F7*=ENL+[^/~.:P[?2VC48Y}6!}
SYSTEM PROCESSING...
F7*=ENL+[^/~.:P[?2VC48Y}6!}
SYSTEM PROCESSING...
Posted: 2025-09-08 17:54:20 UTC
This article contains some claims that remain unverified. While much of the content may be accurate, exercise care when relying on this information.
This article contains some claims that remain unverified. While much of the content may be accurate, exercise care when relying on this information.
Status
Last Updated
2025-09-08 17:54:35 UTC
Verified By
Rollup News
A large-scale supply chain attack is in progress targeting the JavaScript ecosystem through a compromised NPM account. Affected packages have been downloaded over 1 billion times, potentially putting the entire ecosystem at risk. The malicious payload silently swaps crypto addresses to steal funds.
Compromised NPM account of a reputable developer
Over 1 billion downloads of affected packages
Potential risk to the entire JavaScript ecosystem
Silent swapping of crypto addresses to steal funds
Compromised NPM account
Malicious payload swapping crypto addresses
Uncertainty about seed theft from software wallets