Thread - Nostr Hypermedia

Trezor (One, Model T) Ledger (Nano S, Nano X, Stax) BitBox02 Blockstream Jade Keystone BitKey Software wallets using npm: Nunchuk Blockstream Green Muun BlueWallet Phoenix (for on-chain only, not Lightning) Zeus (on-chain) Exodus Tangem Hardware not affected (no npm reliance): Coldcard SeedSigner Krux Specter DIY Foundation Passport Desktop software wallets not affected: Sparrow Specter Desktop Electrum Wasabi

View quoted note →

Replies (20)

Slimer Slimer@primal.net 5 months ago

@ZEUS

Slimer Slimer@primal.net 5 months ago

@Blockstream

Cody 5 months ago

@Frostsnap ??

1 replies ↓

Satoshi Coffee Co. satscoffee@sats.coffee 5 months ago

Got @Branta?

View quoted note →

Deleted Account 5 months ago

Coldcard and sparrow for the win 💪💪 View quoted note →

2 replies ↓

TheBitSmith jollytiger4@primal.net 5 months ago

@npub19can...qj29

Dexter 5 months ago

So if I’ve got a Trezor Model 3 I should be ok then? What is the risk and has anyone actually lost bitcoin?

2 replies ↓

Junghwan 5 months ago

Coldcard + Sparrow = 💯

NotBiebs and 69 others _@nostrstuff.com 5 months ago

Depends what software you use, but you should be fine as long as you verify the address you are sending to on the device. You should always be doing this anyways.

1 replies ↓

nicodemus 5 months ago

Why being open source is so important.

Dexter 5 months ago

Cool, I do that already so nothing to worry about then. Thanks

npub1q0au...sw5f 5 months ago

JavaScript bug enables Wallet hacking. Details to stay safe below. nevent1qqsvje9a3s9czvvwk9sh5vr62zxng692jggp8ypla74wfyjlpeehj5gpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgt6awg6

BankSith banksith@nostrplebs.com 5 months ago

Thx for update

theplatinumbear 5 months ago

Glad to see the most secure money is being secured by hardware wallets using JavaScript. Makes sense to me. SMH.

1 replies ↓

Marcelinho marcelinho@einundzwanzig.space 5 months ago

@BitBox is not affected

2 replies ↓

Sean 21Sean@primal.net 5 months ago

How so? Their accompanying app uses NPM as far as I know.

1 replies ↓

Sean 21Sean@primal.net 5 months ago

Yeo, convenience has been a major factor in the fiat economy for years.

npub1cvql...yjt3 5 months ago

FYI, Nunchuk is unaffected. Nunchuk does not use Javascript or NPM.

nunchuk_io

Nunchuk apps are NOT vulnerable to the recent NPM security exploit.

Our apps are fully native, with no Javascript or NPM dependencies. Thi...

Sean 21Sean@primal.net 5 months ago

GitHub

GitHub - BitBoxSwiss/bitbox-wallet-app: The BitBoxApp for desktop and mobile.

The BitBoxApp for desktop and mobile. Contribute to BitBoxSwiss/bitbox-wallet-app development by creating an account on GitHub.

Marcelinho marcelinho@einundzwanzig.space 5 months ago

https://nitter.net/BitBoxSwiss/status/1965187227795030044 npm is not the problem, but rather compromised packages that you download via npm. If you have good configuration management with fixed versions, you can quickly find out whether you are affected