No Gas for Gamers: Immutable zkEVM Will Let Developers Cover Fees: decrypt

Players who use the upcoming universal gamer profile system Immutable Passport will be able to avoid gas fees for games sponsored by their developers. Immutable says that it will sponsor gas fees for all games itself for a "limited time" when the zkEVM mainnet launches early next year.

zapper, SushiSwap and RevokeCash frontend compromised: officercia

⚠️ Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps: MatthewLilley

A potential supply chain attack on ledgerconnect kit. 🚨 The attacker injected a wallet draining payload into the popular NPM package.
This currently affects a couple of popular dapps.

ledger library confirmed compromised and replaced with a drainer. wait out interacting with any dapps till things become clearer: banteg

Do NOT use your Ledger for now ⚠️

Ledger Library Exploit Explainer for Average Folks:
Hudson Jameson

What is going on with the recent alerts not to use dapps?
A library that is used by many dapps that is maintained by Ledger was compromised and a wallet drainer was added.

What do I do as a normal user?
Do not interact with any dapp front ends on websites for now. This is an ongoing situation and it is risky to use dapps currently if you don't understand what backend libraries they use.

How does this drain your money?
If you visit the website you won't get automatically drained or your funds. However, prompts from your browser wallet (like MM) will display that give your assets to the malicious actors.

Does Ledger know about this?
Yes they do and are working on it.

Note: Even after Ledger corrects the bad code in their library, projects using and deploying that library will need to update things before it is safe to use dapps that use Ledger's web3 libraries.

Ledger: We have identified and removed a malicious version of the Ledger Connect Kit.

A genuine version is being pushed to replace the malicious file now. Do not interact with any dApps for the moment. We will keep you informed as the situation evolves.

Your Ledger device and Ledger Live were not compromised.

If you’re a MetaMask user: Please ensure that you have the Blockaid feature turned on in MetaMask Extension [available in "Experimental" tab] before performing any transactions on MetaMask Portfolio. The MetaMask Portfolio team is on it and has a fix in place that will be rolled out today.

The ledger issue is now fixed: Mudit Gupta

To make sure you don't have the malicious library cached, go to https://cdn.jsdelivr.net/npm/@ledgerhq/connect-kit@1 and ensure the version is 1.1.8.

If it's not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data

⚠️ Do NOT interact with any dApp till you have ensured you have the fix. Reload/restart the dApp after ensuring you have the right version and then feel free to use it.

If you used any dApp in last ~6 hours, go check if you still have all your money. If you have, you are fine: MuditGupta

Apple ATH

Update: Do NOT interact with any dApp till you have ensured you have the fix.

Some apps might be bundling the malicious library and serving directly. Although unlikely, but it's best to wait for the Apps to confirm they are safe before using them.

James Seyffart: "Grayscale Hit Hardest If SEC Doesn't Allow In—Kind Bitcoin ETFs given they have sitting on tons of bitcoin they bought at lower prices that they'd have to sell"

Eric Balchunas: "The reason the SEC wants cash creates only is this means only the ETF issuer handles btc and not the intermediaries (registered broker dealers can't). They prob also not comfy w them having unregistered broker dealer subsidiaries handle either (bc they not registered).

Cash creates are worse for taxes bc cash changes hands vs in-kind is simply a trade and no cash exchanges hands. Thus, cash create only bitcoin ETFs are not ideal and screw up one major advantage of ETF structure. Still better than nothing and hopefully they solve in-kind soon."

Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.

The investigation continues, here is the timeline of exploit: https://twitter.com/Ledger/status/1735326240658100414

cyber.Fund, an early backer in Ethereum, is committing $100m to projects that intersect blockchain technology with AI and IoT: Coindesk

Ledger Connect Kit Hack:

Malicious approval addresses *list:
https://github.com/RevokeCash/approval-exploit-list/blob/main/exploits/ledger-connect-kit.json

List of affected projects:
https://sourcegraph.com/search?q=context:global+@ledgerhq/connect-kit&patternType=standard&sm=1&groupBy=repo

Check if your address is affected: https://revoke.cash/exploits/ledger-connect-kit?chainId=1

*Affected users remain at risk as long as they haven't revoked their approvals: RevokeCash

Zerohedge: how next year could play out. I’ll [Goldman Trader] narrow it down to this: do you expect a recession or not in 2024?: Infinityhedge

In the past 40 years, there have been 8 easing cycles. If you snapshot the performance of S&P from the first cut to 12 months forward, the market was higher in 5 of 8 wen no recession & in the 3 occurrences where the market was negative, there was a recession.

"I’ll [Goldman Trader] note that we do NOT forecast a US recession next year"

+There’s nearly $6tr sitting in US money market funds.

SEC rejects Coinbase’s request for a separate regulatory framework for the cryptocurrency industry: fortune

"First, existing laws and regulations apply to the crypto securities markets. Second, the SEC addresses the crypto securities markets through rulemaking as well. Third, it is important to maintain Commission discretion in setting its own rulemaking priorities"

https://www.sec.gov/news/statement/gensler-coinbase-petition-121523

Summary: SEC denies Coinbase petition for new crypto rules, says existing laws work, has ongoing crypto rulemaking that could inform approach, wants to retain discretion over regulatory priorities.

Gurbir Grewal, the Director of the SEC's Division of Enforcement, has said, "You simply can't ignore the rules because you don't like them or because you'd prefer different ones: the consequences for the
investing public are far too great."

ARBITRUM DOWN

Arbitrum One Sequencer and Sequencer feed are currently experiencing issues. Arbitrum investigating this incident: status.arbitrum.io

Update: Producing Blocks now

90% of Arbitrum transactions were innoscriptions before the chain stopped: hildobby

A marketing team within media giant CMG claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, acc. to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional.

NFT Trader's [Marketplace] old Contracts Exploited🚨: dingaling

If you've ever used NFT Trader [nft Marketplace] in the past, revoke approval to their contract ASAP

0x13d8faF4A690f5AE52E2D2C52938d1167057B9af

0xC310e760778ECBca4C65B6C559874757A4c4Ece0

Boring Security: if you have any apes in lending protocols and have ever used NFTTrader, revoke approvals to NFTTrader before withdrawing.

It is most important to get folks who have deposits in BendDAO and Paraspace to revoke! For as soon as they withdraw they will be drained!

Hacker’s Address: 0x909f2159780e64143cf08f32dbbf56ed19478fda

How to escape assets from a compromised wallet?: officercia
For unclaimed tokens
For ERC721

To revoke: here