Share this page!

ian c rogers Profile picture
Twitter logo
Jan 26 15 tweets 7 min read
1/ We were heartbroken last night over the attack on @kevinrose's wallet. Not only because we felt Kevin’s pain, but because of what it tells us about the state of security across the whole NFT ecosystem.

We would like to share some thoughts on staying safe in this thread 🧵👇
2/ This thread explains the basics of what blind-signing is, how @Ledger is trying to spread adoption of clear-signing as a more secure solution, and how you can help.

Additionally, it covers how to segregate your “vault” and "mint" wallets to avoid mistakes.
3/ First and foremost, what is “blind-signing”?

If a stranger came up to you on the street and asked you to sign a legal document, would you sign it without even reading it?
4/ When you bypass “⚠️ Blind Signing” on your Ledger, – you are signing an IMMUTABLE consent without knowing what it is you are signing! This is how scammers trick you into consenting for something you don’t actually want to sign.

ledger.com/academy/crypto…
5/ But let’s be honest, blind-signing is a daily reality for those of us who are “early” in interacting with Wallet-connected Applications*. This article on Ledger Academy gives you a list of things to double-check when you enable blind-signing.

ledger.com/academy/enable…
6/ Often Wallet-connected Applications require smart contract approvals enabling future interactions w/ your wallet. It’s a powerful mechanism to do complex interactions with the protocol. But it’s equally dangerous. Attackers often leverage these approvals when tricking victims.
7/ Use Revoke.cash to revoke access to any open contracts and approvals you no longer want/need. Revoke all smart contract approvals that you don’t need NOW, and never allow any approvals on your vault wallet.

revoke.cash
8/ Also, put your most valuable assets in a "vault wallet" and use a different wallet, a “mint wallet” when you interact with Wallet-connected Apps. Mint w your mint wallet and NEVER blind sign with your vault wallet!

ledger.com/academy/segreg…
9/ Ledger & partners have started to build dedicated apps for your #Ledger to maximize security when interacting with smart contracts.

The @LIDOFinance, @Paraswap or @1inch applications are already available and many more (@OpenSea, @ArtBlocks_io!) are coming.
10/ We are actively working with App-builders and wallets to increase our clear-signing coverage and make these applications more easily accessible – please ask the apps you use to provide an app for clear-signing on Ledger!

developers.ledger.com/docs/embedded-…
11/ I recently sat down with @P3b7_ to double-click on Ledger’s approach to security. It’s an important discussion about exactly how digital asset security works, how and why no software will ever make your insecure cellphone secure, and much more.

ledger.com/the-ledger-pod…
12/ Finally, we’re working on finalizing the Ledger Browser Extension which adds "Web3 Check", a check for scams and suspicious transactions. #MakeWeb3easy

get-connect.ledger.com
13/ Why do we make these mistakes? Why do we leave approvals on for our collections and why do we blind-sign with our vault wallets? The answer is, “Because we are human.” We all make mistakes. Our job at @Ledger is to make these mistakes much more difficult to make.
14/ Please turn blind-signing OFF on your vault wallet and encourage all apps you use to create a clear-signing plugin!
15/ I hope you found this thread helpful.

If so, Like/Retweet the first tweet below and help keep the community safe(r):

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ian c rogers

ian c rogers Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iancr

ian c rogers Profile picture
Apr 10, 2022
In this episode @punk6529 gives @RaoulGMI an extremely cogent and clear bridge between #BTC #NFTs and the future. 🧵🪡👇
. @punk6529 captures something I’ve been trying in vain to explain: “The market opportunity for selling art and other things online is vastly larger than selling it through a sub-scale retail shop that on average has zero people in it on a Tuesday afternoon.” (aka an Art Gallery)
For example: I own some items which would be valuable on @stockx, but they’re in storage and I rarely think about them. Meanwhile my inbox is full of offers on NFTs I own, regardless of wanting to sell them or not. As a result, their market value is known to me at all times.
Read 10 tweets
ian c rogers Profile picture
Dec 5, 2021
It’s been raining in Paris for days. Yesterday I saw a clearing in the sky, so I headed out for a run. After ten minutes it started raining again. I thought of Prince at the Super Bowl in 2007: “Can you make it rain harder?” 1/23
“RIGHT ON!” I watch this video often, actually. Prince was the greatest performer alive at that moment, with a long career behind him but superpowers intact and on full blast, giving absolutely everything and daring God to try to stop him. I cry every time. 2/23
That day Prince took risks with confidence and his chin in the air. At @Ledger, people often tell us what we are attempting -- scaling fast, building businesses in both hardware and software, and fighting fights on multiple fronts -- is difficult, risky, or both. 3/23
Read 23 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(