I just heard about what is being called the "largest supply chain hack in history."

Hackers used phishing to take over the accounts of maintainers of popular NPM packages, injecting malicious code into widely downloaded open-source dependencies (such as chalk, debug, ansi-styles, etc.), which collectively have 2 billion downloads in a week.

The malicious script intercepts cryptocurrency transactions in the browser, replacing the original recipient address with the attacker's wallet address, directly facilitating fund hijacking.

Everyone should be careful to confirm the transaction receiving address with hardware wallet signatures for each transaction, and it is advised to avoid using web frontends for on-chain operations, at least until the affected NPM packages are completely cleaned up and patches are released.

If you are using a non-hardware wallet, you need to be even more cautious.

This type of supply chain attack is no longer targeting individual applications but directly cuts off the entire developer ecosystem, with a wide-ranging impact. Many DApps or trading services that call the contaminated libraries are at risk.

This article is sponsored by #Bitget ｜ @Bitget_zh

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。