NPM Supply Chain Attack Con Force to Stop Crypto Transactions

Di NPM supply chain attack don spoil 18 popular JavaScript packages, including chalk, debug, and strip-ansi. Hackers take over developer’s NPM account through phishing and put crypto clipper malware wey dey monkey-patch fetch and XMLHttpRequest. For real time, e dey swap copied Web3 wallet addresses to ones wey attacker dey control, making fake transactions hard to detect. The packages wey dem affect get over two billion downloads every week. The malware dey intercept MetaMask and other software wallets. Software wallet users dey high risk; only hardware wallets wey get transparent signing fit verify addresses safely. So far, less than $500 don get stolen, and big protocols like Uniswap (UNI), SUI, Jupiter (JUP) and wallets like MetaMask and Ledger no report direct loss from this NPM attack. Developers dem dey encouraged to audit dependencies, lock package versions, and update lockfiles to prevent more compromise. Most infected packages don clean but researchers still dey watch threats. Traders suppose pause on-chain transactions, check every address before signing, and switch to hardware wallets until full package audit don finish.