According to Cointelegraph, a significant supply chain attack has compromised widely used JavaScript software libraries, marking what is being described as the largest incident of its kind in history. The injected malware is reportedly designed to steal cryptocurrency by swapping wallet addresses and intercepting transactions. Reports indicate that hackers infiltrated the node package manager (NPM) account of a prominent developer, secretly embedding malware into popular JavaScript libraries utilized by millions of applications.
The malicious code is capable of hijacking or swapping cryptocurrency wallet addresses, thereby putting billions of downloads' worth of projects at risk. The breach specifically targeted packages such as chalk, strip-ansi, and color-convert, which are small utilities deeply embedded in the dependency trees of numerous projects. These libraries collectively receive over a billion downloads each week, suggesting that even developers who have not directly installed them could be exposed to the threat.
NPM functions as a central repository for developers, akin to an app store, where they can share and download small code packages to construct JavaScript projects. The attackers appear to have deployed a crypto-clipper, a type of malware that discreetly replaces wallet addresses during transactions to divert funds. Security researchers have cautioned that users relying on software wallets may be particularly vulnerable, whereas those who confirm every transaction on a hardware wallet are protected. It remains uncertain whether the malware also attempts to directly steal seed phrases.
This situation is evolving, and additional information will be provided as it becomes available.