quoting⚡️🚨 ALERT - Aikido Security has flagged what may be the largest npm supply chain hack ever targeting crypto holders.
nevent1q…an4g
A long-trusted maintainer (“qix”) was phished, and 18 popular packages, including chalk, debug, and ansi-styles (2B+ weekly downloads), were injected with wallet-draining code.
The malware silently swaps crypto addresses in MetaMask, Phantom, and other software wallets. Users see the correct recipient, but funds are rerouted to attacker-controlled addresses.
The compromised packages have already been downloaded over 1B times, putting the entire JavaScript ecosystem at risk.
🔒 Hardware wallet users: verify every transaction before signing.
⚠️ Software wallet users: avoid on-chain transactions for now.
Scott on Nostr: How does this affect address generation on a watch only wallet on mobile? ...
How does this affect address generation on a watch only wallet on mobile? nprofile1qqsvxq03xdev3uxehjqcdkr5lfzl5vawmcf7vm6ps73m6ghwg8y4k2spz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9nhwden5te0dehhxarj9eekcmm5dpujuamfdcq9v6rc (nprofile…v6rc)