j2p2 🟧

Some independent app builders in the Stacks ecosystem were recently targeted via Github in an effort to insert malicious code in their app repositories. We have found no evidence of an attack or compromise of the sBTC or Stacks Core repositories, but because some of these open-source devs also contributed separately to other ecosystem projects (including sBTC), we are taking the opportunity to review security practices around sBTC and Stacks Core and provide more guidance to contributors about their personal and company setups. Core development (including sBTC) already has extensive security practices in place including least-privilege permissions, branch protections, multi-man rules, MFA, code audits, and more. But as the Stacks ecosystem and sBTC usage grows, attempts on our software development process will become more common. We’re prepared for this increased scrutiny on our Github repositories and continue to strengthen our security practices. Stacks core devs are working with internal and external security experts to further tighten our software development process. We’ll publish a more detailed analysis of the attempted attack and security measures that helped catch it, along with information on upgraded security processes to help prevent future attacks. There are no user-facing changes at this time and no steps that users need to take - sBTC and the Stacks network continue to function as normal. Please note that as part of the sBTC development plan, it has filled its 3,000 BTC cap, and withdrawals are not enabled, so it is not currently possible to peg in or peg out of sBTC. You can always report anything suspicious or find more information on security at https://t.co/XMsUnVHt3F.