- Protection Fund
  1,000 BTC Protection Fund to safeguard your assets
- Career
  Join WEEX and build the future
- WXT Zone
  Exclusive fee rates and airdrops
- Announcement Center
  Get the latest updates from WEEX
- Elite Trader
  Share strategies and earn rewards
- Crypto Wiki
  Master trading with easy-to-follow guides
- Affiliate
  Unlock exclusive perks and high commissions
- Crypto News
  Keep up with the latest crypto trends
- Contact Verifier
  Verify the channels you use
- VIP Perks
  Become a WEEX VIP today
- Events Calendar
  Explore WEEX events around the world
Buy Crypto
- header.nav.buy
  header.nav.buy_desc
- P2P Trading
  Buy crypto with 0 fees
Markets
Futures
- USDT-M Futures
  Perpetual futures settled in USDT
- Demo Trading
  USDT-M futures demo
- About Futures
  Trade with confidence
- Leaderboard
  Current & past leaderboards
Spot
Copy Trade
WE-Launch

Scan to download
More options

Security Advisory: Another well-known developer's NPM account has been compromised, injecting wallet-stealing malware

By: theblockbeats.news|2025/09/09 16:02:41

BlockBeats News, September 9th. According to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for the DuckDB-related package, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used when Qix's account was compromised, strongly indicating that both are part of the same attack campaign.

Previously reported, Ledger's CTO stated that in the event of a large-scale supply chain attack, the entire JavaScript ecosystem could be at risk. However, the NPM attackers were not successful, and there were almost no victims.

Analyst: Revisions to Employment Data Further Fuel Speculation of Fed Rate Cut

Frax: USDH Buyback Ratio to Be Determined by the Community, Ecosystem Data to Remain Transparent