NPM Supply Chain Attack Forces Halt to Crypto Transactions

The NPM supply chain attack compromised 18 popular JavaScript packages, including chalk, debug and strip-ansi. Hackers hijacked a developer’s NPM account via phishing and injected crypto clipper malware that monkey-patches fetch and XMLHttpRequest. In real time, it swaps copied Web3 wallet addresses for attacker-controlled ones, making fraudulent transactions nearly undetectable. The affected packages see over two billion weekly downloads. The malware intercepts MetaMask and other software wallets. Software wallet users face high risk; only hardware wallets with transparent signing can verify addresses safely. To date, less than $500 has been stolen, and key protocols such as Uniswap (UNI), SUI, Jupiter (JUP) and wallets including MetaMask and Ledger report no direct losses from this NPM supply chain attack. Developers are urged to audit dependencies, lock package versions, and update lockfiles to prevent further compromise. Most infected packages have been cleaned, but researchers continue to monitor threats. Traders should pause on-chain transactions, verify every address before signing, and switch to hardware wallets until a full package audit is complete.