{"id":497379,"date":"2025-09-08T19:57:44","date_gmt":"2025-09-08T18:57:44","guid":{"rendered":"https:\/\/cryptoslate.com\/?p=497379"},"modified":"2025-09-09T11:43:47","modified_gmt":"2025-09-09T10:43:47","slug":"largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages","status":"publish","type":"post","link":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/","title":{"rendered":"Largest supply chain attack in history targets crypto users through compromised JavaScript packages"},"content":{"rendered":"

A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers describe as the largest supply chain attack in history.<\/p>\n

BleepingComputer reported that hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.<\/p>\n

The attack targeted JavaScript developers with fraudulent emails appearing to originate from “support@npmjs.help,” an impersonated domain mimicking the legitimate NPM registry.<\/p>\n

The phishing messages warned maintainers that their accounts would be locked on Sept. 10, unless they updated their two-factor authentication credentials through a malicious link.<\/p>\n

Attackers successfully compromised 18 widely-used JavaScript packages with collective weekly downloads exceeding 2.6 billion.<\/p>\n

The compromised libraries include fundamental development tools such as “chalk” (300 million weekly downloads), “debug” (358 million), and “ansi-styles” (371 million), affecting virtually the entire JavaScript ecosystem.<\/p>\n

Targeting crypto<\/h2>\n

The malicious code operates as a browser-based interceptor, monitoring network traffic for crypto transactions across Ethereum<\/a>, Bitcoin<\/a>, Solana<\/a>, Tron<\/a>, Litecoin<\/a>, and Bitcoin Cash<\/a> networks.<\/p>\n

When users initiate crypto transfers, the malware silently replaces destination wallet addresses with attacker-controlled accounts before transaction signing.<\/p>\n

Aikido Security researcher Charlie Eriksen explained:<\/p>\n

“What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users' apps believe they are signing.”<\/p><\/blockquote>\n

Ledger<\/a> CTO Charles Guillemet<\/a> warned crypto users about the ongoing threat<\/a>, noting the JavaScript ecosystem may be compromised<\/a> given the massive download figures.<\/p>\n

Hardware wallet users retain protection if they verify transaction details before signing, while software wallet users face a higher risk. Guillemet advised:<\/p>\n

“If you don't use a hardware wallet, refrain from making any on-chain transactions for now.”<\/p><\/blockquote>\n

He also noted uncertainty about whether attackers can directly extract seed phrases from software wallets.<\/p>\n

Sophisticated targeting<\/h2>\n

The attack represents a sophisticated supply chain targeting where criminals compromise trusted development infrastructure to reach end users.<\/p>\n

By infiltrating packages downloaded billions of times weekly, attackers gained unprecedented access to cryptocurrency applications and wallet interfaces.<\/p>\n

BleepingComputer identified the phishing infrastructure exfiltrating credentials to “websocket-api2.publicvm.com,” demonstrating the coordinated nature of the operation.<\/p>\n

This incident follows similar JavaScript library compromises throughout 2025, including the July attack on “eslint-config-prettier,” which had 30 million weekly downloads, and March compromises affecting ten popular NPM libraries.<\/p>\n","protected":false},"excerpt":{"rendered":"

A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers describe as the largest supply chain attack in history. BleepingComputer reported that hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto. The attack targeted JavaScript developers with fraudulent emails appearing to originate […]<\/p>\n","protected":false},"author":1511,"featured_media":497409,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,77968,16041],"tags":[],"post_folder":[],"acf":[],"yoast_head":"\nLargest supply chain attack in history targets crypto users through compromised JavaScript packages<\/title>\n<meta name=\"description\" content=\"Hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Largest supply chain attack in history targets crypto users through compromised JavaScript packages\" \/>\n<meta property=\"og:description\" content=\"Hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\" \/>\n<meta property=\"og:site_name\" content=\"CryptoSlate\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-08T18:57:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-09T10:43:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/09\/javascript-compromise.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gino Matos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:site\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gino Matos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\"},\"author\":{\"name\":\"Gino Matos\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/f03754c9e579651795caf77a2b00c49c\"},\"headline\":\"Largest supply chain attack in history targets crypto users through compromised JavaScript packages\",\"datePublished\":\"2025-09-08T18:57:44+00:00\",\"dateModified\":\"2025-09-09T10:43:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\"},\"wordCount\":378,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"articleSection\":[\"Crypto\",\"Featured\",\"Hacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\",\"url\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\",\"name\":\"Largest supply chain attack in history targets crypto users through compromised JavaScript packages\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/#website\"},\"datePublished\":\"2025-09-08T18:57:44+00:00\",\"dateModified\":\"2025-09-09T10:43:47+00:00\",\"description\":\"Hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.\",\"breadcrumb\":{\"@id\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptoslate.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Largest supply chain attack in history targets crypto users through compromised JavaScript packages\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptoslate.com\/#website\",\"url\":\"https:\/\/cryptoslate.com\/\",\"name\":\"CryptoSlate\",\"description\":\"Cryptocurrency News and Real-time Coin Data\",\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cryptoslate.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cryptoslate.com\/#organization\",\"name\":\"CryptoSlate\",\"url\":\"https:\/\/cryptoslate.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"CryptoSlate\"},\"image\":{\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/cryptoslate\",\"https:\/\/www.instagram.com\/cryptoslate\/\",\"https:\/\/www.linkedin.com\/company\/cryptoslate\/\",\"https:\/\/www.youtube.com\/c\/cryptoslate\",\"https:\/\/cryptoslate.substack.com\/\",\"https:\/\/t.me\/cryptoslatenews\"],\"publishingPrinciples\":\"https:\/\/cryptoslate.com\/editorial-policy\/\",\"ownershipFundingInfo\":\"https:\/\/cryptoslate.com\/about\/\",\"actionableFeedbackPolicy\":\"https:\/\/cryptoslate.com\/about\/\",\"correctionsPolicy\":\"https:\/\/cryptoslate.com\/about\/\",\"ethicsPolicy\":\"https:\/\/cryptoslate.com\/disclaimers\/\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/f03754c9e579651795caf77a2b00c49c\",\"name\":\"Gino Matos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg\",\"caption\":\"Gino Matos\"},\"description\":\"Gino Matos is a law school graduate and a seasoned journalist with six years of experience in the crypto industry. His expertise primarily focuses on the Brazilian blockchain ecosystem and developments in decentralized finance (DeFi).\",\"url\":\"https:\/\/cryptoslate.com\/author\/gino-matos\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Largest supply chain attack in history targets crypto users through compromised JavaScript packages","description":"Hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/","og_locale":"en_US","og_type":"article","og_title":"Largest supply chain attack in history targets crypto users through compromised JavaScript packages","og_description":"Hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.","og_url":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/","og_site_name":"CryptoSlate","article_published_time":"2025-09-08T18:57:44+00:00","article_modified_time":"2025-09-09T10:43:47+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/09\/javascript-compromise.jpg","type":"image\/jpeg"}],"author":"Gino Matos","twitter_card":"summary_large_image","twitter_creator":"@cryptoslate","twitter_site":"@cryptoslate","twitter_misc":{"Written by":"Gino Matos","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#article","isPartOf":{"@id":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/"},"author":{"name":"Gino Matos","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/f03754c9e579651795caf77a2b00c49c"},"headline":"Largest supply chain attack in history targets crypto users through compromised JavaScript packages","datePublished":"2025-09-08T18:57:44+00:00","dateModified":"2025-09-09T10:43:47+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/"},"wordCount":378,"commentCount":0,"publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"articleSection":["Crypto","Featured","Hacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cryptoslate.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/","url":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/","name":"Largest supply chain attack in history targets crypto users through compromised JavaScript packages","isPartOf":{"@id":"https:\/\/cryptoslate.com\/#website"},"datePublished":"2025-09-08T18:57:44+00:00","dateModified":"2025-09-09T10:43:47+00:00","description":"Hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.","breadcrumb":{"@id":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cryptoslate.com\/largest-supply-chain-attack-in-history-targets-crypto-users-through-compromised-javascript-packages\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptoslate.com\/"},{"@type":"ListItem","position":2,"name":"Largest supply chain attack in history targets crypto users through compromised JavaScript packages"}]},{"@type":"WebSite","@id":"https:\/\/cryptoslate.com\/#website","url":"https:\/\/cryptoslate.com\/","name":"CryptoSlate","description":"Cryptocurrency News and Real-time Coin Data","publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptoslate.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cryptoslate.com\/#organization","name":"CryptoSlate","url":"https:\/\/cryptoslate.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","width":1000,"height":1000,"caption":"CryptoSlate"},"image":{"@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/cryptoslate","https:\/\/www.instagram.com\/cryptoslate\/","https:\/\/www.linkedin.com\/company\/cryptoslate\/","https:\/\/www.youtube.com\/c\/cryptoslate","https:\/\/cryptoslate.substack.com\/","https:\/\/t.me\/cryptoslatenews"],"publishingPrinciples":"https:\/\/cryptoslate.com\/editorial-policy\/","ownershipFundingInfo":"https:\/\/cryptoslate.com\/about\/","actionableFeedbackPolicy":"https:\/\/cryptoslate.com\/about\/","correctionsPolicy":"https:\/\/cryptoslate.com\/about\/","ethicsPolicy":"https:\/\/cryptoslate.com\/disclaimers\/"},{"@type":"Person","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/f03754c9e579651795caf77a2b00c49c","name":"Gino Matos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg","caption":"Gino Matos"},"description":"Gino Matos is a law school graduate and a seasoned journalist with six years of experience in the crypto industry. His expertise primarily focuses on the Brazilian blockchain ecosystem and developments in decentralized finance (DeFi).","url":"https:\/\/cryptoslate.com\/author\/gino-matos\/"}]}},"_links":{"self":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/497379"}],"collection":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/users\/1511"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/comments?post=497379"}],"version-history":[{"count":4,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/497379\/revisions"}],"predecessor-version":[{"id":497482,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/497379\/revisions\/497482"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media\/497409"}],"wp:attachment":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media?parent=497379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/categories?post=497379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/tags?post=497379"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/post_folder?post=497379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}