Hello everyone,
I am currently tinkering around with small fund amounts to learn how to use Multisig and I came across something weird that I cannot quite figure out myself.
In short, I set up a multisig 2 of 3 on Sparrow that was 1 software wallet (seedwords directly into the local machine) + 2 other hardware wallets.
I didn't quite like it that Sparrow would not let me lowball the fees as much as I wanted so I decided to export this Multisig wallet to a format compatible with Electrum wallet.
When I got to signing the transaction as I wanted it to, I ended up being asked to only provide signing by one of the hardware wallets (I supposed the seedphrase from the local software wallet also got expored).
Here is the part that worries me:
On Electrum if I go to Wallet > Private Keys > Export and I happen to want to open that, it will actually open a list of the miltisig address tree together with what appear to be secret keys (P2WSH type), without even asking me for a hardware wallet or it even being connected to the local machine, just the local software wallet seems to be enough.
Now maybe I am missing something here, even the Electrum software itself tells me in a warning message:
"WARNING: This is a multi-signature wallet.
It cannot be "backed up" by simply exporting these private keys."
I just got spooked it still does display some private keys. So are these keys legit or just some private keys needed in part of the software seed to make the whole scheme work?
My initial impression was they were somehow the actually private elements of the corresponding Multisig addresses listed on this wallet.
Just wanted to hear your thoughts on this. I might be just worried for nothing seeing this stuff (since my expectations were: no access to hardware wallets, no showing private keys)