A major supply-chain attack targeted the npm ecosystem by hijacking popular JavaScript packages used worldwide. The malicious code was designed to steal cryptocurrency by intercepting transactions involving Bitcoin, Ethereum, and Solana. #NpmAttack #CryptocurrencyTheft
Keypoints
- An attack compromised at least 20 npm packages with over two billion weekly downloads.
- The malicious code aimed to steal cryptocurrencies by intercepting transactions.
- Hackers hijacked network traffic and APIs to redirect cryptocurrency transactions.
- The affected packages are widely used for styling, debugging, and core web development functions.
- This incident underscores the risks inherent in modern software dependency chains.