Nostr Web Client

Trezor (One, Model T) Ledger (Nano S, Nano X, Stax) BitBox02 Blockstream Jade Keystone BitKey

Software wallets using npm: Nunchuk Blockstream Green Muun BlueWallet Phoenix (for on-chain only, not Lightning) Zeus (on-chain) Exodus Tangem

Hardware not affected (no npm reliance): Coldcard SeedSigner Krux Specter DIY Foundation Passport

Desktop software wallets not affected: Sparrow Specter Desktop Electrum Wasabi

nostr:nevent1qqs99vfmsj3akc84g8cgvga337mjyt6lt95vpcznw5aftcdvnve7dkqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygp5jtw584yk5gmlg3qlmqql2putvd2zc0s43ll2jq7tqg9p4a8lm5psgqqqqqqsuqj7l8

Marcelinho 3mo ago

nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt is not affected

Reply to this note

Please Login to reply.

Discussion

Sean 3mo ago

How so? Their accompanying app uses NPM as far as I know.

Marcelinho 3mo ago

https://nitter.net/BitBoxSwiss/status/1965187227795030044

npm is not the problem, but rather compromised packages that you download via npm. If you have good configuration management with fixed versions, you can quickly find out whether you are affected

Sean 3mo ago

https://github.com/BitBoxSwiss/bitbox-wallet-app