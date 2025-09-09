how crypto’s ‘largest supply chain attack’ stole just $0.05

Par : BitcoinEthereumNews
2025/09/09 22:24
DAR Open Network
D$0.0322-0.89%
Threshold
T$0.01623-0.55%
Moonveil
MORE$0.1002+0.86%
BRC20.COM
COM$0.016409-3.42%
NODE
NODE$0.08211-2.73%

A widespread security supply chain attack led to panic across the crypto community yesterday with users warned to “refrain from making any on-chain transactions.”

Researchers at security firm Aikido raised the alarm after discovering that 18 popular node package manager (npm) packages contained malicious code.

After being notified, the developer who maintains the popular npm packages, alias Qix, confirmed the compromise. He’d been “pwned” via a phishing email which “looked very legitimate.”

Despite the packages being widespread across the crypto industry, the attack led to almost no losses.

Samczsun, the head of Security Alliance, a blockchain security collective, called the result a “generational fumble.”

Read more: ‘Decentralized’ apps suffer after Ledger Connect Kit attack

What is an npm compromise?

While short-lived, the compromise was far reaching, due to the sheer frequency at which packages such as “chalk” and “debug-js” are used.

Analysis of the incident by Security Alliance stated that the compromised packages total “over 2 billion downloads per week.” It called the incident “likely the largest supply chain attack in history.”

In theory, the compromised packages could be used to modify transaction data for crypto users.

The Aikido report explains how the code “intercepts crypto and web3 activity in the browser” before it “rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user.”

In an effort to camouflage the substituted addresses, the code uses the Levenshtein distance algorithm. This identifies visually similar attacker-controlled addresses to be injected in each attack.

The technique is similar to the often costly address poisoning attacks which plague the industry.

So, was the panic justified?

Warnings came in many forms. Some opted for measured recommendations to avoid signing transactions. Others made tongue in cheek claims that “THE BLOCKCHAIN IS COMPROMISED.”

Read more: Starknet stutters, turns off and on again twice in one day

MetaMask, crypto’s most popular browser wallet, took to X to reassure users not to be “scared” of the attack. They detailed three “layers of defense” in place “to protect our products and users.”

0xngmi, the pseudonymous developer of decentralized finance dashboard DeFiLlama, explained that malicious packages would “only impact websites that pushed an update since the hacked npm package was published,” adding “most projects pin their dependencies, so even if they push an update they’ll keep using the old safe code.”

In all, the compromised packages were up for around two and a half hours. While the issue is marked as resolved on GitHub, Qix warns “other maintainers have been affected. Stay vigilant.”

The ‘dust’ settles

Once it became clear that the danger was limited, the community turned its focus to the attacker’s addresses.

Security Alliance identified a grand total of “around five cents of ETH” directly stolen during the attack.

Etherscan data show that the main address’ holdings are worth just over $900. However, around half that is 0.1 ETH, sent this morning, and various memecoins transferred for visibility.

Ridicule even came on-chain with one transaction input data message calling the attacker a “bloody fool.” The user made fun of the hacker who “hacked a massive npm developer account and still [couldn’t] steal [a] single penny. You are such a looser [sic].”

Security researchers took a moment to reflect, worrying that the bungled attempt may have “shown the way” for copycats.

Read more: The solution to crypto’s Lazarus problem could be simpler than expected

The Security Alliance X account says the industry “got lucky.” A “stealthily deployed backdoor” targeting developers could have persisted for long enough to be integrated into crypto apps.

Its incident report points to the true cost as the wasted “hours spent by engineering and security teams” and the “sales contracts that will inevitably be signed as a result of this new case study.”

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

Source: https://protos.com/explained-how-cryptos-largest-supply-chain-hack-stole-just-0-05/

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

World App’s parent company acquires Dawn Wallet, warns of an app ‘wind down’

World App’s parent company acquires Dawn Wallet, warns of an app ‘wind down’

World App’s parent company, Tools for Humanity, announced the acquisition of the iOS-native ETH wallet Dawn Wallet. The app will be ‘winding down’ in the coming weeks following the transition. According to an official statement on the World Chain site,…
Ethereum
ETH$4,290.31-1.61%
RWAX
APP$0.002552+2.20%
Ambire Wallet
WALLET$0.026-1.70%
Partager
Crypto.news2025/06/20 18:29
Partager
Robinhood May Hit $160 On 100% Revenue Growth By 2026: Bernstein

Robinhood May Hit $160 On 100% Revenue Growth By 2026: Bernstein

Bernstein analysts raise Robinhood's price target to $160, foreseeing a 51.7% CAGR and 36% upside. Rapid market share expansion and wealth management potential drive growth.read more
Moonveil
MORE$0.10014+0.97%
MAY
MAY$0.04261+2.84%
Partager
Coinstats2025/09/09 21:27
Partager
CryptoQuant Analisti Açıkladı! “Bitcoin’de Boğa Devam Ediyor, Zirve Bu Ayda Görülecek!”

CryptoQuant Analisti Açıkladı! “Bitcoin’de Boğa Devam Ediyor, Zirve Bu Ayda Görülecek!”

Ağustos ayının ortalarında 124 bin doları aşarak yeni bir zirveye ulaşan Bitcoin, o zamandan bu yana bir düşüş eğiliminde bulunuyor. Bazı analistler bunun bir ayı piyasasının başlangıcına işaret edebileceğini belirtirken, bazıları ise boğa aşamasında yaşanan sağlıklı bir düzeltme olduğunu savunuyor. Bu konuda son güncel analiz CryptoQuant analisti Axel Adler’den geldi. Buna göre analist, ayı piyasasının […] Kaynak: Bitcoinsistemi.com
BRC20.COM
COM$0.016433-3.27%
Partager
Coinstats2025/09/09 21:19
Partager

Actualités tendance

Plus

World App’s parent company acquires Dawn Wallet, warns of an app ‘wind down’

Robinhood May Hit $160 On 100% Revenue Growth By 2026: Bernstein

CryptoQuant Analisti Açıkladı! “Bitcoin’de Boğa Devam Ediyor, Zirve Bu Ayda Görülecek!”

a16z: The official X account was briefly hacked this morning and released false token information

Pump.fun’s dominance is challenged by new platforms, the traffic war of MEME coin Glonk begins, and the founder comes out to help