[1/π§΅] A MASSIVE attack on the JavaScript ecosystem is currently underway. βΉοΈ
Since JavaScript is at the heart of what we use every day to browse the internet, you MUST be extra vigilant.
Let's take a look at a possible solution for the XRP ecosystem. ππ§΅
Since JavaScript is at the heart of what we use every day to browse the internet, you MUST be extra vigilant.
Let's take a look at a possible solution for the XRP ecosystem. ππ§΅
[2/13] β 1β£ First things first β
Although the entire JavaScript ecosystem is at risk, the malware appears to be targeting only a few blockchain ecosystems, based on the addresses it uses to steal funds:
βΌοΈ At risk π
Although the entire JavaScript ecosystem is at risk, the malware appears to be targeting only a few blockchain ecosystems, based on the addresses it uses to steal funds:
βΌοΈ At risk π
[3/13] β 2β£ First things first β
The reason this is such a big deal is because of the sheer volume of weekly downloads of the maliciously patched packages.
The reason this is such a big deal is because of the sheer volume of weekly downloads of the maliciously patched packages.
[4/13] β 3β£ First things first β
Here's the TL;DR for you as a developer. π
Here's the TL;DR for you as a developer. π
[5/13] β The Malware β
One nasty thing about this malware is that checking the destination address doesn't help this time, unless you're using hardware wallets, because the address gets replaced anyway BEFORE it's signed. βΉοΈ
π You might think you're safe, but you're not.
One nasty thing about this malware is that checking the destination address doesn't help this time, unless you're using hardware wallets, because the address gets replaced anyway BEFORE it's signed. βΉοΈ
π You might think you're safe, but you're not.
[6/13] β 1β£ XRP Ledger / Solution β
Introducing a possible solution for the XRP ecosystem, is a draft that @krisdangerfield and @angell_denis are working on, namely:
πΈ 0086 XLS-86d: Firewall
Introducing a possible solution for the XRP ecosystem, is a draft that @krisdangerfield and @angell_denis are working on, namely:
πΈ 0086 XLS-86d: Firewall
[7/13] β 2β£ XRP Ledger / Solution β
"Firewall" would allow you to configure the following:
πΈ Time-based outgoing transactions
πΈ Value-limited safeguards
And most importantly:
βΌοΈ Creation of a whitelist mechanism
"Firewall" would allow you to configure the following:
πΈ Time-based outgoing transactions
πΈ Value-limited safeguards
And most importantly:
βΌοΈ Creation of a whitelist mechanism
[8/13] β 3β£ XRP Ledger / Solution β
Since the malware doesn't steal PKs, the first two aspects of the "Firewall" are less important.
The whitelist on the other hand, which would've been set up to help you bypass the Firewall restrictions for everyday TXs, would protect you! π₯
Since the malware doesn't steal PKs, the first two aspects of the "Firewall" are less important.
The whitelist on the other hand, which would've been set up to help you bypass the Firewall restrictions for everyday TXs, would protect you! π₯
[9/13] β 1β£ Firewall β
The rationale, as perfectly explained in the draft is that when enabled on an account, it will prevent an attacker from:
πΈ Instantly draining your funds
Provides you with:
πΈ Opportunity to move your XRP to an alternative account
The rationale, as perfectly explained in the draft is that when enabled on an account, it will prevent an attacker from:
πΈ Instantly draining your funds
Provides you with:
πΈ Opportunity to move your XRP to an alternative account
[10/13] β 2β£ Firewall β
This essentially means that even if you would ever sign a transaction to send your funds to wrong addresses, the Firewall would protect you because the address isn't known to your configured whitelist. π«‘
This essentially means that even if you would ever sign a transaction to send your funds to wrong addresses, the Firewall would protect you because the address isn't known to your configured whitelist. π«‘
[11/13] β Summary β
πΈ The JavaScript ecosystem got hijacked
πΈ Don't sign TXs using browser extensions for some time
πΈ Triple-check the destination address on the display of your hardware wallet
πΈ Check out: xrplfirewall.com
πΈ Check out: jdstaerk.substack.com/p/we-just-founβ¦
πΈ The JavaScript ecosystem got hijacked
πΈ Don't sign TXs using browser extensions for some time
πΈ Triple-check the destination address on the display of your hardware wallet
πΈ Check out: xrplfirewall.com
πΈ Check out: jdstaerk.substack.com/p/we-just-founβ¦
[12/13] β Krippenreiter β
I write about DLT and crypto, but primarily about XRP and the XRPL-ecosystem. π₯
If this interests you and you want to learn more, please follow me here:
@krippenreiter
Feel free to contribute by sharing here π
I write about DLT and crypto, but primarily about XRP and the XRPL-ecosystem. π₯
If this interests you and you want to learn more, please follow me here:
@krippenreiter
Feel free to contribute by sharing here π
https://x.com/krippenreiter/status/1965136904661479893
[13/13] β Support & Donate β
@threadreaderapp unroll
β’ β’ β’
Missing some Tweet in this thread? You can try to
force a refresh
γ
