Since BIP-32, receive and change addresses have been generated from a single seed, never from outside sources. Hardware wallets verify this.
It's much more likely you'll fall victim to malware that waits until you're on an exchange website, and substitutes the attacker's receive address for the exchange's. You think you're depositing funds in your account, but they vanish instead. This is basically the same attack as fake escrow instructions emailed to people buying a home.
It's much more likely you'll fall victim to malware that waits until you're on an exchange website, and substitutes the attacker's receive address for the exchange's. You think you're depositing funds in your account, but they vanish instead. This is basically the same attack as fake escrow instructions emailed to people buying a home.