Profile picture
Ruben Somsen ⚡️🇳🅾️2️⃣❎
@SomsenRuben
, 4 tweets, 3 min read Read on Twitter
1/4
Update your @Ledger hardware wallet ASAP if you haven't already! Last month Ledger released v1.5.5, stating that it contained a "critical security fix on the Bitcoin app" ( ledger.fr/2019/01/16/led… ). I wondered how serious it was, and today I found out the answer...😮
2/4
@LappoSergey from @MyceliumCom found the bug, with some help from @LeoWandersleb. He quietly released a blog post detailing the bug, and it's VERY serious.

The Ledger can be fooled into sending away ALL funds from ALL your accounts, with NO warning from the device...🤐
3/4
This is how it can be exploited:
a. The user initiates a payment on malicious software
b. ALL coins get used as inputs
c. The Ledger gets fooled into accepting a malicious change address (this fault behavior is caused by simply leaving the derivation path empty)
...😶
4/4
d. The user confirms the normal looking transaction on the Ledger
e. ALL coins (minus the payment) get sent to the malicious change address🤯

Great work by @LappoSergey, who responsibly disclosed this bug👍 His original write-up can be found here: sergeylappo.github.io/ledger-hack/
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ruben Somsen ⚡️🇳🅾️2️⃣❎
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Delphi Digital
@Delphi_Digital
0/ Using UTXO age dynamics across market cycles, we attempt to time a price bottom for #Bitcoin by understanding when selling pressure from long term holders will wane. Our analysis suggests a likely bottom for $BTC in Q1’19 (see report for detail)
delphidigital.io/utxo
1/ This analysis expands on the key takeaways we provided within the Short Term Outlook of our State of Bitcoin report (released last month). You can view our thread summarizing the report as well as the full report itself here:
2/ The green line represents the % of bitcoin that hasn’t been moved in at least 1 year. Box 1 indicates the period of rapid growth of bitcoin that hasn’t moved in at least a year (hodlers) while box 2 shows the price at which that bitcoin was last moved (people buying the rally)
Read 19 tweets
Profile picture
Nick Hotz
@thisiswhyimhotz
With the same reasoning as a DCF stock valuation model, you can use a discount rate in this model to calculate a valuation at any point in time. Instead of using dividends, one uses transaction fundamentals.

I present the DTF 😏(Discounted Transaction Fundamentals) model.
2/ The dividend discount model (DDM) values a stock as the present value of future dividends.

Vo = Dt/(1+r)^t
3/ Applying the same logic, you can value a (crypto)currency as the present value of velocity and supply-adjusted future transactions.
Read 12 tweets
Profile picture
Christopher Bendiksen
@C_Bendiksen
1/ Last week @CoinSharesCo released our latest report on #bitcoin mining along with a follow-up Medium post detailing some of the economic concepts that drive this industry. As promised, here's part two of my follow up - this post re: bitcoin's energy mix: medium.com/coinshares/bew…
2/ Now that the "death spiral" argument has been thoroughly debunked by @arjunblj, @nic__carter, @matt_odell, @danheld and others (👉 medium.com/coinshares/an-…), I want to focus on the second body of our findings: those around bitcoin's energy use and the sources that power it.
3/ While I am a bit hesitant to even engage with those opposed to the inviolability of liberty and the free market () because we just fundamentally disagree, I still have a few things to say on this matter.
Read 15 tweets
Profile picture
Jake Chervinsky
@jchervinsky
0.0/ ETF FAQ.

My answers to some common questions about the SEC & the approval process for #bitcoin & #crypto ETFs. If you have a question I didn't address, feel free to ask here & I'll add on.

Thread.
1.0/ Q: "Who decides whether to approve or deny an ETF?"

The initial decision is made by SEC staff in the Division of Trading & Markets. If the staff denies an ETF proposal, the ETF sponsor can file an appeal, which will be decided by all of the SEC Commissioners.
2.0/ Q: "What's the process & timeline for the SEC to decide on an ETF?"

When a proposal is filed, the SEC publishes it in the Federal Register (the government's official journal) & solicits comments from the public. It then has 45 days to approve, deny, or delay a decision.
Read 30 tweets
Profile picture
Meltem Demirors
@Melt_Dem
1/ in markets, investor psychology is everything. i shared my thoughts on greed, investor psychology, shitcoin, and market cannibalization at @dezentral_io in berlin and wanted to share some of these ideas here...

option b: skip directly to slides here: slideshare.net/DCGCo/how-to-n…
2/ investors in the crypto ecosystem saw everything go up and to the right. everyone in the market is feeling good, and worth a lot on paper. everyone outside the market is feeling FOMO, and wants in on some juicy returns. the narrative is "blockchain, make me money!"
3/ everyone starts looking for the next #bitcoin, #ethereum, #ripple. people begin to believe that the market will go up and to the right forever, and investors flush with paper returns from the crypto casino rush to multiply their money at the shitcoin roulette wheel.
Read 22 tweets
Profile picture
Cʀʏᴘᴛᴏ & Spaghetti [à la boulish]
@CryptoSpag
Pourquoi avoir une stratégie de cash out?

Il est important tout au long de la montée de vendre vos profits en #bitcoin ou #altcoins dans le but de sécuriser vos gains. Bien qu'on voudrait toujours tout laisser en #crypto, un gains qui n'est pas encaissé n'est PAS un gain.
Premièrement, il faut déterminer des objectifs de ventes pour vos $BTC ou #altcoins (avoir plusieurs prix de ventes) et s'y tenir. Même si la hausse semble vouloir continuer, ne soyez pas gourmand et respectez vos plans. C'est plus facile de perdre que de gagner.
Vos 3 possibilités lors d'un bullrun:
1 - Sécuriser des gains en FIAT.
2 - Déplacer vos profits dans les #alts.
3 - Sécuriser ce que vous voudrez réinvestir en $USDT.

Généralement, je fais les trois.
Read 10 tweets

Trending hashtags

#MakerDAO #StableUSD #humanbehavior #PMR #FA #USDBULL #ChristianMichel #IPO #BLOCKv #United #ERC20 #bitcoin #altcoinsummer #podcast #robots #altcoinwinter #moonphase #ETHLend #TheOnlyDemocracyInTheMiddleEast #vélo #Ethereum #DeepLearning #Kashcycle #Dapper #Bitcoin
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!