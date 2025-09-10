SEAL revealed the largest NPM-based supply chain attack in crypto history.

Despite its scale, the attack resulted in only around $50 in stolen funds.

In a surprise revelation about Cryptocurrency, SEAL has revealed what they call the “largest NPM supply chain attack in crypto history” – an event that resulted in financial loss of $50. This highlights both potency and specialities in the modern cyber threats. SEAL discloses that hackers broke into the Node Package Manager (NPM) on Tuesday. These hacks happened to the account of a notable software developer and then added malware to well-known JavaScript libraries, targeting crypto wallets.

A Wider Warning for Cryptocurrency

According to the SEAL’s detailed report that was released on Tuesday, a hacker successfully infiltrated the Node Package Manager (NPM) system. This happened with an attack on cryptocurrency-related open-source libraries. The attacker gave out information on dozens of seemingly legitimate packages. These were downloaded many times by developers across multiple projects.

These packages had many code designed to siphon off important wallet information and private keys from affected accounts. SEAL’s investigation indicated that the attack spanned across three months. These hackers silently exploited developers who, without knowledge, integrated the poisoned packages into their projects.

“We’re calling this the largest NPM-based supply chain attack in cryptocurrency because of its technical complexity and potential blast radius, not the dollar amount stolen,” – the SEAL co-founder Linh Dao stated. “It’s a wake-up call. The attacker’s intent was clearly more about testing vectors and infrastructure than profit.”

The Amount May Be Laughable, but the Stakes are High!

While the attack itself is laughably small in financial and cryptocurrency terms, the stakes are anything but. This incident definitely shows how weak the open-source foundation of the cryptocurrency ecosystem is. Just one malicious package, buried among many others, can silently steal or threaten the wallet keys and accounts, authentication tokens, or even access to the whole protocols.

The attacker might be testing the waters with an attempt at just this $50. Experts suggest monitoring closely for any other such tries.

