A new method of stealing your crypto just dropped. It's up there with Spectre. All Intel CPUs since gen 9 are vulnerable. Any software that implements this vulnerability can steal your keys, on any OS, with no currently deployed mitigation.
Kiss your crypto goodbye.
comsec.ethz.ch
INTCel CPUs
AMD chads win again
its 13gen dumbass nigger
Buying Intel was a mistake.
What's it like being a retarded faggot that can't read?
this has 0 effect on hardware wallet chads
We just keep winning
u are the retard faggot nigger that highlight 13gen and didn't post complete shit pic nigger
no browsing retarded fearmonging link nigger
waaah waaaah waaah i'm stupid and make assumptions stop being mean to me
lol kys
lmao kill ur self ass id nigger lol
what a faggot ass nigger kys nigger
nobody is going to take ur shit seriously ass nigger lol
almost looks like lcEAtass nigger lol nigger
holy shit ur mad lmfao
Just stop being poor and buy a M4 Mac. Problem solved.
lol not mad nigger ur id just funny ass shit nigger lmao nigger
toss some salad nigger lol nigger
7 out of 14 posts
i'm not mad nigger!!!!!
lol
Based
Intel is isreali backdoored
Why would anyone buy/use anything even associated with isreal for anything sensitive?
FUCK I HAVE EXACTLY 9TH GENERAION
WHAT DO I DO
Types like a nigger
Thinks like a nigger
Has emotion outbursts like a nigger
Who let this nigger in?
Create a new wallet on a device that doesn't have an intel chip, buy one if you have to, and transfer everything into that wallet
Not complicated
not complicated
I would need to buy first and transfer several wallets.
Is it really that severe?
based
I wouldn't cheap out on security, it's your decision but it could cost you big time. It's not like you have to go out and buy a brand new laptop, you can probably get an old amd computer on eBay under $100. I personally have a hard drive that only has an os and wallet on it that I swap in and out of my laptop when I buy and sell
tfw trade on phone
stolen crypto
article has nothing to do with it
I wish posts like this were bannable
if you have more than $50 worth of coins then you can afford a trezor or a ledger. just pick whichever one you think is cooler. it doesn't matter
Bro's telling that my crypto assets are going while I'm beating my meat watching porn on Tass hub from my Mac, even if this shit is true, I'm not using Intel lmao
if you have more than $50 worth of coins then you can afford a trezor or a ledger
Honestly nigga that shit is gay. I say this as a cryptowizard with $30MM in bitcoin. I might have an elaborate backup strategy but that's because I have to really seriously think about fires, needing to flee the country, people trying to snoop around, whatever.
But that's absolutely overkill for basically everyone. Most people are good with it just sitting around coinbase. If they really need to they could move it to an offline wallet and stamp out the seedphrase onto a metal plate, put the plate in a safe deposit box. Or do TWO plates in different safe deposit boxes in different banks.
It's fun to pretend you're some cyberpunk being tracked by l33t haxors and you need to throw them off the trail but usually this shit is just gay shit like someone running a keylogger or whatever.
I'd just do a 2FA coinbase for $50k-$200k. More than that I start thinking about offline wallets.
look at op id lcEAtass what a faggot nigger
Feels good to be an exchange chad
I would be fine with parking in coinbase if only there was a law to prevent coinbase from selling people’s coins if they go bankrupt.
As of right now they can bail in using other people’s coins. Fuck that.
$30MM in bitcoin will eventually get liquidated by NYKNYC
it is you sir who are gay. the number of dumb motherfuckers who would have not lost their money if they just stuck with a trezor is much higher than you can imagine with your little no theory of mind autism brain. this includes people who used mt gox, cryptsy, bitfinex etc. don't leave your money in coinbase
If it can leak 5.6KiB/s of arbitrary memory, it can leak your private keys while they're in memory.
Trezors and Ledgers are actually security risks if you use smart contracts, since they all basically blind sign them so you're trusting your computer anyways. A smartphone is infinitely superior to a Trezor.
the biggest security risk especially with smart contracts is the user. by like a loooot. it's not even close
since they all basically blind sign
Yeah that's not how blind signing works with a hardware wallet you dumb nigger
You still need the wallet attached and physical pin entered to actually submit any transaction
God so many stupid faggots itt
Sorry but i didn't understand anything, mind add a caveman translation for retards like myself?
You still need the wallet attached and physical pin entered to actually submit any transaction
this has nothing to do with blind signing, with both Trezors and Ledgers you have no fucking idea what you're signing beyond the most basic details, at least for ETH smart contracts. The devices are incredibly barebones and lack basic security features like decoding smart contract calls, much less simulating the transaction. If you don't know what you're signing, you should not sign it.
you have no fucking idea what you're signing beyond the most basic details
Yeah so again that's on the user to check what the payload of the transaction is
It's both in metamask and in the hardware wallet software
If the user chooses to just ignore it like they're signing a EULA then that's on them that's not a vulnerability or exploit retard
good thing i use my old-ass processors for my nodes
amd had similar vulnerabilities just slightly less bad. They will likely port this one over too
It's both in metamask
If you're computer is compromised, Metamask is compromised. Any information gleaned from Metamask cannot be trusted as it could be tampered with by malware. If you're going to trust Metamask anyways, there really is no point in having a hardware wallet as it's just security theatre, just use Metamask instead.
and in the hardware wallet software
The whole point is that the hardware wallets recommended don't offer a reasonable indication of what you're signing, a hexadecimal dump is not reasonable to an end user.
reasonable to an end user
At the end of the day a normie will require either a broker to do this shit for them or, more likely, a loan by means of a creditor
Is the software perfect? No. Is the software ever going to be normie friendly? Fuck no.
Regardless, it isn't an exploit and even the exploit this thread is about is stupid as hell. I hate you all
An attacker with normal user access to a computer could possibly access parts of computer memory that are normally protected from normal users. This memory might contain sensitive information such as passwords or private keys. If the attacker can do this repeatedly for a long period of time they might capture a crypto private key for the very brief time that it is stored in memory. Since the attacker using this technique is already on your computer somehow, you likely got bigger problems than this specific memory leak.
At the end of the day a normie will require either a broker to do this shit for them or, more likely, a loan by means of a creditor
So your solution is to introduce a trusted middleman that can steal the user's funds? That's even worse. There's a reason crypto exists, people like you just don't seem to get it.
even the exploit this thread is about is stupid as hell.
The exploit in this thread can be used to steal funds from users running Intel machines, it's a pretty big exploit.