🚨 BREAKING: Largest NPM Supply Chain Attack Ever – Billions of Downloads Compromised 🚨
In an unprecedented breach, hackers have hijacked popular NPM packages, impacting over 2.6 billion weekly downloads . The attack, initiated through a phishing campaign targeting a maintainer's account, has led to the injection of malware designed to swap wallet addresses in-browser across multiple blockchains, including $BTC, $ETH, $SOL, $TRX, $LTC, and $BCH .
This malware operates by silently altering wallet addresses during transactions, redirecting funds to the attacker's wallets without the user's knowledge. The compromised packages include widely used libraries such as chalk, debug, ansi-styles, and Nx .
⚠️ Immediate Actions Recommended:
▪️Use a hardware wallet for all transactions.
▪️Verify every transaction by double-checking wallet addresses.
▪️Avoid on-chain activity if you're using web wallets until further notice.
▪️Update your development dependencies to remove any compromised packages.
This attack underscores the critical need for vigilance in the software supply chain, especially concerning dependencies that interact with cryptocurrency transactions. Stay informed and secure your assets.
