Bitcoin.Review Podcast with NVK & Guests cover image

Bitcoin.Review Podcast with NVK & Guests

BR093 - ECDSA Key Extraction, ESP32 Security Concerns, COLDCARD, Cove Wallet, Krux, Nunchuk, Invalid Mining Jobs, Javascript Injection Attack, CTV Back on the table? + MORE ft. Rob & Vivek

Mar 13, 2025
In this conversation with Rob Hamilton, a Bitcoin security expert from Anchor Watch, the focus is on vital issues in cryptocurrency security. They dive into ECDSA vulnerabilities and the importance of robust cryptographic practices. Rob and host Vivek discuss hardware wallet security, particularly regarding ESP32 technology. The duo also covers advancements in wallet policies and the significance of user-friendly security measures. Additionally, they explore the evolving landscape of Bitcoin mining technologies and the growing sophistication of cybersecurity threats.
01:28:17

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • A serious vulnerability in JavaScript cryptographic libraries can lead to ECDSA private key extraction, underscoring the importance of using well-reviewed libraries for security.
  • Significant security weaknesses in the ESP32 platform highlight the risks of using undocumented features in hardware wallets, stressing the need for stringent security measures.

Deep dives

Vulnerability in JavaScript Libraries

A serious vulnerability regarding ECDSA private key extraction was identified in a JavaScript cryptographic library. This flaw arose because the library accepted hex strings as input without proper type validation, leading to potential security breaches. The discussion highlights the risks associated with using non-standard libraries in critical applications, particularly in the context of blockchain technology where security is paramount. Alternatively, using well-reviewed and open-source libraries, such as those in Bitcoin Core, is emphasized as a necessary practice to mitigate such risks.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode