⚠️ Unless prominent community members from @cosmos step in and validate that this is a real account, I would urge strong caution about following any "Barberry" vulnerability "fixes". cc: @gadikian - The @cosmos account has 514k+ followers, 4k+ tweets, around since 2008 ✅ - @cosmossdk has 16k+ followers, 700+ tweets, around since 2018 ✅ - This account, @cosmos_sdk only has 200 followers, 8 tweets, and around since 2022 ⚠️ - DNS records for amulet.dev show no A/AAAA/CNAME records nslookup.io/domains/amulet… ⚠️ Even if this is a real issue, a compromised contributor account could be a real vector for a supply-chain attack. So even if this turns out to be a nothingburger and is actually a vulnerability, I'd urge for validated statements to be made by multiple sources.
⚠️ Unless prominent community members from @cosmos step in and validate that this is a real account, I would urge strong caution about following any "Barberry" vulnerability "fixes". cc: @gadikian - The @cosmos account has 514k+ followers, 4k+ tweets, around since 2008 ✅ - @cosmossdk has 16k+ followers, 700+ tweets, around since 2018 ✅ - This account, @cosmos_sdk only has 200 followers, 8 tweets, and around since 2022 ⚠️ - DNS records for amulet.dev show no A/AAAA/CNAME records nslookup.io/domains/amulet… ⚠️ Even if this is a real issue, a compromised contributor account could be a real vector for a supply-chain attack. So even if this turns out to be a nothingburger and is actually a vulnerability, I'd urge for validated statements to be made by multiple sources.
@ankurb @cosmos @gadikian Hey @ankurb thanks for your careful approach. I can confirm you that @cosmos_sdk is legit, it was announced recently as new Cosmos SDK official twitter. You can also check that the attached tweet was retweeted by @cosmos and @cosmoshub 👇
@0xRobbStack @ankurb @cosmos @cosmos_sdk @cosmoshub thank you