Industry security researchers have pointed out that hackers stole only $50 worth of cryptocurrency in a large-scale supply chain attack affecting JavaScript software libraries.

According to the findings disclosed by Security Alliance on Monday, hackers breached the NPM (Node Package Manager) account of a well-known software developer and implanted malware into a popular JavaScript library that has been downloaded over a billion times, putting countless crypto projects at potential risk. Security Alliance stated that the attack specifically targeted Ethereum (ETH) and Solana (SOL) wallets.

The security company noted that the current amount stolen in the crypto space is less than $50 and confirmed that the Ethereum wallet address "0xFc4a48" is the only known malicious address at this time. Security Alliance also added on the X platform:

"The hackers did not fully exploit the access they had. It's like finding the key card to Fort Knox and using it as a bookmark. The malware is widely spread, but is currently almost completely neutralized," said security researcher Samczsun, who goes by the alias SEAL, in a separate comment to Cointelegraph. However, the $50 figure was raised from five cents a few hours ago, indicating that potential damage may still be developing.

Security Alliance stated that the initially stolen five cents was in Ether (ETH), along with approximately $20 worth of meme coins also being stolen.

According to Etherscan data, the malicious address has received meme coins such as Brett (BRETT), Andy (ANDY), Dork Lord (DORK), Ethervista (VISTA), and Gondola (GONDOLA).

The attack targeted packages like chalk, strip-ansi, and color-convert—these small tools are deeply embedded in the dependency trees of countless projects. Even if developers did not directly install these packages, they could still be affected.

NPM is akin to a developer's app store, a centralized repository for developers to share and download small code packages to build JavaScript projects.

The attackers are suspected of implanting a type of malware called crypto-clipper, which quietly replaces wallet addresses during transactions to divert funds.

Ledger's Chief Technology Officer Charles Guillemet, along with several industry insiders, has urged crypto users to exercise caution when confirming on-chain transactions.

Ledger stated in another post that its devices were not directly affected by this NPM attack.

0xngmi, the pseudonymous founder of the crypto analytics platform DeFiLlama, pointed out that only crypto projects that updated after the malicious NPM package was released could be at risk. Moreover, even then, users would need to actively approve malicious transactions to incur losses.

He, like Guillemet, believes that users should avoid accessing related crypto websites to ensure safety until platform developers clean up the malicious packages.

Related: Gemini launches derivatives and Ethereum (ETH) and Solana (SOL) staking services in Europe

Original article: “SEAL Discloses: Actual Losses from the Largest NPM Attack in Cryptocurrency History are Less than $50”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。