Massive #npm Breach Hijacks Crypto Wallets Through Common JavaScript Libraries

A widespread supply chain attack hit 18 popular npm packages—such as #chalk , #debug , and ansi-styles—with over 2 billion weekly downloads affected. Hackers hijacked a maintainer’s account and injected code that subtly alters crypto transaction details in browser wallets like #MetaMask and #Phantom , sending funds to attackers while presenting legitimate addresses to users. The breach was caught within minutes and disclosed within an hour. Developers should urgently roll back affected packages, audit recent updates, and remain alert to suspicious wallet behavior.

Why This Matters
Supply chain vulnerabilities: Malware in foundational libraries can ripple across countless projects.

Wallet-level manipulation: Users may unknowingly approve malicious transactions—despite interacting with vetted dApps or libraries.

Rapid detection: Quick response minimized damage—but the sheer scale highlights how precarious the JavaScript ecosystem can be.