Algebra is thrilled to welcome Good Entry to its DEX Ecosystem.
14 Dec 2023, 13:23
📢 Algebra is thrilled to welcome Good Entry to its DEX Ecosystem!
💚 @goodentrylabs , a revolutionary decentralized liquidity provider derivatives market, offers user protection in trading & yield generation.
Operating atop Algebra's partnering DEXes, it builds option markets…
Same news in other sources
1
14 Dec 2023, 13:38
This is the affected dependency, and the root of the issue is that another Ledger app is loading the Javsacript from a URL, instead of bundling it with the application. Moreover, the URL requested just asks for version "1", so the latest in 1.x.x is returned. the attacker compromised the Ledger NPM repository, and released a new version with the malicious code
None of the Kujira dapps, nor Sonar, import this package either directly or indirecty
Moreover, and I'm working on confirming this 100%, the attack targets EVM chains, and the malicious tx that is requested is contructed just for EVM, so it wouldn't be able to touch your funds on Kujira
This is the affected dependency, and the root of the issue is that another Ledger app is loading the Javsacript from a URL, inst
This is the affected dependency, and the root of the issue is that another Ledger app is loading the Javsacript from a URL, instead of bundling it with the application. Moreover, the URL requested just asks for version "1", so the latest in 1.x.x is returned. the attacker compromised the Ledger NPM repository, and released a new version with the malicious code
https://www.npmjs.com/package/@ledgerhq/connect-kit?activeTab=versions
None of the Kujira dapps, nor Sonar, import this package either directly or indirecty
Moreover, and I'm working on confirming this 100%, the attack targets EVM chains, and the malicious tx that is requested is contructed just for EVM, so it wouldn't be able to touch your funds on Kujira