Friday, September 12, 2025

Colosseum Codex: Supply Chain Attack, RPCv2 RFPs, Solana September Update

Source: https://blog.colosseum.com/supply-chain-attack-rpcv2-solana-september/

Supply Chain Attack, Solana RPC Infrastructure RFPs, QuickNode Solana September Update

https://preview.redd.it/e649cqqhstof1.png?width=960&format=png&auto=webp&s=99918d9febd2848fdf73f86acb02fa1c91f95a96

The next Colosseum hackathon, Cypherpunk, officially kicks off on September 25 and registrations are now open! Tracks, prizes, and sponsors will be unveiled as we get closer to kickoff so get registered and get ready.

Register now for Cypherpunk

Here's what's featured in this week's issue:

  • Lessons learned from a huge NPM supply chain attack
  • Solana Foundation releases Solana RPCv2 Infrastructure RFPs
  • A Solana update for September 2025 from QuickNode

๐Ÿ›ก️ Supply Chain Attack

Earlier this week, attackers pulled off a huge supply chain attack in history, compromising NPM maintainer accounts and pushing malicious code into JavaScript packages like chalk, error-ex, and others.

A contributor was compromised after falling victim to a phishing email. With those credentials, the attacker got control of their NPM account and pushed malicious updates to widely used packages

Maintainers, npm’s security team, and researchers quickly flagged the issue after build errors exposed the malicious code. The affected packages were rolled back to safe versions within hours, and npm began scrubbing compromised versions from the registry. 

What Developers Can Do to Protect Themselves:

  • Pin Dependencies: Use overrides in package.json to lock critical dependencies to known-safe versions.
  • Audit Regularly: Run dependency audits and monitor for suspicious or unpublished versions in your lockfile.
  • Harden CI/CD: Fail builds on unexpected updates or obfuscated code. Even a small anomaly can be a red flag.
  • Security Awareness: Train teams to recognize phishing emails. This entire incident started with a single malicious link.

Despite the massive scale the actual financial damage was negligible. Researchers tracking attacker wallets reported that the malware only managed to steal less than $1000 in assets. 

Anatomy of a Billion-Download NPM Supply-Chain Attack

๐Ÿ”ฎ Solana RPC Infrastructure RFPs

The Solana Foundation is funding the next generation of infrastructure with three RFPs to modernize how developers query accounts, access historical data, and stream network activity. 

  • RPCv2 Accounts Service: Funds a standalone accounts RPC service built for performance with faster account queries, websocket subscriptions, and a decoupled architecture.
  • RPCv2 Historical Service: Supports building a modular, open-source historical RPC service with cheaper, pluggable database backends and cold storage support.
  • RPCv2 Streaming Service: Supports building a lightweight streaming node that uses fewer resources and can easily share data with other services.

Each RFP is open until October 10, 2025, with grants available for contributors. Developers interested in contributing can apply for these grants here.

Alongside the new RFPs, the Solana Foundation announced the formation of an RPC working group to coordinate RPC operators, application developers, and grant recipients on development of the next-generation read layer. 

Teams funded through the RFPs will join the working group, receive follow-up maintenance grants, and collaborate under a shared AGPL-licensed codebase ensuring the new infrastructure is open, auditable, and community-owned.

Solana RPCv2 Infrastructure RFPs

๐Ÿ“‘ Solana September Update

The Solana update for Sept 2025 from QuickNode covers progress across the Solana ecosystem, with several key developments.

Nearly 15% of mainnet is now running on dedicated fiber through DoubleZero. This provides validators with low-latency, deterministic connections,helping improve overall network speed.

Validator software continues to advance with Agave recently surpassing 1.1M TPS in synthetic benchmarks. 

The Jito fork of Agave introduced block assembly marketplace technology, which processes transactions in a trusted execution environment that mitigates MEV by keeping transaction details private until they are included in a block.

Solana validators approved the move to the new Alpenglow protocol for block distribution, which should enable transaction confirmations in 150 milliseconds.

On the RPC side, QuickNode has invested in infrastructure upgrades and published live benchmarks comparing Solana RPC performance across providers to measure RPC latency and reliability in real time.

Ecosystem programs also saw significant progress. 

Switchboard reported major performance improvements, claiming updates that are up to one thousand times more efficient than competitors. 

At the application level, revenue for Solana programs reached an all-time high. This indicates that developers on the network are generating meaningful income and that activity on Solana continues to grow.

Check out the full video for additional details.

QuickNode Solana Update September 2025

⚡ Quick Hits

Rektoff Solana Rust Security Bootcamp Cohort 2 Applications are Open - @rektoff_xyz

How Solflare became Solana’s self-custodial wallet for everyday users - Token Relations

P-Token: Solana’s Next Big Efficiency Unlock - Helius

Measuring growth in crypto: What’s different, what matters, and what needs to be adapted - a16zcrypto

Introducing Confidential Transfers on Solana: A New Era of Privacy - @UmbraPrivacy

Shank docs are live now with guides, examples, and macro references - @Metaplex

Breaking down Solana & Ethereum: Fees - @_JonahB_

What’s the Solana Collective and how do I join - @damiwho_

⚙️ Tools & Resources

sb-on-demand-examples is a collection of example repositories for Switchboard's On-Demand SDK 0.8.0 that includes real-time price feeds and data oracles, Verifiable Random Function (VRF) for trustless randomness, and secure and reliable secret management

shadcn-registry for Wallet UI installs a wallet component from the registry for customization and styling like any other shadcn/ui component without being locked into a fixed library.

๐Ÿ‘ฉ‍๐Ÿ”ง Get Hired

๐Ÿ“… Event Calendar

Solana Ideathon Krakรณw, Poland, Sept 24
The Solana Ideathon, hosted by Superteam Poland, is a six-city tour across Poland that includes talks, workshops, and pitching sessions with a relaxed community atmosphere designed to spark new startup ideas on Solana.

OnlyDevs, Mumbai, India, Oct 4
OnlyDevs is an in-person event featuring talks from CTOs and founding engineers, opportunities to connect with high-quality peers, a well-equipped venue for work and collaboration, and a demo day for showcasing prototypes.

Accelerate Berlin - Solana Ideathon, Berlin, Germany, Oct 10
Solana Superteam Germany is hosting a Berlin Ideathon where builders can form teams, develop ideas, and pitch to a jury for a share of 1,500 USDC in prizes. The event features live startup pitches, investor insights, and networking, making it a key warm-up for the upcoming Cypherpunk Hackathon in Sept/Oct.

๐ŸŽง Listen to This

When Shift Happens

Lily Liu, President of the Solana Foundation, lays out her vision for how Bitcoin and Solana together can replace traditional banking.

She frames Bitcoin as digital gold, serving as a global store of value, while Solana functions as the high-speed transaction layer capable of providing financial infrastructure for the 5.5 billion people excluded from today’s system.

Liu discusses the barriers of traditional banking, including her own experience being blocked by banks, and contrasts them with the open, permissionless nature of crypto.

She explains how Solana enables internet-native financial services, why decentralization matters for global access, and how the ecosystem can avoid cultural pitfalls while scaling.

The conversation highlights the complementary roles of Bitcoin and Solana in building a permissionless, global financial network designed for the internet age.

Solana President: How Bitcoin and Solana Are the Future of Banking

Follow @mikehale on X or Warpcast!

Thanks for reading ✌️

I hope you found something useful here! If you have any suggestions or feedback just let me know what you think.


ATHs into FOMC Week… 9-12-25 SPY/ ES Futures, and QQQ/ NQ Futures Weekly Market Analysis

We have finally made it to the official weekend change over for Discord/ Substack! As of now I have unlocked the discord for all… PLEASE read the announcement. It makes things very clear and black/ white.

Substack/ Daily Newsletter. Today is the LAST official FREE daily newsletter. Beginning Monday you will need to have a PAID substack subscription (DaddyDersch is the name to search) in order to receive the daily TA by email! I will occasionally post a free TA here and there on Fridays but for the most part that is where you need to go. I did go ahead and open that up and I do see you guys already signing up which is awesome!

https://preview.redd.it/j2w8xnewssof1.png?width=975&format=png&auto=webp&s=040654132f909c06a3a375298e40197630846ac3

Coming into this week markets have really been giving off some terrible price action. We really have reached the buy the dip market. The last 2-3 days especially were brutal for anyone that trusted short. Not only that but we are getting some extremely tight ranges that refuse to break. It really is making winning hard.

With PPI on Wednesday coming in COLD but getting sold off I am still shocked that the CPI data (which was not cold) got bought up and I am honestly a big more surprised that today didn’t sell off.

Next week is FOMC on Wednesday. That is the big one. I am VERY curious what the fed will do. Not only that but we are going to get a new DOT PLOT… that makes this Wednesday FOMC even more spicy.

https://preview.redd.it/6kipidswssof1.png?width=975&format=png&auto=webp&s=8ab3eea58bd8cf9a31309ca2b7c346ce2c18a095

Despite the data the markets continue to price in a 25bps cut for the fed meeting. At 96.4% odds that is pretty firm by the market. However, I just can still not personally fathom how that is going to play out. Now with that being said this does remind me of June 2022 FOMC where the Monday before the fed whispers Nick T released and article detailing the big fed change against what was priced in. There is a potential that we could get a tweet by him that would claim no rate change at the meeting. IF that comes in we could see a very fast and very wildly aggressive sell off.

Now IF the fed does cut Wednesday the only justifiable reason they would have is that they moved the goal post from 2% to 3% for the target fed funds rate… I would be curious to see how the market would react to that news.

The big ticket item though is the DOT PLOT. For those of you that do not know every 3 months the fed updates the dot plot which essentially is the feds funds rate change projections for the next few years. I will be very curious on the back of rising CPI how the fed reacts…

SPY/ ES WEEKLY

https://preview.redd.it/g45nss7xssof1.png?width=975&format=png&auto=webp&s=551aeb31d438aa33590b19ec05cb557b9afd5163

After ES/ SPY spent almost 4 weeks stuck attempting to breakout it would appear that the next leg up in the market has begun. This is one of those times where its easy to say “XYZ is happening so we should go short” and when in reality the market is likely to just keep pushing…

To put things into perspective here for the bullishness that we are seeing… markets just re-entered extreme daily bull momentum, we continue to be in extreme weekly bull momentum since June, we just put in a new demand/ support at 637.21/6480 after a 8ema weekly support test and we have new weekly buyers. Truly there is just no reason to see anything but up.

Now of course FOMC could change everything… but I would not put my eggs in the bear basket for fomc… 90% of the time events/ data are bullishly received (even if they are not actually good news…).

SPY WEEKLY
Supply- 609.64
Demand- 637.21 -> 621.49

ES WEEKLY
Supply- 6130
Demand- 6480 -> 6262

QQQ/ NQ WEEKLY

https://preview.redd.it/cpmabukxssof1.png?width=975&format=png&auto=webp&s=40df5acfea7df05857a8ace6dcd02d02785098bc

When we look at QQQ/ NQ there are some similarities between ES/ SPY but there are also quite a few differences that need noted.

Largely while ES/ SPY spent the last 4 weeks flat on NQ we actually has a “significant” pullback that tested near 20ema support and 8ema weekly support. The setup I am seeing here now with a new ATH finally reached after 4 weeks of trying is a big ole bull flag. That breakout could come and should come next week.

Much like ES/ SPY there is pretty overwhelming bullishness that makes it VERY difficult to even think about downside…. 570.26/23450 is demand/ support along with 8ema support. Not only that but again since June we have been in extreme weekly bull momentum and the daily also just re-entered extreme bull momentum. The one oddity is that NQ has NOT seen stronger weekly buyers since its previous ATH 4 weeks ago (which means price is NOT justified) however on QQQ we have seen stronger weekly buyers for two weeks in a row… so that is something to keep in mind…

QQQ WEEKLY
Supply- 577.46 -> 538.18
Demand- 570.26 -> 553.94

NQ WEEKLY
Supply- 23800
Demand- 23450 -> 22859

VX/ VIX DAILY

https://preview.redd.it/tk5cpv1yssof1.png?width=975&format=png&auto=webp&s=72cb288e8538c3768c497b356b9fd13afba8bbb7

A little bit of an unexpected move here on VX/ VIX compared to the market movement. Today we finally came down and bounced off that 15.16-15.32/ 14.41 (to the penny on VIX) demand/ support area I was talking about. Not only that but we actually put in new demand/ supports on both at 15.65/ 14.7. These doji candles (especially VX) area actually pretty high probabililty upside pops that would take market lower. While I just got done telling you that everything is screaming bullish there is an interesting trend on the daily for ES/ NQ of red day -> 2 green days -> red day. We just finished out 2 green days which COULD mean a red day is coming Monday.

Now also we have to keep in mind the market knows FOMC is Wednesday and knows dot plot is Wednesday too so there is a potential that we could just be seeing some downside protections being put on. I will actually be curious to see where Vx/ VIX goes Monday and Tuesday.

If I was strictly looking at VX/ VIX I would generally bet on a pop to 16.21/ 15.13 and a red market day…

BITCOIN DAILY

https://preview.redd.it/u7ozh1hyssof1.png?width=975&format=png&auto=webp&s=b17c7f13557f65dbacb7dc5ab83c1c2eccc01fe5

Looking at Bitcoin here we are seeing a beautiful cup and handle formed now. The previous ATHs on 8/14 at 125,200 should be our target. Generally speaking we came down and retested a major support at the 100ema. With 8/20ema crossing bullishly back over the 50ema that should be our upside signal.

I Would need to see BTC close over 117,271 on the daily and I would generally again look for 123,661 supply followed by a new ATHs. That new ATHs pattern has usually resulted in about 2 weeks of consolidation. The area of 102,219-111,887 is now what I would consider extreme demand/ support. That area would need to be CLOSED under on the daily for anyone to justify a long term bearish outlook.

WEEKLY TRADING LOG

https://preview.redd.it/2oojwrvyssof1.png?width=975&format=png&auto=webp&s=b2b4e6db6b66838ba09f1cbd48ffd7a528c3bee4

Its ironic that some of my “best” weeks or months of profit are those weeks where I feel the worse. I was happy to take a nice payout on Monday and Tuesday. However after blowing my accounts on Thursday it was a big struggle. The price action the last two days was so brutally tight and choppy that the strategy I usually use to pass evals was very difficult. I was left stop loss hunted numerous times before I finally today was able to pass 6 more FNF evals.

I will start back Monday with 6 funded… looking for my 3 days of profit to then request 9k in payouts. The last two days were certainly not my best work. I will be looking to reset mentally this weekend and be ready to tackle the market Monday.