⚠️Massive Poisoning in the NPM Ecosystem: Your Wallet May Be Targeted!
Note: A serious supply chain attack has occurred in NPM—
Attackers infiltrated the accounts of maintainers of several well-known packages (such as chalk, debug, etc.) on the world's largest JS package management platform, NPM, through phishing methods, and then injected malicious code into these packages.
Since these packages are among the most commonly used tools in the entire JavaScript ecosystem, with over 2 billion downloads per week, the impact is significant.
This is one of the largest supply chain attacks in the history of the NPM ecosystem, where hackers used maintainer accounts to inject malicious code into commonly used packages, specifically targeting Web3/crypto wallet users, to "silently steal funds" through browser hijacking.
This means that the projects, software wallets, browser plugins, etc., you interact with may be at risk due to the use of this version of the malicious library.
1️⃣ Scope of the Attack
The packages that have been injected with malicious code include: chalk, debug, ansi-styles, supports-color, and 18 other frequently used dependencies.
These libraries are foundational components for many front-end, back-end, and CLI tools, and almost the entire JS ecosystem may be affected.
2️⃣ Functionality of the Malicious Code
Browser Hijacking: Injected into APIs such as fetch, XMLHttpRequest, window.ethereum, etc.
Scanning Sensitive Data: Detecting transaction requests, wallet addresses (supporting multi-chain formats like ETH, BTC, Solana, Tron, LTC, BCH, etc.).
Address Replacement: Replacing legitimate receiving addresses entered by users or called by applications with wallet addresses controlled by attackers.
Transaction Hijacking: Even if the interface seen by the user appears correct, the actual transaction will be tampered with during signing, transferring funds to the hacker.
Concealment: Replacing with "similar addresses" to make it difficult for users to detect; avoiding obvious modifications at the interface level.
3️⃣ Victim Risks
All Web3 applications, websites, and wallet plugins that rely on these packages may be indirectly infected.
Users using wallets in their browsers may unknowingly approve or transfer funds to hacker accounts.
4️⃣ Core: Security Recommendations
It is recommended to reduce transfers or take the following precautions before major platforms, wallets, and development teams conduct self-checks and eliminate risks—
Hardware Wallet Users: If clear signing is enabled and addresses are verified one by one, risks can be avoided.
Software Wallet Users: Try to avoid on-chain transfers in the short term, or at least pause updates/use of suspicious JS packages.
Developers should immediately check dependency versions and roll back to safe versions or temporarily lock dependencies.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
