Major npm Package Attack Hits 47M Weekly Downloads
Major npm Package Attack Hits 47M Weekly Downloads
🚨 npm poisoned
The popular npm package "error-ex" with 47 million weekly downloads was compromised by attackers. The malicious code redirected MetaMask transactions to hacker-controlled addresses using visually similar addresses to deceive users during transaction signing.
Cian Platform Status:
- ✅ All systems safe - comprehensive audit of 5 frontend projects found zero compromised packages
- ✅ Extra precautions taken - all package versions locked, updates paused until threat clears
Security Recommendations:
- Hardware wallet users: Enable clear signing, verify every address digit-by-digit
- Software wallet users: Consider pausing on-chain transfers temporarily
- Developers: Check dependency versions immediately, rollback or lock to safe versions
Alephium also confirmed their wallets remain unaffected by the supply chain attack.
Security Update: Cian is Safe What Happened: The npm package "error-ex" (47M weekly downloads) was poisoned by attackers. Affected websites would redirect MetaMask transactions to hacker addresses using similar-looking addresses to confuse users during signing. Cian's Status:
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works
USD1 Venue Rotation: Dolomite In, Lista DAO Out
**Key Changes This Week:** - **USD1 venue swap**: Added USD1 on Dolomite (~9.5% APY, ~$29M TVL, incentive-driven); removed USD1 on Lista DAO due to risk and liquidity concerns - **Kamino USD1 caution**: Elevated yields remain reward-heavy, expect compression as deposits increase **Notable Rate Movements:** - Fluid USDC (ETH): Rose to ~6.3% from ~4.5%, TVL climbed to ~$366M - Aave USDT (ETH): Compressed to ~2.8% from ~3.5% *Not financial advice—DYOR always.*
Mantle Vault Reaches $120M in One Month with Zero-Incident Track Record
Mantle Vault, a collaboration between Bybit and Mantle, grew from zero to $120M in assets under management within its first month. The platform prioritizes a clear hierarchy: **Security > Scalability > Sustainability > APY**. **Key operational principles:** - 3.5-year track record with zero security incidents and zero forced liquidations - Smart-contract automation handles frequent inflows/outflows and rebalancing - Critical transactions guaranteed within 12 blocks during network congestion - Risk engineering treated as first principle, not afterthought The platform's founder emphasized that building reliable onchain yield at scale requires different mechanics than managing small funds. As capital grows, viable yield sources narrow to battle-tested venues with deep liquidity. The system uses continuous monitoring, alerts, and failover protocols. During extreme market conditions, the platform coordinates with block builders to ensure strategy transactions execute when timing matters most. Mantle Vault routes funds into USDe/sUSDe on Aave, backed by Ethena's delta-neutral strategy. The team focuses on durable yield structures over short-term incentive spikes, expanding coverage through rigorous stress testing and conservative parameters.
🔗 Bitcoin Yield Without Selling
CIAN launches **FBTC Yield Layer** in partnership with FunctionBTC, allowing Bitcoin holders to earn yield while maintaining BTC exposure. The platform routes Bitcoin into diversified on-chain opportunities including: - Lending protocols - Restaking mechanisms - DeFi reward flows This solution addresses the common problem of Bitcoin sitting idle in cold storage by putting it to work across multiple yield-generating strategies. [Explore FBTC strategy](https://yieldlayer.cian.app/vaults/0x8D76e7847dFbEA6e9F4C235CADF51586bA3560A2?chainId=1)
Pendle-Based USDE Strategies Offer Fixed APYs Through Principal Tokens
**USDE strategies spotlight** reveals new yield opportunities through Pendle's Principal Token system. Key strategies include: - **PT-USDe on Plasma** (15JAN2026): 5.59% APY with 3.03% borrow cost - **PT-srUSDe on ETH** (15JAN2026): 7.91% APY with 6.99% USDC borrow cost These strategies use **borrow loops** to amplify returns through fixed APYs tied to specific maturity dates. The approach provides diversified yield farming options but comes with important considerations. **Key risks to consider:** - Early redemption can significantly reduce effective returns - Borrow costs must be factored into net gains - Maturity dates create time-locked commitments Most other stablecoin yield strategies showed only minor numerical adjustments this week, with TVL changes reflecting normal market flows. No major protocol additions or deletions occurred. *Always research thoroughly before investing - this is not financial advice.*
🔧 RWA Yield Trading
**Risk-tranching approach** transforms how tokenized real-world assets integrate with DeFi yield trading markets. Traditional RWAs face integration challenges: - Lack speculative incentives like governance tokens - Limited appeal for yield speculation - Constrained market liquidity **Sophisticated risk-tranching solution:** - Enables leveraged investors to absorb higher risk - Transfers excess yield potential at discount - Creates vibrant yield derivatives market - Amplifies RWAs' stable returns This structured finance framework serves dual purposes: - **Leveraged investors** get predictable yield spreads - **Speculators** pursue leveraged returns with small capital **Key benefits:** - Addresses DeFi liquidity constraints - Improves exit inefficiencies - Enhances RWAs' product-market fit - Bridges traditional and decentralized finance The mechanism aligns RWAs with DeFi's dynamic recursive staking strategies, creating new opportunities for both conservative and speculative investors.