Link?

Thanks for sharing this analysis.

ByBit’s wallet must’ve felt like a sitting duck once that malicious front end went live. Crazy how much damage a single dev’s compromised machine can do in the right (or wrong) hands.

so use a desktop app instead and verify the signature, do not use browser extension for wallet

But isn't the AWS S3 bucket just for large file storage that the backend interacts with? How can you manipulate the frontend by getting access to that? Plz don't destroy me, I'm currently learning web development.

#asknostr

What I don't understand:

Cryptography in JS is a bad idea, that is why Web Crypto API was build into modern browsers natively.

Couldn't this API be used to verify downloaded JS code (which has to be signed) the same way. Otherwise we can never be sure that the JS crypto code running in the browser is the same that was published in their git repo.

This applies not only Webwallets, but also encrypted mail ...

Disclaimer: I just learned that Web Crypto API exists and Proton mail is utilizing it.

FINALLY!! All the podcasts, all the posts, tweets about all this never made any sense until this write-up. This makes 100% sense now.

TLDR:

* AWS key exploited

* Malicious JS targeted for one by modifying it in the S3 bucket

Thanks nostr:nprofile1qy08wumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wshsz8thwden5te0dehhxarj9e3xjarrda5kuetj9eek7cmfv9kz7qpq7u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrquyd27a ! You connected the dots for me.

Thanks for the scoop!!

Just a matter of time until one of the many centralized "2-layer" from eth get rugged as well. They all secured the same insecure way 😅

Yikes

The last part is not the issue. A Ledger could blind sign Bitcoin hashes too. It can be fixed by Safe developers making a Ledger firmware app that could parse all Safe txs, instead of using the generic Ethereum app. The same thing acinq did for lightning txs. https://x.com/acinq_co/status/1894036594866212894

I am curious which Lazarus campaign compromised the dev. If it was operation dreamjob or something else.

And most importantly ETH shitty design is practically blind signing and the hardware wallet gave a false sense of security.

nostr:nevent1qvzqqqqqqypzpaegm8nwwpyrtrnsjv84efjtp9mhpkvfenvxs487vx8d48y28qgxqqsdk6xjkg66zmzupynl28g2r78nyhchzsx8zy9l8tfhagtft2l0hpgltg3m6

🤙🤙🤙

So much too learn. Damn.

How did the dev's machine get compromised though?

What wallets are not exposed to this type of attack?

This hack reminds me of the audit I did on a Bitcoin custodian a while back.

They had a fancy multisig setup. But the source code for that setup was stored on AWS, and they didn't PGP sign it, let alone verify it.

nostr:nevent1qqsdk6xjkg66zmzupynl28g2r78nyhchzsx8zy9l8tfhagtft2l0hpgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg8h9rv7decysdvwwzfs7h9xfvyhwuxe38xds6z5lescak5u3gupqcpsgqqqqqqsy256fn

Robosats fixes this.

💩

Friends don’t let friends use browser-based wallets.

Was there social engineering in the end or just a compromised/hacked dev machine? Thanks

The first time I had to do multisign on Ethereum using Gnosis Safe with multiple hardware wallets I knew it was complete bullshit. I was running in my browser (full of addons and stuff I don't 100% trust) an app that I cannot easily verify. Then I had to blindinly sign a shitload of transactions on the hardware wallets which I had no idea what it was doing.

I also realize that I had ruin all possible privacy on all my ethereum wallets as now all my address would be connected to each others on-chain and some had ens nft with my name.

By the time I had move some asset to these mutisign contracts but stopped moving the full stack. I then realize that it's not only Gnosis Safe and multisign that was bullshit but the complete Ethereum ecosystem. Over the last 2-3 years I cleaned up all this shit, empty all multisign contracts (but I can never delete them), sold as much tokens I could found on my Ethereum wallets from DeFi experiments and airdrop and start selling the remining ETH, unfortunatelly I was still naive to think that it would pump once again with the bullmarket, reach close to 0.1BTC per ETH or at least 10kUSD per ETH, we are far from both, so I lost a lot of non-realized gain, but learned a lot.

The day I will zero out all my Ethereum wallets will be a huge relive but trace of my activities and link to my identity will be out there forever.

It's not perfect on Bitcoin, but still much better than this shitcoinery. Still always bullish on the future of Bitcoin and see light how to improve it in term of privacy.

FAFO

this story is a good example of ignoring good security practices on every level

Since Casa supports Ethereum, I wonder how its setup will change to take this assessment into account for the security its providing for its users.

I can't imagine it would be great for Casa's reputation if they were to have a big bad ETH hack afterall.

There is something called Subresource Integrity, however that only ensures the files after the HTML haven't been tampered with, so still possible for someone to deploy a malicious version

Also what are they thinking securing so much money with a JS app...

"Hardware wallet doesn't have all contextual information"

What contextual information is that?

Good ole JavaScript 😭

It should be trivially easy for users to serve themselves the UIs for all applications they use.

And when I say, "it should be" I mean I believe in that enough that my company is working on it.

nostr:nevent1qqsdk6xjkg66zmzupynl28g2r78nyhchzsx8zy9l8tfhagtft2l0hpgpzdmhxue69uhhwmm59e6hg7r09ehkuef0qgs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsrqsqqqqqpy5vjzr

Wow, this really highlights how the weakest link in security often isn’t the blockchain itself, but the surrounding infrastructure