There is always some amount of trust.
Even if you are using open-source wallet software, if you can't verify the code yourself, you are trusting someone else to have verified it.
Could wallet software show you a false receive address and just display what you assume to be the correct balance? Yup. It could, and it could do so regardless of whether the wallet is connecting to your own node or someone else's.
Only use wallet software that is tried and tested, like Sparrow, Nunchuk, or Spectre. You can also use multiple of these in conjunction. For instance, use a hardware wallet to store your actual private key, and then use Nunchuk on mobile and Sparrow on desktop, both only having access to your XPUB for generating receive addresses. Then you can confirm between the two that the addresses generated are indeed associated with your XPUB, and not being swapped out by the wallet software. As long as any receive transaction originating from Sparrow shows up in Nunchuk, and vice versa, you know that the address wasn't swapped out, because the chances that the developers of both Sparrow and Nunchuk are colluding against you are small.
Using your own node with the wallet software you use for transacting is still important, but not for the sake of false addresses being swapped in place of real ones. Rather, you should use your own node for the protection of your privacy. Using someone else's node with your wallet software means the node operator can potentially associate your UTXOs with your IP address, and with one another, so that they will know your full balance.
Dikaios1517
npub1ku…v3lhe
2025-05-26 19:25:34
in reply to nevent1q…ksee
Author Public Key
npub1kun5628raxpm7usdkj62z2337hr77f3ryrg9cf0vjpyf4jvk9r9smv3lhePublished at
2025-05-26 19:25:34Event JSON
{
"id": "e77847e7219eda6f317c2aa739ce1be683ed1436ac3fdfb82713e2b9a122d203",
"pubkey": "b7274d28e3e983bf720db4b4a12a31f5c7ef262320d05c25ec90489ac99628cb",
"created_at": 1748287534,
"kind": 1,
"tags": [
[
"e",
"571d57a7e0b181664fa2978e5246585002cc5a34b7379a717c8501252d16d43a",
"",
"root",
"91fb6b7d451a133cf1e736fdb6002ac5e5028b7c9f4110288eeed76df59b5831"
],
[
"client",
"asknostr.site"
],
[
"p",
"91fb6b7d451a133cf1e736fdb6002ac5e5028b7c9f4110288eeed76df59b5831",
"c9e9bdc0b03c21bd337a12dcf5b463d49fdafe884aa12bb950c182e9e4dbe9b8"
]
],
"content": "There is always some amount of trust.\n\nEven if you are using open-source wallet software, if you can't verify the code yourself, you are trusting someone else to have verified it.\n\nCould wallet software show you a false receive address and just display what you assume to be the correct balance? Yup. It could, and it could do so regardless of whether the wallet is connecting to your own node or someone else's.\n\nOnly use wallet software that is tried and tested, like Sparrow, Nunchuk, or Spectre. You can also use multiple of these in conjunction. For instance, use a hardware wallet to store your actual private key, and then use Nunchuk on mobile and Sparrow on desktop, both only having access to your XPUB for generating receive addresses. Then you can confirm between the two that the addresses generated are indeed associated with your XPUB, and not being swapped out by the wallet software. As long as any receive transaction originating from Sparrow shows up in Nunchuk, and vice versa, you know that the address wasn't swapped out, because the chances that the developers of both Sparrow and Nunchuk are colluding against you are small.\n\nUsing your own node with the wallet software you use for transacting is still important, but not for the sake of false addresses being swapped in place of real ones. Rather, you should use your own node for the protection of your privacy. Using someone else's node with your wallet software means the node operator can potentially associate your UTXOs with your IP address, and with one another, so that they will know your full balance.",
"sig": "bb130a6ea29b5403ddc1b5a544429577884e5556ab7ba541f108a97c1516aa71d5793fe44dd84138b14daa25ee24a365cdf023b5244777668a6a9cf290fcb61e"
}