shapeshift · gomesalexandre · Nov 28, 2025 · Nov 26, 2025 · Nov 26, 2025 · Nov 26, 2025
@@ -255,7 +255,8 @@ $gridplus.on("click", async (e) => {
   window["pairingCodeEntered"] = async function () {
     const input = document.getElementById("#pairingCodeInput") as HTMLInputElement;
     document.getElementById("#pairingCodeModal").className = "modal";
-    wallet = await gridplusAdapter.pairDevice(input.value);
+    const { wallet: gridplusWallet } = await gridplusAdapter.pairDevice(input.value);
+    wallet = gridplusWallet;
     window["wallet"] = wallet;
     $("#keyring select").val(await wallet.getDeviceID());
   };

@@ -1,6 +1,6 @@
 {
   "name": "@shapeshiftoss/hdwallet-sandbox",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "license": "MIT",
   "private": true,
   "browserslist": "> 0.5%, last 2 versions, not dead",
@@ -12,24 +12,24 @@
   "dependencies": {
     "@esm2cjs/p-queue": "^7.3.0",
     "@metamask/eth-sig-util": "^7.0.0",
-    "@shapeshiftoss/hdwallet-coinbase": "1.62.15",
-    "@shapeshiftoss/hdwallet-core": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey-tcp": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey-webusb": "1.62.15",
-    "@shapeshiftoss/hdwallet-keplr": "1.62.15",
-    "@shapeshiftoss/hdwallet-ledger": "1.62.15",
-    "@shapeshiftoss/hdwallet-ledger-webhid": "1.62.15",
-    "@shapeshiftoss/hdwallet-ledger-webusb": "1.62.15",
-    "@shapeshiftoss/hdwallet-metamask-multichain": "1.62.15",
-    "@shapeshiftoss/hdwallet-native": "1.62.15",
-    "@shapeshiftoss/hdwallet-phantom": "1.62.15",
-    "@shapeshiftoss/hdwallet-portis": "1.62.15",
-    "@shapeshiftoss/hdwallet-trezor": "1.62.15",
-    "@shapeshiftoss/hdwallet-trezor-connect": "1.62.15",
-    "@shapeshiftoss/hdwallet-vultisig": "1.62.15",
-    "@shapeshiftoss/hdwallet-walletconnect": "1.62.15",
-    "@shapeshiftoss/hdwallet-walletconnectv2": "1.62.15",
+    "@shapeshiftoss/hdwallet-coinbase": "1.62.16",
+    "@shapeshiftoss/hdwallet-core": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey-tcp": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey-webusb": "1.62.16",
+    "@shapeshiftoss/hdwallet-keplr": "1.62.16",
+    "@shapeshiftoss/hdwallet-ledger": "1.62.16",
+    "@shapeshiftoss/hdwallet-ledger-webhid": "1.62.16",
+    "@shapeshiftoss/hdwallet-ledger-webusb": "1.62.16",
+    "@shapeshiftoss/hdwallet-metamask-multichain": "1.62.16",
+    "@shapeshiftoss/hdwallet-native": "1.62.16",
+    "@shapeshiftoss/hdwallet-phantom": "1.62.16",
+    "@shapeshiftoss/hdwallet-portis": "1.62.16",
+    "@shapeshiftoss/hdwallet-trezor": "1.62.16",
+    "@shapeshiftoss/hdwallet-trezor-connect": "1.62.16",
+    "@shapeshiftoss/hdwallet-vultisig": "1.62.16",
+    "@shapeshiftoss/hdwallet-walletconnect": "1.62.16",
+    "@shapeshiftoss/hdwallet-walletconnectv2": "1.62.16",
     "bip32": "^2.0.4",
     "eip-712": "^1.0.0",
     "jquery": "^3.7.1",

@@ -1,6 +1,6 @@
 {
   "name": "@shapeshiftoss/integration",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "main": "index.js",
   "license": "MIT",
   "private": true,
@@ -11,16 +11,16 @@
   },
   "dependencies": {
     "@bitcoinerlab/secp256k1": "^1.1.1",
-    "@shapeshiftoss/hdwallet-core": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey-nodewebusb": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey-tcp": "1.62.15",
-    "@shapeshiftoss/hdwallet-ledger": "1.62.15",
-    "@shapeshiftoss/hdwallet-metamask-multichain": "1.62.15",
-    "@shapeshiftoss/hdwallet-native": "1.62.15",
-    "@shapeshiftoss/hdwallet-portis": "1.62.15",
-    "@shapeshiftoss/hdwallet-trezor": "1.62.15",
-    "@shapeshiftoss/hdwallet-vultisig": "1.62.15",
+    "@shapeshiftoss/hdwallet-core": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey-nodewebusb": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey-tcp": "1.62.16",
+    "@shapeshiftoss/hdwallet-ledger": "1.62.16",
+    "@shapeshiftoss/hdwallet-metamask-multichain": "1.62.16",
+    "@shapeshiftoss/hdwallet-native": "1.62.16",
+    "@shapeshiftoss/hdwallet-portis": "1.62.16",
+    "@shapeshiftoss/hdwallet-trezor": "1.62.16",
+    "@shapeshiftoss/hdwallet-vultisig": "1.62.16",
     "fast-json-stable-stringify": "^2.1.0",
     "msw": "^0.27.1",
     "whatwg-fetch": "^3.6.2"

@@ -1,6 +1,6 @@
 {
   "lerna": "5.2.0",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "npmClient": "yarn",
   "useWorkspaces": true,
   "command": {

@@ -1,6 +1,6 @@
 {
   "name": "@shapeshiftoss/hdwallet-coinbase",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "license": "MIT",
   "publishConfig": {
     "access": "public"
@@ -15,7 +15,7 @@
   },
   "dependencies": {
     "@coinbase/wallet-sdk": "^3.6.6",
-    "@shapeshiftoss/hdwallet-core": "1.62.15",
+    "@shapeshiftoss/hdwallet-core": "1.62.16",
     "eth-rpc-errors": "^4.0.3",
     "lodash": "^4.17.21"
   },

@@ -1,6 +1,6 @@
 {
   "name": "@shapeshiftoss/hdwallet-core",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "license": "MIT",
   "publishConfig": {
     "access": "public"

@@ -1,6 +1,6 @@
 {
   "name": "@shapeshiftoss/hdwallet-gridplus",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "license": "MIT",
   "publishConfig": {
     "access": "public"
@@ -20,7 +20,7 @@
     "@ethereumjs/rlp": "5.0.2",
     "@ethereumjs/tx": "5.4.0",
     "@metamask/eth-sig-util": "^7.0.0",
-    "@shapeshiftoss/hdwallet-core": "1.62.15",
+    "@shapeshiftoss/hdwallet-core": "1.62.16",
     "bech32": "^1.1.4",
     "bs58": "^5.0.0",
     "crypto-js": "^4.2.0",

@@ -2,7 +2,7 @@ import * as core from "@shapeshiftoss/hdwallet-core";
 import { createHash } from "crypto";
 import { Client } from "gridplus-sdk";
 
-import { GridPlusHDWallet } from "./gridplus";
+import { GridPlusHDWallet, SafeCardType } from "./gridplus";
 
 const name = "ShapeShift";
 const baseUrl = "https://signing.gridpl.us";
@@ -20,9 +20,13 @@ export class GridPlusAdapter {
     return new GridPlusAdapter(keyring);
   }
 
-  public async connectDevice(deviceId: string, password = ""): Promise<GridPlusHDWallet | undefined> {
+  public async connectDevice(
+    deviceId: string,
+    expectedActiveWalletId?: string,
+    expectedType?: SafeCardType
+  ): Promise<GridPlusHDWallet | undefined> {
     const privKey = createHash("sha256")
-      .update(deviceId + password + name)
+      .update(deviceId + name)
       .digest();
 
     if (!this.client) {
@@ -34,10 +38,20 @@ export class GridPlusAdapter {
     }
 
     const isPaired = await this.client.connect(deviceId);
-    if (isPaired) return new GridPlusHDWallet(this.client);
+    if (!isPaired) return undefined;
+
+    const wallet = new GridPlusHDWallet(this.client);
+
+    if (expectedActiveWalletId) await wallet.validateActiveWallet(expectedActiveWalletId, expectedType);
+
+    return wallet;
   }
 
-  public async pairDevice(pairingCode: string): Promise<GridPlusHDWallet> {
+  public async pairDevice(pairingCode: string): Promise<{
+    wallet: GridPlusHDWallet;
+    activeWalletId: string;
+    type: SafeCardType;
+  }> {
     if (!this.client) throw new Error("No client connected. Call connectDevice first.");
 
     const success = await this.client.pair(pairingCode);
@@ -46,6 +60,16 @@ export class GridPlusAdapter {
     const wallet = new GridPlusHDWallet(this.client);
     this.keyring.add(wallet, this.client.getDeviceId());
 
-    return wallet;
+    const activeWallet = this.client.getActiveWallet();
+    if (!activeWallet) throw new Error("No active wallet found on device");
+
+    const activeWalletId = activeWallet.uid.toString("hex");
+    const type = activeWallet.external ? "external" : "internal";
+
+    return {
+      wallet,
+      activeWalletId,
+      type,
+    };
   }
 }
@@ -1,6 +1,7 @@
 import * as core from "@shapeshiftoss/hdwallet-core";
 import { Client, Constants } from "gridplus-sdk";
 import isObject from "lodash/isObject";
+import { zeroHash } from "viem";
 
 import * as btc from "./bitcoin";
 import * as cosmos from "./cosmos";
@@ -9,7 +10,9 @@ import * as mayachain from "./mayachain";
 import * as solana from "./solana";
 import * as thorchain from "./thorchain";
 
-const ZERO_BUFFER = Buffer.alloc(32);
+export type SafeCardType = "external" | "internal";
+
+const isSafecardConnected = (uid?: Buffer): boolean => !!uid && `0x${uid.toString("hex")}` !== zeroHash;
 
 export function isGridPlus(wallet: core.HDWallet): wallet is GridPlusHDWallet {
   return isObject(wallet) && (wallet as any)._isGridPlus;
@@ -299,12 +302,19 @@ export class GridPlusHDWallet
   readonly _isGridPlus = true;
 
   client: Client | undefined;
+  private expectedActiveWalletId?: string;
+  private expectedType?: SafeCardType;
 
   constructor(client: Client) {
     super();
     this.client = client;
   }
 
+  public setExpectedActiveWalletId(activeWalletId: string, type?: SafeCardType): void {
+    this.expectedActiveWalletId = activeWalletId;
+    this.expectedType = type;
+  }
+
   async cancel(): Promise<void> {}
   async clearSession(): Promise<void> {}
   async initialize(): Promise<void> {}
@@ -367,8 +377,45 @@ export class GridPlusHDWallet
 
     const { external, internal } = await this.client.fetchActiveWallet();
 
-    if (!external.uid.equals(ZERO_BUFFER)) return external.uid.toString("hex");
-    if (!internal.uid.equals(ZERO_BUFFER)) return internal.uid.toString("hex");
+    if (isSafecardConnected(external.uid)) return external.uid.toString("hex");
+    if (isSafecardConnected(internal.uid)) return internal.uid.toString("hex");
+  }
+
+  /**
+   * Validate that the currently active wallet matches expectations
+   * Throws if expectedActiveWalletId is provided and doesn't match
+   */
+  public async validateActiveWallet(
+    expectedActiveWalletId?: string,
+    expectedType?: SafeCardType
+  ): Promise<{
+    activeWalletId: string;
+    type: SafeCardType;
+  }> {
+    if (!this.client) throw new Error("Device not connected");
+
+    const activeWallets = await this.client.fetchActiveWallet();
+
+    // Determine active wallet type (external SafeCard takes priority)
+    const type: SafeCardType = (() => {
+      if (isSafecardConnected(activeWallets.external?.uid)) return "external";
+      if (isSafecardConnected(activeWallets.internal?.uid)) return "internal";
+
+      throw new Error("No active wallet found on device");
+    })();
+
+    const activeWallet = activeWallets[type];
+    const activeWalletId = activeWallet.uid.toString("hex");
+
+    // Validate against expected activeWalletId if provided
+    if (expectedActiveWalletId && activeWalletId !== expectedActiveWalletId) {
+      if (expectedType === "internal") {
+        throw new Error("Remove inserted SafeCard to access internal GridPlus wallet");
+      }
+      throw new Error("Active SafeCard doesn't match expected SafeCard");
+    }
+
+    return { activeWalletId, type };
   }
 
   async getPublicKeys(msg: Array<core.GetPublicKey>): Promise<Array<core.PublicKey | null>> {
@@ -426,6 +473,9 @@ export class GridPlusHDWallet
 
   async btcSignTx(msg: core.BTCSignTx): Promise<core.BTCSignedTx | null> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return btc.btcSignTx(this.client, msg);
   }
 
@@ -444,16 +494,25 @@ export class GridPlusHDWallet
 
   async ethSignTx(msg: core.ETHSignTx): Promise<core.ETHSignedTx> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return eth.ethSignTx(this.client, msg);
   }
 
   async ethSignTypedData(msg: core.ETHSignTypedData): Promise<core.ETHSignedTypedData> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return eth.ethSignTypedData(this.client, msg);
   }
 
   async ethSignMessage(msg: core.ETHSignMessage): Promise<core.ETHSignedMessage> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return eth.ethSignMessage(this.client, msg);
   }
 
@@ -480,6 +539,9 @@ export class GridPlusHDWallet
 
   async solanaSignTx(msg: core.SolanaSignTx): Promise<core.SolanaSignedTx | null> {
     this.assertSolanaFwSupport();
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return solana.solanaSignTx(this.client, msg);
   }
 
@@ -490,6 +552,9 @@ export class GridPlusHDWallet
 
   async cosmosSignTx(msg: core.CosmosSignTx): Promise<core.CosmosSignedTx | null> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return cosmos.cosmosSignTx(this.client, msg);
   }
 
@@ -500,6 +565,9 @@ export class GridPlusHDWallet
 
   async thorchainSignTx(msg: core.ThorchainSignTx): Promise<core.ThorchainSignedTx | null> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return thorchain.thorchainSignTx(this.client, msg);
   }
 
@@ -510,6 +578,9 @@ export class GridPlusHDWallet
 
   async mayachainSignTx(msg: core.MayachainSignTx): Promise<core.MayachainSignedTx | null> {
     if (!this.client) throw new Error("Device not connected");
+    if (!this.expectedActiveWalletId) throw new Error("Expected SafeCard ID not set");
+
+    await this.validateActiveWallet(this.expectedActiveWalletId, this.expectedType);
     return mayachain.mayachainSignTx(this.client, msg);
   }
 }
@@ -1,6 +1,6 @@
 {
   "name": "@shapeshiftoss/hdwallet-keepkey-chromeusb",
-  "version": "1.62.15",
+  "version": "1.62.16",
   "license": "MIT",
   "publishConfig": {
     "access": "public"
@@ -14,7 +14,7 @@
     "prepublishOnly": "yarn clean && yarn build"
   },
   "dependencies": {
-    "@shapeshiftoss/hdwallet-core": "1.62.15",
-    "@shapeshiftoss/hdwallet-keepkey": "1.62.15"
+    "@shapeshiftoss/hdwallet-core": "1.62.16",
+    "@shapeshiftoss/hdwallet-keepkey": "1.62.16"
   }
 }