ChainCatcher message, Slow Mist Yu Xian forwarded a security case about hardware wallet usage on platform X: "A user stored BTC in a hardware wallet thinking it was safe, but after a few years, when they took it out, they found the battery had swollen and it was unusable. They found the same model wallet and went to Huaqiangbei to replace the battery, only to discover that the wallet had been initialized and there was no backup, resulting in a permanent loss. This serves as a reminder that if you use a hardware wallet, you must also ensure proper backups. If you need to repair a hardware wallet, make sure to find a professional hardware team."Yu Xian commented on this: "After a few years, the battery has swollen and the wallet has been initialized? Which hardware wallet is this? We need to avoid it... If there is a mnemonic backup, it can be tolerated... But without a backup, it's really..."

ChainCatcher message, Slow Mist's Yu Xian disclosed that the phishing technique of poisoning addresses with similar starting and ending numbers is still widespread, severely impacting the security infrastructure of the blockchain industry.Yu Xian pointed out that this type of poisoning targeting wallet transaction history mainly involves various techniques, including fake token contract codes emitting false event logs to deceive block explorers and wallets, as well as using zero-amount transfer event logs to arbitrarily fill in addresses in the from/to fields. These techniques can mislead users into believing that the transactions are from their own actions. Other common techniques include sending small amounts of funds from source addresses with the same starting and ending characters, combining clipboard hijacking technology, and impersonating well-known decentralized exchanges to output false event logs.Yu Xian recommends that users make good use of wallet whitelisting mechanisms, carefully verify complete addresses, and combine well-known hardware wallets for dual verification as defensive measures.Previously reported, two addresses suffered "transaction history pollution attacks" in the past 14 hours, resulting in a total loss of over $140,000.

ChainCatcher message, Slow Mist's Yu Xian posted on platform X stating that if you are still using Safe multi-signature or other multi-signatures (regardless of the technical model), you need to pay attention to the following points:All signature steps must be verifiable. If a technically knowledgeable friend struggles for a long time and cannot verify, you should default to suspicion.Since you are using multi-signature, if it can be paired with a hardware wallet, especially one that can effectively handle complex signature parsing and alert you to signature anomalies, it is best to use them together.The security mindset is to never trust a single party; there is always a risk of a single point of failure, so it is best to have multiple verifications.

ChainCatcher message, Binance co-founder Zhao Changpeng posted on X platform revealing the Trust Wallet upgrade update, which mainly includes: support for XRP Ledger and Snoic blockchain, upgrade of Bitcoin Swap, ETH hardware wallet, CA search.In addition, Zhao Changpeng also disclosed that the current Trust Wallet download count has reached 197 million times.

ChainCatcher news, according to French media @LeFildInfo on X, Eric Larcheveque, the founder of the French cryptocurrency hardware wallet Ledger, may have been kidnapped, with the kidnappers demanding a ransom in Bitcoin.Currently, the French police and the National Gendarmerie Intervention Group (GIGN) are investigating in the Vienne region of France. The kidnapping occurred in the small town of Mairé, where Eric Larcheveque owns a mansion.

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform: "Be careful, the official X account of the hardware wallet Keystone has been hacked, be cautious of any information posted (including direct messages), don't get phished."

ChainCatcher news, according to Slow Mist founder Yu Xian, the official X account of the hardware wallet Keystone has been hacked, and users should pay attention to related security.

ChainCatcher message, the Safe team reviewed the security incident mentioned in the post-mortem report of Radiant Capital, noting that the Safe {Wallet} front-end functioned normally, but external devices were compromised during the signing process, allowing hackers to replace transaction data and trick signers into signing malicious transactions.The Safe team believes this incident highlights the risks of blind signing, where users approve transactions without fully viewing the transaction details, especially when using hardware wallets. To address this issue, Safe recommends using multiple signing devices from different vendors (for example, a combination of Ledger and Trezor) and connecting these devices through trusted interfaces to enhance transaction visibility and security.Additionally, Safe is exploring technologies like conditional signing to provide more contextual information without sacrificing security. The Safe team is considering directly calculating the Ledger hash in its interface so that users can verify the hash displayed on the hardware wallet and the interface. The Safe team emphasizes that all parties in the ecosystem need to collaborate to address the blind signing issue and is committed to working with hardware wallet providers and the community to improve transaction and message signing processes.

ChainCatcher message, Cobo co-founder and CEO Shen Yu commented on the theft incident involving Radiant Capital, stating that the measures the industry can currently take against this complex attack are:Project teams and security companies should conduct detailed inspections of high-privilege sensitive contracts, first setting a time lock (even a short time lock of 10 minutes can effectively mitigate attacks), and adding an automated monitoring and alert mechanism.First, obtain and parse the information to be signed from the hardware wallet via the app, providing a temporary mitigation for the blind signing issue of the hardware wallet.Integrate the parsing function for complex transactions within the hardware wallet to enhance transaction transparency and security.

ChainCatcher news, according to official information, the Ethereum wallet Metamask is now compatible with the NGRAVE hardware wallet, allowing users to sync with Metamask through NGRAVE ZERO. The minimum compatible version for the browser extension wallet is v.12.3.0, and the minimum compatible version for the mobile app is v.7.31.1.

ChainCatcher news, the open-source hardware wallet OneKey announced that it will gradually discontinue the current OneKey Card service.The specific discontinuation schedule is as follows:Phase One (September 30, 2024): Users can continue to spend and withdraw normally, while the registration and recharge functions will be discontinued.Phase Two (October 31, 2024): All cards will be automatically deleted by the system, and the balance of the cards will be transferred to the OneKey Card wallet account, which can be withdrawn to an exchange account or Web3 address at any time.Phase Three (January 31, 2025): The OneKey Card service will be stopped.

ChainCatcher news, according to Chainwire, hardware wallet startup Kampela has completed a new round of financing, with participation from a decentralized autonomous organization (DAO) on the Polkadot Network.It is reported that this is a hardware project fully supported by DAOs in the Polkadot ecosystem.

ChainCatcher news, according to CryptoSlate, the Federal Office for Information Security (BSI) in Germany recommends that cryptocurrency users use hardware wallets to protect their digital assets, claiming that hardware wallets are the safest method for storing digital assets, and explaining that these devices can help keep users' private cryptographic keys in offline or "cold" storage.The BSI warns that while exchange-based custody is more convenient, it is easily susceptible to hacking. In contrast, self-custody wallets on mobile phones or personal computers also have significant security vulnerabilities. Given these risks, the BSI recommends using hardware wallets as the best option for protecting cryptocurrencies.

ChainCatcher news, according to Cointelegraph, the latest report shows that security researchers have discovered a new attack mechanism called "Dark Skippy," which hackers can use to extract private keys from Bitcoin hardware wallets that only have two-signature transactions. This vulnerability could affect all hardware wallet models, but it only activates when victims are tricked into downloading malicious firmware.The previous version of "Dark Skippy" required dozens of transactions to be effective, while the new version of "Dark Skippy" can execute with just a few transactions. Additionally, the attack can be carried out even if users rely on separate devices to generate their mnemonic phrases.The disclosure report was published by Lloyd Fournier, Nick Farrow, and Robin Linus. Fournier and Farrow are co-founders of the hardware wallet manufacturer Frostsnap, while Linus is a co-developer of the Bitcoin protocols ZeroSync and BitVM.

ChainCatcher news, Block, the company founded by Jack Dorsey, announced that its crypto hardware wallet Bitkey will integrate MoonPay to support Bitcoin purchases. Its users will be able to buy Bitcoin using fintech solutions such as credit cards, bank transfers, Apple Pay, Google Pay, and PayPal.

ChainCatcher news, according to Cointelegraph, Ledger has begun delivering its new Ledger Stax hardware wallet to customers who pre-ordered over a year ago, 14 months after its originally scheduled release date.On December 6, 2022, at its Web3 developer conference Ledger Op3n, Ledger revealed that it had collaborated with iPod inventor Tony Fadell to develop a new hardware wallet called Ledger Stax. However, the product was not delivered as promised. Stax was originally set to launch in March 2023, but reportedly faced delays due to manufacturing issues. Some community members expressed dissatisfaction on Reddit and questioned the delivery.Now, 14 months after the initial release date, Ledger has finally announced in a press release that it has started shipping to pre-order customers. Ledger's Chief Experience Officer Ian Rogers added, "The extra time has allowed us to ensure that the Ledger Stax operating system is more refined and feature-rich than it would have been at our March 2023 launch."

ChainCatcher message, on-chain detective ZachXBT posted on social media that the X account of hardware wallet manufacturer Trezor has been hacked, posting scam donation information. Users are advised to stay vigilant and protect their assets.

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform, stating that we have received several reports of theft. Everyone must pay attention to this type of risk; hardware wallets purchased from unofficial stores/channels are prone to tampering. If you receive a hardware wallet, at least refer to imKey's recommendations:The PIN code is set by the user; any pre-created PIN code carries a risk of fraud;The new device must be activated upon first use, and a mnemonic phrase must be created and backed up;Conversely, there is a risk of fraud.

ChainCatcher news, according to DL News, Michael Bentley, co-founder of the DeFi lending protocol Euler Finance, revealed that his personal crypto wallet malfunctioned last November, resulting in the loss of the private keys needed to recover the funds.It is reported that Bentley holds approximately 120,000 EUL tokens, accounting for 4.4% of the total token supply, which means he has lost $3.8 million at today's prices.Bentley stated, "I have now lost a significant portion of the crypto assets I held in my cold wallet, which have been accumulated over more than seven years, including most of the EUL tokens allocated to me for participating in Euler governance."