Acquista cryptoMercatiSpotFuturesGOLDEarnCentro eventi
Altro
USD1 Genesis
The post Crypto Funds at Risk from Massive Supply Chain Attack appeared on BitcoinEthereumNews.com. Crypto Hack: What Happened? A widely used npm package, error-ex, was tampered with in its 1.3.3 release. Hidden inside was obfuscated code that activates two dangerous attack modes: Clipboard Hijacking: When you paste a wallet address, the malware silently swaps it with the attacker’s lookalike address. Transaction Interception: If you use a browser wallet, the code can intercept transaction calls and change the recipient’s address before you even see the confirmation screen. This makes it nearly impossible to notice unless you carefully check every single character of the address you’re sending to. Who’s at Risk from this Crypto Hack? Developers: Any project pulling dependencies without strict version pinning may have installed the infected version. This could affect CI pipelines, production builds, and apps that rely on JavaScript. Crypto Users: The malware targets major assets including $BTC, $ETH, $SOL, $TRX, $LTC, and $BCH. Both clipboard users and browser wallets are at risk. Platforms: Even centralized apps integrating npm libraries may have unknowingly included the malicious code. Which Companies were Affected? Already, SwissBorg confirmed a breach linked to a compromised partner API. Roughly 192.6K SOL (~$41.5M) was drained in the attack. While the SwissBorg app itself remains secure, its SOL Earn Program was hit, affecting <1% of users. The platform has promised recovery measures, including treasury funds and support from white-hat hackers. How to Protect Yourself Here’s what you need to do right now: For Wallet Users ✅ Always verify every transaction — check the full recipient address before signing.✅ Use a hardware wallet with clear signing enabled.✅ Avoid unnecessary browser wallet extensions.✅ If something feels off (unexpected signing requests), close the tab immediately. For Developers ⚙️ Switch CI builds from npm install to npm ci to lock dependencies.⚙️ Run npm ls error-ex to detect infected installs.⚙️ Pin safe versions (error-ex@1.3.2) and… The post Crypto Funds at Risk from Massive Supply Chain Attack appeared on BitcoinEthereumNews.com. Crypto Hack: What Happened? A widely used npm package, error-ex, was tampered with in its 1.3.3 release. Hidden inside was obfuscated code that activates two dangerous attack modes: Clipboard Hijacking: When you paste a wallet address, the malware silently swaps it with the attacker’s lookalike address. Transaction Interception: If you use a browser wallet, the code can intercept transaction calls and change the recipient’s address before you even see the confirmation screen. This makes it nearly impossible to notice unless you carefully check every single character of the address you’re sending to. Who’s at Risk from this Crypto Hack? Developers: Any project pulling dependencies without strict version pinning may have installed the infected version. This could affect CI pipelines, production builds, and apps that rely on JavaScript. Crypto Users: The malware targets major assets including $BTC, $ETH, $SOL, $TRX, $LTC, and $BCH. Both clipboard users and browser wallets are at risk. Platforms: Even centralized apps integrating npm libraries may have unknowingly included the malicious code. Which Companies were Affected? Already, SwissBorg confirmed a breach linked to a compromised partner API. Roughly 192.6K SOL (~$41.5M) was drained in the attack. While the SwissBorg app itself remains secure, its SOL Earn Program was hit, affecting <1% of users. The platform has promised recovery measures, including treasury funds and support from white-hat hackers. How to Protect Yourself Here’s what you need to do right now: For Wallet Users ✅ Always verify every transaction — check the full recipient address before signing.✅ Use a hardware wallet with clear signing enabled.✅ Avoid unnecessary browser wallet extensions.✅ If something feels off (unexpected signing requests), close the tab immediately. For Developers ⚙️ Switch CI builds from npm install to npm ci to lock dependencies.⚙️ Run npm ls error-ex to detect infected installs.⚙️ Pin safe versions (error-ex@1.3.2) and…

Crypto Funds at Risk from Massive Supply Chain Attack

Autore: BitcoinEthereumNews
Fonte: BitcoinEthereumNews
2025/09/09 06:06
2 min di lettura
Bitcoin Cash Node
BCH$440.7+0.36%
Whiterock
WHITE$0.0000766-0.35%
Solana
SOL$84.14+1.05%
ChangeX
CHANGE$0.00141923-0.01%
Bitcoin
BTC$72,802.63+1.45%
Per feedback o dubbi su questo contenuto, contattateci all'indirizzo crypto.news@mexc.com.

Crypto Hack: What Happened?

A widely used npm package, error-ex, was tampered with in its 1.3.3 release. Hidden inside was obfuscated code that activates two dangerous attack modes:

  • Clipboard Hijacking: When you paste a wallet address, the malware silently swaps it with the attacker’s lookalike address.
  • Transaction Interception: If you use a browser wallet, the code can intercept transaction calls and change the recipient’s address before you even see the confirmation screen.

This makes it nearly impossible to notice unless you carefully check every single character of the address you’re sending to.

Who’s at Risk from this Crypto Hack?

  1. Developers: Any project pulling dependencies without strict version pinning may have installed the infected version. This could affect CI pipelines, production builds, and apps that rely on JavaScript.
  2. Crypto Users: The malware targets major assets including $BTC, $ETH, $SOL, $TRX, $LTC, and $BCH. Both clipboard users and browser wallets are at risk.
  3. Platforms: Even centralized apps integrating npm libraries may have unknowingly included the malicious code.

Which Companies were Affected?

Already, SwissBorg confirmed a breach linked to a compromised partner API. Roughly 192.6K SOL (~$41.5M) was drained in the attack. While the SwissBorg app itself remains secure, its SOL Earn Program was hit, affecting <1% of users. The platform has promised recovery measures, including treasury funds and support from white-hat hackers.

How to Protect Yourself

Here’s what you need to do right now:

For Wallet Users

✅ Always verify every transaction — check the full recipient address before signing.
✅ Use a hardware wallet with clear signing enabled.
✅ Avoid unnecessary browser wallet extensions.
✅ If something feels off (unexpected signing requests), close the tab immediately.

For Developers

⚙️ Switch CI builds from npm install to npm ci to lock dependencies.
⚙️ Run npm ls error-ex to detect infected installs.
⚙️ Pin safe versions ([email protected]) and regenerate lockfiles.
⚙️ Add dependency scanners like Snyk or Dependabot.
⚙️ Treat package-lock changes with the same scrutiny as code reviews.

Outlook

This incident highlights the fragility of supply chains in Web3 and beyond. A small package compromise can cascade into billions of downloads, hitting both developers and crypto holders worldwide. The immediate danger lies in address-swapping attacks, but the broader concern is how deep this could spread into financial infrastructure.

For now: check before you sign, pin your dependencies, and don’t take security shortcuts.

Source: https://cryptoticker.io/en/breaking-massive-supply-chain-attack-hits-crypto-funds-at-risk/

Opportunità di mercato
Logo Bitcoin Cash Node
Valore Bitcoin Cash Node (BCH)
$440.7
$440.7$440.7
-0.47%
USD
Grafico dei prezzi in tempo reale di Bitcoin Cash Node (BCH)
Disclaimer: gli articoli ripubblicati su questo sito provengono da piattaforme pubbliche e sono forniti esclusivamente a scopo informativo. Non riflettono necessariamente le opinioni di MEXC. Tutti i diritti rimangono agli autori originali. Se ritieni che un contenuto violi i diritti di terze parti, contatta crypto.news@mexc.com per la rimozione. MEXC non fornisce alcuna garanzia in merito all'accuratezza, completezza o tempestività del contenuto e non è responsabile per eventuali azioni intraprese sulla base delle informazioni fornite. Il contenuto non costituisce consulenza finanziaria, legale o professionale di altro tipo, né deve essere considerato una raccomandazione o un'approvazione da parte di MEXC.

Potrebbe anche piacerti

IBM (IBM) Stock; Dips as Company Agrees $17M Deal to End DOJ DEI Probe

IBM (IBM) Stock; Dips as Company Agrees $17M Deal to End DOJ DEI Probe

TLDRs; IBM stock dipped slightly after agreeing to a $17 million settlement over a US DOJ investigation into its DEI-related bonus structures. The settlement is
Condividi
Coincentral2026/04/11 15:51
Hong Kong Allows RMB Stablecoins as HSBC Plans Launch

Hong Kong Allows RMB Stablecoins as HSBC Plans Launch

Hong Kong is moving forward with its stablecoin plans. The city is building a regulated system for digital currencies. Its new updates show that RMB stablecoins
Condividi
Coinfomania2026/04/11 16:32
Iran Bitcoin Oil Tolls Spark Crypto Debate

Iran Bitcoin Oil Tolls Spark Crypto Debate

Iran may use Bitcoin for oil tolls Crypto vs sanctions debate heats up! Is BTC ready for global trade? #Bitcoin #Crypto
Condividi
CoinoMedia2026/04/11 16:21

USD1 Genesis: 0 Fees + 12% APR

USD1 Genesis: 0 Fees + 12% APRUSD1 Genesis: 0 Fees + 12% APR

New users: stake for up to 600% APR. Limited time!