Trezor (One, Model T) Ledger (Nano S, Nano X, Stax) BitBox02 Blockstream Jade Keystone BitKey
Software wallets using npm: Nunchuk Blockstream Green Muun BlueWallet Phoenix (for on-chain only, not Lightning) Zeus (on-chain) Exodus Tangem
Hardware not affected (no npm reliance): Coldcard SeedSigner Krux Specter DIY Foundation Passport
Desktop software wallets not affected: Sparrow Specter Desktop Electrum Wasabi
Login to reply
Replies (20)
@Frostsnap ??
Got @Branta?
Coldcard and sparrow for the win ๐ช๐ช
View quoted note โ
So if Iโve got a Trezor Model 3 I should be ok then? What is the risk and has anyone actually lost bitcoin?
Coldcard + Sparrow = ๐ฏ
Depends what software you use, but you should be fine as long as you verify the address you are sending to on the device. You should always be doing this anyways.
Why being open source is so important.
Cool, I do that already so nothing to worry about then. Thanks
JavaScript bug enables Wallet hacking. Details to stay safe below.
nevent1qqsvje9a3s9czvvwk9sh5vr62zxng692jggp8ypla74wfyjlpeehj5gpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgt6awg6
Thx for update
Glad to see the most secure money is being secured by hardware wallets using JavaScript. Makes sense to me. SMH.
@BitBox is not affected
How so? Their accompanying app uses NPM as far as I know.
Yeo, convenience has been a major factor in the fiat economy for years.
FYI, Nunchuk is unaffected. Nunchuk does not use Javascript or NPM.


nunchuk_io
Nunchuk apps are NOT vulnerable to the recent NPM security exploit. Our apps are fully native, with no Javascript or NPM dependencies. Thi...
https://nitter.net/BitBoxSwiss/status/1965187227795030044
npm is not the problem, but rather compromised packages that you download via npm. If you have good configuration management with fixed versions, you can quickly find out whether you are affected