hbar

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

I ran forensic code stylometry on Adam Back’s hashcash vs Bitcoin v0.1.0. The result: 20/100 similarity. Here’s why the code says he isn’t Satoshi. I built a tool that extracts 32 stylometric features from C/C++ codebases and compares them using AI analysis agents. Think of it like handwriting analysis, but for code. Every programmer develops unconscious habits – how they name variables, format braces, handle errors. Over 19,000 lines of code, they’re almost impossible to disguise. I compared hashcash against Bitcoin v0.1.0 across six categories: naming conventions, formatting, error handling, language features, architecture, and platform signals. The results weren’t close. 2 matches. 10 partial. 18 mismatches. – THE NAMING PROBLEM – Satoshi was obsessive about Hungarian notation. Every variable in Bitcoin v0.1.0 is type-prefixed: nValue for integers, fBlock for booleans, pindexBest for pointers, mapTransactions for maps. This isn’t occasional – it’s every single variable, without exception. Hashcash? Zero Hungarian notation. Not one instance. Variables are descriptive snake_case: validity_period, db_filename, line_max. Where Satoshi writes fSuccess, Back writes check_flag. The _flag suffix is literally the mirror-image of Satoshi’s f prefix. Every function in Bitcoin is PascalCase: GetHash(), ConnectInputs(), AcceptTransaction(). Every function in hashcash is snake_case: hashcash_mint(), hashcash_check(), sdb_open(). You don’t accidentally switch between them on a side project. – THE ERROR HANDLING FINGERPRINT – Satoshi had a deeply distinctive error pattern: return error(“ConnectInputs() : %s prev tx not found”, hash.ToString().substr(0,6).c_str()); That format – error(“FunctionName() : description”) – appears throughout Bitcoin. The function name embedded in every error message. The hash truncated with .substr(0,6). This is a genuine fingerprint. Hashcash uses generic “error: description” messages with no function name embedding. No hash truncation. Completely different error philosophy. – THE PLATFORM DIVIDE – Satoshi was a Windows developer. Bitcoin v0.1.0 was built Windows-first: MSVC compiler, WSAStartup for networking, CRITICAL_SECTION for threading, %I64d format specifiers (an MSVC-specific quirk), Allman brace style, 4-space indentation. Hashcash is Unix-native. POSIX APIs, /dev/urandom for randomness, Stroustrup brace style, mixed tabs, standard %ld format specifiers. Different operating system cultures entirely. – THE ARCHITECTURE GAP – Satoshi used extensive global state – dozens of global maps and pointers. He named thread functions with a “2” suffix (ThreadSocketHandler2). He built custom macro-based serialization. Hashcash uses file-scoped statics, no threading, and standard I/O serialization. None of Satoshi’s architectural fingerprints appear. – CONTEXT – I ran the same analysis against four other candidates: Hal Finney (RPOW): 41/100 – highest match, genuine partial overlaps on Hungarian notation and formatting Wei Dai (Crypto++): 22/100 Len Sassaman (Mixmaster): 20/100 Paul Le Roux (TrueCrypt/E4M): 16/100 The two things hashcash matched on? ALL_CAPS constants and no unit tests. Both universal in late-90s/2000s C code. They tell you nothing. – THE CAVEAT – Could someone deliberately change their style for a pseudonymous project? In theory. In practice, maintaining a different style across 19,000 lines – prefixing every variable with a system you’ve never used, reformatting every brace, restructuring every error message – would require superhuman discipline. And you’d expect occasional slips. There are zero slips toward hashcash conventions in Bitcoin’s source. Code doesn’t lie. The person who wrote hashcash and the person who wrote Bitcoin v0.1.0 had different tools, different platforms, different naming instincts, different error handling philosophies, and different architectural reflexes. The stylometric evidence argues decisively against common authorship.

🌐 HBAR This Week | Jan 26 - Feb 1 📺 Mance on CNBC "If we think about the internet, it runs on technologies no one has ever heard of... Hedera will be the same." The "invisible ubiquity" vision. Enterprise rails that just work. 🛠️ DevDay Denver Feb 17 alongside ETHDenver. Full day of hands-on building on Hedera. Quiet week on announcements. Loud week on execution. #HBAR #Hedera