NPM Developer Account Attacker Currently Suspected to Have Profited Only Around $20

BlockBeats News, September 9th, according to CertiK Alert monitoring, developer Qix's NPM account was targeted in a phishing attack, with the attacker injecting malicious code into npm. According to Security Alliance, the attacker seems to have only profited about 0.05 USD worth of ETH and 20 USD worth of Meme coins.

Earlier reports, Ledger CTO Charles Guillemet posted, "A large-scale supply chain attack is currently taking place: a prominent developer's NPM account has been compromised. The affected package has been downloaded over 1 billion times, posing a risk to the entire JavaScript ecosystem. The malicious code works by silently modifying cryptocurrency addresses in the background to steal funds."