NPM Supply Chain Attack Warning: Cryptocurrency Users Face Large-Scale Address Manipulation Risks

Analyzing supply chain attacks targeting the JavaScript ecosystem and their security implications for cryptocurrency users, providing practical protection advice.

The NPM account of well-known developer qix was phished, leading to the injection of malicious code into multiple popular packages, affecting packages with over 1 billion downloads (including chalk, strip-ansi, etc.). The attack method manipulates the ETH/SOL transaction receipt address through wallet hooking and replaces the address in the network response, causing users to transfer funds to the attacker unknowingly.

The Chief Technology Officer of Ledger confirmed that this attack targets the entire JavaScript ecosystem, with the malicious code specifically designed to silently replace cryptocurrency addresses. Hardware wallet users can verify transaction details on their device screen to avoid risks, but software wallet users are advised to suspend on-chain transactions until the threat is resolved.

Protection Advice:

1. Force verification of the receipt address before transactions (verify again after pasting)

2. Prioritize using hardware wallets that support clear signatures for high-value operations

3. Check recent transaction records and authorization status

4. Avoid updating or installing packages from unknown sources

Action Insight: Supply chain attacks highlight the potential risks of relying on open-source infrastructure, making it equally important to maintain software dependency hygiene and transaction verification habits.

#供应链安全 #加密货币安全 #NPM #硬件钱包 #Write2Earn

Disclaimer: This content is for reference only and does not constitute financial or security advice. Users should conduct their own research and take appropriate measures to protect their assets.