Ledger Wallet Drain: ConnectKit Issues
Andalusia $1B Valuation | Bittensor TAO Summary
Marco Manoppo & Karon Pangestu
December 15, 2023
📢 Sponsor | 💡 Telegram | 📰 Past Editions
Good Morning. You know it’s the bull market when operators and founders who have other jobs to do are feeling overwhelmed with the sheer amount of things to do onchain. Help.
In Today's Email:
What Matters: Ledger Security Issue ⛓️
Founders Highlight: Joshua of Pixie Chess ♟️
Deal Flows: Andalusia Labs $48M raise 💰
For faster crypto news that matters, subscribe to our telegram!
Narratives: BRC20 ecosystem mania continues and BONK tests our FOMO.
WHAT MATTERS
Ledger ConnectKit Library Security Flaw
A really serious issue is currently unfolding across most hosted crypto frontends.
There is a supply attack on a popular connector, the @Ledger connect-kit.
It has been infected with a drainer, which you can confirm by deobfuscating the code.
Be extra vigilant!
— Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP)
12:47 PM • Dec 14, 2023
State of play: A compromised software library in Ledger software led to security issues affecting multiple dApps. The malicious code was injected into various dApps’s front end via Ledger’s ConnectKit library.
The exploit potentially affects all protocols using the ConnectKit, including Sushi, Lido, Metamask, and Coinbase.
Blockaid identified the issue as a "supply chain attack," where an attacker replaced library software with malicious code to drain assets.
Sushi’s CTO Matthew Lilley suggests the issue might stem from a compromised CDN hosting the software library.
Blockaid estimated an initial loss of $150,000 due to the incident, which later escalated to over half a million dollars.
Lookonchain estimates the attack resulted in approximately $484,000 in crypto assets stolen.
Ledger claimed that “the genuine Ledger ConnectKit 1.1.8 is now fully propagated.”
But Ledger also recommends waiting 24 hours until using the Ledger Connect Kit again.
Why it matters: The exploit highlights the need to overfocus on security when building decentralized applications.
Small overlooked aspects such as a reliance on a third-party library could create potential failure points in the supply chain.
For builders and investors: While the Ledger issue is addressed, it is still important to be cautious and stay informed in the several next days. Stay safe.
Make sure you don't have the malicious library cached and clear your cache by following the measure shared by @Mudit__Gupta
The ledger issue is now fixed.
To make sure you don't have the malicious library cached, go to cdn.jsdelivr.net/npm/@ledgerhq/… and ensure the version is 1.1.8.
If it's not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data.
— Mudit Gupta (@Mudit__Gupta)
2:09 PM • Dec 14, 2023
IN PARTNERSHIP WITH
Raremints
Bear markets are the best time to find your next 10x crypto opportunity.
Subscribe to RAREMINTS to get daily Web3 insights straight to your inbox and stay ahead of the curve, for free.
Join 10,000+ investors and builders from Binance, KuCoin, Animoca Brands, and more 👇
BUILDER-INVESTOR HIGHLIGHT
Joshua Harris of Pixie Chess
Joshua Harris is the founder of Pixie Chess and an EIR (entrepreneur in residence) at Paradigm.
Pixie Chess is a novel crypto game & financial experiment inspired by chess, TCGs & crypto structures like NounsDAO.
Joshua is looking for technical contributors to round out the Pixie Chess founding team.
Reach Joshua through [email protected] to be part of the Pixie Chess founding team.
Previous backgrounds: Joshua was on the founding team of Party Round (now Capital), a software provider that enables founders to raise, hold, spend, and send funds all in one place.
The big idea: Joshua is trying to design a better game that enables users to generate value and participate in something meaningful and exciting.
Take a peek at our referral reward at the bottom of this issue. Share this newsletter and receive our list of 500 crypto VC individuals 👇
INSIGHTS
Sami Kassab’s Summary on Bittensor
Credits to Sami Kassab for the original tweet.
Bittensor is often misunderstood and Sami Kassab is trying to summarize and explain what Bittensor is:
Bittensor rewards innovative machine learning models across various use cases.
Bittensor differentiates from other crypto-AI projects by targeting the full AI lifecycle, competing with giants like OpenAI, Google, and Anthropic.
Bittensor seeks to foster machine intelligence production through subnets, incentivizing contributions of expertise and digital resources for various applications.
Bittensor transforms AI model creation into a digital commodity market, similar to Bitcoin's computing market, with subnets incentivizing various AI-related tasks like text generation and data storage.
Bittensor's subnets target a wide range of AI models, serving niche industries and specialized applications not typically addressed by mainstream AI solutions.
Architecturally, Bittensor is a network of self-contained economic markets under a unified TAO token ecosystem, aimed at advancing machine intelligence.
In the Bittensor ecosystem, tokenholders guide AI development by deciding how network emissions are allocated among different subnets.
DEAL FLOWS
Andalusia Labs $48M Series A
1/ We're thrilled to announce
- @AndalusiaLabs Series A: $48M at $1B+ Valuation
- @Karak_Network Testnet: The only Ethereum L2 with native risk management, restaking, and AI infrastructure
- Global HQ in Abu DhabiThe future of risk management is here🟠
— Andalusia Labs (@AndalusiaLabs)
8:09 PM • Dec 13, 2023
Deal flows soared this week 📈 — we saw $380M+ in deals.
Andalusia Labs announced a $48M Series A round at a $1B valuation led by Lightspeed with participation from Mubadala Capital, along with Pantera Capital, Framework Ventures, Bain Capital Ventures, and DCG.
Andalusia Labs will use the fund to achieve three goals:
Accelerating product development: In the announcement, Andalusia Labs also announced the launch of Karak testnet, Karak is an EVM-compatible L2 blockchain.
Spurring Global Expansion: Andalusia Labs announced the establishment of a global headquarters in the capital of capital, Abu Dhabi.
Growing the Team.
In other news: Asian messaging giant LINE raises $140M to expand NFT venture, LINE NEXT, aiming to “popularize the Web3 ecosystem.”
Deal flows in the past week:
NodeKit, $1.2M Pre-Seed Round
Liquidium, $1.25M Pre-Seed Round
Poglin, $3M Seed Round
Gacha Monsters, $3M Seed Round
Metagood, $5M Seed Round
Sona, $6.9M Seed Round
Farcana, $10M Seed Round
Brahma, $2.5M Seed+ Round
nftperp, $3M Series A Round
Dynamic Labs, $13.5M Series A Round
Andalusia Labs, $48M Series A Round
Mocaverse, $11.88M Series A+
Lolli, $8M Series B Round
GFO-X, $20M Series B Round
THENA, $600K Strategic Round
cyber(.)fund, $100M investment fund
EthosX, $1.8M Private Round
Hackless, $1.2M Private Round
Line Next, $140M Private Round
Dovi, Undisclosed $ Strategic Round
Dora Factory, Undisclosed $ Strategic Round
Morph, Undisclosed $ Private Round
bitSmiley, Undisclosed $ Private Round
AIT Protocol, Undisclosed $ Private Round
MATR1X FIRE, Undisclosed $ Private Round
QUICK BITES
FASB publishes new crypto rules.
Safemoon files for Chapter 7 bankruptcy.
Ledger experiences ConnectKit library issues.
Coinbase offers spot crypto trading outside the US.
Rulematch launches crypto trading venue for banks.
Financial Regulators reiterate the call for crypto legislation.
CFTC pushes FTX-inspired rule to protect customers’ money.
DWS-Flow-Galaxy are forming a firm to issue a Euro stablecoin.
Copper launches custodian-agnostic settlement network for institutions.
NOTEWORTHY READS
Ledger security
— Alan Buidling Web 3 ⛓⚡️ (@alannetwork_)
2:45 PM • Dec 14, 2023
If you enjoy reading this issue, please consider subscribing. It takes 1 minute of your time but it would mean the world to us 🙇
Disclaimer: All the information presented in this publication and its affiliates is strictly for educational purposes only. It should not be construed or taken as financial, legal, investment, or any other form of advice.