Watch out for Blue Wallet for a while. Read this wake-up call of a thread from someone who woke up to an unauthorized transaction out of his wallet this morning. I don't know how he was compromised, but review your self custody setup and make sure you're good. #bitcoin #hack #security #cybersecurity
It's a miracle he recovered his funds via RBF.
Pretty wild ride. Was the Blue Wallet in watch only on the phone the vulnerability? Crazy.
lnbits to blue wallet with small allowance so not shook but def keep eye out
This should not have been possible. Blue Wallet never had his keys and if he never put them online a tx should never have been able to have been signed. Something is missing.
He seemed a bit confused about address and key, he might screwed up some step
Watch-only blie wallet? Impossible its related to BW. Possibly his desktop is compromised.
All I have to say is thank God for air gapped Cold Cards, since the lack of physical connectivity is likely what made the unauthorized transaction hang and not get added to a block. And thank God for Sparrow desktop and its RBF functionality. I’m still kind of bummed that for the time being, I have zero confidence in mobile watch-only wallet functions, because I kind of liked the idea of being able to initiate transactions from desktop OR mobile depending on the situation. Like if I can’t get home to my PC or if my PC packs it in. But it is clear from my story and others’ that the people in charge of the Apple App Store don’t exercise due diligence in ensuring that apps or app updates are legitimate and originating from the software author, or not just outright malicious. I’m switching everything over to Start 9 on a mini PC this week and skipping any mobile interaction with digital assets for a while. Thanks Jay for your input.
