Follow

Bug in , which can be a security vulnerability for hardware wallets and similar.
isn't vulnerable itself, but users of Segwit wallets should ensure they upgrade if affected, before *sending* any new transactions.
(The solution is to not use a new technical-internals feature Segwit introduced.)

blog.trezor.io/details-of-firm

The severity of this may be exaggerated:
Since this vulnerability can only be exploited by tricking the user to sign twice, there's a fundamental unfixable attack here anyway:
If they can trick you to sign twice, they can probably also get you to send the full amount twice too.

@kekcoin It shouldn't affect the built-in wallet.

I'm not 100% clear on if it affects the PSBT RPCs, or not.

@lukedashjr Fair enough, I'll check it out to see if they have some kind of announcement.

Sign in to participate in the conversation
Bitcoin Mastodon

Bitcoin Maston Instance