WHAT YOU NEED TO KNOW (3/9/2019)
- All Ledger Nano S users should use Ledger Live to update the Bitcoin app to v1.3.3 or higher OR update the firmware to 1.5.5 or higher
Note that Ledger is working on improving the reduced app space that Nano S users are seeing with firmware v1.5.5
- Coinomi PC/Mac users who may have restored an existing wallet seed using Coinomi desktop should create a new wallet (with proper backup) and move all their funds to the new wallet.
The easiest way would be to use another company's wallet app, like Exodus on desktop, to use as your destination for your wallet balances. Please test all crypto asset transfers with small amounts to the new wallet and verify receipt before making large transactions. Once you've moved over to the new wallet seed you may continue using Exodus or download the newest version of Coinomi and restore / move over to continue using Coinomi desktop.
There have been several surprising and somewhat alarming security flaws with popular crypto wallets revealed over the past few weeks. This is just a short overview:
A Ledger Nano S critical bug that would potentially allow malware to steal all of your “change” bitcoin in a transaction that otherwise looks normal. For example: Sending 0.01 BTC to a website to make a small purchase and seeing your entire Bitcoin wallet balance disappear. Note that you would have to have your Ledger connected to a PC or mobile device compromised with special malware for this to work. No losses have yet been reported from this bug.
A Ledger Nano critical bug with Monero involving the latest Monero Ledger app (v.1.1.3) combined with the latest Monero PC software (v0.14). All Monero Ledger users are advised to wait on sending XMR until research has been conducted into the cause and the bug found and corrected in a subsequent update. Update 3/9: It sounds like the bug will be fixed with Ledger Monero app v1.2.0 in conjunction with Monero wallet v0.14.
A Coinomi critical bug with a previous version of their desktop application that caused wallet recovery phrases to be submitted to Google’s servers for spell-checking during a wallet recovery process. There are two sides to this story: The user who claims to have lost funds due to this bug, and Coinomi’s official response. No matter who you believe, the underlying issue is real and is a problem for users who recovered a wallet using a previous version of the app.
My thoughts on the implications on safe storage of crypto assets to follow in a subsequent post….