RE: LeoThread 2026-02-21 01-22

avatar

You are viewing a single comment's thread:

Using a multisig solution is strongly recommended to avoid losing funds if a single device is compromised. An SDK is available for development integration, helping improve crypto security

leofinance
0
0
0.000
3 comments
avatar

A significant amount of money was lost due to a silent, zero-interaction dev environment exploit

No wallet connection
No signing
No running of the app

Just cloning a repo and opening it in VS Code

0
0
0.000
Reply
avatar

Malicious .vscode/tasks.json hooks can execute automatically on folder open once the workspace is trusted, running hidden background commands. This is actively abused by DPRK-affiliated groups

0
0
0.000
Reply
avatar

A Web3 professional believed caution was sufficient; this vulnerability is genuinely scary and unfamiliar to many developers

Treat untrusted repos like malware. Open in restricted mode. Inspect .vscode/ before trusting anything 🙏

0
0
0.000
Reply