0 reply
0 recast
0 reaction
Security Update: NPM QIX attack
1. If you're using the Farcaster app on web or mobile, you are safe.
2. If you're using a Farcaster miniapp, be cautious unless the developer has confirmed it's safe. Reject any transactions from miniapps you don’t fully understand.
What happened?
An attacker took over an NPM developer's account and replaced packages with malicious versions. These low-level, open-source components are used by many apps, including popular crypto wallets. Any app that updates these packages today may load the malicious code, which can propose dangerous transactions to users.
The Farcaster app uses some of these packages, but we have confirmed we haven’t updated them since the attack. It's therefore safe to use our app.
Farcaster miniapps could have been affected. If a miniapp is impacted, it may propose a dangerous transaction. Our security scanning should catch most of these, and even if something slips through, you’ll see a transaction preview to review and reject. If you’re using a miniapp, it’s important to read the details and accept only transactions you understand. 37 replies
141 recasts
477 reactions
1 reply
0 recast
1 reaction
1 reply
0 recast
0 reaction
0 reply
0 recast
1 reaction
