Hackers have compromised widely used JavaScript software libraries in what’s being called the largest supply chain attack in history. The injected malware is reportedly designed to steal crypto by swapping wallet addresses and intercepting transactions.
According to several reports on Monday, hackers broke into the node package manager (NPM) account of a well-known developer and secretly added malware to popular JavaScript libraries used by millions of apps.
The malicious code swaps or hijacks crypto wallet addresses, putting billions of downloads’ worth of projects at risk.
The breach targeted packages such aschalk,strip-ansiandcolor-convert— small utilities buried deep in the dependency trees of countless projects. Together, these libraries are downloaded more than a billion times each week, meaning even developers who never installed them directly could be exposed.
NPM is like an app store for developers — a central library where they share and download small code packages to build JavaScript projects.
Attackers appear to have planted acrypto-clipper, a type of malware that silently replaces wallet addresses during transactions to divert funds. Security researchers warned that users relying onsoftware walletsmay be especially vulnerable, while those confirming every transaction on ahardware walletare protected.
It remains unclear whether the malware also attempts to steal seed phrases directly.
This is a developing story, and further information will be added as it becomes available.
Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users
About The Author
