![]() ![]() When moving very large sums its a good idea to first send a small amount, verify it went where you expect, then send the remainder to the same address - that'll protect against major loss if your entire machine is compromised and showing you the wrong destination. From reading this subreddit, exposed seed words is the most common vector for loss.ĭiligent checking of target addresses mitigates many of the likely malware attacks. ![]() ![]() That’s right, before today, the company relied on Google Chrome for its desktop apps. So long as you don't expose your seed words (by taking a photo on a phone, emailing, writing it into a notepad, putting it into a password manager tool etc), nobody can move your funds without some action on your part. The company launched a new app called Ledger Live to handle everything you used to do with Chrome apps before. However, it isn't impossible for a client-side trojan to rewrite the webpage you are viewing (such as by installing a Chrome extension), in which case you'll never actually see the correct destination and will end up sending your funds elsewhere. You can mitigate this by inspecting the X's screen as to the target address vs the place where you received the address. Ledger Ledger has broad documentation for users of MetaMask. Something could for example intercept the clipboard when you copy the To address, and instead tell the X to generate a transaction to an alternate location. However, if you are running _any_ malware on your machine (including a trojan'd Ledger Live) then some other vectors become possible. Live will never ask for you seed phrase, and if it does then you are running a hacked version.Ībsent control of the private keys, your funds cannot be moved. If someone gets access to your device and for some reason dedicated time and energy into accessing your Ledger Live account, all they would be able to see is what you yourself see in the app - primarily, account balances. Ledger Live does not interact with your keys, they are safely contained within the X. Ledger Live can get hacked in the sense that any app on your phone/computer can get 'hacked'. ![]()
0 Comments
Leave a Reply. |