Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
π¨ JavaScript Supply Chain Hack Hits Crypto β But Hackers Walk Away With Just $50
-
A massive supply chain hack targeting JavaScript software libraries has shaken the crypto world β but so far, hackers have only managed to steal around $50 worth of crypto.
What happened?
Hackers compromised the NPM (node package manager) account of a popular developer and injected malware into libraries downloaded over 1 billion times. These packages β including widely used utilities like chalk, strip-ansi, and color-convert β are buried deep inside countless projects, potentially exposing crypto apps built on Ethereum and Solana.
The damage (so far):$0.05 stolen in ETH
About $20 in memecoins (BRETT, ANDY, DORK, VISTA, GONDOLA)
One malicious wallet address flagged: 0xFc4a48
Crypto intelligence platform Security Alliance called it a baffling case:
βItβs like finding the keycard to Fort Knox and using it as a bookmark.β
Why it matters:Supply chain hacks are dangerous because developers can get infected even without directly installing the compromised packages.
The malware was a crypto-clipper, designed to replace wallet addresses during transactions.
Luckily, most major apps (Ledger, MetaMask, Uniswap, Phantom Wallet, Blockstream Jade, etc.) confirmed they were unaffected.
οΈ Whoβs at risk?
Only projects that updated after the infected packages were published and whose users approve malicious transactions may be exposed. Still, experts advise extra caution when signing onchain transactions until devs confirm their dependencies are clean.
Takeaway:
This could have been a multi-million dollar disaster, but instead turned into a $50 blip. The scare highlights how fragile open-source supply chains can be β and why every crypto user should always double-check addresses and approvals.
