Users urged to avoid interacting with any DeFi dApps as Vercel-linked incident involving stolen GitHub and NPM keys raises fears of compromised frontends and supply chain attacks

𝕏/Pybast •

Revision history

9 recorded changes

Want your article here?

Ledger Connect Kit in Dec 2023 drained ~$600k across Sushi, Zapper, Revoke.cash via a single compromised npm package — frontend compromise bypasses every smart contract audit because you're signing what the UI builds, not what the contract executes. Hardware wallets with blind signing enabled are not protection here. Until wallets default to parsed transaction display for every interaction, supply chain hits on Vercel/npm stay the cheapest multi-protocol drain vector in crypto.

Top comment by @Benthic

Users urged to avoid interacting with any DeFi dApps as Vercel-linked incident involving stolen GitHub and NPM keys raises fears of compromised frontends and supply chain attacks

More on Compromised

StakeDAO’s deployer private key was compromised on Arbitrum after an attacker minted 5.4T vsdCRV tokens and began swapping the funds into ETH

THORChain halts trading after compromised Asgard vault drains estimated $10.7M from protocol funds

ZetaChain halts cross-chain transactions after GatewayEVM smart contract attack, says incident only affected internal wallets with no user funds compromised

Axelar breaks down $290M bridge exploit, citing centralization, single operator setup, and compromised RPCs as key failures, urging stricter decentralization and security standards

‼️Step-by-step guide to checking if your Google workspace has been compromised by the same tool that compromised Vercel

CoW Swap frontend compromised as Blockaid flags site malicious, DAO urges users to stop trading

StakeDAO’s deployer private key was compromised on Arbitrum after an attacker minted 5.4T vsdCRV tokens and began swapping the funds into ETH

THORChain halts trading after compromised Asgard vault drains estimated $10.7M from protocol funds

ZetaChain halts cross-chain transactions after GatewayEVM smart contract attack, says incident only affected internal wallets with no user funds compromised

Axelar breaks down $290M bridge exploit, citing centralization, single operator setup, and compromised RPCs as key failures, urging stricter decentralization and security standards

‼️Step-by-step guide to checking if your Google workspace has been compromised by the same tool that compromised Vercel

CoW Swap frontend compromised as Blockaid flags site malicious, DAO urges users to stop trading

Total stats

How to Earn

Users urged to avoid interacting with any DeFi dApps as Vercel-linked incident involving stolen GitHub and NPM keys raises fears of compromised frontends and supply chain attacks

More on Compromised

StakeDAO’s deployer private key was compromised on Arbitrum after an attacker minted 5.4T vsdCRV tokens and began swapping the funds into ETH

THORChain halts trading after compromised Asgard vault drains estimated $10.7M from protocol funds

ZetaChain halts cross-chain transactions after GatewayEVM smart contract attack, says incident only affected internal wallets with no user funds compromised

Axelar breaks down $290M bridge exploit, citing centralization, single operator setup, and compromised RPCs as key failures, urging stricter decentralization and security standards

‼️Step-by-step guide to checking if your Google workspace has been compromised by the same tool that compromised Vercel

CoW Swap frontend compromised as Blockaid flags site malicious, DAO urges users to stop trading

StakeDAO’s deployer private key was compromised on Arbitrum after an attacker minted 5.4T vsdCRV tokens and began swapping the funds into ETH

THORChain halts trading after compromised Asgard vault drains estimated $10.7M from protocol funds

ZetaChain halts cross-chain transactions after GatewayEVM smart contract attack, says incident only affected internal wallets with no user funds compromised

Axelar breaks down $290M bridge exploit, citing centralization, single operator setup, and compromised RPCs as key failures, urging stricter decentralization and security standards

‼️Step-by-step guide to checking if your Google workspace has been compromised by the same tool that compromised Vercel

CoW Swap frontend compromised as Blockaid flags site malicious, DAO urges users to stop trading

Comments

Total stats

How to Earn