacked and that people lost funds.
We know that some of their code is closed source so we can’t know everything the device might do.
We know their customer database was hacked.
So I think it is reasonable to ask: Is there a way to get between the hardware wallet and the online wallet to intercept the signed transaction and then decode it to be sure that it says what we expect before submitting the transaction to the blockchain?
Much thanks for your responses.