Device Compromise Alert with Decoy Wallet

[Carefever]

Attacker got access to your PC, tries to steal from crypto wallet. But it's a decoy! You placed it to be notified if device is compromised.

• 2/2 Multisig wallet - attacker can't steal from it without 2nd signature. But can you get a notification about first signature made?
• EVM wallet with USDT and no ETH for gas + smart contract that forwards any deposits to a different wallet. History shouldn't have such transactions, so attacker can't look up this patter. Are there ready-to-use guides how to set it up?

[hugeblack]

This sounds more like an attempt to scam others than an attempt to deceive a scammer.
The Decoy Wallet concept uses a passphrase. A wallet without a passphrase contains $10. Adding a passphrase allows you to access your balance, but it's useful in the event of a physical attack.

Software-wise, the wallet must be airgapped.

[kotajikikox]

Attacker got access to your PC, tries to steal from crypto wallet. But it's a decoy! You placed it to be notified if device is compromised.

I guess this could be a good notification to check if your device is compromised but if you have any other wallets in your PC that you actually use, wouldn’t that get be in danger as well? If a wallet is not a decoy is in the same device as the decoy one, how to make sure hackers only get to the decoy wallet?

A wallet without a passphrase contains $10.

Yeah, I understand that I can leave a small sum and when it's stolen - I'm notified the device is compromised.
Problem is $10 might be not enough to bait, attacker can persist on a device waiting for bigger fish. Thus I'm looking for cost-free methods instead of depositing $500+.

That is what I’m saying. Why would a hacker go for a wallet with only small amount? But I guess he would only know how much is in the wallet after he’s compromised the device.

[hugeblack]

There're non-crypto decoys with notifications, but they're easy to spot as a bait due to bank's BIN number - canarytokens.org -> credit card token

An attacker cannot access the air gapped system, so you are safe as long as the system is secure and the private keys are generated with sufficient randomness.
The air gapped system's flaw lies in the physical attack, and this is where the passphrase comes in with a low balance of $10 or $100.

If hackers gain access to your device's core/root privileges, notifications won't help you because the hacker will be quicker to drain your balance.