logo

Security Advisory: Another well-known developer's NPM account has been compromised, injecting wallet-stealing malware

By: theblockbeats.news|2025/09/09 16:02:41

BlockBeats News, September 9th. According to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for the DuckDB-related package, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used when Qix's account was compromised, strongly indicating that both are part of the same attack campaign.


Previously reported, Ledger's CTO stated that in the event of a large-scale supply chain attack, the entire JavaScript ecosystem could be at risk. However, the NPM attackers were not successful, and there were almost no victims.

WEEX se dirige a Blockchain Life Dubai 2025
El mayor acuerdo comercial impulsa el aumento de Bitcoin: 5 ideas clave para esta semana en el mundo de las criptomonedas

También te puede interesar

Compartir
copy

Ganadores

Últimas noticias sobre criptomonedas

00:21

The "1011 Insider Whale" has once again deposited 10 million USDC into Hyperliquid and has taken a long position on ETH with 5x leverage.

00:18

MON rose early this morning to touch $0.038 before falling back, and is now trading at $0.0303.

23:59

Fed's Daly: Job Market Could Suddenly Weaken, Supports Rate Cut in December

23:56

The probability of a 25 basis point interest rate cut by the Federal Reserve in December has risen to 82.7%.

23:54

The U.S. third-quarter GDP data will be released on December 23.

Leer más
Comunitario
icon
icon
icon
icon
icon
icon
icon

Atención al cliente@weikecs

Cooperación empresarial@weikecs

Trading cuantitativo y MM[email protected]

Programa VIP[email protected]