blitz

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works by silently swapping crypto addresses on the fly to steal funds. If you use a hardware wallet, pay attention to every transaction before signing and you're safe. If you don’t use a hardware wallet, refrain from making any on-chain transactions for now. It’s still unclear whether the attacker is also stealing seeds from software wallets directly at this stage. Excellent report here: jdstaerk.substack.com/p/we-just-foun…

.@BasedIndia Fellowship 3.0 is a huge success based on this demo day - live apps, great content and first few users already. My favourite apps: 1. @ibetyou_today 2. @playshades 3. @blitzdotfun Why? They tap into the existing social or general curiosity components. Focused on simplicity and repetition. Easy to understand pitches. Some other apps that have potential but do have operational challenges: - @parrotdotclick (API limits and restrictions across platforms) - @Buzzbase_fun (in theory creator loans make sense but collateral stability is the biggest risk)