I bypassed an MK3 security feature which prevented needing 100% trust in the SE, not serious by itself..
However, when paired with a second attack on the SE it allowed for seed extraction if an attacker steals your wallet
Video below👇
Hardware wallets are 100x safer than using only a PC. Don’t stop using your HWW, it is very safe. Just be aware it is not invincible. Choose a good passphrase and be cautious and provide physical protection of your HWW as best you can.
Please ask any questions you have!
Jun 8, 2020 • 11 tweets • 3 min read
⚠️BIP143 HW Wallet attack explained ⚠️
1/ Read this if you are confused how the recent BIP143 bug allows attackers to steal your #Bitcoin. The attack is very real and not just for miners. Everyday users should be very careful and upgrade their HWW firmware when available. 👇
2/ BIP143-SegwitV0 provides a different way to sign tx inputs. It requires sending much less data to the HWW to sign. Changing anything signed makes the input and tx invalid. Each tx input gets its own signature that commits to all input and output hashes.