Update: The Coinkite scam letters go to secure.portal-coldcard.com and they want you to enter your PIN and seed for the "post-quantum" security update.
So in addition to skimming customer data in the supply chain, they're also buying COLDCARDs to put the stolen PIN/seed into.
@NVK you can probably track these assholes down.
Login to reply
Replies (7)
Asking for the PIN is just misdirection. The seed phrase can be used to recreate the wallet in any wallet application and steal the funds.
Yeah, duh moment for me. My brain was on wrench attacks and I forgot they don't actually need to do that.


Just got one of those letters today
Cheese, you get a letter in the mail? If so how long has it been since doing business with Coinkite? They should be purging information regularly. I for get the timeline now.
My friend did. He bought from Coinkite many months ago, maybe even a year. All I've seen with my stuff is the info deletion email. It's for sure address data from a while back, though, not last week or something.
@mrecheese π§ @Jude i got the same. I use pseudonyms and this particular pseudonym was only used with few other vendors. Maybe we can triangulate leak source? I used it with solo satoshi, @npub1n880...teq3 and lightning koffe
This one was only used once with Coinkite, and nowhere else. It's in that order/delivery chain somewhere for sure.