Particle.news
Download on the App Store
18 ARTICLES
·
4w ago

Phished NPM Maintainer’s 18 Packages Seed Browser ‘Crypto-Clipper’ in Wide Supply-Chain Breach

Experts urge hardware verification of crypto transactions during active remediation.

Ledger cto warns of npm supply chain attack hitting 1b+ downloads
Image
Image
Image

Overview

  • Developer Josh Junon (qix) confirmed his NPM account was hijacked via a phishing email from the spoofed domain npmjs.help, which funneled credentials to an attacker-controlled URL.
  • The injected payload operates as a browser interceptor that hooks wallet APIs and network calls to rewrite destination addresses across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash before users sign.
  • Compromised libraries include foundational packages such as chalk, debug, and ansi-styles, part of 18 affected projects that collectively see more than 2.6 billion downloads per week.
  • Aikido Security says it detected the intrusion within five minutes and disclosed it within an hour, with NPM and maintainers removing many malicious versions, though [email protected] remained available during reporting.
  • Ledger’s CTO advised users to verify transactions on hardware wallets and for software-wallet users to pause on-chain activity, while researchers noted no public evidence of stolen funds so far.