Hackers Exploit JavaScript Accounts in Attack Reportedly Affecting 1Billion + Downloads
A major supply-chain attack has infiltrated widely
used JavaScript packages, potentially putting billions of dollars in crypto at
risk. Charles Guillemet, chief technology officer at hardware wallet maker
Ledger, warned that hackers have compromised a reputable developer’s Node
Package Manager (NPM) account to push malicious code into packages downloaded
more than a billion times.
The injected malware is designed to quietly swap
cryptocurrency wallet addresses in transactions, meaning users could
unknowingly send funds directly to attackers.
“There’s a large-scale supply chain attack in progress: the
NPM account of a reputable developer has been compromised,” Guillemet explained. “The affected
packages have already been downloaded…
