OnChainTrust

🚨🚨 We are currently experiencing an issue with the CoW Swap frontend (swap.cow.fi). While we are investigating, please DO NOT use CoW Swap.

Attention! It looks like @CoWSwap UI is compromised - pls share this info ASAP! Looks like a DNS hijacking (registrar related).

@matt_elevenlabs 11B

We just raised $500M at an 11B valuation 🎉 To celebrate, we’re giving away 1,000 free credits so you can test our platform. For the next 6 hours, comment “11B” below and we’ll DM you the credits (must follow) 👇

We’re actively investigating a frontend compromise. Please do not access the site through any URL — primary domain or decentralized mirrors — until we confirm everything is safe. All smart contracts appear secure. Updates soon.

This time, several old system JS packages were attacked – debug (357M installations per week) and chalk (299M installations per week), along with a bunch of others, through a Git hack of one of the previous maintainers. You can read the full report here (#issuecomment-3266868187" target="_blank" rel="nofollow noopener">github.com/debug-js/debug… ) from the owner of the hacked account. In short, the hack involved 2FA access to NPM through email. How could this affect you? With a regular wallet connection, nothing will happen without your knowledge. The script is injected into any page containing JS code and checks for the presence of Ethereum wallets (using the window.ethereum check). Then, when attempting to send any transaction through the wallet, it simply replaces the recipient's address. Literally any website that updated its dependencies and installed the hacked version in the last couple of hours could be vulnerable. As of now, the version with the bug has already been removed from NPM. It seems that for the next couple of days, it's better to avoid signing transactions or to be extremely cautious about the recipient's address. The hacker's address is 0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976. What should developers do? Check your lock files, as the hacked packages are mostly utility packages and may not be used directly in the project. The obfuscated script is left here ( #file-npm-vulnerability-deobfusicated-js-L626" target="_blank" rel="nofollow noopener">gist.github.com/sindresorhus/2…), and here ( jdstaerk.substack.com/p/we-just-foun… ) are a few more details on how it works under the hood. Issues with warnings and more technical details: github.com/chalk/chalk/is… github.com/debug-js/debug… The hacker's wallet is currently completely empty.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works by silently swapping crypto addresses on the fly to steal funds. If you use a hardware wallet, pay attention to every transaction before signing and you're safe. If you don’t use a hardware wallet, refrain from making any on-chain transactions for now. It’s still unclear whether the attacker is also stealing seeds from software wallets directly at this stage. Excellent report here: jdstaerk.substack.com/p/we-just-foun…

HACKERS HIJACK NPM PACKAGES IN WHAT IS BEING CALLED THE LARGEST SUPPLY CHAIN ATTACK IN HISTORY IF YOU USE A HARDWARE WALLET, PAY ATTENTION TO EVERY TRANSACTION BEFORE SIGNING IF YOU DON'T USE A HARDWARE WALLET, REFRAIN FROM MAKING ANY ON-CHAIN TRANSACTIONS FOR NOW: @Ledger CTO The malicious code only impacts individuals accessing the compromised applications over the web, monitoring for cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. This causes the transaction to be hijacked by the attackers rather than being sent to the intended address. The malware operates by injecting itself into the web browser, monitoring Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash wallet addresses or transfers. On network responses with crypto transactions, it replaces the destinations with attacker-controlled addresses and hijacks transactions before they're signed. What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users' apps believe they are signing: bleepingcomputer

On Oct 30, 9:12 PM - 11:22 PM CET, 1inch dApp users may have encountered a malicious wallet connect and signature request. This signature allows an attacker to drain user's funds. Only the 1inch web dApp was affected; the 1inch Wallet, API, and protocols were never compromised.

The Ethena domain registrar account was recently compromised and we have taken steps to deactivate the site until further notice. The protocol is unaffected and funds are safe. Please do not interact with any site or application purporting to be the Ethena frontend.

We just learned that dYdX v3 website (dYdX . exchange) has been compromised. Please do not visit the website or click any links until further notice. An update will be provided when available. This message does not relate to dYdX v4.

🚨 URGENT: The Compound Labs website (compound[.]finance) has been compromised. Please do not visit the website or clink any links until further notice. An update will be provided when available. This is our final message // end of tweet. 🚨

🚀 OnChainTrust has been accepted into Gitcoin Grants Round 20 🚀 Support us by visiting our page on Gitcoin. Every bit of support helps us make Web3 a safer space! explorer.gitcoin.co/#/round/42161/… @gitcoin #GG20 #Gitcoin #GitcoinGrants20 #GitcoinGrants

Our founder Alexey speaking today the first time publicly about safety of Web3 Applications at Linea Voyage Waypoint in Munich. Exciting times ahead 🚀