Response from coldcard account: TAPSIGNER was designed for multisig or smaller amounts Sounds susceptible to me. Be aware https://x.com/coldcardwallet/status/1820575245151178868?s=46&t=T4bUB7Wp2hQTxfXH5amDMw #bitcoin

Wouldn’t passphrase during setup process protect user from this attack?

Hmm maybe - wish we knew for sure

A common question is whether adding a (BIP39) passphrase to a seed phrase provides protection against Dark Skippy and similar attacks. The answer is no. This attack can work directly against the master private key, not the seed phrase.

Nunchuk

"Dark Skippy" Vulnerability

Recently, a group of Bitcoin researchers (Nick Farrow, Lloyd Fournier, and Robin Linus) disclosed a security vulnerability — called “Dark S...