Express

Security Alert: Another Prominent NPM Account Compromised, Injected with Wallet-Stealing Malware

Summary: According to Socket monitoring, the ongoing NPM supply chain attack has spread from well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, was compromised, and multiple malicious versions were released. The injected code is the same wallet-stealing malware used when Qix's account was compromised, indicating they are part ...

According to Socket monitoring, the ongoing NPM supply chain attack has spread from well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, was compromised, and multiple malicious versions were released. The injected code is the same wallet-stealing malware used when Qix's account was compromised, indicating they are part of the same attack operation.

Ledger CTO stated that a large-scale supply chain attack could pose risks to the entire JavaScript ecosystem. However, the NPM attackers were unsuccessful, with almost no victims.

Last Update:

Tags:
Link: Security Alert: Another Prominent NPM Account Compromised, Injected with Wallet-Stealing Malware [Copy]

Last: Bubblemaps: Suspected Single Entity Receives $170 Million Worth of Tokens from MYX Airdrop

Next: SlowMist CISO: DuckDB NPM Account Hacked, Caution Against Risks

Vishwa Advances Agentic Infrastructure Research Through Contribution to Emerging Framew... 11 days ago

BitMart US Launches Operations with 49-State Licensing and Zero-Fee Program 15 days ago

Global Financial Giants Enter Stablecoin Arena in Pivotal Shift October 30, 2025

CRYPTO'S NEW PLAY: 24/7 STOCK TRADING October 29, 2025

Gold’s $2.1 Trillion Plunge: Where Is The Smart Money Flowing Next? October 22, 2025