News

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...
Crypto News

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

Largest NPM attack in crypto history stole less than $50: SEAL

Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...
CSOonline

JavaScript Botnet Code a Handy Hacking Tool

Software that could be used to turn a Web browser into an unwitting hacker’s tool has been posted to the Internet, after it was downloaded by a quick-thinking attendee at last month’s Shmoocon hacker ...

Ledger CTO Warns of Serious NPM Hack That Can Hijack Crypto Transactions

A serious security scare has hit the open-source software world, and it’s got big implications for crypto. Ledger’s chief ...
Decrypt

'Widespread' Crypto Exploit That Created Panic Steals Only $1K From Users

A major JavaScript supply chain attack targeting crypto wallets through compromised GitHub packages has stolen only $1,043.

Huge malware attack targeting crypto exposes DeFi’s Achilles heel

Hackers poisoned JavaScript packages with crypto-stealing malware. The large scale attack exposes a DeFi weak point. The ...