CIAN Security Update: We Are Safe After npm Attack

September 9, 2025

@everyone
Security Update: Cian is Safe

What Happened: The npm package "error-ex" (47M weekly downloads) was poisoned by attackers. Affected websites would redirect MetaMask transactions to hacker addresses using similar-looking addresses to confuse users during signing.

Cian's Status:
- All Safe - Comprehensive audit of our 5 frontend projects found zero compromised packages (checked both direct dependencies and all upstream transitive dependencies)
- Extra Precaution - We've locked all package versions and paused updates until threats clear
Bottom Line: It is completely safe to use all Cian interfaces.

General Security Recommendations:
- Hardware wallet users: Enable clear signing and verify every address digit-by-digit
- Software wallet users: Consider avoiding on-chain transfers temporarily, or at minimum pause updates/usage of suspicious JS packages
- Developers: Immediately check dependency versions and rollback to safe versions or lock dependencies
https://x.com/CIAN_protocol/status/1965288253353025874

Security Update: Cian is Safe

What Happened: The npm package "error-ex" (47M weekly downloads) was poisoned by attackers. Affected websites would redirect MetaMask transactions to hacker addresses using similar-looking addresses to confuse users during signing.

Cian's Status:
X

Previous Update

Next Update

CIAN Security Update: We Are Safe After npm Attack

The latest from CIAN

Help Center

Docs

Discord

Telegram DM 👑

Premium Feature

Unlock Premium Support

What's New

UPCOMING FEATURE

Recent Updates

Join the Hype Engine Waitlist

Upcoming: Hype Engine V2

Upcoming: Role Analytics

Recent Updates

Join Spark Tickets Waitlist

Join X Integration Waitlist

Discord SEO v2

Are you currently using our bot?

Join Role Analytics Waitlist