lace.io

Friendly reminder to stay safe and be aware of scams. Any X account that is not this account is NOT us. Our engineers would never contact you on their personal accounts. X is also not the place for wallet support or troubleshooting. We have official support channels for that which I would refer you to. If anyone asks you to send an email, share recovery phrases, passwords, or private information, that is NOT us. These are the ONLY official support channels you should use if you need help with your account: Support Hub: https://t.co/N2FNNdAA3W Discord: https://t.co/QjknGdBHuY WhatsApp Live Chat: https://t.co/QIL850Zq09 FAQs: https://t.co/mIc6VyL6QK Anyone else should be reported and blocked immediately. Please stay cautious and always double check before engaging with anyone claiming to represent Lace.

We've been teasing that something new is on the way. This week, teams across IOG are putting it through its paces, testing a completely new opt-in Lace experience built on the foundations of Lace 2.0. It's faster, more intuitive and designed to make everyday interactions feel more seamless from the moment you open your wallet. We're not quite ready to show you everything just yet, but we thought it was time to give you a small glimpse of what's coming. Take a look below👇 Soon 👀

Important Security Update. As stated, we have identified the root cause of the incident. It is at the address level. The affected software signer used a deterministic nonce derivation flaw. Every time an address signed a transaction, it leaked enough information to mathematically reconstruct that address's private key from public blockchain data alone. If you were affected by the attack, your first/default address (index 0) is almost certainly exposed. It is the address that some wallets may be using by default or as the only address at all, and nearly always has transactions. That history is all an attacker needs. Please DO NOT RESTORE your recovery phrase into another Cardano wallet. This does not mitigate the security risk. Your keys are derived from your recovery phrase, not from the app. Restoring the same phrase into another wallet recreates identical addresses with identical exposure. The compromised thing is the key of the compromised address(es), not the interface you are using. If you were affected by the attack, and use any of your compromised address(es) to deposit it could be drained again. This includes withdrawing staking rewards even using another wallet. Reward withdrawal and delegation are signed with the stake credential. The withdrawn funds could be routed to your first/default address (as indicated above), which has a high chance of being compromised (wallets work differently managing it). Mempool-monitoring adversaries can front-run or sweep your assets on confirmation. There has been conflicting advice from community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. We are working to facilitate the verification process so users can claim back their assets safely. Following the above is very important, if not it makes verified claims more difficult. The only thing you should do right now is submit a ticket at https://t.co/bKfl8SK9D2 We will never DM you first or ask for your recovery phrase.

Self-custody puts you in control of your funds. It also means the safety part is on you. Worth running through the basics: ▪️ Your recovery phrase stays with you. Nobody needs it, including us. Anyone who asks for it is trying to drain you. ▪️ You approve every transaction yourself, so actually read it first. Wrong amount, or an address you don't recognize? Don't sign. ▪️ Onchain, there's no undo button. The few seconds you spend checking the address are the only protection you get. Need help? One portal: https://t.co/C5s1yFPlq1. There is no support on X. Anyone in your replies or DMs offering to recover your funds is running a scam.