Hackers executed the largest supply chain attack by injecting malware into widely used JavaScript software libraries. This attack aims to steal crypto by manipulating wallet addresses and intercepting transactions, putting billions of projects at risk. Developers who never directly installed affected libraries could still be vulnerable due to the widespread downloads.
The breach targeted popular packages like chalk, strip-ansi, and color-convert, buried deep in dependency trees of numerous projects. NPM, a central library for developers to download code packages, was compromised. Attackers planted a crypto-clipper malware to replace wallet addresses during transactions, potentially targeting software wallet users.
Developers using NPM are at risk as popular utilities were affected, with billions of downloads weekly. Security experts warn of vulnerabilities in software wallets and advise confirming each transaction on hardware wallets for protection. It is uncertain if the malware attempts to steal seed phrases directly. Further details on the breach will be provided as they emerge.

Read more at Cointelegraph: NPM Attack Injects Crypto-Stealing Malware Into Core JavaScript Libraries