🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Look, it's actually pretty simple: UIs, infra, dependencies etc. can and will be corrupted. When you hit the buttons on the hardware device, that's when you need to be 100% sure what you sign. The MOST important part is the screen on your hardware device and what it displays and

TL;DR: A dev machine of Safe was compromised. This allowed access to AWS and their S3 bucket. A malicious JavaScript was pushed to the bucket and eventually distributed. The malicious JS code targeted specifically the Bybit contract address. The JS code changes the content of the

tl;dr: - don’t use a globally hosted site to handle $1.5B, prefer LAN - After signing, before broadcast, verify using tool such as github.com/pcaversaccio/s…. Ideally 2 tools - subresource integrity, hourly tests which verify frontend can help - don’t store prod keys on dev PCs

Was happy to work with Ark Labs to produce MuSig2 implementation for btc-signer. Go get it! github.com/paulmillr/scur…

Validating eth node in 14GB. That’s pretty cool!

GitHub actions CI supply chain attacks are a thing. They are, however, preventable when one pins action to a specific commit. Do not use git tag versions, which are mutable. Example here: github.com/paulmillr/jsbt…

React-friendly Cuer uses "paulmillr/qr" as backend, which was renamed to a simple "qr". Install it via "npm i qr". npmjs.com/package/qr

Nik has created an easy way to replace libsodium with noble. Check it out!

I wrote a bit about X’s new encrypted DMs and the Juicebox protocol. blog.cryptographyengineering.com/2025/06/09/a-b…

We have a new audited package: scure-sr25519. Polkadot apps can now rely on secure JS implementation of Merlin, Strobe, HDKD & Schnorr over Ristretto255. Kudos to community for funding, and Edgetributor SubDAO in particular for coordination! github.com/paulmillr/scur…

iOS 26 would get post-quantum xwing (ml-kem + x25519) in TLS & Swift CryptoKit. It would also support ML-KEM & ML-DSA in secure enclave. Hybrid algorithms (classical + pq) are coming to noble-post-quantum's next release. developer.apple.com/videos/play/ww…