Close Menu
  • Latest News
    • Bitcoin
    • Ethereum
    • Altcoins
    • Meme Coins
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Gaming
  • Legal
    • Legal and Regulatory
    • Adoption
  • Analysis
  • Learn
    • Education
    • Wallets and Exchanges
  • Tools
    • Market Overview
    • Exchange Tool
What's Hot

Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

July 14, 2026

VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

July 14, 2026

Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

July 14, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
Facebook X (Twitter) Instagram
Free.cc (Free Cryptocurrency)Free.cc (Free Cryptocurrency)
  • Latest News
    1. Bitcoin
    2. Ethereum
    3. Altcoins
    4. Meme Coins
    5. View All

    Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

    July 14, 2026

    Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

    July 14, 2026

    Bitwise Sees A Bottom In Bitcoin’s Worst Vibes Yet: ‘Darkest Before The Dawn’

    July 14, 2026

    Bitcoin OG whale awakens after 7 years, moves $188M BTC: Is a sell-off coming?

    July 14, 2026

    Ethereum Bullish Signals Strengthen as Whale Accumulation, Lean Ethereum Roadmap Fuel Optimism

    July 13, 2026

    Which way is Ethereum headed? What to expect as bulls and bears fight for ETH

    July 13, 2026

    Ethereum Foundation Deploys AI Agents to Hunt Bugs in Protocol Code

    July 13, 2026

    Is Ethereum Price Entering an Accumulation Phase? Key Technical Signals to Watch

    July 13, 2026

    VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

    July 14, 2026

    Circle Secures OCC Approval for National Trust Bank to Custody USDC and Digital Assets

    July 14, 2026

    Here’s why Zcash’s Orchard flaw puts pre-disclosure trading under the spotlight

    July 13, 2026

    Aave V3 On zkSync Era Gives DeFi Lending Another Push Into ZK Rollups

    July 13, 2026

    CASHCAT Soars 1,600% Amid Robinhood Memecoin Frenzy

    July 8, 2026

    Crypto Market Sectors Retreat as Meme Tokens Lead Daily Declines

    July 7, 2026

    Why Memecoins May Never Return to Their All-Time Highs

    July 4, 2026

    How Solana Meme Coin ANSEM Exploded 600x in One Day

    June 29, 2026

    Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

    July 14, 2026

    VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

    July 14, 2026
  • Tech
    1. Blockchain
    2. Security and Privacy
    3. View All

    Merck and Hashgraph Group launch Hedera-based product passport for EU compliance

    June 12, 2026

    COTI and Midnight Foundation Partner to Advance the Global Privacy Ecosystem

    June 11, 2026

    Cardano Gets Exposure From Olympics Committee

    June 11, 2026

    How Privacy and Composability Trade-Offs Differ

    June 11, 2026

    Robinhood Chain tokens are reportedly vanishing from wallets causing buyers to lose funds

    July 14, 2026

    One crypto wallet tied to a 20-year-old fraudster processed over $122M before Interpol closed in

    July 13, 2026

    Convicted scammer’s “seized” crypto moves to unknown wallets while in prison as DOJ failed to secure funds

    July 13, 2026

    Relay Protocol Warns of Robinhood Chain Honeypot Coins

    July 10, 2026

    Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

    July 14, 2026

    VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

    July 14, 2026
  • Web 3
    1. Gaming
    2. View All

    Yield Guild Games Sunsets YGG Play Publishing Unit, Cuts 35 Jobs

    July 7, 2026

    GO1 and Xiaohai Set up Potential Rematch at EWC 2026 Fatal Fury Bracket in Paris

    July 6, 2026

    CoinIQ Crypto Analysis: The Anti-FOMO Crypto App That Grades Coins Before You Buy

    July 3, 2026

    Hur Blockchain och NFT-teknologi Förändrar Kasinobranschen för Alltid

    June 29, 2026

    Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

    July 14, 2026

    VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

    July 14, 2026
  • Legal
    1. Legal and Regulatory
    2. Adoption
    3. View All

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    After MiCA deadline, majority of Binance users sent funds to self-custody not other compliant exchanges

    July 13, 2026

    Ripple CEO says SEC suit nearly pushed company to shut down

    July 13, 2026

    Crypto won the ETF fight but now the SEC is questioning if things have gone too far

    July 12, 2026

    Crypto exchanges are becoming the new distribution channel for Wall Street assets

    July 14, 2026

    Tether’s $20 billion mountain of gold – equal to a national reserve

    July 13, 2026

    A $407 million Treasury fund reveals how Wall Street is building crypto’s missing collateral layer

    July 12, 2026

    Trump’s crypto disclosure exposes an institutional problem that markets price in real time

    July 12, 2026

    Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

    July 14, 2026

    VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

    July 14, 2026
  • Analysis

    Internet Computer (ICP) and Chainlink (LINK) Top AI Development Rankings—Could They Lead the Next Crypto Rally?

    July 14, 2026

    ALLO Price Jumps 40% While BILL Surges 45% as AI Crypto Narrative Accelerates

    July 14, 2026

    Decred Price Eyes $23 as Growing On-Chain Activity Meets Key Technical Barrier

    July 13, 2026

    CRCL Stock Could Revisit Its 52-Week Low: Here’s Why

    July 13, 2026

    Bitcoin falls below $63,000 as markets give Hormuz traffic just 3% chance to normalize by August

    July 13, 2026
  • Learn
    1. Education
    2. Wallets and Exchanges
    3. View All

    What Is Robinhood Chain? The Ethereum Layer-2 Network for Tokenized Stocks

    July 12, 2026

    What Is BChat? The Decentralized Messaging App Built for Privacy

    June 2, 2026

    What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

    May 31, 2026

    What Is AI Jailbreaking? A Beginner’s Guide to the Cat-and-Mouse Game Behind Every Chatbot

    May 17, 2026

    Hong Kong gives crypto platforms one year to ditch one-time passwords or cover user losses

    July 11, 2026

    Coinbase World Cup error shows prediction markets still have a proof problem

    July 7, 2026

    Coinbase helped build USDC – Why is it now backing the stablecoin trying to replace it, Open USD?

    July 3, 2026

    Robinhood’s expanding crypto bet meets a faster-moving prediction market boom

    July 2, 2026

    Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

    July 14, 2026

    VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

    July 14, 2026

    Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

    July 14, 2026

    Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

    July 14, 2026
  • Tools
    • Market Overview
    • Exchange Tool
Free.cc (Free Cryptocurrency)Free.cc (Free Cryptocurrency)
Home»Security and Privacy»Open Source Community Thwarts Massive npm Supply Chain Attack
Open Source Community Thwarts Massive npm Supply Chain Attack
Security and Privacy

Open Source Community Thwarts Massive npm Supply Chain Attack

September 9, 2025No Comments5 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials.

On September 8, Josh Junon, a developer with over 1800 GitHub contributions in the last year, confirmed on Bluesky his npm account was compromised. Junon had been alerted by other users that his account had started posting packages with backdoors to all popular packages the developer was involved in.

The developer, commonly known as ‘qix,’ said he received an email to reset his two-factor authentication (2FA) that looked “very legitimate,” but that was malicious.

He added that it only involved his npm account and that he was in contact with NPM to resolve the issue.

Compromised npm Packages

The compromised ‘qix’ npm account published malicious versions for dozens of packages Junon was involved in.

These included some npm packages for high-volume JavaScript projects:

  • chalk (approximately 300 million weekly downloads)
  • strip-ansi (approximately 261 million weekly downloads)
  • color-convert (approximately 193 million weekly downloads)
  • color-name (approximately 191 million weekly downloads)
  • error-ex (approximately 47 million weekly downloads)
  • simple-swizzle approximately 26 million weekly downloads)
  • has-ansi (approximately 12 million weekly downloads)

The payload implanted in the malicious packages is a crypto-clipper that steals funds by swapping wallet addresses in network requests and directly hijacking crypto transactions.

Crypto-Stealer Attack Chain Explained

This sophisticated malware targets cryptocurrency users through two main attack vectors.

First, it checks if a wallet extension (like MetaMask) is present. If not, it launches a passive address-swapping attack, intercepting all web traffic by hijacking the browser’s fetch and XMLHttpRequest functions. The malware then replaces legitimate crypto addresses with attacker-controlled ones, using the Levenshtein distance algorithm to pick the most visually similar address, making the swap nearly undetectable to the naked eye.

See also  OKX is building a social network directly into its trading app after a massive $25 billion valuation

If a wallet is detected, the malware escalates to active transaction hijacking. It intercepts outgoing transactions (e.g., eth_sendTransaction) and modifies the recipient address in memory before the user signs it. The victim sees a legitimate-looking confirmation screen, but if they don’t verify the address carefully their funds are sent straight to the attacker.

The attack chain is stealthy and automated, exploiting both human perception (via address spoofing) and technical vulnerabilities (via wallet API manipulation). By compromising a trusted npm package, the malware spreads silently, infecting websites and stealing funds without raising immediate suspicion.

One of the primary Ethereum addresses used in the attack is 0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976. People can see its activity live on Ethereum-scanning website Etherscan to traxksome of the stolen funds

A GitHub Gist listing all affected wallets has also been created.

An Averted Crisis that Should Be “Celebrated”

Four hours after Junon confirmed the compromise, he shared a message from NPM saying that all impacted package versions had been taken down.

While many people started calling this hack the “biggest supply chain attack in history” on social media, many voices have challenged this narrative.

Josh Bressers, VP of security at Anchore, said on LinkedIn: “Here’s the thing nobody seems to be talking about. This all lasted for only a few hours. It’s amazing how fast open source can respond to things like this. Everyone works together. Information can be shared. The number of people now working on this isn’t just larger than your security team, it’s larger than your company.”

Katie Paxton-Fear, an ethical hacker who recently started working as a staff security advocate at Semgrep, published a video on LinkedIn emphasizing that a major crisis has been averted.

See also  Effectively Managing Mistrust for Optimal Cybersecurity

“Obviously, any security breach is bad, but this is not the major security breach that people are making it out to be,” she said.

She highlighted that the estimated total loss only amounted to $20, thanks primarily to the rapid response of the open source community.

“The malware was noticed and people started talking about it on GitHub within only 15 minutes of the malicious packages going live. Some of the packages were taken down by maintainers just one hour after the compromise happened, and the rest of them by NPM within two hours,” she explained.

According to Arda Büyükkaya, a senior cyber threat intelligence analyst at EclecticIQ, the attacker’s crypto address shows $66.52.

Nevertheless, Paxton-Fear argued that this incident is “a win that shows that the open source model works and that should be celebrated.”

In another LinkedIn post, Melissa Bischoping, the director for endpoint security research at Tanium, went further: “If you’re panicking about that NPM thing, please don’t. There’s a virtually 0 chance you’re impacted by this, and you should not burn your teams by having them pick apart every corner of your infrastructure for evidence of these compromised packages.”

She continued: “These were up for a couple of hours on a Monday morning (US time) The chances of them being downloaded and shipped into your software in that window of time are very, very small – nearly 0. Of all of the things I think you should have your team pull late nights for, this isn’t one of them.”

How to Mitigate This Threat

However, those who still think they may be affected can take immediate action to block vulnerable dependencies.

See also  Thieves Steal $9m from Crypto Liquidity Pool

According to Jan-David Stärk, a team lead and software engineer at Hansalog, to force-safe versions across an entire project, developers can use overrides in their package.json, by adding the following to pin trusted versions of the compromised packages:

{

  “name”: “your-project”,

  “version”: “1.0.0”,

  “overrides”: {

    “chalk”: “5.3.0”,

    “strip-ansi”: “7.1.0”,

    “color-convert”: “2.0.1”,

    “color-name”: “1.1.4”,

    “is-core-module”: “2.13.1”,

    “error-ex”: “1.3.2”,

    “has-ansi”: “5.0.1”

  }

}

Then, developers should clean their project by deleting node_modules and package-lock.json, then run npm install to generate a fresh, secure lockfile.

This will ensure that no malicious versions remain in their dependency tree.

Attack Chain community Massive npm open source Supply Thwarts
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Robinhood Chain tokens are reportedly vanishing from wallets causing buyers to lose funds

July 14, 2026

One crypto wallet tied to a 20-year-old fraudster processed over $122M before Interpol closed in

July 13, 2026

Convicted scammer’s “seized” crypto moves to unknown wallets while in prison as DOJ failed to secure funds

July 13, 2026

What Is Robinhood Chain? The Ethereum Layer-2 Network for Tokenized Stocks

July 12, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Hong Kong hasn’t issued a single HKD stablecoin license after March target

April 3, 2026

Bitcoin May Already Be Entering Crypto Winter, Researchers Warn

February 12, 2026

Stay ahead with the latest crypto news, market updates, blockchain insights, and trends. Your trusted source for everything happening in the digital asset world.


We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Michael Saylor’s Strategy Increases Cash Reserve by $450,000,000, Goes Third Consecutive Week Without Buying Any Bitcoin

July 14, 2026

VELVET crypto rallies 29% – Can 2,500 new holders sustain the rally?

July 14, 2026

Trump Pushes Senators To Pass Clarity Act in Wake of Lindsey Graham’s Death As Crypto Bill’s Polymarket Odds Dwindle

July 14, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Free.cc directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Disclosure
© 2026 free.cc - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.