MetaMask had a presence at Defcon in Las Vegas and Ethereum Argentina. And we saw another real-world example of the kind of supply chain attack that LavaMoat can help mitigate.
Jean-Maurice-Émile Baudot and Baudot Keyboard. Baudot invented the first means of digital communication, Baudot code.
Security experts from MetaMask, along with those from Paradigm, Yearn, and Polygon, have teamed up to create an experimental Telegram bot hotline solution for users who are experiencing crypto emergencies. Our own Taylor Monahan and Harry Denley are pitching in on the project, dubbed Seal 911.
Our experimental solution: a Telegram bot which anyone can use during emergencies to get in touch with trusted members of the security community and their extensive network of contacts.https://t.co/PpVfraqZrq
The latest update on Snow from MetaMask's Gal Weizman: "Today marks a big day in the life of Snow, where we come to the mature realization that in order for the project to stop chasing defensive security it has to take some bold steps at the cost of adoption and functional behaviour."
Secure design specialist Antonela Debiasi took the Mainet stage at Ethereum Argentina to discuss the trust model in cryptocurrency networks, pointing out the difference between indicators of trust and indicators of corporate security.
Security Laboratory
LavaMoat monorepo is switching to npm workspaces and release-please for release management. Soon LavaMoat releases will be automated and much faster.
ScorchWrap webpack plugin supports multiple entry points and chunks. Enforcing policy on module requirements is now implemented. Remaining work for the first beta release includes getting the policy enforced on globals. LavaMoat GitHub PR
SES lockdown is being split into two stages, allowing for “Vetted Shims” to be applied to intrinsics after repair, but before freezing. Endo GitHub PR It should help compatibility and let us get past one of the final blockers to running MetaMask Mobile with lockdown.
SES on MetaMask mobile remains locking down pre-bundle and allowing for reflect-metadata as a trusted shim, as it is a direct dependency of our @consensys/on-ramp-sdk being used as a HOC provider wrapped around the Settings screen.
Phylum reported in early August that they had been alerted to a series of suspicious npm publications, including “a typosquat of a popular cryptocurrency library and a dependency that contained the malicious code buried deep in a large file that most developers would never bother looking at.” This is precisely the type of supply chain attack that LavaMoat is meant to protect against!
訂閱 The Alpha Drop,將市場 Alpha 直接寄到您的收件匣
作者:
Luker
Jen Luker, known by most as just Luker, is the Director of Product Security at Consensys, where she leads the frontline defenders who protect millions of users from vulnerabilities, emerging threats, and malicious actors across decentralized tech. An active participant in the Ethereum ecosystem since 2017, she has held key roles including Editor at ETHNews and Project Manager at MyCrypto. Luker is a regular speaker at industry conferences, the author of MetaMask's monthly Crypto Security Report, and an official ETH Security Badge holder as designated by The DAO. She's also a passionate advocate for continuous education and security awareness as essential pillars for the future of Ethereum and blockchain technology.
