A supply chain attack on the Ledger connector application has rippled throughout the world of decentralized apps, which widely use the software to enable people to connect their popular Ledger hardware wallets to perform transactions. Although hardware wallets are meant to be among the most secure ways to store crypto, they too are vulnerable to attacks when they are connected to perform transactions.A hacker was able to obtain access to Ledger's source code management tool and push out a new release that contained code that would drain wallets as users connect them. Because the library is so widely used, many crypto applications were vulnerable — including Revoke.cash, a security-focused project intended to help people guard against attacks on their wallets.CTO of the Sushi crypto project issued a broad warning: "Do not interact with ANY dApps until further notice." At least $600,000 has been drained from multiple users so far.
crypto reminds me of this time I was working for a digital agency and we landed a huge project to build a new from-scratch version of Australia’s biggest job site of the time. The delivery timeline was 3 months or so, but we kept going over. Each month we went over gave the client more time to change their mind on what had been built so far. The more they changed what was built the more bugs were created. By 8 months in it was clear that jira tickets were being created about 5x faster than they were being closed. Everyone knew it was impossible to finish. It became a standoff between agency and client to see who would give in first. We kept building and they kept throwing money at us. At one point our boardroom became a makeshift desk for 12 contractors.
Eventually the client gave in at the 12-month mark and had to sign-off on a successful delivery because our contract was written well enough to account for the effects of their meddling. We handed over a non-functional site and a couple of months later they paid another agency to re-skin their existing site.
Anyway… crypto and the idea that “we’ve just got to fix the bugs” reminds me of that.
crypto reminds me of this time I was working for a digital agency and we landed a huge project to build a new from-scratch version of Australia’s biggest job site of the time. The delivery timeline was 3 months or so, but we kept going over. Each month we went over gave the client more time to change their mind on what had been built so far. The more they changed what was built the more bugs were created. By 8 months in it was clear that jira tickets were being created about 5x faster than they were being closed. Everyone knew it was impossible to finish. It became a standoff between agency and client to see who would give in first. We kept building and they kept throwing money at us. At one point our boardroom became a makeshift desk for 12 contractors.
Eventually the client gave in at the 12-month mark and had to sign-off on a successful delivery because our contract was written well enough to account for the effects of their meddling. We handed over a non-functional site and a couple of months later they paid another agency to re-skin their existing site.
Anyway… crypto and the idea that “we’ve just got to fix the bugs” reminds me of that.
ah, the clients nightmares are made of