Security Alert: Another well-known developer's NPM account has been compromised and injected with wallet-stealing malware
BlockBeats News, on September 9, according to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another high-profile maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used during the Qix account breach, strongly indicating that both incidents are part of the same attack operation.
As previously reported, the Ledger CTO stated that a large-scale supply chain attack has occurred, and the entire JavaScript ecosystem could be at risk. However, the NPM attackers did not succeed, and there were almost no victims.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Australian regulator relaxes rules for stablecoin intermediaries
JUP stakers will be eligible for the MET token airdrop
Kaisa Capital surges over 210%, plans to launch RWA tokenization business
Trending news
MoreCrypto prices
More
