pull down to refresh

0 sats \ 1 reply \ @0xbitcoiner OP 14 Dec 2023 \ parent \ on: We have identified and removed a malicious version of the Ledger Connect Kit bitcoin

If it's an inside job, it's very bad. Basically everything could be compromised.

Shouldn't the commits be multi-keyed?

edit: multisig

write
preview
70 sats \ 0 replies \ @nerd2ninja 14 Dec 2023

I don't know how ledger runs their business, but I got a screenshot of a tweet from another chat (twitter user @MatthewLilley) which says

  1. They are loading JS from a CDN
  2. They are not version locking loaded JS
  3. They had their CDN compromised
reply