Major npm Package Attack Hits 47M Weekly Downloads
Major npm Package Attack Hits 47M Weekly Downloads
🚨 npm poisoned
The popular npm package "error-ex" with 47 million weekly downloads was compromised by attackers. The malicious code redirected MetaMask transactions to hacker-controlled addresses using visually similar addresses to deceive users during transaction signing.
Cian Platform Status:
- ✅ All systems safe - comprehensive audit of 5 frontend projects found zero compromised packages
- ✅ Extra precautions taken - all package versions locked, updates paused until threat clears
Security Recommendations:
- Hardware wallet users: Enable clear signing, verify every address digit-by-digit
- Software wallet users: Consider pausing on-chain transfers temporarily
- Developers: Check dependency versions immediately, rollback or lock to safe versions
Alephium also confirmed their wallets remain unaffected by the supply chain attack.
Security Update: Cian is Safe What Happened: The npm package "error-ex" (47M weekly downloads) was poisoned by attackers. Affected websites would redirect MetaMask transactions to hacker addresses using similar-looking addresses to confuse users during signing. Cian's Status:
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works
🔗 Bitcoin Yield Without Selling
CIAN launches **FBTC Yield Layer** in partnership with FunctionBTC, allowing Bitcoin holders to earn yield while maintaining BTC exposure. The platform routes Bitcoin into diversified on-chain opportunities including: - Lending protocols - Restaking mechanisms - DeFi reward flows This solution addresses the common problem of Bitcoin sitting idle in cold storage by putting it to work across multiple yield-generating strategies. [Explore FBTC strategy](https://yieldlayer.cian.app/vaults/0x8D76e7847dFbEA6e9F4C235CADF51586bA3560A2?chainId=1)
Pendle-Based USDE Strategies Offer Fixed APYs Through Principal Tokens
**USDE strategies spotlight** reveals new yield opportunities through Pendle's Principal Token system. Key strategies include: - **PT-USDe on Plasma** (15JAN2026): 5.59% APY with 3.03% borrow cost - **PT-srUSDe on ETH** (15JAN2026): 7.91% APY with 6.99% USDC borrow cost These strategies use **borrow loops** to amplify returns through fixed APYs tied to specific maturity dates. The approach provides diversified yield farming options but comes with important considerations. **Key risks to consider:** - Early redemption can significantly reduce effective returns - Borrow costs must be factored into net gains - Maturity dates create time-locked commitments Most other stablecoin yield strategies showed only minor numerical adjustments this week, with TVL changes reflecting normal market flows. No major protocol additions or deletions occurred. *Always research thoroughly before investing - this is not financial advice.*
🔧 RWA Yield Trading
**Risk-tranching approach** transforms how tokenized real-world assets integrate with DeFi yield trading markets. Traditional RWAs face integration challenges: - Lack speculative incentives like governance tokens - Limited appeal for yield speculation - Constrained market liquidity **Sophisticated risk-tranching solution:** - Enables leveraged investors to absorb higher risk - Transfers excess yield potential at discount - Creates vibrant yield derivatives market - Amplifies RWAs' stable returns This structured finance framework serves dual purposes: - **Leveraged investors** get predictable yield spreads - **Speculators** pursue leveraged returns with small capital **Key benefits:** - Addresses DeFi liquidity constraints - Improves exit inefficiencies - Enhances RWAs' product-market fit - Bridges traditional and decentralized finance The mechanism aligns RWAs with DeFi's dynamic recursive staking strategies, creating new opportunities for both conservative and speculative investors.
mF-ONE TVL Surges 4x Since July
**mF-ONE's Total Value Locked has quadrupled since July**, marking significant growth in the real-world asset (RWA) sector. The platform bridges **institutional yield with on-chain accessibility**, offering sustainable returns through their Yield Layer product. Key highlights: - TVL growth of approximately **400% since July 2025** - Focus on **sustainable yield generation** - Part of the broader **RWA season trend** This growth reflects increasing institutional interest in tokenized real-world assets and on-chain yield opportunities. [Access mF-ONE Yield Layer](https://yieldlayer.cian.app/vaults/0xC9ecc74110850168Fc7373c2586e5A525B02B02F?chainId=1)