App Store
Profile
Security
Sign Out
Feeds
ArticlesMassive Supply Chain Attack Hits Crypto Ecosystem via NPM
StarPlatinum
A massive supply chain attack just hit the JavaScript ecosystem.
18 core NPM packages were hacked, including chalk, strip ansi and debug.
These libraries have over 2 billion weekly downloads.
Here’s what happened, how it affects crypto and how to stay safe 🧵
On September 8th, the NPM account of developer Qix- was hacked through a phishing email:
support@npmjshelp
Attackers pushed malicious updates to 18 widely used packages, including:
chalk
strip-ansi
color-convert
debug
error-ex
ansi-styles
The phishing domain was registered just three days before the attack.
Once they got access, they moved fast, malicious versions were live within hours.
These libraries are foundational.
They sit deep inside most web apps, which is why the impact is so dangerous.
The malware is a crypto clipper built to steal funds.
It works in two ways:
• Passive address swap: silently replaces wallet addresses inside dApps.
• Active hijack: intercepts live transactions before signing and swaps the destination address.
This makes it almost invisible.
The malware uses the Levenshtein algorithm to replace your wallet address with one that looks visually similar.
You think you are sending to your own wallet.
But you’re sending to theirs.
The attacker’s main Ethereum wallet:
0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976
Backup wallets found:
0xa29eEfB3f21Dc8FA8bce065Db4f4354AA683c024
0x40C351B989113646bc4e9Dfe66AE66D24fE6Da7B
0x30F895a2C66030795131FB66CBaD6a1f91461731
So far, no funds have been moved
How this started:
Developers first noticed strange build errors like fetch is not defined.
When they inspected the code, they found heavy obfuscation hiding functions like checkethereumw
A clear sign this was targeting crypto.
If you build or use apps connected to crypto:
• Use a hardware wallet and carefully check addresses before signing
• Pin exact package versions in package.json
• Run npm ci instead of npm install
• Rotate your GitHub and NPM keys now
This time, the community caught it fast.
But the fact that 2 billion weekly downloads were compromised shows how fragile our systems are.
For more information please check this post:
https://x.com/P3b7_/status/1965094840959410230
Source
Add to Favorites
Download image
Share x
Copy linkArthur Hayes is best known as the former CEO of BitMex. However, he is also an influential and provocative essayist and crypto commentator who was convicted, then pardoned, for violating the Bank Secrecy Act
Arkham/1 days ago
The author predicts that a new altseason is starting as money rotates into Ethereum and large-cap altcoins. To prepare, the author shares a personal portfolio of top picks across the DeFi, AI, and memecoin narratives, including $PEPE, $SOL, and $ENA. The strategy is to position now before the rally, with a plan to scale out of positions at new all-time highs.
Mister Crypto/2 days ago
This article argues that a recessionary crash is inevitable, based on the historic inversion and normalization of the yield curve. Despite a longer-than-usual delay, the author maintains a firm bearish outlook and predicts Bitcoin will drop to the $90K–$94K range. The author outlines a clear plan to sell spot holdings and take short positions in anticipation of this coming move.
Doctor Profit/3 days ago
The article argues that upcoming Federal Reserve rate cuts will inject trillions in liquidity, triggering a new macro cycle for crypto. This shift in capital from traditional assets to riskier ones is expected to ignite a massive altseason. The author identifies this as the perfect setup and lists several low-cap altcoins with high potential for explosive growth.
Pepesso/5 days ago
A look into the controversial history of crypto influencer Gainzy reveals a pattern of profiting from shilling and insider moves, not trading. The story alleges his involvement in an ICO rug pull and secret token sales as a sponsored streamer. Now on PumpFun, Gainzy is accused of crashing his own memecoin live on stream, with a new wallet profiting from his followers losses.
StarPlatinum/2025.09.05
The article argues that passive, buy-and-hold crypto investing is flawed, as it offers lower returns with far greater risk than the stock market. Instead, it suggests that crypto’s true advantage lies in active trading strategies. A simple long/short strategy, for example, demonstrated vastly superior risk-adjusted returns, proving that to succeed in the volatile crypto market, you must be an active participant, not a passive one.
Pavel | Robuxio/2025.09.03
Hot feeds
A trader profits $448K by monitoring #Binance's new listings!
2024.12.13 17:37:29
A smart #AI coin trader made $17.6M on $GOAT, $ai16z, $Fartcoin,$arc.
2025.01.05 16:05:18
A $PEPE whale that had been dormant for 600 days transferred all 2.1T $PEPE($52M) to a new address.
2024.12.14 10:35:27
A sniper earned 2,277 $ETH ($8.3M) trading $SHIRO within 18 hours!
2024.12.03 23:09:08
Last week, funds have flowed into #Bitcoin, #Ethereum, and #Hyperliquid.
2024.12.16 14:48:36
A whale exchanged WIF and Bonk positions for Fartcoin!
2024.12.25 11:01:14
MoreHot Articles
The 30-Year-Old Entrepreneur Behind Virtual, a Multi-Million Dollar AI Agent Society
2025.01.22
How did I turn $1,000 into $30,000 with smart money?
2024.12.09
10 promising AI Agent cryptos
2024.12.05
10 smart traders specializing in MEMEcoin trading on Solana
2024.12.09
A trader lost $73.9K trading memecoins in just 3 minutes — a lesson for us all!
2024.12.13
What is $SPORE? Let us take you through the on-chain records to show you how it works.
2024.12.25
