NPM Attack Injects Crypto Clipper, Steals Under $50
Security Alliance (SEAL) has disclosed a critical NPM attack that compromised a developer’s npm account and injected crypto-clipper malware into popular JavaScript packages such as chalk, strip-ansi and color-convert. The npm attack modified Ethereum (ETH) and Solana (SOL) wallet addresses to divert funds to a single malicious address (0xFc4a48). Despite over one billion weekly downloads of the infected npm packages, total theft remains under $50, including 0.05 ETH and small memecoin amounts (BRETT, ANDY, DORK, VISTA, GONDOLA). Researchers warn of ongoing supply chain risk in JavaScript ecosystems and urge developers and traders to audit dependencies, double-check wallet addresses, and avoid malicious updates. Ledger confirms no direct impact on hardware wallets but advises caution when approving on-chain operations.
Neutral
Short-term, the NPM attack is unlikely to affect ETH or SOL prices given the negligible amount stolen. However, this incident underscores persistent supply chain risks in the JavaScript ecosystem, which may heighten security scrutiny and influence developer and trader trust over the long term. Traders should remain vigilant, but market stability is largely unaffected by this event.