Avatar
Sean 3mo ago πŸ’¬ 28

Trezor (One, Model T) Ledger (Nano S, Nano X, Stax) BitBox02 Blockstream Jade Keystone BitKey

Software wallets using npm: Nunchuk Blockstream Green Muun BlueWallet Phoenix (for on-chain only, not Lightning) Zeus (on-chain) Exodus Tangem

Hardware not affected (no npm reliance): Coldcard SeedSigner Krux Specter DIY Foundation Passport

Desktop software wallets not affected: Sparrow Specter Desktop Electrum Wasabi

nostr:nevent1qqs99vfmsj3akc84g8cgvga337mjyt6lt95vpcznw5aftcdvnve7dkqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygp5jtw584yk5gmlg3qlmqql2putvd2zc0s43ll2jq7tqg9p4a8lm5psgqqqqqqsuqj7l8

Reply to this note

Please Login to reply.

Discussion

Avatar
Dan⚑️ 3mo ago

nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt πŸ‘€

Avatar
Dan⚑️ 3mo ago

nostr:npub1qvphhla9f5dt7xf7phtw43jtjhk8hnexgqn0nc0d9jumpca8ahvq6rlyfw πŸ‘€

Avatar
Slimer 3mo ago

nostr:nprofile1qqsrf5h4ya83jk8u6t9jgc76h6kalz3plp9vusjpm2ygqgalqhxgp9gpzemhxue69uhkzarvv9ejumn0wd68ytnvv9hxgqgkwaehxw309a3xjarrda5kuetj9eek7cmfv9kqs6xl8h

Avatar
Slimer 3mo ago

nostr:nprofile1qqsfy229w70e8lgtxavlz9t78k06yrel6fxyhreteafqet8kfxhhwmgpr9mhxue69uhhqun9d45h2mfwwpexjmtpdshxuet59uq3vamnwvaz7tmjv4kxz7fwwpexjmtpdshxuet5uzhxm7

Avatar
Cody 3mo ago

nostr:nprofile1qqsy3hc9jy28npuqzmc908td6cmx6dtaf36llel2adch6kynwksywecpz9mhxue69uhkummnw3ezuamfdejj7zmelka ??

Avatar
47 3mo ago πŸ’¬ 1

nostr:npub1j8d6h8mzvc8f2fvysrf09nlkmn7m2ylj32zl5na4tm5e8fd5dqysrg26k2 ?

Avatar
nick 3mo ago

Frostsnap app does not use javascript.

Frostsnap firmware is pure nostd rust.

Avatar
47 3mo ago

πŸ«‚

Avatar
TheBitSmith 3mo ago

nostr:npub19canpmsgykwumm43uxmp0l5sernavvnrf87mau9a6xnjfx6ajjhsh9qj29

Avatar
ppatel 3mo ago

you have to find solution that is compatible with your technical ability, but trezor should really discontinue the trezor one. Its demonstrably been unsecure.

Avatar
47 3mo ago

Signing devices and clients should not be made by same people

Avatar
Dexter 3mo ago

So if I’ve got a Trezor Model 3 I should be ok then? What is the risk and has anyone actually lost bitcoin?

Avatar
47 3mo ago

The risk is in your software client by trezor being compromised. And you approving a tx to a malicious address.

Avatar
NotBiebs and 69 others 3mo ago

Depends what software you use, but you should be fine as long as you verify the address you are sending to on the device. You should always be doing this anyways.

Avatar
Dexter 3mo ago

Cool, I do that already so nothing to worry about then. Thanks

Avatar
Junghwan 3mo ago

Coldcard + Sparrow = πŸ’―

00
nicodemus 3mo ago

Why being open source is so important.

Avatar
D'mon 3mo ago

Script kiddies hacked script kiddies.

Sorry state of a hype ...

Avatar
Joseph Hurtado - Founder Granata Consulting 3mo ago

JavaScript bug enables Wallet hacking. Details to stay safe below.

nevent1qqsvje9a3s9czvvwk9sh5vr62zxng692jggp8ypla74wfyjlpeehj5gpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgt6awg6

Avatar
BankSith 3mo ago

Thx for update

Avatar
Platinum Bear 3mo ago

Glad to see the most secure money is being secured by hardware wallets using JavaScript. Makes sense to me. SMH.

Avatar
Sean 3mo ago

Yeo, convenience has been a major factor in the fiat economy for years.

Avatar
Marcelinho 3mo ago

nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt is not affected

Avatar
Sean 3mo ago

How so? Their accompanying app uses NPM as far as I know.

Avatar
Marcelinho 3mo ago

https://nitter.net/BitBoxSwiss/status/1965187227795030044

npm is not the problem, but rather compromised packages that you download via npm. If you have good configuration management with fixed versions, you can quickly find out whether you are affected

Avatar
nunchuk_io 3mo ago

FYI, Nunchuk is unaffected. Nunchuk does not use Javascript or NPM.

https://primal.net/e/nevent1qqs04ag02shk3fw998vlrmp763psj6tne2umq6vctzlwd52vc4wvg6gu3wy3s