Watch Out: Virus Detected in Software Downloaded Over 1 Billion Times, Theft Alert for Cryptocurrency Owners
Ledger's CTO, Charles Guillemet, warned of a large-scale cyberattack that could directly impact the cryptocurrency market.
“A respected developer's NPM account was compromised, and packages distributed through that account have been downloaded over 1 billion times. This puts the entire JavaScript ecosystem at risk,” Guillemet said.
According to details of the attack, the malware attempts to steal users' funds by silently changing crypto addresses. This method, known as a “crypto-clipper,” specifically targets software wallet users.
Guillemet argued that hardware wallet users are safe if they carefully check addresses before signing transactions, but software wallet users should avoid on-chain transactions for now. It's also unclear whether attackers are directly stealing seed phrases from software wallets.
Here are some suggestions for developers:
- Fix the error-ex package to version 1.3.2 (using the overrides property in package.json).
- Prefer npm ci command instead of npm install in your build processes.
- Be sure to check the addresses before making any transactions.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
samczsun: The Key to Crypto Protocol Security Lies in Proactive Re-Auditing
Bug bounty programs are passive measures, while security protection requires proactive advancement.

Millennials with the most cryptocurrency holdings are reaching the peak of divorce, but the law is not yet prepared.
The biggest problem faced by most parties is that they have no idea their spouse holds cryptocurrency.

Using "zero fees" as a gimmick, is Lighter's actual cost 5–10 times higher?
What standard accounts receive from Lighter is not free trading, but rather slower transactions. This delay is turned into a source of profit by faster participants.

Prize pool of 60,000 USDT, “TRON ECO Holiday Odyssey” annual ecological exploration event is about to begin
TRON ECO is launching a major ecosystem collaboration event during Christmas and New Year, offering multiple luxurious benefits across the entire ecosystem experience!

