8 matches found
Malicious Package
Overview viem-multichain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-5084 Malicious code in viem-multichain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000bdcb32a8ca1f6657425685c88c4b60917055d5a202275c50d004462e37459 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in viem-multichain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000bdcb32a8ca1f6657425685c88c4b60917055d5a202275c50d004462e37459 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
FastMCP OAuth Proxy token reuse across MCP servers
While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the baseurl passed to...
Rugsafe: a Multichain Protocol for Recovering from and Defending against Rug Pulls
Rugsafe introduces a comprehensive protocol aimed at mitigating the risks of rug pulls in the cryptocurrency ecosystem. By utilizing cryptographic security measures and economic incentives, the protocol provides a secure multichain system for recovering assets and transforming rugged tokens into...
@civic/multichain-connect-react-solana-wallet-adapter (>=0.0.0-alpha.1 <=0.0.3-beta.11), @debridge-finance/dln-client (>=5.1.0 <=8.2.2) +6 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.76.0)
@solana/web3.js NPM version =1.76.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @civic/multichain-connect-react-solana-wallet-adapter =0.0.0-alpha.1, =5.1.0, =2.11.0, =1.0.0, =0.1.1-alpha.8, =0.3.2-alpha.2,...
BranchBridgeAgent invokes anyCall with PAY ON SOURCE but doesn't send value with it. All calls will fail.
Lines of code Vulnerability details Impact IAnycallProxy.anyCall operates under one of two modes of taking fees, namely fees are taken either on source or on the destination chain. Fee mode is decided by the caller with an appropriate value of the fourth parameter, ie. uint256 flag . Values 0,4...
Multichain hack: Hacker returns $1 million, keeps $150k as bug bounty
By Deeba Ahmed The hacker turned out to be a "white hat" decided to return most of the stolen funds but… This is a post from HackRead.com Read the original post: Multichain hack: Hacker returns $1 million, keeps $150k as bug bounty...