Leo of the Brothership

20.5K posts

Leo of the Brothership banner
Leo of the Brothership

Leo of the Brothership

@BrothershipPool

Founder @LNLLabs , CTO @genwealth_app , Dev @keyPactWallet , Voting Member of TSC @IntersectMBO drep1ytw5tvdxpe39l9gm3g49gl0whwd2dgu4mcf5ml5z3zfuk3s8npegv

Cyprus Katılım Ocak 2020
693 Takip Edilen2.2K Takipçiler
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
an encripted :Linux on a stick: with all networking disabled gets even better security for 20$.... But the user functionality is horrible and I only use it for the biggest most important work, HW wallets are excellent if you are aware and conservative with firmware updates. Even software wallets are fine for low-value usecases, everything has its proper place in the hierarchy of security vs usability.
English
0
0
1
82
Ian McLoughlin 🛡️ 🇬🇧 🇹🇭
Yep, 💯! Commercial HW wallets are a massive honey pot;leaked databases hand hackers a roadmap to your door. Closed-source firmware breaks trust. A cheap stripped down Linux machine running entirely air-gapped wins on pure architecture. No telemetry, no backdoors, total control.
Mike Hornan ⚜️🇨🇦|ABLE| pool SPO@Hornan7

Yes, yes, yes, and fking yes. This here, as described by @phil_uplc, is one of the most reliable and safest method, and I strongly recommend you guys use it for everything Cardano-related. Here is a nice tutorial to start with: developers.cardano.org/docs/operators…

English
2
2
15
1.3K
$cerkoryn | dRep
$cerkoryn | dRep@Cerkoryn·
1.8% to go. Victory is within arm's reach. It's been a long road. Time for a couple weeks' deload before the final stretch.
$cerkoryn | dRep tweet media
English
16
1
51
2.6K
Joker
Joker@illimitable_HSP·
So apparently @Ledger and it's security researchers support the exploitation of user funds crazy!! @P3b7_
Charles Guillemet@P3b7_

After the signing bug exposed users' keys, attackers drained wallets. Then SecondFi swept the rest itself into a custodian and called it a rescue. We have seen exit scams, exchange seizures, protocols clawing funds back. A self custody wallet provider moving live customer funds with the users' own leaked keys, framed as protection, is a new shape. First time at this scale, to my knowledge. The hard part now is refunding. Once a key can be rebuilt from a public signature, the key identifies no one: owner, attacker, and chain scraper all hold it. So "sign to prove ownership" is dead here. A scammer signs as well as the victim. And some users may have self drained to a fresh wallet, then queued for a refund anyway. The one secret that survived is the seed. Derivation is one way: the leak exposed a derived key, not the 24 words, and you cannot climb back to them. Only the real owner knows the seed. So prove the seed, not the key, in zero knowledge. The user proves "I know a seed that derives to this address" without revealing it: the circuit recomputes mnemonic to seed to keys to address, and outputs a proof the verifier checks in milliseconds. The seed never leaves the device. A scammer with only the key cannot produce it. One honest limit: this proves ownership, not loss. A self drainer passes too. So refunds still need on chain accounting, what actually left each address, netted against what the owner already recovered. Proof plus accounting. Cryptography or human judgment. Human judgment is slow, gameable, and exactly the trust you tried to remove. The bug turned every signature into a key disclosure. The fix should turn every claim into a proof. Stay safe.

English
1
0
1
326
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
It is not, we have NO reason to believe it is, a theory was floating about hackers monitoring the mempool and front running your transaction after seeing the weak signature, but we have seen 0 evidence of that. I maintain that the " Do not restore" advice broadcasted into the ecosystem is criminal! Also it is not only a transactions, all signatures including CIP-8, So if you even used @secondfiapp is anyway over the last month you could be compromised
English
2
0
6
182
Tx
Tx@io_tilia·
@BrothershipPool Help me understand this: 1. To make a wallet vulnerable you had to sign a tx in SecondFi 2. Once you signed a tx the wallet was not safe anymore Why would sending assets from that wallet then be "more dangerous" than doing nothing?
English
1
0
3
246
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
Blaming the researchers for making the exploit details public is weak sauce, the exploit would have been discovered by hackers anyway, letting people know so that they can protect them self's is the right move. deeply disappointed in how we as an ecosystem have handled this!
English
1
0
13
350
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
The only source of inflation is monetary expansion. Everything else you will find collapses to 0 when you try to study and quantify it. It is not the Rich people's fault we are sending waves of cash to them, they are not the one to cause it. The free market is dead because of government interventions not on the existence of established rich... Capitalism will make us all "rich" the numbers are clear on that, the corporatism that is masquerading as socialism (promising equality and delivering market control) is what is ruining the Free market.
English
0
0
0
9
Philippe le Long
Philippe le Long@PhilippeVleLong·
@BrothershipPool @Cerkoryn Besides bad monetary policies, the rich contribute to inflation since they can pay for anything. GDP growth is almost completely decoupled from wage growth, especially in the US. There is no free market if half the population is just one health issue away from getting bankrupt.
English
2
0
0
32
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
Inflammation increases the cost of assets at a much faster rate that it increases salaries. It's very simple math, the job market (especially the lower tiers) is very slow to adjust to higher liquidity, the asset market on the other hand is almost instant, that means that the more inflation you have the more disproportionately people that relay of salaries are impacted, the mega rich that are 100% asset based get almost all the inflation gains and the ultra poor that live paycheck to paycheck get all the inflammation cost.
English
1
0
0
28
Philippe le Long
Philippe le Long@PhilippeVleLong·
@BrothershipPool @Cerkoryn How is government spending responsible for the pathetic wages? Don't get me wrong, there are many things to improve, including government spending. But that's not the topic here. Without wealth tax, the money keeps trickling up, that's a proven fact. Poor people aren't free.
English
2
0
0
27
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
@PhilippeVleLong @Cerkoryn Inflation and government spending is to blame for that not some imaginary cabal of ultra rich, allowing the government more funding and more control over the economy is going to make this worse, it like recommending cocaine to treat insomnia
English
2
0
1
36
Philippe le Long
Philippe le Long@PhilippeVleLong·
@Cerkoryn @BrothershipPool This is what they want you to believe, while they are getting richer and richer every year and the poor and middle class keep getting poorer. Current America is proof that this variant of capitalism does not work for the majority of people.
English
1
0
0
21
Philippe le Long
Philippe le Long@PhilippeVleLong·
@BrothershipPool @Cerkoryn Again, I'm talking about the ultra rich, not middle class folks saving up for retirement. I'll spell it out again, with 499 million, you are closer to being broke than being a billionaire.
English
2
0
0
16
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
@PhilippeVleLong @Cerkoryn 1% wealth tax is enormous. The fact that it is a wealth tax makes it so you need ~35% more to be able and retire with the same quality of life, assuming a safe return of ~4% The intention is to stop hyper productive wealthy people but as always it will harm the poor more.
English
2
0
1
44
Philippe le Long
Philippe le Long@PhilippeVleLong·
@Cerkoryn I'm not hating people with money and I don't want to strip them of it. Ultra rich couldn't care less if they had to pay 1% of wealth tax.
English
1
0
0
35
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
@JaromirTesar The details have been made public. EMURGO tried to re-write their crypto libraries (Big no no in Software development) And completely destroyed the Ed25519 security properties, any signature created with @secondfiapp leaked the private key x.com/P3b7_/status/2…
Charles Guillemet@P3b7_

🚨SecondFi: more than $20M stolen, or taken hostage - When the nonce is predictable, the key is public. Last Tuesday, SecondFi wallets were drained at scale. Users were doing nothing exotic, just signing transactions like any other day. Then the funds were gone. ▶️What happened. Two waves. First, external attackers drained wallets: ~16M ADA plus NFTs, around $2.5M. Then a much larger move: ~129M ADA, around $20M, swept by SecondFi itself to a third party custodian, "to keep it safe." Users were robbed by attackers, and users were swept by the platform!! ▶️The bug. Every signature scheme in this family uses a per signature secret number, the nonce. The one rule: it must be secret and unpredictable. EdDSA (Ed25519, what Cardano uses) makes it deterministic on purpose, derived from the private key and the message together. Deterministic, but secret. The secret input is the whole point. SecondFi's implementation derived it from public data alone. The nonce stopped being secret. Public in, public out. ▶️Why it is fatal. Call it what it is: worse than nonce reuse. Reuse needs two signatures from the same key to recover it. Here the nonce can be recomputed by anyone from data already on chain, so a single signature is enough to reconstruct the private key. Every transaction a user ever signed is a public disclosure of their key. I pulled signatures off chain and rebuilt the keys to confirm. One signature, every time. The chain was not attacked. It was read. ▶️The "rescue." The second wave was the platform sweeping ~129M ADA to a custodian, framed as protection. The fix for "your keys are cryptographically exposed" was "trust us to give it back." A cryptographic failure patched with a social promise. "We will return the funds" is not "we are cryptographically incapable of keeping them." The incident did not create that gap. It made it visible. ▶️The ownership trap. Once a key is publicly reconstructible, holding it proves nothing. Attacker, custodian, original user: three parties, same cryptographic claim. So how does a real owner prove it? The elegant exit is a zero knowledge proof of knowledge of the 24 words, the seed, without revealing it. Knowledge of the mnemonic is the one thing a chain scraper does not have. Prove the preimage, not the key. ▶️ How did it get in? Honest mistake, or planted? Dropping a single secret input from the nonce is a tiny change. Exactly what a tired engineer ships, and exactly what a supply chain or insider attacker plants, because it is deniable and pays out silently to whoever reads the chain. I do not know which one this was. The commit history will tell. Cryptography does not care about good intentions. It enforces what you built. SecondFi built a scheme where the nonce was predictable, so the keys were public, so the funds were anyone's. The rest is just who read the chain first. Stay safe. -- (obv, Ledger users are not affected. Nonce and signatures are computed inside the secure element)

English
2
0
10
490
Cardano YOD₳
Cardano YOD₳@JaromirTesar·
EMURGO and SecondFi should publish a full technical post-mortem on the drained wallets. Based on what is publicly available, this does not look like a classic seed leak. In my view, it looks more like an address/private-key compromise caused by a faulty transaction signer. More precisely, the issue appears to be faulty deterministic nonce derivation in the signing process. A nonce is a “number used once.” It is a temporary value used during the signing process. It must be generated correctly, because it helps protect the private key. Ed25519, a digital signature algorithm, normally derives the nonce deterministically from secret material and the message. If the secret prefix is ​​missing or mishandled, the nonce can become predictable from public data, which can allow recovery of the private signing scalar from the signature. A seed phrase is the root. From it, wallets derive many keys: payment keys, stake keys, change-address keys, etc. If my understanding is correct, the attacker may not know the recovery phrase itself. However, any address/key that was signed through the faulty SecondFi signer may already be compromised. That is why they say "address level" issue. A bad signature can reveal the specific signing private key used for that transaction. The nonce should be derived from a secret prefix plus the message. The signature is then computed from the nonce, public key, message, and secret scalar. If the nonce is predictable, the secret scalar can be solved algebraically from public signature data. That means the old recovery phrase may not be leaked as a phrase, but restoring it elsewhere does not fix the problem. The same seed derives the same already-exposed addresses and credentials. This means the recovery phrase itself may not have been leaked. But some keys created from that recovery phrase may already be exposed. If you restore the same recovery phrase in another wallet, it will recreate the same exposed addresses. So moving to another wallet does not make those old addresses safe again. Restoring the same seed in another wallet is a local action. By itself, it does not broadcast anything on-chain. You can safely do it to see if funds are still there. Signing a transaction is the dangerous part. If an old address already had transaction history signed by the faulty SecondFi signer, then that key may already be exposed. In that case, signing one more transaction from another wallet does not newly expose that same key. The exposure may already have happened. The remaining question is whether a rescue transaction confirms before an attacker's sweep. If funds are still sitting on an exposed address, migration to a brand-new seed may be rational, but it is a race, not a guarantee. To make it clear: - Restoring the same seed elsewhere does not fix compromised keys. - Do not reuse exposed addresses. - Do not sign from them unless you understand the race and the consequences. At the transaction level, SecondFi/EMURGO's emergency rescue likely resembles a sweep: compromised address → safer custody address. There is no cryptographic magic that only they can perform. The difference is operational. They may have better information, better address-mapping, and coordinated broadcasting. That may be why their route is safer for many users than thousands of people independently trying to rescue funds in panic. But the community still deserves clarity. Take this only as my current understanding based on public information. I cannot tell affected users what to do. In crypto, actions are final. Every user carries the risk of their own decisions. SecondFi says affected users should follow the official claim process and that they are committed to returning assets. That may be the safest route for many users.
English
13
8
114
5.5K
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
@Quantumplation Good advice, sane advice , FINALLY Ok "Pink haired one", you get back all the respect you lost during your Anti-sSPO era. I will even stop calling you "The pink haired one"
English
3
0
8
478
Quantumplation | Pi Lanningham
Quantumplation | Pi Lanningham@Quantumplation·
The larger the audience, the less capacity for nuance. There's a lot of armchair speculation regarding this SecondFi issue floating around from people on the outside. This is understandable: absent any other lever, I can understand why people want to speculate and try to get to the bottom of the issue. However, much of it is incorrect, myopic, and uninformed. Please keep that in mind as you read what people have to say and form your own opinion or act hastily. Myself and others have been asked to help with the forensics. I'm limiting what I say publicly until we have a complete picture, but rest assured, I will write an independent after action report that attempts to make everything crystal clear, similar to what I wrote for the pig-chain incident last year. This incident will certainly need to be paired with acute accountability; but accountability and pitchforks are not the same thing.
English
18
31
180
8.3K
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
Thank you @IOHK_Charles It is highly likely @secondfiapp has done something very very wrong with their software, the exploit details have not been disclosed and it is not impossible it could re-emerge or other issues could arise If you are an ex Yoroi or SecondFi user, I strongly recommend you create a new wallet with @eternlwallet or @vesprwallet and migrate all your funds and defi positions ASAP If you are afraid of touching your SecondFi wallet, restore with your mnemonic in another wallet and try to migrate all your assets in a single transaction, this is the best way we currently know to limit your exposure and attack surface.
Charles Hoskinson@IOHK_Charles

Update x.com/i/broadcasts/1…

English
8
4
44
7.8K
Leo of the Brothership
Leo of the Brothership@BrothershipPool·
@AlexDochioiu Everyone that participated in this lie should be embarrassed and shun from the ecosystem . We will not forget!
English
0
0
15
299
Alex Dochioiu
Alex Dochioiu@AlexDochioiu·
SecondFi's advice wasn't just wrong. It kept users exposed for longer while protecting SecondFi interests. They told people: don't restore your seed into another wallet, and the risk is signing a transaction. What was actually true: ▸ Restoring your seed into another wallet did nothing to your keys. A normal wallet signs safely. ▸ Your key was already FULLY exposed the moment you signed once in SecondFi. That signature was the leak. ▸ Signing again, from any other wallet, revealed nothing new and gave the attacker nothing. So the one move that could save you, restore elsewhere and get your funds out, was the exact thing they warned against. "Sit still and wait" served them, not you. Full breakdown soon.
Adam Dean@adamKDean

The attack was not "highly sophisticated" and knowing now how it happened, it would have always been safe to restore your seed phrase into a competently developed wallet and transfer your own funds to a newly generated seed phrase. The move to secure funds already at risk was probably the right move as much as it sucks for those affected to now be left in limbo wondering how or when they'll get their assets back. There is no "vulnerability" in Cardano address standards or seed generation methods or transaction signing methods when they are implemented properly.

English
16
21
142
16.1K
The Crimson Eye
The Crimson Eye@cardano_crimson·
BREAKING NEWS 🚨 According to Charles, Emurgo does not know the identity of the white hat hacker. What is going on here???
English
20
11
54
16.4K