Follow

Bug in , which can be a security vulnerability for hardware wallets and similar.
isn't vulnerable itself, but users of Segwit wallets should ensure they upgrade if affected, before *sending* any new transactions.
(The solution is to not use a new technical-internals feature Segwit introduced.)

blog.trezor.io/details-of-firm

The severity of this may be exaggerated:
Since this vulnerability can only be exploited by tricking the user to sign twice, there's a fundamental unfixable attack here anyway:
If they can trick you to sign twice, they can probably also get you to send the full amount twice too.

Show thread

@kekcoin It shouldn't affect the built-in wallet.

I'm not 100% clear on if it affects the PSBT RPCs, or not.

@lukedashjr I wonder if Ledger's series of hardware is impacted.

@lukedashjr Fair enough, I'll check it out to see if they have some kind of announcement.

Sign in to participate in the conversation
Bitcoin Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!