JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt
The post JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt appeared on BitcoinEthereumNews.com. TLDR 18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing wallet addresses during transactions Despite the massive scale, only about $497 was stolen thanks to quick detection Hardware wallet users remained safe if they verified transaction details on their devices Major protocols like Uniswap, Jupiter, and MetaMask have assured users their funds are safe The cryptocurrency ecosystem faced a major security threat this week when 18 popular NPM JavaScript packages were compromised in a large-scale supply chain attack. The incident, which began on September 8, 2025, potentially put billions of dollars at risk but was quickly detected, limiting the damage. The attack started with a phishing email impersonating official NPM support. The target was a respected developer known as “Qix-,” whose NPM account was hijacked. This gave attackers access to publish malicious updates to widely-used JavaScript libraries. Charles Guillemet, Chief Technology Officer at Ledger, was among the first to raise the alarm. “The NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times,” he warned on social media. There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 The compromised packages included essential JavaScript libraries such as ‘chalk’, ‘debug’, ‘ansi-styles’, and ‘strip-ansi’. These are fundamental building blocks used in countless web applications and development tools. Together, these packages see more than 2 billion weekly downloads. This makes the potential reach of the attack one of the largest in recent history. How the Crypto…
The post JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt appeared on BitcoinEthereumNews.com.
TLDR 18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing wallet addresses during transactions Despite the massive scale, only about $497 was stolen thanks to quick detection Hardware wallet users remained safe if they verified transaction details on their devices Major protocols like Uniswap, Jupiter, and MetaMask have assured users their funds are safe The cryptocurrency ecosystem faced a major security threat this week when 18 popular NPM JavaScript packages were compromised in a large-scale supply chain attack. The incident, which began on September 8, 2025, potentially put billions of dollars at risk but was quickly detected, limiting the damage. The attack started with a phishing email impersonating official NPM support. The target was a respected developer known as “Qix-,” whose NPM account was hijacked. This gave attackers access to publish malicious updates to widely-used JavaScript libraries. Charles Guillemet, Chief Technology Officer at Ledger, was among the first to raise the alarm. “The NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times,” he warned on social media. There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 The compromised packages included essential JavaScript libraries such as ‘chalk’, ‘debug’, ‘ansi-styles’, and ‘strip-ansi’. These are fundamental building blocks used in countless web applications and development tools. Together, these packages see more than 2 billion weekly downloads. This makes the potential reach of the attack one of the largest in recent history. How the Crypto…
What's Your Reaction?
