A significant supply chain attack on JavaScript software libraries has resulted in the theft of less than $50 in cryptocurrency, according to Security Alliance. Hackers infiltrated the node package manager (NPM) account of a prominent developer, injecting malware into widely-used JavaScript libraries downloaded over a billion times. Despite targeting Ethereum and Solana wallets, the breach has so far resulted in minimal financial loss, with only $50 stolen, primarily in Ether and a memecoin.
The attack involved a crypto-clipper malware that alters wallet addresses during transactions to redirect funds. The breach affected packages like chalk, strip-ansi, and color-convert, potentially exposing numerous projects. Security experts, including Ledger's CTO Charles Guillemet, have advised caution when confirming onchain transactions. The situation is ongoing, with updates expected as more information becomes available.
Massive NPM Hack Nets Less Than $50 in Crypto Theft
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.