Looking for some hard-to-find answers regarding cold storage and safety

self.Bitcoin2m ago
Hi, I’m looking for some hard-to-find answers regarding cold storage and safety. Hopefully the community can help me answer these: 1. I read it is unsafe to use the same btc or crypto address multiple times? Why is this the case? What is the chance of being hacked? Can someone explain in a simplified way? 2. If this is the case, don’t you have a problem in case of whitelisted withdrawal addresses with exchanges? Some exchanges only allow 1 withdrawal address per coin. If you withdraw funds from the exchange to this withdrawal address multiple times across time, will this make you vulnerable for hacks (see question 1)? 3. I don’t have a hardware wallet yet, have a bit on the exchange, but thinking of buying one considering all the cefi troubles. Ledger seems the most common/popular and most user friendly choice for beginners. I don’t need all the pro functionalities that other hardware wallets offer yet. But my main concern: I read that Ledger is not fully open source. How big is the chance this is a vulnerability of being hacked now or in the future? Could you explain in detail how big of a risk this is? If this is a real threat or concern, why do so many people choose Ledger? Is ledger screened/verified and considered as a non-security risk by external companies regarding their non-open source elements? 4. Is it true that if your device is broken, as long you have the 12/24 words, you can access your funds with any other device or software wallet? So, you don’t need the exact same device or company to access your funds again? Will this also be the case let's say 20 years from now? 5. I read Trezor does not have a secured chip and is therefore more vulnerable to hackers or thieves. If this is the case, why do many people choose Trezor? 6. What other hardware wallets can you recommend and why? In case you don’t need all the pro settings, why would you choose this hardware wallet over Ledger or Trezor? Are they all equally safe or is there a big difference in safety? Can you also tell me what you think is the biggest let down for your preferred hardware wallet? Why is this weakness in design or functionality not a deal breaker for you? 7. I read on the website of Bitbox02 that they have anti-klepto protection: “anti-klepto mitigates the nonce covert channel attack.” They state that they offer this protection, and that Ledger or Trezor do not offer this protection. Is this true? How important is this protection? If it is important, why do others not offer this protection? Is the ‘nonce covert channel attack’ the similar kind of risky attack as per my question nr.1? Maybe someone can give a detailed, but simplified, explanation of the risk of this attack… and what you can do best to defend yourself against this risk. 8. Coldcard is stated to be an ‘air-gapped’ defense. But if you put a SD card in and out of the Coldcard and your computer, what is the difference with a usb connection or encrypted Bluetooth connection? Is it really that much safer? What are the advantages and disadvantages of this kind of ‘air-gapped’ protection? Hope some of you can answer most or all of my questions regarding cold storage and safety. Thank you in advance!