Today, September 8, a possible large-scale attack on the supply chain is being warned about through platform X, which could trigger silent fund thefts. It is advised to carefully read the signatures made in wallets (both cold and hot) or finally avoid interacting (performing
operations) until a better overview of the situation is obtained. What happened and
how can I avoid being a victim of this attack? Let's explore.



A few hours ago, news broke about the attack on the supply chain, and one of the first to announce it was the CEO of the #billetera cold #Ledger , Charles Guillemet, indicating that the NPM account of the developer Qix was hacked through a phishing email.

Image 1


Once the #Hacker had control of the email, it started publishing malicious versions of popular javascript packages like Chalk, Strip-ansi, color-convert, among others, with over a billion downloads weekly.

Image 2


The malicious code in question is called “crypto clipper”. So if any website uses these resources, the hacker can inject this malicious code and modify whatever they want.

Image 3


This “crypto clipper” can work in two ways:

1. Passive address exchange: Silently replaces
wallet addresses within dApps with those of the
attacker.

2. Asset seizure: Upon detecting a hot wallet (Like
Metamask, Rabby, Phantom, etc.), has the ability to modify the
in-memory transactions, changing the recipient's address to one
controlled by the hacker, even before the user approves it.


So what can we do for now to avoid being another victim?

1. Disable all hot wallet extensions
in the browser

2. Do not interact with any contracts (Swaps, approvals
of tokens, etc.)

3. If you are going to send assets from your wallet to a centralized Exchange,
make sure the address is the same and has not been modified.

Image 4

The intelligence platform @Arkham Intelligence has been able to recognize the hacker's wallets, compiling them all into one “entity”. So far, the “NPM Supply Chain attack” has detected that $159 has been stolen.

Image 5

For now, this is the information available and there are still more investigations to be conducted due to the magnitude of the attack. It is recommended to wait and see what happens in the coming hours and check if some protocol websites can update the information. #StaySafe #HackerAlert


👉More crypto updates ...

Share and follow me for more 👈😎

$BTC