Up to $ 50 cryptocurrencies stolen with a vast -scale NPM attack

Blockchain

Published on:

Hackers only managed to steal cryptocurrencies worth 50 USD from the huge hacking of the supply chain affecting JavaScript software libraries, the industry scientists say.

Crypto Intelligence Platform Security Alliance common Arrangements on Monday after hackers broke into the account of the node packages manager (NPM) in addition Malicious software for popular JavaScript libraries, which have already been downloaded over 1 billion times, potentially exposing countless cryptographic projects. Security Alliance said Ethereum and Solana’s wallets were specially targeted.

Fortunately, less than USD 50 was stolen from the cryptocurrency space, said the security company, identifying the address of the Ethereum portfolio “0xfc4a4a48” as what it considers the only malicious address. This in addition Na X:

“The photo is:” you expose the WPM developer to the account, whose packages are downloaded over 2 billion times a week. You may have unlimited access to millions of programmers workstations. The unprofitable wealth you expect. The world is your oyster. You gain less than USD 50. “

Source: Safety alliance

However, the $ 50 was struck With five cents a few hours earlier, which suggests that potential damage can continue to develop.

ETH, Memecoin among a small amount of stolen cryptographs

Security Alliance said that five cents were stolen in the ether (ETH), while the next 20 USD was threatened by memecoin.

Etherscan data It shows that the malicious address was received by Brett (Brett), Andy (Andy), DORK Lord (DORK), Ethervista (Vista) and Gondola (gondola) so far.

Cryptographic projects that did not download NPMS, still threatened

Violation of targeted packages such as chalk, strip-advance and color convert-tools Zakopane deep in the trees of dependencies in countless projects. Even developers who have never installed them directly can be disclosed.

NPM is like a store with applications for programmers – a central library in which they provide and download small code packages to build JavaScript projects.

Related: Pokémon cards will soon have their “polymarket moment” – BitWise

It seems that the attackers planted the crypto-calm, a type of malware that quietly replaces the portfolio addresses during the transaction to redirect the funds.

Charles Guillemet, director of Ledger technology, was one of many who called cryptocurrency users to be careful when confirming the transaction at Onchain.

In a separate post Ledger he said The NPM attack did not directly affect its devices.

You will not be exhausted immediately, says the founder of Crypto

However, 0xngmi, the nickname founder of the Crypto Analytics, Doners platform he said Only cryptographic projects that have updated after the publication of the NPM package infected with malware can be threatened, and even then users must confirm the malicious transaction to work.

Although, like GuilleMet, he said that it could be safer to avoid using cryptographic sites until the programmers behind these platforms do not clean the wrong package.

This is a developing story, and further information will be added as far as possible.

Warehouse: “Accidental Jailbreaks” and CHATGPT links with murder, suicide: Ai Eye

Related

Leave a Reply

Please enter your comment!
Please enter your name here

theblockchainbeat.com
theblockchainbeat.comhttp://theblockchainbeat.com

© Copyright 2024. All Right Reserved By The Blockchain Beat