A recent Node Package Manager (NPM) attack, which yielded only $50 in stolen crypto, underscores ongoing vulnerabilities faced by software wallets and exchanges. Charles Guillemet, CTO of Ledger, emphasized that the incident serves as a stark reminder of the risks associated with software wallets, stating that users are just one code execution away from losing their funds. The attack was executed via phishing emails that compromised developer accounts, enabling attackers to inject malicious updates into widely-used libraries like chalk and debug. These infected packages acted as crypto clippers, intercepting and altering wallet addresses in transactions across multiple blockchains, including Bitcoin and Ethereum. Anatoly Makosov of The Open Network reported that only specific versions of 18 packages were affected, and recommended developers roll back to safer versions and clear out the malware. Despite the temporary resolution, the lingering threat posed by supply-chain vulnerabilities calls for continued vigilance from developers and users alike.

Source đź”—