Hey, I provided the link to the corresponding github issue. With JavaScript you can scan the JSONRPC port and for unprotected wallets, you will receive an alert
giving away the seed like seed: {"id": 0.7398595146147573, "result": "pony south strike horror throw acquire able afford pen lunch monster runway", "jsonrpc": "2.0"}
!
You are viewing a single comment's thread from:
Wow, this is quite unsettling! Nowadays it is not really possible any more to have JavaScript deactivated because most pages require it. The best thing might be to use hardware wallets (such as Ledger or Trezor), but they do not support most of the coins so far.
Please don't hold your bitcoin on the regulated exchanges folks. They will serve their own best interests first, not ours.
This is not about an exchange! The flaw is inside a dedicated wallet Electrum, iti is probably the most widely-used light wallet!