Flash Depth Data Forum

Forum

Search Extension

Security Advisory: Another well-known developer's NPM account has been compromised, injecting wallet-stealing malware

2025-09-09 23:27

BlockBeats News, September 9th. According to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for the DuckDB-related package, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used when Qix's account was compromised, strongly indicating that both are part of the same attack campaign.

Previously reported, Ledger's CTO stated that in the event of a large-scale supply chain attack, the entire JavaScript ecosystem could be at risk. However, the NPM attackers were not successful, and there were almost no victims.

Original link

Correction/Report

This platform has fully integrated the Farcaster protocol. If you have a Farcaster account, you canLogin to comment

Hot Articles

8h ago

Whale qianbaidu.eth entered the HYPE position yesterday and is currently floating with a $2.5 million profit.

10h ago

BlackRock deposits 44,774 ETH and 900 BTC into Coinbase Prime, totaling approximately $297 million

10h ago

「$2249 Short ETH」 Whale Once Again Reduces Position, Unrealized Losses Reach $12.26M, Stuck in a Rolling Position for Five Months

11h ago

Three Arrows Capital's liquidation provider Teneo recently sold 2.25 million WLD, with 52.47 million WLD still awaiting sale.

24H Important Information

2025-09-10

JPMorgan Chase: Expects Fed to Cut Interest Rates by 25 Basis Points in September

Native Markets: Intends to collaborate with Bridge to issue USDH, and will maintain technological neutrality if the bid is successful.

In the past 24 hours, the whole network has seen $380 million in liquidations, with both longs and shorts getting rekt.

Bloomberg: Strategy Model Stumbles as Cryptocurrency Treasury Fad Turns Skeptical

Correction/Report

Submit

Add Library

Visible to myself only

Public

Save

Choose Library

Add Library

Cancel

Finish

Security Advisory: Another well-known developer's NPM account has been compromised, injecting wallet-stealing malware

Linea's 24 Hours Before Launch: Airdrop, Valuation, Risk Deep Dive

Dialogue HYPE Whale: After reaching an all-time high, what other miracles can Hyperliquid create?

RWA's Next Milestone: Nasdaq Is Really Considering Stock Tokenization

Do you join if you can't beat them? Nasdaq Executive Reveals Why They Chose to Embrace Tokenization

Whale qianbaidu.eth entered the HYPE position yesterday and is currently floating with a $2.5 million profit.

BlackRock deposits 44,774 ETH and 900 BTC into Coinbase Prime, totaling approximately $297 million

「$2249 Short ETH」 Whale Once Again Reduces Position, Unrealized Losses Reach $12.26M, Stuck in a Rolling Position for Five Months

Three Arrows Capital's liquidation provider Teneo recently sold 2.25 million WLD, with 52.47 million WLD still awaiting sale.