The largest hacking of the supply chain npm… for only $ 50 stolen

The malicious actors are back, this time by targeting the account of the Node package manager (NPM) of a well -known software developer. The surveys revealed that hackers have added malware to popular JavaScript libraries, mainly attacking crypto wallets. However, after launching what industry investigators describe as the greatest attack on the crypto history supply chain, hackers have managed to fly only $ 50 in crypto assets.

Malveillant software in NPM packages puts crypto portfolios in danger, targeting the Ethereum and Solana wallets

According to the intelligence platform Blockchain Security Alliance, a malicious code injected by attackers compromised JavaScript libraries totaling more than a billion downloads, exhibiting many crypto projects at risks. The Crypto Intelligence firm said the hacker mainly targeted Ethereum and Solana portfolios.

For context, NPMs work as central libraries or application stores where developers can download and share small packages to create JavaScript projects. Reports indicate that Hackers seem to have hung a crypto-clippera type of malicious code that silently exchanges wallet addresses during transactions to divert funds.

So far, cybercriminals have managed to move only $ 50 to a malicious Ethereum portfolio. Security Alliance identified the portfolio address, labeled “0xFC4A48”, which they consider as the only compromised portfolio.

The propagation of the malware contained after a limited impact

Commenting on the fault, the pseudonym security researcher Seal Samczsun explained that the hacker had an important access but failed to take full advantage of it. He added that although malware has been widely disseminated, it has now been largely contained.

The hacker did not fully use the access he had. It's like finding Fort Knox's access card and using it as a bookmark. The malware was widespread but at this stage is almost completely neutralized.

Samczsun

However, the current sum of $ 50 has increased from A few cents a few hours earlierwhich suggests that other hacking events could still take place.

Security Alliance reported that five cents of Ethereum (ETH) and about $ 20 in the same time were stolen. According to data from Etherscan, the hacker has so far moved Brett (Brett), Andy (Andy), Dork Lord (Dork), Ethervista (Vista) and Gondola (Gondola).

Hacker's malware attacked packages such as Chalk, Strip-Ansi, and Color-Convert-small utilities deeply present in dependencies that have been downloaded more than 2 billion times. Indeed, the security firm noted that even the creators who had never installed the program directly could be at risk.

Crypto platforms call for caution

Ledger's technical director Charles Guillemet called for caution among market participants when confirming on-chain transactions. The Crypto Ledger and Metamask wallet suppliers have maintained that their platforms remain safe against the fault, noting that their wallets are protected by “several defense layers” to protect themselves against such attacks.

Other Crypto platforms, such as Phantom, Uniswap, Aerodrome and Blast, have indicated that they were not affected by the hacking of the supply chain. However, the founder of the crypto Defillama analysis platform, under the pseudonym 0xngmi, detailed that the projects that have been updated after the publication of the NPM package compromised by the malicious code could be exposed to a significant risk.

However, he said that users must approve the malicious transaction before it can be carried out. However, Defillama advised users to avoid using Crypto sites until the malware is completely eliminated.

With the increased growth in digital assets, crypto hacks have become common in recent years. The Crypto Swissborg platform recently suffered a massive flaw, hackers having moved around 193,000 soil, worth $ 41 million.