A widespread but surprisingly low-impact cyberattack targeting crypto wallets was recently neutralized, according to security researchers. Despite affecting popular JavaScript libraries downloaded over a billion times, hackers were only able to steal less than $50 worth of cryptocurrency.
More On The Attack
The cyberattack, dubbed a “supply chain hack,” originated from a compromise of a well-known software developer’s account on the Node Package Manager (NPM) platform.
NPM is a repository where developers share and download small code packages to build larger projects.
Hackers inserted malware into popular JavaScript libraries like chalk, strip-ansi, and color-convert. These small utilities are often deeply embedded in the code of countless projects, and even developers who never directly downloaded the compromised packages were at risk.
The malware, identified as a crypto-clipper, was designed to automatically replace a user’s wallet address during a transaction to divert funds to the hacker.
Minimal Damage Was Done
Despite the massive potential for a large-scale breach, the hackers were largely unsuccessful.
Security Alliance, a crypto intelligence platform, reported that the total stolen amount was less than $50, with only one malicious Ethereum wallet address identified so far.
The stolen funds included small amounts of Ether and various memecoins.
A security researcher for Security Alliance, who goes by the pseudonym Samczsun, likened the situation to “finding the keycard to Fort Knox and using it as a bookmark.” He noted that the hackers failed to fully capitalize on the widespread access they had.
How To Prevent Yourself From These Attacks?
Major crypto wallet providers like Ledger, MetaMask, Phantom, and Uniswap have all confirmed that their platforms were not affected by this specific attack. However, the incident highlights the risks of supply chain attacks.
Crypto users are always advised to proceed with caution.
The pseudonymous founder of DefiLlama, 0xngmi, pointed out that even if a crypto project was affected, the malware only works if a user approves the malicious transaction.
Nevertheless, as a precaution, it may be safer to temporarily avoid using crypto websites until their developers confirm that they have cleaned up any compromised code.
