Pinned
Charles Guillemet
4,939 posts
Charles Guillemet
@P3b7_
CTO at @ledger. Busy securing the blockchain revolution. Cryptography, (Hw) Security, Tech, Blockchain.
Previously built the Donjon (@DonjonLedger)
šØ Thereās a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works- Update on the NPM attack: The attack fortunately failed, with almost no victims.š It began with a phishing email from a fake npm support domain that stole credentials and gave attackers access to publish malicious package updates. The injected code targeted web crypto activity,
šØ Thereās a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works - Yesterday, 80,000 BTC (worth roughly $8 billion) were moved on-chain. These coins date back to 2011, before the BIP39 standard existed. Back then, private keys were managed individually per address, with no hardware wallet support (even today). This suggests the keys were stored
- Monero appears to be in the midst of a successful 51% attack. The privacy-focused blockchain, launched in 2014 and long targeted by governments and 3-letters agencies, is already banned from most major centralized exchanges. The Qubic mining pool has been amassing hashrate for
- šØI'm excited to announce a huge technical milestone in @Ledgerās mission to simplify self-custody. Ledger Recovery Keyāa PIN-protected physical card enabling storage & recovery of your 24 words with just a few taps. No KYC, no subscription fee, just peace of mind: šš§µ
- Replying to @P3b7_If you use a Ledger or hardware wallet with clear signing, you are not at risk. My tweet above is warning people who do not use a hardware wallet with clear signing of the risk. Always review every transaction before you sign.
- How on earth is it a good idea to dump 80,000 BTC on the spot market? Why not use an OTC deal or break it up into several smaller trades? The slippage alone cost over $200 million!
JUST IN: Galaxy Digital announced it executed one of the largest notional bitcoin transactions in history, selling over 80,000 bitcoin worth more than $9 billion š¤Æ - Imagine every letter you send is opened and read by a government agent. Imagine having to prove your identity before you're allowed to open a book. Crazy, right?
- Ledgerās mission is, and will always be, to provide our users with the right tools to own their digital value securely. We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do. A thread š§µ
- š Your Ledger Nano S still works, and the Ledger Nano S Plus remains fully supported. The Nano S had an incredible run, it was officially retired in 2022. Since then, weāve been gradually phasing out its full support. š§µ
- At @Ledger, you might know that we have the @DonjonLedger, our dedicated team constantly conducting open security research. We recently worked with Trezor, revealing that their Trezor Safe 3 was susceptible to physical supply chain attacks. Here's a thread on our findings:š§µ
- ā ļø Our white hat team, the @DonjonLedger, discovered a flaw in Tangem cards that makes brute force attacks possible. As always, the Donjon followed responsible disclosure to inform Tangem, user protection is our priority. We can now reveal our findings in full: š§µš
