NPM Hack Exposes Crypto Wallets: $50 Stolen in 'Largest Supply Chain Attack'

Massive NPM Crypto Hack Nets Scant $50, But Risks Remain

A recent attack targeting the Node Package Manager (NPM) has sent ripples of concern through the crypto community. Dubbed potentially the "largest supply chain attack," the breach involved hackers concealing malware within 18 NPM packages belonging to developer Josh Junon, known as "qix." These packages are downloaded approximately two billion times weekly.

Key Takeaways:

• Cybercriminals infiltrated 18 NPM packages, masking malware within open-source code.
• The attack potentially impacted multiple leading blockchains, including Bitcoin, Ethereum, Solana, and Tron.
• Users are advised to exercise extreme caution and remain vigilant.

How the Attack Worked

NPM serves as a repository for reusable code packages crucial for building software applications, including those related to cryptocurrency. The malware injected into Junon's packages was designed to target crypto transactions across several major blockchains. While the attack vector was significant, the immediate financial impact appears minimal.

Limited Financial Impact...So Far

Security Alliance reported that Ethereum and Solana wallets were primary targets. Surprisingly, the hacker only managed to steal around $50 worth of crypto assets. The stolen assets were primarily meme coins, including Brett, Andy, Dork Lord, Ethervista and Gondola. Despite the small amount stolen, the situation remains fluid, and the potential for greater damage still exists.

It's important to note that this attack was initially reported by TheStreet on September 9, 2025.