We have identified and removed a malicious version of the Ledger Connect Kittwitter.com/Ledger/status/1735291427100455293
1906 sats \ 16 comments \ @0xbitcoiner 14 Dec 2023 bitcoin
write
preview
related posts
62 sats \ 0 replies \ @BitByBit21 14 Dec 2023
reply
31 sats \ 0 replies \ @ryu 14 Dec 2023
Ledger is a fucking joke at this point.
reply
21 sats \ 1 reply \ @orthwyrm 14 Dec 2023
So many red flags from this company.
reply
0 sats \ 0 replies \ @orthwyrm 14 Dec 2023
ELI5 of the issue from ChatGPT:
reply
73 sats \ 1 reply \ @Rsync25 14 Dec 2023
Someone use Ledger in 2023?
reply
0 sats \ 0 replies \ @fixthemoneyfixtheworld 14 Dec 2023
deleted by author
reply
10 sats \ 0 replies \ @02dc6a50c1 14 Dec 2023
deleted by author
reply
10 sats \ 2 replies \ @WeAreAllSatoshi 14 Dec 2023
What are dApps?
reply
41 sats \ 1 reply \ @nemo 14 Dec 2023
deleted by author
reply
0 sats \ 0 replies \ @ek 14 Dec 2023
so you're saying, these apps died out before they even became a thing? lol
reply
10 sats \ 0 replies \ @faithandcredit 14 Dec 2023
We are not smart enough for things like this. Crypto is too advanced, its a bridge too far.
reply
10 sats \ 3 replies \ @ladyluck 14 Dec 2023
Was the malicious version inserted in the kit by an employer?
reply
31 sats \ 2 replies \ @nerd2ninja 14 Dec 2023
Insider threat babyyyyy
Or ledger the company got hacked somewhere that allowed the attacker to push this malicious update. Hard to know without ledger (or the attacker lel) telling us.
reply
0 sats \ 1 reply \ @0xbitcoiner OP 14 Dec 2023
If it's an inside job, it's very bad. Basically everything could be compromised.
Shouldn't the commits be multi-keyed?
edit: multisig
reply
70 sats \ 0 replies \ @nerd2ninja 14 Dec 2023
I don't know how ledger runs their business, but I got a screenshot of a tweet from another chat (twitter user @MatthewLilley) which says
  1. They are loading JS from a CDN
  2. They are not version locking loaded JS
  3. They had their CDN compromised
reply
0 sats \ 0 replies \ @nitter 14 Dec 2023
Twitter2Nitter
Clearnet: nitter.net | nitter.it | nitter.cz | nitter.at | nitter.unixfox.eu | nitter.poast.org | nitter.privacydev.net | nitter.d420.de | nitter.sethforprivacy.com | nitter.nicfab.eu | bird.habedieeh.re | nitter.salastil.com | nt.ggtyler.dev
Tor: nitter7bryz3..q553qd.onion | 26oq3gioiwcm..b4wwid.onion | vfaomgh4jxph..dauqad.onion | nitraeju2mip..evvuqd.onion | codeine3hsqn..brdqqd.onion
I2P: axd6uavsstsr..zf4q.b32.i2p | u6ikd6zndl3c..n2qa.b32.i2p | gseczlzmiv23..aoua.b32.i2p | tm4rwkeysv3z..4weq.b32.i2p | vernzdedoxuf..agva.b32.i2p
Lokinet: nitter.priv.loki/
Nitter is a free and open source alternative Twitter front-end focused on privacy and performance. Click here for more information.
reply