PSA: There is a supply chain attack on Bitcoin wallets going on.
HARDWARE WALLETS AND SIGNAL MAY BE AFFECTED. READ FURTHER.
I have not studied the full scope of this attack yet, but from what I hear, it can impact websites/webapps (including "local" webapps like Signal Desktop) and cause them to display a thief's address instead of the intended one.
This means hardware wallets will correctly display the actual send-to address, but you the human may compare the address to one that has already been replaced!
Regardless of what wallet you use, verify the address you are sending to without trusting a computer. Call your recipient and verify verbally.
Luke Dashjr
npub1lh…aa9nk
2025-09-08 23:55:48 UTC
Author Public Key
npub1lh273a4wpkup00stw8dzqjvvrqrfdrv2v3v4t8pynuezlfe5vjnsnaa9nkSeen on
wss://nos.lolPublished at
2025-09-08 23:55:48 UTCEvent JSON
{
"id": "7bcfcc93a1ea32075fd52bc7cebc0b9dbfb3b4273c2ab94b2d6854d6a68c4ac4",
"pubkey": "fdd5e8f6ae0db817be0b71da20498c1806968d8a6459559c249f322fa73464a7",
"created_at": 1757375748,
"kind": 1,
"tags": [
[
"alt",
"A short note: PSA: There is a supply chain attack on Bitcoin wal..."
]
],
"content": "PSA: There is a supply chain attack on Bitcoin wallets going on.\nHARDWARE WALLETS AND SIGNAL MAY BE AFFECTED. READ FURTHER.\n\nI have not studied the full scope of this attack yet, but from what I hear, it can impact websites/webapps (including \"local\" webapps like Signal Desktop) and cause them to display a thief's address instead of the intended one.\n\nThis means hardware wallets will correctly display the actual send-to address, but you the human may compare the address to one that has already been replaced!\n\nRegardless of what wallet you use, verify the address you are sending to without trusting a computer. Call your recipient and verify verbally.",
"sig": "1f13d20b22a755a632c97f9415d6ea7dda5a11b3e0aec59b70d6cd7e2e8fad0394898fad12be55086b40d4b755ec8ddadab392b3d89b8bd3843ad5f2ebe45e3c"
}