This affects some #Bitcoin wallets as well.
List of affected/unaffected wallets below.
#NPM #attack #hack #hacked
Discussion
Ongoing supply chain attack, be careful if you transact onchain.
Thanks nostr:nprofile1qqspnzgrfett3asxcuj0gksje6z2zxzpvgd27uvz58m9vsuqh8zzw6cpr9mhxw309a382emdv9hzumt8w4ujumn9wsargwp58qq3vamnwvaz7tmzv46xztnwdaehgunfdshxxctd9a4sn7 for the clarification 👍
#Bitcoin #NPM #hack #hacked
Electrum for the win!
https://store.blockstream.com/?code=KgD7dk4Ejmt6
Check out the official announcements from Blockstream and Jade:
.
https://x.com/BlockstreamJade/status/1965147418242269232
.
https://x.com/Blockstream/status/1965160059908022319
.
https://x.com/Blockstream/status/1965162320625385897
The Blockstream app and the Jade hardware wallet are NOT affected; the app does not use JavaScript environments or NPM packages. Instead, it is built with Swift (iOS), Kotlin (Android), and C++ with QML (desktop/Qt), completely avoiding this vulnerability that affects packages with billions of downloads and that can swap crypto addresses to steal funds. This means that users' funds remain completely safe.
Jade is the Bitcoin-focused hardware wallet emphasizing transparency and isolation, compatible with apps like Blockstream Green for air-gapped transactions via QR codes.
Fully open-source code/hardware for community auditing, true air-gapped operation (no USB/Bluetooth for signing), and native Liquid network integration for sidechain assets like L-BTC/USDt.
Liquid is a federated Bitcoin sidechain second-layer solution designed for fast and private settlements, using confidential transactions to hide amounts and assets(However, the Blockstream Green Wallet has the option to route using Tor), and enabling the issuance of tokens. Unlike Lightning, it is not focused on instant micropayments, but rather on safer and more efficient movement of larger values.
I know Jade and please don't spam my comments with X and referral links. Thanks
So if I’m using Jade/Keystone with Sparrow and not their native apps, then I’m good?
I suppose you're safe, yes.
You can surely confirm that on their twitter pages.
Now if you're not in a rush, you can also wait 24-48h, get more info and watch the emergency fix being deployed everywhere.
https://store.blockstream.com/?code=KgD7dk4Ejmt6
Check out the official announcements from Blockstream and Jade:
.
https://x.com/BlockstreamJade/status/1965147418242269232
.
https://x.com/Blockstream/status/1965160059908022319
.
https://x.com/Blockstream/status/1965162320625385897
The Blockstream app and the Jade hardware wallet are NOT affected; the app does not use JavaScript environments or NPM packages. Instead, it is built with Swift (iOS), Kotlin (Android), and C++ with QML (desktop/Qt), completely avoiding this vulnerability that affects packages with billions of downloads and that can swap crypto addresses to steal funds. This means that users' funds remain completely safe.
Jade is the Bitcoin-focused hardware wallet emphasizing transparency and isolation, compatible with apps like Blockstream Green for air-gapped transactions via QR codes.
Fully open-source code/hardware for community auditing, true air-gapped operation (no USB/Bluetooth for signing), and native Liquid network integration for sidechain assets like L-BTC/USDt.
Liquid is a federated Bitcoin sidechain second-layer solution designed for fast and private settlements, using confidential transactions to hide amounts and assets(However, the Blockstream Green Wallet has the option to route using Tor), and enabling the issuance of tokens. Unlike Lightning, it is not focused on instant micropayments, but rather on safer and more efficient movement of larger values.