Is it potential that malicious bitcoin pockets suppliers present pre-generated private-keys for customers?
We belief wallets like Ledger, Trezor, and and so on. We imagine the mathematics that the randomly generated non-public keys are secure. However may or not it’s potential that the non-public keys you thought are “generated” are literally offered and already saved within the database?
Think about I’m the chilly pockets firm, and I pre-generated like one trillion non-public keys secretly and saved them in my very own database. For every pockets chip, I fastidiously select 100 non-public keys and write them into the chip, and mark the keys in my database as used. When a person acquired the pockets and tries to generate a personal key, this system within the chip simply picks one of many 100 keys I wrote in. Nobody is aware of whether or not the keys are actually generated or given by the pockets supplier.
After I’ve already offered sufficient wallets, I can iterate all of the used non-public keys and steal all my customs bitcoins.
That sounds sensible and horrible. I’m utilizing a pockets however I can’t persuade myself that my non-public key actually belongs to me. Is that state of affairs potential? Is there any technique to assure that the non-public key will not be saved by others when the pockets will not be open supply?