Attackers have compromised the NPM supply chain by replacing SVG files with malicious scripts, according to a report by SlowMist's 23pds. These scripts exploit cross-site scripting (XSS) vulnerabilities to deceive decentralized application (DApp) users into signing unauthorized transactions, resulting in asset theft. Users are urged to exercise caution and enhance their security measures to protect their assets.
Attackers Exploit NPM Supply Chain to Steal DApp User Assets
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.