So as Anons found in the previous threads, there is in fact at least one private group that is using the code storage vulnerability to transfer out Chainlink from hardware wallets.
>What is this exploit?
There's a security layer in LINK's source code that deals with storage ticks. Basically, even in cold storage where they're untouched, there's a cache protocol that will occasionally ping public wallet addresses to verify their contents. Unfortunately, LINK has a slightly different version of this protocol in order to make micro-pings for staking purposes. Most staking rewards are going to be really small transfers, so the LINK devs lowered the tick rate for these pings. However, if you're using a hardware wallet, your storage is operating at the NORMAL tick rate, creating a cache gap where someone can use an SLQ% injection to gain access to your wallet. There's already been many posts of Anons opening up their wallets to find all their tokens transferred out to mysterious addresses, losing tens if not hundreds of thousands of dollars.
>Does this affect other tokens in my hardware wallet?
No, as this isn't a vulnerability with the wallet so much as Chainlink specifically. Other tokens, even on wallets that have been affected by the exploit, are safe.
>I haven't touch my wallet in years! Can someone really randomly gain access and steal my LINK?
Sadly, yes. This affects PUBLIC addresses, and these are most likely being chosen at random.
>I have my LINK on a hardware wallet! What do I do?
Either transfer them to a paper wallet (safest), an exchange, or trade for fiat.
>Can this be patched?
Yes, but it will take time. This isn't something that can be done in one week, as it's tied to the security layers focused on staking. These have to be rewritten very cautiously, else other major functions of the LINK source code can break.
