Luke Dashjr's avatar
Luke Dashjr luke_nostr@dashjr.org 5 months ago
PSA: There is a supply chain attack on Bitcoin wallets going on. HARDWARE WALLETS AND SIGNAL MAY BE AFFECTED. READ FURTHER. I have not studied the full scope of this attack yet, but from what I hear, it can impact websites/webapps (including "local" webapps like Signal Desktop) and cause them to display a thief's address instead of the intended one. This means hardware wallets will correctly display the actual send-to address, but you the human may compare the address to one that has already been replaced! Regardless of what wallet you use, verify the address you are sending to without trusting a computer. Call your recipient and verify verbally.

Replies (13)

Default avatar
oooooo 5 months ago
what is harder? pagers in Lebanon or every kyc'd bitcoiner's "wallet"? asking for a friend
Fotoart's avatar
Fotoart 5 months ago
So easy to just check the last few digits.
Fotoart's avatar
Fotoart 5 months ago
I should clarify, with this attack, now it's worth checking the whole thing. Probably will do that forever now 💪
mobiusmoe's avatar
mobiusmoe mobius@nostraddress.com 5 months ago
Is there any way to make a utility to make it easier to verbally verify swnd-to addresses? Might not matter in the world of deep fakes ...