Crypto users urged to take extreme care as NPM attack injects malware into core JavaScript libraries

The breach hit core JavaScript libraries like chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software.

Hackers have compromised widely used JavaScript software libraries in what’s being called the largest supply chain attack in history. The injected malware is reportedly designed to steal crypto by swapping wallet addresses and intercepting transactions.

According to several reports on Monday, hackers broke into the node package manager (NPM) account of a well-known developer and secretly added malware to popular JavaScript libraries used by millions of apps.

The malicious code swaps or hijacks crypto wallet addresses, putting billions of downloads’ worth of projects at risk.

Read more