Security

The biggest npm attack in the history of code is stealing less than $50: seal

2 Min Read
2 Min Read
The biggest npm attack in the history of code is stealing less than : seal

Hackers have only been able to steal $50 worth of crypto from a large supply chain hack that affects JavaScript software libraries, industry security researchers say.

The Crypto Intelligence Platform Security Alliance shared its findings on Monday after infiltrating well-known software developer Node Package Manager (NPM) accounts, adding malware to popular JavaScript libraries that have already been downloaded over a billion times, putting countless cryptographic projects at risk. According to the Security Alliance, Ethereum and Solana wallets were specifically targeted.

Luckily, under $50 has been stolen from the crypto space so far, the security company said it has identified the Ethereum wallet address “0xfc4a48” as it so far considered the only malicious address. Added to x:

“Imagine this: compromise NPM developer accounts where packages are downloaded more than 2 billion times a week. There is a possibility of free access to millions of developer workstations.

sauce: Security Alliance

However, the $50 figure hit a 5 cent few hours ago, suggesting that potential damage may still be unfolding.

The stolen 5 cents were ether (ETH), and another $20 worth of Memecoin has compromised, the Security Alliance said. Etherscan data shows that malicious addresses have received Brett (Brett), Andy (Andy), Dork Lord (Dork), Ethervista (Vista), and Gondola (Gondola) Memecoins so far.
Packages targeting violations such as Chalk, Strip-Ansi, and Color Convert are buried deep within the dependent tree with countless projects. Even developers who have never installed them directly can be exposed.

NPM is like an app store for developers. This is a central library that shares and downloads small code packages to build JavaScript projects.

See also  The second day of the Roman storm trial

It appears that the attacker has planted a crypto clipper. This is a type of malware that quietly replaces wallet addresses during transactions, and diverts funds.

Ledger’s Chief Technology Officer Charles Guillemet was among many who encouraged crypto users to proceed with caution when reviewing Onchain transactions.

This is a developing story, and more information will be added as it becomes available.

Discover more from Earlybirds Invest

Subscribe to get the latest posts sent to your email.

TAGGED:
Share This Article
Leave a comment

Popular News

Will stablecoin supercycle save POL price prediction?
Will stablecoin supercycle save POL price prediction?
Bitcoin
Tether shareholder Christopher Harborn gives £19m to Farage’s Reform UK
Tether shareholder Christopher Harborn gives £19m to Farage’s Reform UK
Legal
Attacks on crypto holders in Trinidad increase; gunmen steal ,800 in ambush
Attacks on crypto holders in Trinidad increase; gunmen steal $85,800 in ambush
Security
Ethereum’s First ZK-Rollup ZKsync Lite to Shut Down in 2026
Ethereum’s First ZK-Rollup ZKsync Lite to Shut Down in 2026
XRP
Success Story: Sohail Ghafoor’s Learning Journey with 101 Blockchains
Success Story: Sohail Ghafoor’s Learning Journey with 101 Blockchains
Blockchain
bitcoin
Bitcoin (BTC) $ 91,974.41
ethereum
Ethereum (ETH) $ 3,117.88
tether
Tether USDt (USDT) $ 1.00
bnb
BNB (BNB) $ 897.34
xrp
XRP (XRP) $ 2.10
cardano
Cardano (ADA) $ 0.441413
usd-coin
USDC (USDC) $ 1.00
binance-usd
BUSD (BUSD) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.147715
okb
OKB (OKB) $ 107.31
shiba-inu
Shiba Inu (SHIB) $ 0.000009
tron
TRON (TRX) $ 0.283474
uniswap
Uniswap (UNI) $ 5.93
litecoin
Litecoin (LTC) $ 83.38
solana
Solana (SOL) $ 139.63
chainlink
Chainlink (LINK) $ 14.23
cosmos
Cosmos (ATOM) $ 2.32
ethereum-classic
Ethereum Classic (ETC) $ 13.75
filecoin
Filecoin (FIL) $ 1.55
bitcoin-cash
Bitcoin Cash (BCH) $ 572.13
monero
Monero (XMR) $ 404.22

Discover more from Earlybirds Invest

Subscribe now to keep reading and get access to the full archive.

Continue reading