Major npm Package Attack Hits 47M Weekly Downloads
Major npm Package Attack Hits 47M Weekly Downloads
🚨 npm poisoned
The popular npm package "error-ex" with 47 million weekly downloads was compromised by attackers. The malicious code redirected MetaMask transactions to hacker-controlled addresses using visually similar addresses to deceive users during transaction signing.
Cian Platform Status:
- ✅ All systems safe - comprehensive audit of 5 frontend projects found zero compromised packages
- ✅ Extra precautions taken - all package versions locked, updates paused until threat clears
Security Recommendations:
- Hardware wallet users: Enable clear signing, verify every address digit-by-digit
- Software wallet users: Consider pausing on-chain transfers temporarily
- Developers: Check dependency versions immediately, rollback or lock to safe versions
Alephium also confirmed their wallets remain unaffected by the supply chain attack.
Security Update: Cian is Safe What Happened: The npm package "error-ex" (47M weekly downloads) was poisoned by attackers. Affected websites would redirect MetaMask transactions to hacker addresses using similar-looking addresses to confuse users during signing. Cian's Status:
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works
🚀 Bondify: Unlocking Liquidity and Yield Markets for Real-World Assets
**Bondify** is launching to address a key limitation in tokenized real-world assets (RWAs): their inability to move beyond static onchain positions. **The Problem:** - RWAs backed by stable cash flows struggle to integrate into DeFi yield markets - Unlike crypto-native assets, they lack speculative incentives (governance tokens, points) - This limits liquidity and yield trading opportunities **Bondify's Solution:** - Enables RWAs to participate in liquidity pools, looping strategies, and yield markets - Uses risk-tranching to separate principal from yield potential - Allows leveraged investors to absorb risk while transferring excess yield at a discount - Creates a market for yield derivatives on traditionally stable assets **Key Benefits:** - Amplifies stable RWA returns through recursive staking strategies - Addresses DeFi liquidity constraints and exit inefficiencies - Bridges traditional structured finance with decentralized markets - Enables both conservative investors seeking predictable spreads and speculators pursuing leveraged returns Bondify represents the next evolution in RWAfi, moving beyond simple tokenization to active participation in DeFi's yield infrastructure.
CIAN Reopens ETH Strategies After Kelp DAO Incident
**CIAN has restored normal operations** for all ETH-related strategies after a temporary pause triggered by the Kelp DAO rsETH bridge incident. **What happened:** - On April 19, CIAN paused deposits and withdrawals for ETH strategies due to volatility in Aave's ETH borrowing conditions - The pause was a precautionary risk control measure, not a security breach of CIAN's systems - After 11 days of monitoring and assessment, services resumed on April 30 **Key points:** - All ETH strategy deposits and withdrawals now functioning normally - CIAN will continue monitoring underlying protocols and market liquidity - Risk controls remain dynamic to protect user assets The incident demonstrates how external protocol events can create ripple effects across DeFi platforms, prompting defensive measures even when the platform itself remains secure.
Mantle Vault Crosses $200M TVL Milestone with 7%+ Stablecoin Yields
**Mantle Vault has surpassed $200 million in total value locked (TVL)**, marking a significant milestone for the stablecoin yield platform. The vault, a collaboration between Bybit, Mantle, and CIAN protocol, offers users: - **7%+ APY on stablecoins** through automated strategies - One-click access via Bybit's On-Chain Earn platform - Support for USDC and USDT deposits The platform utilizes auto-leveraged strategies on Aave, routing deposits into USDe and sUSDe positions to generate boosted yields. Users can also earn Ethena points and additional incentives, though withdrawals require a 57-day waiting period. This TVL milestone demonstrates growing adoption of automated DeFi yield strategies among stablecoin holders seeking returns beyond traditional savings rates.
Cian Protocol Migrates Billion-Dollar Strategies to Aave Mantle
**Cian Protocol announced a two-stage plan to build on Aave Mantle:** **Stage 1: Immediate Migration** - Moving billion-dollar yield strategies to Aave Mantle - Lower borrow rates on Mantle create better net yields - Key assets (Ethena, Maple, Kelp) already deployed **Stage 2: RWA Infrastructure** - Building new interest-bearing RWA strategies over coming months - Leveraging Bybit and Mantle's tens of billions in deployable capital - Redesigning DeFi primitives to accommodate institutional-scale RWA The team believes RWA will dominate lending markets within two years as the gap between on-chain and off-chain economies closes. Cian, an early builder of RWA yield strategies, is positioning Aave Mantle as the infrastructure layer for this transition.
Cian Founder to Discuss CeDeFi Integration at Mantle State of Mind Event
Cian's founder Luffy_Cian is participating in **Mantle State of Mind Episode 07**, scheduled for March 17 at 10 PM UTC+8. The discussion will focus on: - The **CeDeFi flywheel** mechanism on Mantle - How Cian's automation platform integrates into the broader ecosystem - Insights from multiple ecosystem builders The event will be hosted on Mantle's official X (Twitter) account, bringing together various projects to explore the convergence of centralized and decentralized finance.