Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Ethereum, Solana Wallets Targeted in 'Npm' Attack With Billions of Downloads, Just 5 Cents Taken

A phishing email compromised a key maintainer's account, inserting malicious code into 18 npm packages with 2 billion weekly downloads to steal cryptocurrency, though financial impact was minimal.

Summary by Coin Desk
The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, the attacker republished every "qix" package with a crypto-focused payload.

10 Articles

ZDNetZDNet
Reposted by
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news
Center

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

'Stay vigilant.' Other maintainers have been targeted, too.

·United States
Read Full Article
Coin DeskCoin Desk
Center

Ethereum, Solana Wallets Targeted in 'npm' Attack With Billions of Downloads, Just 5 Cents Taken

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, the attacker republished every "qix" package with a crypto-focused payload.

·Manila, Philippines
Read Full Article
eSecurityPlaneteSecurityPlanet

npm Attack Hits 18 Packages With 2B Weekly Downloads

A major supply-chain attack compromised 18 popular npm packages — including chalk, debug, ansi-styles, and supports-color — planting malware that secretly redirects crypto transactions. Aikido researchers noted, “What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users’ apps believe they are signing.” What happened? Beginning Sept. 8, 2025, attackers…

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Popular packages impacted by largest npm supply chain intrusion yet

Malware has been deployed on 18 widely used developer utilities with over 2.6 billion weekly downloads as part of the largest npm supply chain attack so far, SiliconANGLE reports. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra co…

Read Full Article
Finance Magnates | Financial and business newsFinance Magnates | Financial and business news

Phishing, Bugs, and Billions at Stake: Lessons From NPM Crypto Exploit Near-Miss

A failed attack on popular Node Package Manager (NPM) libraries sent shockwaves through the crypto world on Monday. . Hackers targeted major packages to hijack cryptocurrency transactions across mu...

Read Full Article
Linux-MagazinLinux-Magazin

Compromise Numerous Npm Packages

Attackers have inserted malicious code into several popular NPM packages. The most popular packages of the developer are affected with the pseudonym Qix, which has become the victim of a phishing attack. Publik has made the attack the security platform Aikido. Among the about 20 packages are such popular copies as "backslash", "chalk", "debug" and "color-string". Together they reach according to data

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Tuesday, September 9, 2025.
Sources are mostly out of (0)

Similar News Topics

Ethereum icon

Ethereum

News
For You
SearchBlindspotLocal