 Hello everybody. Welcome to the Thursday's live stream. Before we start, let me just say this. I know there's going to be some people that say, ah, Rob is spreading FUD with that horrible thumbnail and title, but I'm just going to go over this as meticulously as I possibly can. All this information that I have come privy to is public record and available on the best platform in the world, X, from we know on his Twitter, about what's going on. All the information I have was taken directly from the tweets, mostly from Ledger and what is going on. And what it comes down to is that don't touch your ledger today. Don't interact with any apps. We don't know how far this actually goes. Here's what's happening. So today in the morning, right before we did the NFA live show with Guy and Ben, I saw this tweet command and then there was a storm of tweets and this came out and says, Ledger library confirmed. This isn't from somebody from a guy who knows a guy. It's ledger library confirmed compromised and replaced with a drainer. Some type of code you can see right here and will drain value, which was inserted into the code itself from lit into ledger, ledger get up, wait out interacting with any dApps till things become clear and they have, they become a little bit more clear. And of course, Simon Dixon puts out there, don't touch any of your crypto wall today. You got to ride this one out. I got to agree with them. I haven't touched anything. Makes a lot of sense. This is from Hudson Jamison VP of Poly on labs. And he says ledger library exploit explainer for average folks. That would be us. And he says such a library that is used by many dApps that is maintained by ledger was compromised and a wallet drainer was added maintained by ledger ledger keywordy compromised wall drainer. What do I do as a normal user? Don't interact with any dApp frontends on websites for now. So any that you have connected to anything that has to can do with a decentralized app, a dApp, you need to disconnect that as fast as you possibly can. And don't interact with anything. So if it's not connected, great, you don't do anything. Congratulations. But if you have any kind of dApps, there's a possibility you get drained of everything. Okay. So what do I do? Don't interact with any dApps frontends on websites for now. This is an ongoing situation. It's risky to use dApps currently if you don't understand what backend libraries they use, which I don't know what everybody uses. How do they drain your money? If you visit the website, you won't get automatically drained of your funds. However, prompts from your browser wallet like MetaMask will display that giving your assets to malicious actors. And of course, right now you wouldn't be before actually you wouldn't know that because there would be no type of interaction. There wouldn't be any kind of warning because we didn't know. Does ledger know about this? Yes, they do when they work on it. And that is very true. Note, even after ledger corrects the bad code in the library, projects using and deploying that library will need to update things before it is safe to use dApps that use ledger's Web3 libraries. Let me say that one more time. Even after ledger corrects this, the projects that are using and deploying that library, because it's on GitHub, I guess, will need to update things before it is safe to use dApps that use ledger's Web3. So even when ledger fixes it, the dApps may be still screwed up. This claim, but this is my opinion, not the opinion of any of my employees. Take this advice at your own risk. I'm just going to tell you like this. I'm not a coder, as you may have probably surmised, but I like to err on the side of caution. And I'll see people say, Rob, don't spread fun and don't talk about this, don't say this. Look, in this world of crypto, I would much rather spread fun and be proven wrong than to have to come on and tell you, okay, guys, I heard about the story and I wish I would have told you and you shouldn't have used your ledger and now you're all drained real sorry, but I wanted to verify everything. Let's err on the side of caution. I wish more people would have done that back in the days of different centralized exchanges, we'll say. So moving on. This is from ledger. This is where I got everything. This is on 449, which is most recent, I believe. We'll refresh in a second. Ledger connect kit, genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the ledger connect kit again. So again, even if they updated, I'm missing the problem with that. If that is correct, not for sure. The investigation continues. Here's the timeline of what we know of the exploit. This morning, CET time, a former ledger employee fell victim to a fishing attack that can access to their NPMJS account. I believe that's GitHub. Correct me the comment section. My question is this. Why does a former ledger employee have access for a fishing attack? And how many different ex-employees are there? That is a problem. Let me tell you a story. I used to work for this great company. It was called KCI, it was a WUNVAC company. Really great, fantastic, worked in the metal field for decades, actually. And nationwide, there was a rollout and they had to let people go, and they lost 40% of their individuals, the people that worked for them. I was one of those people. Within the time that I talked to my boss, and he said, sorry, Rob, we got to let you go, 40% of the people are getting let go nationwide. Here's your severance package. Great. Within that time that he said you are essentially gone, to the time when everything was shut off, was 10 minutes, 10 minutes. Access to my computer was revoked. We had a company phone, which my wife called me for dinner. She said, what do you want for dinner? Guess who picked up? KCI. And I said, sorry, we can't give you any information. I had to go buy a new phone before I could talk to my wife. So you're telling me that some guy out there still has access to ledger? I don't know. It's a little bit odd, but I don't run that company. Maybe that's a normal thing, correcting the comment section. The attacker published a malicious version of Ledger Connect Kit, affecting versions 1.1, 5, malicious code used a rogue wall connect project to reroute funds to a hacker wallet. Ledger's tech and security teams were alerted and a fix was deployed within 40 minutes of Ledger becoming aware, which I gotta tell you, is a pretty good response time, 40 minutes. The malicious file was live for around five hours. However, we do believe the windbill where funds were drained was limited to a period of less than two. Ledger coordinated with wall connect, genuine and verified Ledger Connect Kit, version 1.1 that is now propagated and is safe to use. For builders who are developing, interacting with Ledger Connect Kit code, Connect Kit development team on the NPM project, now read only and can't directly push the package for safety reasons, we will internally rotate the secrets to publish on Ledger's GitHub. Developers, please check again using Ledger's version 1.1.8. And of course, this would fall out to you also to update. Ledger, along with wall connect, are part of the report of the bad actors wallet address. Address is now visible on chain analysis and Tether has frozen the bad actors USDT, which is amazing. Tether, we complain about that, don't we? This is decentralized. How dare you freeze my accounts because you labeled me as a terrorist or whatever else it is. But when stuff like this happens, we're like, yeah, that's right. Hey, get to go with the bad. Sometimes they can freeze it for good reasons. Sometimes they can freeze it for ridiculous reasons. We remind you to always clear a sign with your Ledger, what you see on the Ledger screen is what you actually signed. If you still need a blind sign, use an additional Ledger mint wallet or parser transaction manually. Okay, here's the thing. Blind signing, if you have that turned on, that's a pretty much about an advanced technique that you have to use when you're in some kind of newer types of apps that you're interacting with. I put, I turn that thing on once for something that I thought I needed. I don't think you need blind signing. But again, it's everybody's personal opinion. It's not on by default. We're actively talking with customers who funds might have been affected working proactively, we are filing a complaint working with law enforcement, we're sending the exploit to avoid further tax, we would attack those address where the funds were blah, blah, blah, blah. And then I thank everybody. Security will always prevail with the help of the whole ecosystem. So that's what we have on that piece. So that's what it is. Let me just think about that in the, in the comments section. And there was one more piece here by Udi. And he's the guy from Taproot and ordinals and things like that. And he says, most tweets about ledger wrong, I can't verify this. Most tweets about ledger are wrong. Here's what you need to know, all active Ethereum wallets are at risk. Don't connect any Ethereum EVM wallets to any apps until for the notice doesn't matter if it's a ledger or not, didn't use your wallet today or say, I don't know, because like with that, again, it comes back to here and what was affected. I don't know how it works like that. Again, not a coder. So if you're a coder, developer, sound off in the comments section. But one thing I would say is that there was a tweet from MetaMask that was deleted. And it said the same thing. It said, just so you know, this isn't a ledger issue. This is also a MetaMask issue and any wallet that's available. And it said, you really need to update the latest version, which I did. And then it was deleted. I can't find the tweet anymore. So I can't tell you exactly what it is, but I can tell you that if you need to update your MetaMask, you know, it's not automatic. I thought it was automatic. Apparently it's not. You have to do this. Go into your MetaMask, click on it or right click, click on manage extension, turn on developer mode, and then click on update. And then it will update. And the, let me see, the version, you can't see my MetaMask while I'm looking at it right now, but let's see, settings, general 1.1.7. No, no, no, 11.7.0 is the latest version. So 11.7.0 is the latest MetaMask version. Now, for sure, if you have something you need it, but I'm just telling you, you might want to update it. And there's the information. I linked this exact website into the description so you can follow along and do this to update. But again, we're not for sure what's going on to air on the side of caution. Don't interact with your ledger or use any kind of dApps. And that's it. I don't really use it. And this is why I've always been harping on for people to not just use one piece, right? We talk about diversification in our, in our investments, right? We talk about a real estate, maybe property, maybe precious metals, gold and silver, maybe traditional equities, maybe real estate investment trust, and then, of course, cryptos. So if we do that, and we diversify across all of our investments, why wouldn't we diversify across our cold wallets, right? So for me, hell to go, I have a ledger. I know people will say, Rob doesn't like ledger. Rob hates ledger. I don't hate ledger. I just think it's a very clunky interface. And let's be honest, it hasn't had the greatest, I mean, it's never been hacked. Has it? No crypto funds have ever been hacked from a ledger. Your personal data has. Sorry, it's true. It did actually happen. And of course, there was the whole thing with them splitting up your private key and getting it to three different businesses, them being one of them, two being someone else. But you have to sign up for that. So that's two. And of course, this thing happened today, which is three. So yeah, the longer you're around, I think the more problems you're going to get into, the more scribbles you're going to have. That's what it is. So I have a ledger, I have an ellipal, and I have my favorite, just tangent, which works super simple. But, you know, of course, you guys can do whatever you want to do. I just, I want to be safe. The guy at the end of the day, who I was at least worries, is the winner. And I get to sleep soundly at night, knowing that I diversified at least also my cold storage devices. Anyhow, let me just think about that in the comment section. Here's where it gets even better. Today, this is from friends of the show, Token Metrics. Shout out to Ian. UrnFi accidentally swapped its entire treasury and is now kindly asking for their money back. Can't make this up. All right. So periodically, Urn Finance converts a small quantity of its treasury tokens and a stable coin to spend on operations. However, something went terribly wrong during this process when they went to perform the swap and erroneously converted the entire amount, 3.8 million of those tokens, into a stable coin, which wouldn't be bad. But there wasn't sufficiently liquid for such a large trade. And the trade was ultimately fulfilled, but at a 63% loss. Before the trade, that quantity of tokens was priced at around $2.28 million and Urn received only $780,000 because of slippage. And it says, sorry we have to ask this, but I hope you can understand, doesn't hurt to ask again. So far, only one wall is taking them up on the offer, returning to ETH. So, yeah, welcome to crypto. And people are like, why don't people jump into crypto? It seems so safe. There's your reason because of stuff like that. But it does happen and it's a shame and I hope everything works out for them. But this is where we're at. And then also, on moving away from some of the concerning news, let's talk some good stuff, right? Like on yesterday's show, we talked about some of the bad things or some of the good things went bad. Now we're going to go somewhat concerning and bad to the good stuff. That's Jerry B. Hall, friend of mine, great guy, Costa Rica, and we had a show on Sunday. And he was talking to me about FASB, the financial accounting standards board. And he was talking about how great this is when this actually comes into fruition for Bitcoin. And he was explaining it to us and I was like, great. Well, now we've got a date for this. And I'll explain why this is good in a second. New FASB rules pave the way for Bitcoin on corporate balance sheets at fair value. Before this rule went into effect, which it's not even into effect yet, but everything's coming. The change affected for fiscal years beginning after December 15, 2024, so in one more year, introduces fair value accounting for Bitcoin. The problems with institutions and corporations is they, when they put Bitcoin on their balance sheet, they couldn't value it at the value of whatever it was during that timeframe. It had to be the lowest amount when they actually bought it. So every single time on your balance sheet, it was showing like a loss. So why would these institutions and these corporations put on their balance sheet? Because it wouldn't be very positive to show their board members and their stockholders and their investors themselves. So now this comes in. This will actually show positive. I think it's a good thing. Jerry was going on and on about it. I'm like, okay, great, Jerry. But now I kind of get it. So it sounds good. So that's a very positive thing. And on top of that, this one's really cool. Central Banks. And I've heard about this before, but now we got a solid date. It's from Marty Party. Always got good information on X from Marty. And he says, talk about timing. Central Banks can now hold up to 2% of crypto on their balance sheet starting when? January 1st, 2025. So we got the FASB rule, December 15th, 2024. Is that right? Yeah. And now we got the central banks saying, hey, we can hold up to 2% of crypto on our balance sheet and we'll have to sneak around it. And I just thought to myself, I'm like, wow, this is from the Bank of International Sentiment. Under the standard, banks will be allowed to hold up to 2% of cryptos in their reserves. The implementation starts from 1st January, 2025. Great. More people to actually hold crypto. And of course, what does that mean? It takes that circulation, which means it raises the price. Great. Fantastic. I'm not a big fan of banks, but if they want to get in here, sure, because it's very hard for them to turn a profit. Maybe they could start to be centralized banks for exchanges. But it's here or there. I think this is a good move. I'm happy for it. I'm going in the right direction. Fantastic. And then also, as we're moving forward, because we've really, we've seen some volatile swings, haven't we? Lately, it's been great, right? We had Jay Powell yesterday pretty much came out and said, buy risky assets, because we're going to not raise the rates. Not only that, we're going to cut rates three times next year, potentially. We're going to try to work for a soft landing. Essentially what that says to everybody is like, here's your green light. So when this happens, things are going to go up, things are going to go down. We're going to have some volatility. I don't talk about this that much because I just kind of glance over it, but it's important. I think it's important. Limit orders. I know a lot of you traders out there are like, well, duh, but I just have to remind everybody, even myself, because I don't do this enough, is that on Coinbase and most decentralized exchanges, you can put limit orders in right now because we've seen, like I said, some pretty big swings. So you could put in there a limit order, you can put in, hey, I want to buy $2,500 worth of Bitcoin when it reaches $20,000, or maybe you think $30,000 or whatever else it is, and you can put it in and it'll fill it that magic moment. You can be sleeping and that's it. And these are the things that I never set up. I know it's on me. I just forget to do these things because I'm just always checking the prices and things like that, which I think sometimes most people are, but this will take a little bit of stress off people. So limit orders are a pretty good idea, especially when you have everything connected to financial institutions, so they can actually fill that order. Now for sales, if you want to do sales limit orders with the selling, you can do that, but of course you have to have crypto on the exchanges and I'm not going to do that. Now you can do it. I'm just not going to do it, but I will buy because I'm going to hold for a while and I've got my little strategy when I'm going to get out. Link in the description when I'm going to sell 80% of all my crypto. Speaking of swings, Bonk. Bonk, of course it's a meme coin and it's super risky. You'll probably lose everything and you'll be crying later, but right now it's a pretty good day. And I've been talking about this since Bonk was ranked 170 something. Now it's ranked 69. I thought it'd be in the top 100. Now I think it'll be in the top 40. Bonk is the dogecoin of this cycle, I believe. It's built on Solana. Super easy to get now because it's just got listed on Coinbase. It was a funny thing because on Coinbase, let me see here. There was a rumor that it got listed, went to here. Of course, no. The rumor started down here and went all the way up and then it got announced and it dropped and everybody's like, oh, that's it. It's going to be dead. And then what happened? Just kept going up. Of course Jerome Powell helped with that, I think. So when these things happen, maybe you want to put in a limit order for Bonk. And to ask the question or answer the question, is Rob biased? Absolutely. Because Rob owns a bunch of Bonk. So just take that with a grain of salt. Will Rob dump on you? Probably. So if you think you're going to go in there and Rob won't dump on you, there's another story. I will dump on you. I'll dump on you hard. And then lastly, for limit orders, as a reminder, I forget to do this too, is that if you have a Roth IRA, it doesn't matter where you have it. I have it with iTrust. But iTrust just rolled out where you can also have a limit order. So in your portfolio, you just click on the whatever you want to do and then under conditional, click on that. And then whatever the price is and you can purchase and it'll be executed. So I just put those in today. I put those in a day. I put those in a Coinbase because what's great about this is in my iTrust, my Roth IRA account, I can trade within the account and pay zero taxes. All Americans can do that matter of fact. So just something to do. And then also, if you're like, I don't want to do any of that stuff. I like I like Dexes. That's great. But I've what we just talked about with Ledger. Don't do this today. I'm saying at some point you should or maybe look into it. Jupiter. Jupiter is a dex on Solana. And people tell me to use it. I'm like, yeah, yeah, I'll get to it. I'll get to it. And it's really cool because you can DCA stuff. You can DCA on a dex. All you got to do is connect your wallet. I use Phantom and you can put whatever you want. Like I've got Solana in my Phantom wallet. Again, I don't want you to interact right now. What we just talked about with Ledger. I don't know what's going on. Give it some time. But like you can put Solana, like I've got four Solana in there, right? So I can say, okay, I want Solana for USDC or JTO or Orca or Helium, which has really popped off as a matter of fact, where is a where's Pith or Pythe? How do you say it? Anyhow, it's in here somewhere. I'll just look for it. P Y T H. There it is. So I mean, whatever you want to do, and then I'll just execute on a daily basis. It can be every day, every, every hour, which would be interesting to do that. But you could do that, but you can't do that in any exchange. You can put an hour and put like 0.005 Solana or whatever you want to do. And then just kind of bleed it out over that time to find your preferred. That only goes for 30 days. That's the maximum. I'm not mistaken. Let's try 40 days. Yeah. So 30 as I believe, but that's pretty neat. That was pretty interesting. And that's essentially it for different things you should do and some good news. Oh, and also before we get into Q&A as a reminder, we had a pretty good session, me, Guy, and Ben over at NFA Live. We talked a lot about airdrops, and there's a couple of good links for you if you're into those things, which I'm actually going to get into myself because, hey, why not gamble a little bit? And it was a good episode. We also talked about Jerome Powell and talked about some things to look out for. So there's a link in the description. Also Christmas is coming up. So to celebrate, I got two giveaways going on right now. One, you want a tangent wallet? Well, good news. I'm giving away five tomorrow. All you got to do is a link in the description, as there always is. It's very at the very top. I need you to follow me on X. I want you to follow Tangem. I want you to repost that post. Come back tomorrow and I'm giving away five Tangem wallets, and I'll draw them live on air. And then also, I'm giving away 5,000 10-set tokens. Right now, a 10-set token's worth about $0.65-$0.70. So five winners are going to win 1,000 10-set tokens. I'll give that away next week. All you got to do is, first of all, watch the deep dive video, which is on my second channel, Van Degen. I like 10-set. First of all, the price appreciation isn't great, but they do airdrops. They are a launchpad, and they also have a seven-day money-back policy for the launchpad, so you get access to these early gem projects, which I've done two, and did okay. Watch the deep dive video. So do that. Follow me, follow 10-set, retweet, all that good stuff. And that's it for today. So look, another one a little bit long, 22 minutes, but a lot of things to go over. But that's all we have for today. So look, if you like today's video, give it a thumbs up. Consider subscribing. Everything we talk about is time-sensitive. But that's it. Now, I know there's a bunch of questions, so I'll go over those. Q&A, I'll answer the best of my ability. Remember, I'm not a developer, but I'll try to answer as much as I can, and we'll work through this. If you got to go, take off. Thanks so much. I do appreciate it. And I'll see you, well, probably tomorrow if you want a tangent.