fc-updates
Important updates about things happening in Farcaster
62 replies
72 recasts
534 reactions
55 replies
76 recasts
579 reactions
25 replies
117 recasts
881 reactions
56 replies
108 recasts
729 reactions
51 replies
108 recasts
555 reactions
31 replies
54 recasts
315 reactions
32 replies
115 recasts
537 reactions
9 replies
6 recasts
92 reactions
9 replies
11 recasts
128 reactions
22 replies
30 recasts
231 reactions
33 replies
64 recasts
309 reactions
Security Update: NPM QIX attack
1. If you're using the Farcaster app on web or mobile, you are safe.
2. If you're using a Farcaster miniapp, be cautious unless the developer has confirmed it's safe. Reject any transactions from miniapps you don’t fully understand.
What happened?
An attacker took over an NPM developer's account and replaced packages with malicious versions. These low-level, open-source components are used by many apps, including popular crypto wallets. Any app that updates these packages today may load the malicious code, which can propose dangerous transactions to users.
The Farcaster app uses some of these packages, but we have confirmed we haven’t updated them since the attack. It's therefore safe to use our app.
Farcaster miniapps could have been affected. If a miniapp is impacted, it may propose a dangerous transaction. Our security scanning should catch most of these, and even if something slips through, you’ll see a transaction preview to review and reject. If you’re using a miniapp, it’s important to read the details and accept only transactions you understand. 37 replies
151 recasts
522 reactions
4 replies
9 recasts
24 reactions
59 replies
76 recasts
432 reactions
0 reply
8 recasts
35 reactions
