Just heard about what's being called the 'largest supply chain hack in history.' Hackers used phishing to compromise the accounts of popular NPM package maintainers, injecting malicious code into widely downloaded open-source dependencies (like chalk, debug, ansi-styles, etc.). These packages alone see 2 billion downloads per week. The malicious script intercepts cryptocurrency transactions in the browser, replacing the original recipient address with the attacker’s wallet address, effectively hijacking funds. Friends, make sure to carefully verify the recipient address for each transaction signed by your hardware wallet, and try to avoid using web frontends for on-chain operations. At least wait until the affected NPM packages are fully cleaned up and patched before using them again. If you’re using a non-hardware wallet, be extra cautious. This type of supply chain attack no longer targets individual apps but directly disrupts the entire developer ecosystem, with a wide-reaching impact. Many DApps or transaction services that call contaminated libraries are at risk. Sponsored by Bitget ｜ @Bitget_zh