Avatar
ODELL 2w ago πŸ’¬ 23

pretty bad jade wallet vulnerability disclosed

https://blog.blockstream.com/jade-security-disclosure/

Reply to this note

Please Login to reply.

Discussion

Avatar
Michael S Wildcard ✨ πŸ˜Άβ€πŸŒ«οΈπŸ—½βš‘ 2w ago

Thank for the info. Best to stay updated.

ed
ede3d957... 2w ago

When will people finally understand that Blockstream has been compromised since the beginning?

Avatar
β–“β–’β–‘[Danielsan256]β–‘β–’β–“ 2w ago

How so?

Avatar
BushRat 2w ago

I'm not saying they are, not agreeing or disagreeing.

But, a lot of th funding for rhe core Dev team comes from blockstream from what I understand.

That alone is suspicious

Avatar
The Daniel πŸ–– 2w ago

Ain’t good.

Avatar
U-P-G-R-A-Y-E-D-D 2w ago

Memory-safe languages FTW

Avatar
CptKook 2w ago

Color me shocked lol

Avatar
CitizenPleb 2w ago

From the Jade Security Disclosure:

The vulnerable code can only be reached on an initialized and unlocked device, where the device was unlocked using the same interface that the RPC is called on. This means a USB-connected device is only vulnerable to USB-RPC calls, and a Bluetooth connected device is only vulnerable to Bluetooth RPC calls. A device that has been temporarily unlocked is only vulnerable on the interface that was chosen when it is unlocked; QR mode is not vulnerable as it does not expose an RPC interface at all.

d2
d293dec8... 2w ago

It is why I tossed out my Passport. The updates to firmware absolutely sucked,

Avatar
Platinum Bear 2w ago πŸ’¬ 1

Why did you toss the passport?

d2
d293dec8... 2w ago

because the micro SD Converter/holder broke in half the 2nd time I tried to use it and I could never figure out how to use the micro SD card to do the software updates. I never could update it. It may have been my favorite device, but the user friendly aspect still was not there.

Avatar
Motosashi 2w ago πŸ’¬ 1

My Jade was such a liability. Ditched it immediately after I realized I could access my coins WITHOUT the device connected

Avatar
Darrel Xero 2w ago

Care to elaborate?

Avatar
Motosashi 2w ago

Jade locked up, wasn’t able to enter my passcode into the device. Opened the green software, entered the pin on the laptop, withdrew all my coins. Jade wasn’t even connected to the laptop

Avatar
StefanBtc 2w ago

If you restored the seedphrase in another wallet that is by design

Avatar
Motosashi 2w ago

lol yeah, never did that

Avatar
β‚Ώ-3PO 2w ago

I noticed Adam posting a few times about updating for security lately. Kind of figured

Avatar
Resonance Cascade The II 2w ago

Adspam Back

Avatar
Chuck Langstrumpf 2w ago

Oh boy, i am so excited about Blockstream products! So looking forward to using liquid as a scaling solution.

Avatar
M-Vil 2w ago

Man, anything Adam Back touches turns to shit!

Avatar
Platinum Bear 2w ago

Ha! I thought BTC had no 3rd party risk. BTC might not have 3rd party but every self custody product is. Every.

nostr:nevent1qqsregttcqf493qedyzm4x382ghfv7z7c6e7s4vmmpu7dzegdxuullsn8pe9h

Avatar
BushRat 2w ago

How long has Bitcoin existed now?

You'd think by name someone would have made a user friendly way to spend /store it that doesn't make you vulnerable to thieves or whatever.

Avatar
BushRat 2w ago

By now.

I don't understand how I wrote name instead of now. The letters aren't even next to each other

Avatar
G1l BRB054.M 2w ago

Putz ! πŸ˜•

79
Duvel 1w ago

Every hardware wallet has this issue at some point. Can your heirs use your hardware wallet in 15 years? They'll need so many firmware updates that the device will probably be unusable. So they'll need to buy a new one, anonymously, if the product still exists or it doesn't have a "feature" that "conveniently" separates your seed into 3 parts and shares it Edith3 different companies, like Ledger did.

Seems something like a SeedSigner is much more future proof and doesn't have firmware vulnerabilities issues.