NPM Attack Inject Crypto Clipper, Steal Under $50

Published: 2025-09-09 04:37:50 |

Security Alliance (SEAL) don show one serious NPM attack wey gree make one developer npm account spoil and inject crypto-clipper malware inside popular JavaScript packages dem like chalk, strip-ansi and color-convert. The npm attack change Ethereum (ETH) and Solana (SOL) wallet addresses to send money go one bad guy address (0xFc4a48). Even though the infected npm packages dey download over one billion times every week, the total theft still under $50, including 0.05 ETH plus small memecoin dem (BRETT, ANDY, DORK, VISTA, GONDOLA). Researchers dey warn say JavaScript ecosystem still get supply chain risk and dem advise developers and traders to check their dependencies well, confirm wallet addresses twice, and avoid bad updates. Ledger talk say e no affect hardware wallets directly but make people cautious when dem dey approve on-chain operations.

Neutral

For short term, di go likely say di NPM attack go affect ETH or SOL prices since di amount wey dem thief no too big. But dis kain incident show say supply chain risks still dey inside di JavaScript ecosystem, wey fit make security lookout strong and fit affect how developers and traders trust long term. Traders suppose remain alert, but market stability no really get yawa because of dis event.