State of affairs: (2 of three multisig) one of many {hardware} wallets is operating malware and makes use of an attackers xpub as an alternative of the one derived from the restoration phrase. This swapped xpub is reported to all the opposite cosigners and the software program pockets. All signing gadgets corroborate that they’re all utilizing the identical set of xpubs, and that their respective units of obtain addresses match these displayed on the software program pockets. However the funds despatched to those addresses don’t belong to the proprietor, as their redeem scripts had been created utilizing an xpub the proprietor doesn’t have data of.
If the proprietor had been to wipe the gadgets and get well their multisig setup on a brand new set of gadgets freed from malware, they might be proven a totally totally different pockets with empty addresses. With a view to get well their funds they would want the lacking xpub from the beforehand malware contaminated {hardware} pockets.
Query: If this situation is feasible, is not multisig really much less safe than single sig, since a single malware contaminated {hardware} pockets nonetheless compromises the whole setup, however now as an alternative of an assault floor of 1 {hardware} pockets, you now have 3 (from totally different manufacturers with totally different vulnerabilities) that may be compromised?