Security Alert: Another well-known developer's NPM account has been compromised and injected with wallet-stealing malware
BlockBeats News, on September 9, according to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another high-profile maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used during the Qix account breach, strongly indicating that both incidents are part of the same attack operation.
As previously reported, the Ledger CTO stated that a large-scale supply chain attack has occurred, and the entire JavaScript ecosystem could be at risk. However, the NPM attackers did not succeed, and there were almost no victims.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Next Week's Macro Outlook: Fed Rate Cut Cycle Set to Restart, Dot Plot Becomes New Market Focus
This week, the cumulative net inflow of US Ethereum spot ETFs reached $637.6 million.
Tether CEO: USAT, a US-regulated stablecoin, is planned to launch by the end of the year
