Bug in , which can be a security vulnerability for hardware wallets and similar.
isn't vulnerable itself, but users of Segwit wallets should ensure they upgrade if affected, before *sending* any new transactions.
(The solution is to not use a new technical-internals feature Segwit introduced.)

blog.trezor.io/details-of-firm

Follow

The severity of this may be exaggerated:
Since this vulnerability can only be exploited by tricking the user to sign twice, there's a fundamental unfixable attack here anyway:
If they can trick you to sign twice, they can probably also get you to send the full amount twice too.

Sign in to participate in the conversation
Bitcoin Mastodon

Bitcoin Maston Instance