Tom - NIMUE

Here is a webapp I wrote to facilitate safe migration of wallets that I have been sharing with users I verified as impacted since the original incident occurred. My legal counsel finally gave approval to publish the tool publicly: https://t.co/XV7pX8MTmM You can use "Get Me Outta Here", and it will handle the corner cases that can result in loss of funds. Note that the tool is use at your own risk, it performs the safe migration handling the known edge-cases, however it doesn't guarantee comprehensiveness and there may be uncovered edge-cases that even this tool is not equipped to handle.

It’s not too late the submit a treasury withdrawal as we don’t know yet which live proposals will get approved and a TWGA submitted today could already be ratified the next epoch… The NCL could also be exceeded though with the right timing of events. If multiple proposals are about the be ratified at the same epoch boundary and none of them would individually violate the NCL, together they can as the ledger doesn’t enforce the NCL.

Important Security Update. As stated, we have identified the root cause of the incident. It is at the address level. The affected software signer used a deterministic nonce derivation flaw. Every time an address signed a transaction, it leaked enough information to mathematically reconstruct that address's private key from public blockchain data alone. If you were affected by the attack, your first/default address (index 0) is almost certainly exposed. It is the address that some wallets may be using by default or as the only address at all, and nearly always has transactions. That history is all an attacker needs. Please DO NOT RESTORE your recovery phrase into another Cardano wallet. This does not mitigate the security risk. Your keys are derived from your recovery phrase, not from the app. Restoring the same phrase into another wallet recreates identical addresses with identical exposure. The compromised thing is the key of the compromised address(es), not the interface you are using. If you were affected by the attack, and use any of your compromised address(es) to deposit it could be drained again. This includes withdrawing staking rewards even using another wallet. Reward withdrawal and delegation are signed with the stake credential. The withdrawn funds could be routed to your first/default address (as indicated above), which has a high chance of being compromised (wallets work differently managing it). Mempool-monitoring adversaries can front-run or sweep your assets on confirmation. There has been conflicting advice from community members in an attempt to be helpful. Do nothing until official steps come from SecondFi. We are working to facilitate the verification process so users can claim back their assets safely. Following the above is very important, if not it makes verified claims more difficult. The only thing you should do right now is submit a ticket at https://t.co/bKfl8SK9D2 We will never DM you first or ask for your recovery phrase.

Nice idea and better what we have now, but lately the idea of having different categories came up, to allow for e.g. investing with the treasury in liquidity without this having an impact on spending for other projects. How could this be incorporated in this system? Also, it doesn’t make much sense to me to apply the same NCL percentage to all assets in a multi asset treasury. Converting treasury ada to stables needs a withdrawal first too btw, which would also fall under that ‘investing’ categorie… I think abolishing the NCL is still the best solution…