pull down to refresh

0 sats \ 5 replies \ @ek 11 Sep \ parent \ on: How to Verify the Impact of the Recent NPM Attack on My Wallets? bitcoin
wdym with "payload might not include exfil"?
if an attacker can sign whatever they want, why wouldn't they drain the wallet?
write
preview
0 sats \ 4 replies \ @adlai 11 Sep
I have not read any of the theft complaints. I have no idea how anything signed leaves the browser.
reply
5 sats \ 3 replies \ @ek 11 Sep
the malware swaps the address. so when you sign without double-checking the address, you're actually signing a tx to the attacker. you're then broadcasting that tx like you would normally. that's how anything signed leaves the browser or wallet.
reply
0 sats \ 2 replies \ @adlai 11 Sep
deleted by author
reply
0 sats \ 1 reply \ @ek 11 Sep
yes, which is what I said because the malware has to swap the address before you sign
reply
0 sats \ 0 replies \ @adlai 11 Sep
the details of my criticism depend on the UX of the target attacked by the payload. by my understanding, if the payload only detects and swaps addresses, then our entire discussion is the real scam, donating our sats to the rest of the community.
reply