Express

Security Alert: Another Prominent NPM Account Compromised, Injected with Wallet-Stealing Malware

Summary: According to Socket monitoring, the ongoing NPM supply chain attack has spread from well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, was compromised, and multiple malicious versions were released. The injected code is the same wallet-stealing malware used when Qix's account was compromised, indicating they are part ...

According to Socket monitoring, the ongoing NPM supply chain attack has spread from well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, was compromised, and multiple malicious versions were released. The injected code is the same wallet-stealing malware used when Qix's account was compromised, indicating they are part of the same attack operation.

Ledger CTO stated that a large-scale supply chain attack could pose risks to the entire JavaScript ecosystem. However, the NPM attackers were unsuccessful, with almost no victims.

Last Update:

Tags:
Link: Security Alert: Another Prominent NPM Account Compromised, Injected with Wallet-Stealing Malware   [Copy]
Next:

Related Articles

  • Global Financial Giants Enter Stablecoin Arena in Pivotal Shift 13 days ago
  • CRYPTO'S NEW PLAY: 24/7 STOCK TRADING 14 days ago
  • Gold’s $2.1 Trillion Plunge: Where Is The Smart Money Flowing Next? 21 days ago
  • GAEA Chat Singapore Concludes Successfully - A Recap of the Industry Thought Feast Duri... October 5, 2025
  • U.S. SEC Clears Path for Institutional Crypto Custody, Recognizing State Trust Companie... October 1, 2025

    • You need to login to comment.