Security Alert: Another well-known developer's NPM account has been compromised and injected with wallet-stealing malware
BlockBeats News, on September 9, according to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another high-profile maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used during the Qix account breach, strongly indicating that both incidents are part of the same attack operation.
As previously reported, the Ledger CTO stated that a large-scale supply chain attack has occurred, and the entire JavaScript ecosystem could be at risk. However, the NPM attackers did not succeed, and there were almost no victims.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
An AAVE whale has bought over 40,000 AAVE on dips again in the past 5 days
Chainlink Reserve adds 89,079 LINK tokens, bringing total holdings to 973,752 LINK
A certain whale has bought another $7.1 million worth of AAVE in the past 5 days
Trending news
MoreCrypto prices
More
