front-end

The U.S. Securities and Exchange Commission (SEC) Division of Trading and Markets issued a staff statement providing guidance on whether certain user interfaces used to generate trading instructions for crypto asset securities (Covered User Interface) need to be registered as broker-dealers.The statement noted that under specific conditions, providers of such interfaces may not need to register as broker-dealers under Section 15 of the Securities Exchange Act. These conditions include: not actively soliciting specific trades, not providing investment advice, not controlling or executing trades, generating trading instructions solely based on objective parameters, and fully disclosing the fee structure, potential conflicts of interest, and associated risks to users.The SEC emphasized that such interfaces typically exist in the form of websites, browser plugins, or wallet applications, used to convert trading parameters set by users into on-chain executable instructions, while also providing market data such as prices, paths, and fees.Additionally, the statement clarified that such exemptions do not apply to activities involving trade matching, fund custody, order routing, or providing investment advice. The relevant guidance is a temporary opinion and will automatically expire in 2026 if no further action is taken. The SEC stated that this move aims to provide a clearer regulatory framework for activities related to crypto asset securities and continues to seek market feedback.

Galaxy Research Director Alex Thorn shared the latest developments on the crypto market structure bill on the X platform: "A bipartisan meeting was held today to discuss the core demands put forth by both Democrats and Republicans to advance the bill. We reviewed a key document that emerged from this meeting.The main demands from the Democrats regarding DeFi include: front-end compliance with sanctions requirements; granting the Treasury greater 'special measures' authority; and establishing regulatory rules for 'non-decentralized' DeFi.Other demands from the Democrats include: adjusting the classification of crypto assets; introducing new investor protection provisions for crypto ATMs and FTC consumer protection; adding anti-evasion provisions (to prevent evasion of securities laws or other regulatory requirements through loopholes); setting a fundraising cap of up to $200 million for issuers, and requiring protocol parties to proactively report to the SEC, explaining that they do not constitute securities."Matters still pending further discussion include the regulation and handling of stablecoin yields; ethical standards and conflicts of interest, among others. Republicans are pushing for the Senate Banking Committee to review the bill next Thursday (January 15). It remains unclear whether the two parties can reach a consensus to make it a bipartisan bill, as many issues are still unresolved.

Galaxy Research Director Alex Thorn shared the latest developments on the crypto market structure bill on the X platform: "A bipartisan meeting was held today to discuss the core demands put forward by both Democrats and Republicans to advance the bill. We reviewed a key document that emerged from this meeting.The main demands from the Democrats regarding DeFi include: front-end compliance with sanctions requirements; granting the Treasury greater 'special measures' authority; and establishing regulatory rules for 'non-decentralized' DeFi. Other Democratic demands include: adjusting the classification of crypto assets; introducing new investor protection provisions for crypto ATMs and FTC consumer protection; adding anti-avoidance clauses (to prevent evasion of securities laws or other regulatory requirements through loopholes); setting a cap of $200 million for fundraising by issuers, and requiring protocol parties to proactively report to the SEC, clarifying that they do not constitute securities.Outstanding issues for further discussion include the regulation and handling of stablecoin yields; ethical standards and conflicts of interest, among others. Republicans are pushing for the Senate Banking Committee to review the bill next Thursday (January 15). It remains unclear whether the two parties can reach a consensus to make it a bipartisan bill, as many issues are still unresolved."

According to market news, the official website of the Pepe memecoin has suffered a front-end attack, and the attackers are currently redirecting users to malicious links. Blockaid stated that the site contains code for the "Inferno Drainer." The Inferno Drainer is a set of scam tools used by threat actors, including phishing website templates, wallet draining tools, and social engineering tools.Currently, the price of the Pepe token has not reacted immediately to this incident, having risen about 4% in the past 24 hours. Cybersecurity company Blockaid encourages users to avoid the site until the issue is resolved to remain vigilant.

The DeFi protocol Balancer is currently under attack, with losses exceeding $116.6 million across multiple chains, and the attack on Balancer is still ongoing.According to the on-chain AI analysis tool CoinBob, the historical security incidents of Balancer are as follows:June 2020 Flash Loan Attack: Attackers exploited a compatibility issue between the deflationary token (STA/STONK) and Balancer's smart contracts, repeatedly calling swapExactAmountIn to drain the liquidity pool, ultimately profiting $523,600.August 2023 V2 Pool Vulnerability: The Balancer V2 pool suffered multiple flash loan attacks due to a code vulnerability, with total losses reaching $2.1 million. The team urgently paused the affected pools and advised users to withdraw their funds, but some funds that were not withdrawn in time were still exploited.September 2023 Frontend Hijacking Attack: Hackers gained control of Balancer's frontend through BGP/DNS hijacking, tricking users into authorizing malicious contracts, resulting in a loss of $238,000. On-chain detective ZachXBT traced the funds to address 0x645710Af050E26bB96e295bdfB75B4a878088d7E.2023 Euler Incident Impact: Due to a vulnerability in Euler Finance, Balancer's bbeUSD pool suffered a loss of $11.9 million, accounting for 65% of the pool's TVL. The team took protective measures to limit liquidity withdrawals.2024 Velocore Attack Association: The Velocore vulnerability exploited Balancer-style CPMM pools, resulting in a loss of $6.8 million. Balancer's technical architecture was indirectly implicated due to cross-protocol integration.

ChainCatcher news, Glassnode released a market analysis indicating that macro uncertainty continues to weigh on Bitcoin. Gold has outperformed Bitcoin by over 20%, taking away some of Bitcoin's asset preservation value, and the options market also reflects this shift in sentiment. Overnight price movements have triggered a sharp increase in short-term volatility.The front-end options for Bitcoin are currently trading at a volatility of about 50, showing that traders are paying a higher premium for immediate protection against market downturns. BTC has recently shown a tendency to behave more like a macro asset rather than a risk-hedging asset, with a strong bias towards put options. The cost of downside protection remains higher than the upside risk exposure, reflecting the market's ongoing defensive inclination.

ChainCatcher news, August 27, according to official news, the AI front-end development tool v0 under the American cloud development platform company Vercel has announced that it now accepts users to purchase v0 credits using USDC.

ChainCatcher news, Farcaster co-founder Varun Srinivasan stated on Warpcast that one of the front-end applications of the decentralized social network Farcaster, Warpcast, will be renamed to Farcaster.Specific changes include: the mobile application will be renamed accordingly; the classic Arch logo will be reactivated; the official website domain will migrate from warpcast.com to farcaster.xyz; all old links will remain backward compatible, and users will not need to take any action.

ChainCatcher news, according to DefiLlama data, as of April 13, Uniswap's front-end trading fees (revenue) reached $182.88 million.

ChainCatcher news, Morpho Labs stated on its X platform that after continuous investigation, it has confirmed that the Morpho frontend is secure. Users do not need to take any additional measures. Morpho indicated that at 4:44 AM Central European Time today, the Morpho team discovered and fixed the frontend issue. Next week, the team will share a detailed article explaining the cause, scope, and solution.Previous news, according to monitoring by Shield, a certain address may have suffered a loss of 2.6 million dollars due to an attack exploiting the Morpho Blue frontend vulnerability, with the attack transaction being front-run by the well-known on-chain arbitrageur c0ffeebabe.eth, and the funds ultimately transferred to address 0x1A5B...C742.

ChainCatcher news, according to an official post by Morpho Labs on the X platform, the team has identified and addressed the issues that arose during yesterday's Morpho App frontend update. The related changes have now been rolled back, and the application has resumed normal operation. Morpho confirms that all user funds within the protocol are safe and unaffected, and they will release a detailed explanation later.

ChainCatcher news, Odin.fun developer Bob Bodily posted on the X platform responding to rumors of an attack on the platform. He stated that there was a bug in the deposit synchronization code of Odin.fun, which caused some users' balances to be greater than the amounts they deposited. This is why no one could find the 74 BTC deposit transactions on the chain. This issue has been fully resolved about 12 hours ago, and all user funds are safe, with no users suffering direct losses due to this bug. Improvements are currently being made to the ODIN.fun front end, adding deposit and withdrawal statuses (pending, confirmed, credited) as well as browser links to track the flow of funds.

ChainCatcher message, Slow Mist Yu Xian posted on platform X stating that Safe has ultimately been breached. The smart contract part is indeed fine (easily verifiable on-chain), but the front end was tampered with and forged to achieve a deceptive effect.As for why it was tampered with, we will wait for the official details from Safe. Safe can be considered a type of security infrastructure; theoretically, anyone using this multi-signature wallet could be stolen from, similar to Bybit. All other services with front ends, APIs, and user interaction may carry this risk as well. This is also a classic supply chain attack, and the security management model for large/huge assets needs a significant upgrade.

ChainCatcher news, Slow Mist founder Cosine stated that Lottie Player was attacked by supply chain poisoning, with Ace Drainer related to phishing gangs poisoning the front-end script module Lottie Player relied on by well-known Web3 projects. Fortunately, it was discovered in time, and the impact should be minimal.If your project uses the Lottie Player module, please check whether there is any malicious code introduced (currently known versions 2.0.4 and the latest 2.0.8 do not contain malicious code).

ChainCatcher news, Banana Gun stated on platform X that some users encountered unauthorized wallet transfers. After the first incident, the team immediately shut down the bot and began a thorough inspection of the backend. The team has confirmed that the backend was not compromised. Both the router and database have been thoroughly checked, and only a very small number of users (fewer than 10) were affected.Additionally, the transfers appear to have been executed manually, and the issue may stem from a frontend vulnerability. As the team prioritizes security, the bot will remain offline during the investigation of the root cause.Previous news, Banana Gun community member yannickcrypto.eth posted on X stating: "The Banana Gun team confirms that hackers may have attacked nearly 50 TG accounts and withdrew funds through these accounts."

ChainCatcher message, according to DefiLlama data, as of August 30, Uniswap's front-end trading fee revenue reached $61.27 million.

ChainCatcher message, the Web3 fraud prevention and browser extension Pocket Universe posted on the X platform, stating that it has detected a hack on the Parcl official website frontend, which will extract tokens from users' Solana wallets and display false tx results in Phantom.

ChainCatcher news, according to The Block, the cumulative front-end fees of Uniswap Labs, the development company behind the Uniswap protocol, have surpassed $50 million. In October last year, the protocol charged a fee of 0.15% on user transactions on its web interface and wallet application, with the fees going directly to Uniswap Labs. In mid-April, Uniswap Labs increased its interface fee from 0.15% to 0.25%.

ChainCatcher message, DefiLlama data shows that as of August 10, Uniswap's front-end trading fees (revenue) have reached 57.33 million dollars.