NPM Hack Injects Malicious Wallet Address Swaps
A recent NPM hack compromised 18 versions of popular Node packages, including chalk, debug and strip-ansi. Attackers stole developer credentials via a phishing email posing as NPM support. They then published malicious updates that silently replaced copied crypto wallet addresses with hacker-controlled ones. Affected networks include BTC, ETH, SOL, TRX and LTC. Although only about $50 was stolen, Ledger CTO Charles Guillemet warns that such supply chain attacks pose a major crypto security risk. TON CTO Anatoly Makosov urges developers to apply patches, lock dependencies and rebuild apps to remove clipboard hijacks. Traders should use audited or hardware wallets, verify transaction signatures and monitor package integrity to guard against software wallet vulnerabilities.
Neutral
This NPM hack highlights a serious software supply chain attack but resulted in minimal losses and has been swiftly patched. Short-term trading impact is limited as core blockchain protocols remain unaffected. Long-term, the incident underscores the importance of better security practices—such as audited wallets and dependency locking—which could boost overall confidence in crypto infrastructure. Net effect on market price is likely neutral.