Can This Chinese Chip Steal Your Bitcoin?
Discussion
Blockstream has claimed the Jade is not vulnerable, but would 1) want to see an independent 3rd party verify that claim and 2) if someone is using a Jade probably best to switch to the firmware that disables Bluetooth for now.
Update: seems Blockstream is most likely correct they are not vulnerable because they don’t rely on the ESP32 to do the crypto
Great video anyone using a Jade should watch. Urgency is a red flag so take your time, take a deep breath, don’t panic, and carefully consider, but personally I would not keep using a Jade without switching to the No-Radio firmware.
this is Chinese vendor's response claims...
I highly approve of your example low-entropy private key.
Seems like the ESP32 FUD is .. just FUD.