Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Krippenreiter Profile picture
Krippenreiter
@krippenreiter
πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ | Not financial advice | Perpetual education on all #DLT-related topics | Technician at 🧑 | Linktree: https://t.co/ZjX7oDXuZT

Sep 8, 14 tweets

[1/🧡] A MASSIVE attack on the JavaScript ecosystem is currently underway. ☹️

Since JavaScript is at the heart of what we use every day to browse the internet, you MUST be extra vigilant.

Let's take a look at a possible solution for the XRP ecosystem. πŸ‘‡πŸ§΅

[2/13] β€” 1⃣ First things first β€”

Although the entire JavaScript ecosystem is at risk, the malware appears to be targeting only a few blockchain ecosystems, based on the addresses it uses to steal funds:

‼️ At risk πŸ‘‡

[3/13] β€” 2⃣ First things first β€”

The reason this is such a big deal is because of the sheer volume of weekly downloads of the maliciously patched packages.

[4/13] β€” 3⃣ First things first β€”

Here's the TL;DR for you as a developer. πŸ‘‡

[5/13] β€” The Malware β€”

One nasty thing about this malware is that checking the destination address doesn't help this time, unless you're using hardware wallets, because the address gets replaced anyway BEFORE it's signed. ☹️

πŸ‘‰ You might think you're safe, but you're not.

[6/13] β€” 1⃣ XRP Ledger / Solution β€”

Introducing a possible solution for the XRP ecosystem, is a draft that @krisdangerfield and @angell_denis are working on, namely:

πŸ”Έ 0086 XLS-86d: Firewall

[7/13] β€” 2⃣ XRP Ledger / Solution β€”

"Firewall" would allow you to configure the following:
πŸ”Έ Time-based outgoing transactions
πŸ”Έ Value-limited safeguards

And most importantly:
‼️ Creation of a whitelist mechanism

[8/13] β€” 3⃣ XRP Ledger / Solution β€”

Since the malware doesn't steal PKs, the first two aspects of the "Firewall" are less important.

The whitelist on the other hand, which would've been set up to help you bypass the Firewall restrictions for everyday TXs, would protect you! πŸ”₯

[9/13] β€” 1⃣ Firewall β€”

The rationale, as perfectly explained in the draft is that when enabled on an account, it will prevent an attacker from:
πŸ”Έ Instantly draining your funds

Provides you with:
πŸ”Έ Opportunity to move your XRP to an alternative account

[10/13] β€” 2⃣ Firewall β€”

This essentially means that even if you would ever sign a transaction to send your funds to wrong addresses, the Firewall would protect you because the address isn't known to your configured whitelist. 🫑

[11/13] β€” Summary β€”

πŸ”Έ The JavaScript ecosystem got hijacked
πŸ”Έ Don't sign TXs using browser extensions for some time
πŸ”Έ Triple-check the destination address on the display of your hardware wallet
πŸ”Έ Check out: xrplfirewall.com
πŸ”Έ Check out: jdstaerk.substack.com/p/we-just-foun…

[12/13] β€” Krippenreiter β€”

I write about DLT and crypto, but primarily about XRP and the XRPL-ecosystem. πŸ”₯

If this interests you and you want to learn more, please follow me here:
@krippenreiter

Feel free to contribute by sharing here πŸ‘‡

[13/13] β€” Support & Donate β€”

@threadreaderapp unroll

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling