ChainCatcher message, the Safe team reviewed the security incident mentioned in the post-mortem report of Radiant Capital, noting that the Safe {Wallet} front-end functioned normally, but external devices were compromised during the signing process, allowing hackers to replace transaction data and trick signers into signing malicious transactions.The Safe team believes this incident highlights the risks of blind signing, where users approve transactions without fully viewing the transaction details, especially when using hardware wallets. To address this issue, Safe recommends using multiple signing devices from different vendors (for example, a combination of Ledger and Trezor) and connecting these devices through trusted interfaces to enhance transaction visibility and security.Additionally, Safe is exploring technologies like conditional signing to provide more contextual information without sacrificing security. The Safe team is considering directly calculating the Ledger hash in its interface so that users can verify the hash displayed on the hardware wallet and the interface. The Safe team emphasizes that all parties in the ecosystem need to collaborate to address the blind signing issue and is committed to working with hardware wallet providers and the community to improve transaction and message signing processes.

ChainCatcher message, Cobo co-founder and CEO Shen Yu commented on the theft incident involving Radiant Capital, stating that the measures the industry can currently take against this complex attack are:Project teams and security companies should conduct detailed inspections of high-privilege sensitive contracts, first setting a time lock (even a short time lock of 10 minutes can effectively mitigate attacks), and adding an automated monitoring and alert mechanism.First, obtain and parse the information to be signed from the hardware wallet via the app, providing a temporary mitigation for the blind signing issue of the hardware wallet.Integrate the parsing function for complex transactions within the hardware wallet to enhance transaction transparency and security.

ChainCatcher news, according to official information, the Ethereum wallet Metamask is now compatible with the NGRAVE hardware wallet, allowing users to sync with Metamask through NGRAVE ZERO. The minimum compatible version for the browser extension wallet is v.12.3.0, and the minimum compatible version for the mobile app is v.7.31.1.

ChainCatcher news, the open-source hardware wallet OneKey announced that it will gradually discontinue the current OneKey Card service.The specific discontinuation schedule is as follows:Phase One (September 30, 2024): Users can continue to spend and withdraw normally, while the registration and recharge functions will be discontinued.Phase Two (October 31, 2024): All cards will be automatically deleted by the system, and the balance of the cards will be transferred to the OneKey Card wallet account, which can be withdrawn to an exchange account or Web3 address at any time.Phase Three (January 31, 2025): The OneKey Card service will be stopped.

ChainCatcher news, according to Chainwire, hardware wallet startup Kampela has completed a new round of financing, with participation from a decentralized autonomous organization (DAO) on the Polkadot Network.It is reported that this is a hardware project fully supported by DAOs in the Polkadot ecosystem.

ChainCatcher news, according to CryptoSlate, the Federal Office for Information Security (BSI) in Germany recommends that cryptocurrency users use hardware wallets to protect their digital assets, claiming that hardware wallets are the safest method for storing digital assets, and explaining that these devices can help keep users' private cryptographic keys in offline or "cold" storage.The BSI warns that while exchange-based custody is more convenient, it is easily susceptible to hacking. In contrast, self-custody wallets on mobile phones or personal computers also have significant security vulnerabilities. Given these risks, the BSI recommends using hardware wallets as the best option for protecting cryptocurrencies.

ChainCatcher news, according to Cointelegraph, the latest report shows that security researchers have discovered a new attack mechanism called "Dark Skippy," which hackers can use to extract private keys from Bitcoin hardware wallets that only have two-signature transactions. This vulnerability could affect all hardware wallet models, but it only activates when victims are tricked into downloading malicious firmware.The previous version of "Dark Skippy" required dozens of transactions to be effective, while the new version of "Dark Skippy" can execute with just a few transactions. Additionally, the attack can be carried out even if users rely on separate devices to generate their mnemonic phrases.The disclosure report was published by Lloyd Fournier, Nick Farrow, and Robin Linus. Fournier and Farrow are co-founders of the hardware wallet manufacturer Frostsnap, while Linus is a co-developer of the Bitcoin protocols ZeroSync and BitVM.

ChainCatcher news, Block, the company founded by Jack Dorsey, announced that its crypto hardware wallet Bitkey will integrate MoonPay to support Bitcoin purchases. Its users will be able to buy Bitcoin using fintech solutions such as credit cards, bank transfers, Apple Pay, Google Pay, and PayPal.

ChainCatcher news, according to Cointelegraph, Ledger has begun delivering its new Ledger Stax hardware wallet to customers who pre-ordered over a year ago, 14 months after its originally scheduled release date.On December 6, 2022, at its Web3 developer conference Ledger Op3n, Ledger revealed that it had collaborated with iPod inventor Tony Fadell to develop a new hardware wallet called Ledger Stax. However, the product was not delivered as promised. Stax was originally set to launch in March 2023, but reportedly faced delays due to manufacturing issues. Some community members expressed dissatisfaction on Reddit and questioned the delivery.Now, 14 months after the initial release date, Ledger has finally announced in a press release that it has started shipping to pre-order customers. Ledger's Chief Experience Officer Ian Rogers added, "The extra time has allowed us to ensure that the Ledger Stax operating system is more refined and feature-rich than it would have been at our March 2023 launch."

ChainCatcher message, on-chain detective ZachXBT posted on social media that the X account of hardware wallet manufacturer Trezor has been hacked, posting scam donation information. Users are advised to stay vigilant and protect their assets.

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform, stating that we have received several reports of theft. Everyone must pay attention to this type of risk; hardware wallets purchased from unofficial stores/channels are prone to tampering. If you receive a hardware wallet, at least refer to imKey's recommendations:The PIN code is set by the user; any pre-created PIN code carries a risk of fraud;The new device must be activated upon first use, and a mnemonic phrase must be created and backed up;Conversely, there is a risk of fraud.

ChainCatcher news, according to DL News, Michael Bentley, co-founder of the DeFi lending protocol Euler Finance, revealed that his personal crypto wallet malfunctioned last November, resulting in the loss of the private keys needed to recover the funds.It is reported that Bentley holds approximately 120,000 EUL tokens, accounting for 4.4% of the total token supply, which means he has lost $3.8 million at today's prices.Bentley stated, "I have now lost a significant portion of the crypto assets I held in my cold wallet, which have been accumulated over more than seven years, including most of the EUL tokens allocated to me for participating in Euler governance."

ChainCatcher news, Web3 hardware wallet manufacturer Trezor announced that the Trezor Model T and Trezor Safe 3 hardware wallets now support SOL and SPL tokens.

ChainCatcher news, hardware wallet developer Trezor posted on X that Trezor Model T and Trezor Safe 3 have added support for SOL and all SPL tokens.

ChainCatcher news, the latest version of imToken (2.14.0) supports connecting to the Keystone hardware wallet. After connecting imToken, Keystone users can conveniently manage all EVM-compatible chains, including Ethereum, Polygon, Arbitrum, and Optimism. As an open-source hardware wallet, Keystone stores users' private keys on a dedicated security chip within the device, keeping the private keys offline and never exposed to the internet, thus avoiding the possibility of hackers stealing the private keys. imToken, as a Web3 wallet trusted by millions of users, provides a one-stop service for digital asset purchasing, management, staking, and trading. Users initiate transactions using the imToken wallet and sign transactions through Keystone, with the entire process transmitting data via QR codes to maintain offline security. The combination of imToken and Keystone's hot and cold wallets helps users easily and securely explore the on-chain world.

ChainCatcher message, Blast posted on platform X stating that in response to the black swan event, we will switch one of the multi-signature addresses to an underlying hardware wallet provider within a week. This will ensure that no single type of wallet usage frequency will reach 3/5, thus guaranteeing security even in the event of hardware wallet compromise.

ChainCatcher news, the encrypted hardware wallet manufacturer Ledger has officially launched the Ledger Recover service provided by Coincover today. The subscription for Ledger Recover is not automatic. To subscribe, users must pay the subscription fee and approve the creation of a backup on the Ledger Nano X.