Ledger Wallet Drain: ConnectKit Issues

📢 Sponsor | 💡 Telegram | 📰 Past Editions

Good Morning. You know it’s the bull market when operators and founders who have other jobs to do are feeling overwhelmed with the sheer amount of things to do onchain. Help.

In Today's Email:

• What Matters: Ledger Security Issue ⛓️ 

• Founders Highlight: Joshua of Pixie Chess ♟️ 

• Deal Flows: Andalusia Labs $48M raise 💰

For faster crypto news that matters, subscribe to our telegram!

WHAT MATTERS

Ledger ConnectKit Library Security Flaw

State of play: A compromised software library in Ledger software led to security issues affecting multiple dApps. The malicious code was injected into various dApps’s front end via Ledger’s ConnectKit library.

• The exploit potentially affects all protocols using the ConnectKit, including Sushi, Lido, Metamask, and Coinbase.

• Blockaid identified the issue as a "supply chain attack," where an attacker replaced library software with malicious code to drain assets.

• Sushi’s CTO Matthew Lilley suggests the issue might stem from a compromised CDN hosting the software library.

• Blockaid estimated an initial loss of $150,000 due to the incident, which later escalated to over half a million dollars.

• Lookonchain estimates the attack resulted in approximately $484,000 in crypto assets stolen.

Ledger claimed that “the genuine Ledger ConnectKit 1.1.8 is now fully propagated.”

But Ledger also recommends waiting 24 hours until using the Ledger Connect Kit again.

Why it matters: The exploit highlights the need to overfocus on security when building decentralized applications.

• Small overlooked aspects such as a reliance on a third-party library could create potential failure points in the supply chain.

For builders and investors: While the Ledger issue is addressed, it is still important to be cautious and stay informed in the several next days. Stay safe.

• Make sure you don't have the malicious library cached and clear your cache by following the measure shared by @Mudit__Gupta

IN PARTNERSHIP WITH

Raremints

Bear markets are the best time to find your next 10x crypto opportunity.

Subscribe to RAREMINTS to get daily Web3 insights straight to your inbox and stay ahead of the curve, for free.

Join 10,000+ investors and builders from Binance, KuCoin, Animoca Brands, and more 👇

BUILDER-INVESTOR HIGHLIGHT

Joshua Harris of Pixie Chess

Joshua Harris is the founder of Pixie Chess and an EIR (entrepreneur in residence) at Paradigm.

• Pixie Chess is a novel crypto game & financial experiment inspired by chess, TCGs & crypto structures like NounsDAO.

• Joshua is looking for technical contributors to round out the Pixie Chess founding team.

• Reach Joshua through [email protected] to be part of the Pixie Chess founding team.

Previous backgrounds: Joshua was on the founding team of Party Round (now Capital), a software provider that enables founders to raise, hold, spend, and send funds all in one place.

The big idea: Joshua is trying to design a better game that enables users to generate value and participate in something meaningful and exciting.

Take a peek at our referral reward at the bottom of this issue. Share this newsletter and receive our list of 500 crypto VC individuals 👇

INSIGHTS

Sami Kassab’s Summary on Bittensor

Credits to Sami Kassab for the original tweet.

Bittensor is often misunderstood and Sami Kassab is trying to summarize and explain what Bittensor is:

• Bittensor rewards innovative machine learning models across various use cases.

• Bittensor differentiates from other crypto-AI projects by targeting the full AI lifecycle, competing with giants like OpenAI, Google, and Anthropic.

• Bittensor seeks to foster machine intelligence production through subnets, incentivizing contributions of expertise and digital resources for various applications.

• Bittensor transforms AI model creation into a digital commodity market, similar to Bitcoin's computing market, with subnets incentivizing various AI-related tasks like text generation and data storage.

• Bittensor's subnets target a wide range of AI models, serving niche industries and specialized applications not typically addressed by mainstream AI solutions.

• Architecturally, Bittensor is a network of self-contained economic markets under a unified TAO token ecosystem, aimed at advancing machine intelligence.

• In the Bittensor ecosystem, tokenholders guide AI development by deciding how network emissions are allocated among different subnets.

DEAL FLOWS

Andalusia Labs $48M Series A

Deal flows soared this week 📈 — we saw $380M+ in deals.

Andalusia Labs announced a $48M Series A round at a $1B valuation led by Lightspeed with participation from Mubadala Capital, along with Pantera Capital, Framework Ventures, Bain Capital Ventures, and DCG.

Andalusia Labs will use the fund to achieve three goals:

• Accelerating product development: In the announcement, Andalusia Labs also announced the launch of Karak testnet, Karak is an EVM-compatible L2 blockchain.

• Spurring Global Expansion: Andalusia Labs announced the establishment of a global headquarters in the capital of capital, Abu Dhabi.

• Growing the Team.

In other news: Asian messaging giant LINE raises $140M to expand NFT venture, LINE NEXT, aiming to “popularize the Web3 ecosystem.”

Deal flows in the past week:

• NodeKit, $1.2M Pre-Seed Round

• Liquidium, $1.25M Pre-Seed Round

• Poglin, $3M Seed Round

• Gacha Monsters, $3M Seed Round

• Metagood, $5M Seed Round

• Sona, $6.9M Seed Round

• Farcana, $10M Seed Round

• Brahma, $2.5M Seed+ Round

• nftperp, $3M Series A Round

• Dynamic Labs, $13.5M Series A Round

• Andalusia Labs, $48M Series A Round

• Mocaverse, $11.88M Series A+

• Lolli, $8M Series B Round

• GFO-X, $20M Series B Round

• THENA, $600K Strategic Round

• cyber(.)fund, $100M investment fund

• EthosX, $1.8M Private Round

• Hackless, $1.2M Private Round

• Line Next, $140M Private Round

• Dovi, Undisclosed $ Strategic Round

• Dora Factory, Undisclosed $ Strategic Round

• Morph, Undisclosed $ Private Round

• bitSmiley, Undisclosed $ Private Round

• AIT Protocol, Undisclosed $ Private Round

• MATR1X FIRE, Undisclosed $ Private Round

QUICK BITES

• FASB publishes new crypto rules.

• Safemoon files for Chapter 7 bankruptcy.

• Ledger experiences ConnectKit library issues.

• Coinbase offers spot crypto trading outside the US.

• Rulematch launches crypto trading venue for banks.

• Financial Regulators reiterate the call for crypto legislation.

• CFTC pushes FTX-inspired rule to protect customers’ money.

• DWS-Flow-Galaxy are forming a firm to issue a Euro stablecoin.

• Copper launches custodian-agnostic settlement network for institutions.

NOTEWORTHY READS

• dcbuilder.eth’s read on the future of digital identity.

• A16z’s read on crypto topics the firm is excited about in 2024.

• Multicoin’s read on oracles and the new frontier for application-owned orderflow auctions.

If you enjoy reading this issue, please consider subscribing. It takes 1 minute of your time but it would mean the world to us 🙇

Disclaimer: All the information presented in this publication and its affiliates is strictly for educational purposes only. It should not be construed or taken as financial, legal, investment, or any other form of advice.