Massive npm Supply-Chain Attack Targets Ethereum and Solana Wallets
A phishing attack targeted a prominent Node.js developer, compromising packages downloaded billions of times weekly. This incident is deemed one of the largest software supply-chain attacks recently.
Key details include:
- The attacker gained access through an email from support@npmjs[.]help, which led to a fake two-factor authentication page.
- Credential theft included usernames, passwords, and 2FA codes, enabling the attacker to republish compromised packages with malicious code.
- The injected code rerouted Ethereum transaction functions to a specific wallet address and disrupted Solana transactions.
- The overall financial impact was minimal, with the attacker receiving approximately five cents in ether and $20 in a low-volume memecoin.
- MetaMask confirmed its security measures protected it from this attack.
- The malicious packages were linked to over a billion downloads, raising concerns about security in the npm ecosystem.
Recent warnings indicate an increase in sophisticated malware techniques using Ethereum smart contracts to mask malicious activities.