logo

Security Advisory: Another well-known developer's NPM account has been compromised, injecting wallet-stealing malware

By: theblockbeats.news|2025/09/09 16:02:41

BlockBeats News, September 9th. According to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for the DuckDB-related package, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used when Qix's account was compromised, strongly indicating that both are part of the same attack campaign.


Previously reported, Ledger's CTO stated that in the event of a large-scale supply chain attack, the entire JavaScript ecosystem could be at risk. However, the NPM attackers were not successful, and there were almost no victims.

WEEX se dirige a Blockchain Life Dubai 2025
El mayor acuerdo comercial impulsa el aumento de Bitcoin: 5 ideas clave para esta semana en el mundo de las criptomonedas

También te puede interesar

Compartir
copy

Ganadores

Últimas noticias sobre criptomonedas

01:30

CZ niega el rumor: Jackie Chan interpretará a CZ en netting Documental Biopic <em>Cripto Kingpin</em> is Fake News

01:28

In the past 24 hours, the total net liquidation across all platforms was $368 million, with the primary liquidated positions being short.

01:26

Federal Reserve's Kashkari: While AI Does Have Practical Use Cases, Cryptocurrency Space Does Not

01:23

SlowMist Warning: Some users' Monad airdrop is hijacked to hacker's address

01:21

Multicoin Capital has once again purchased 61,637 AAVE tokens today, worth $10.94 million.

Leer más
Comunitario
icon
icon
icon
icon
icon
icon
icon

Atención al cliente@weikecs

Cooperación empresarial@weikecs

Trading cuantitativo y MM[email protected]

Programa VIP[email protected]