Justin Leroux
@justinleroux
1/ The crypto industry needs to wake up to its biggest blind spot: signing security. Most crypto losses involve private key management and blind signing. If experts get hacked regularly, what hope is there for mass adoption? We need better tools.
1 reply
0 recast
2 reactions
Justin Leroux
@justinleroux
2/ The Bybit and Radiant hacks -where a transaction looked legitimate on a computer but is replaced before reaching a hardware wallet- undermines the security benefit of smart contract multisig wallets. If you can't verify what you're signing, the best software tools offer no protection at all.
1 reply
0 recast
0 reaction
Justin Leroux
@justinleroux
3/ It’s not a bug or a bad UI. It’s a systemic failure in how we handle transaction verification. Attackers are exploiting the gap between what humans can verify and what machines actually sign - and there’s no effective defense with current tools.
1 reply
0 recast
1 reaction
Justin Leroux
@justinleroux
4/ If we don’t fix this, we’ll keep seeing bigger and bigger exploits. Minor positive steps -air-gapping, MPC, AA wallets, better signing flows- cannot solve this alone. Transactions must be verifiable on secure hardware, by humans, in a trustless way.
1 reply
0 recast
0 reaction
Justin Leroux
@justinleroux
5/ This isn't just about big exchanges and onchain treasuries. This impacts us all - 1 out of 5 crypto users have lost funds due to private key exploits. The industry tells users it's their responsibility to educate themselves and be more careful instead of fixing the problem.
1 reply
0 recast
0 reaction
Justin Leroux
@justinleroux
6/ The only real solution is easily readable signing on secure hardware, displayed on a secure screen. There's no solution using only phones or computers: everyone needs a fully independent, tamper-resistant way to verify exactly what they’re approving.
1 reply
0 recast
0 reaction
