0 sats \ 1 reply \ @0xbitcoiner OP 14 Dec 2023 \ parent \ on: We have identified and removed a malicious version of the Ledger Connect Kit bitcoin
If it's an inside job, it's very bad. Basically everything could be compromised.
Shouldn't the commits be multi-keyed?
edit: multisig
write
preview
70 sats \ 0 replies \ @nerd2ninja 14 Dec 2023
I don't know how ledger runs their business, but I got a screenshot of a tweet from another chat (twitter user @MatthewLilley) which says
  1. They are loading JS from a CDN
  2. They are not version locking loaded JS
  3. They had their CDN compromised
reply