fc-updates
Important updates about things happening in Farcaster
34 replies
112 recasts
510 reactions
10 replies
5 recasts
83 reactions
9 replies
10 recasts
106 reactions
22 replies
30 recasts
224 reactions
34 replies
60 recasts
291 reactions

Security Update: NPM QIX attack
1. If you're using the Farcaster app on web or mobile, you are safe.
2. If you're using a Farcaster miniapp, be cautious unless the developer has confirmed it's safe. Reject any transactions from miniapps you don’t fully understand.
What happened?
An attacker took over an NPM developer's account and replaced packages with malicious versions. These low-level, open-source components are used by many apps, including popular crypto wallets. Any app that updates these packages today may load the malicious code, which can propose dangerous transactions to users.
The Farcaster app uses some of these packages, but we have confirmed we haven’t updated them since the attack. It's therefore safe to use our app.
Farcaster miniapps could have been affected. If a miniapp is impacted, it may propose a dangerous transaction. Our security scanning should catch most of these, and even if something slips through, you’ll see a transaction preview to review and reject. If you’re using a miniapp, it’s important to read the details and accept only transactions you understand. 37 replies
140 recasts
484 reactions
4 replies
9 recasts
22 reactions
61 replies
58 recasts
401 reactions
0 reply
9 recasts
30 reactions
15 replies
9 recasts
87 reactions
40 replies
48 recasts
260 reactions
22 replies
9 recasts
118 reactions
49 replies
46 recasts
320 reactions
0 reply
0 recast
15 reactions
65 replies
90 recasts
509 reactions