A recent Node Package Manager (NPM) attack stole only $ 50 in cryptography, but industry experts say the incident highlights continuous vulnerabilities for exchanges and software wallets.
Charles Guillemet, director of Hardware Wallet Company Ledger, said in a Tuesday X post that Exploit’s attempt was a “clear reminder” that wallets and software exchanges remain exposed to risks.
If your funds are in a software wallet or in an exchange, it is at a code execution of losing everything, ”he said, added that supply chain commitments remain a powerful malware delivery vector.
Guillemet took the opportunity to advocate hardware wallets, saying that characteristics such as the clear firm and transactions verifications would help users to resist such threats. “The immediate danger may have passed, but the threat has not done. Stay safe,” he added.
NPM’s largest attack only $ 50 in crypto
The attack was developed after computer pirates acquired credentials using a Phishing email sent from a false NPM support domain.
Using their newly acquired access to developer accounts, the attackers pushed malicious updates to popular libraries. This included Chalk, Depug Strip-Ansi and more.
The code that injected tried to kidnap transactions by intercepting wallet addresses and replacing them in network responses into several block chains, including Bitcoin, Ethereum, Solana, Tron and Litecoin.
Related: The Venus protocol recovers the $ 13.5 million of the stolen user in a phishing attack
Ton cto breakd down the NPM attack
Anatoly Makosov, technology director of the Open Red (TON), said only specific versions of 18 packages were committed and that they have already been published.
Breaking the mechanics of the attack, Makosov said that the compromised packages functioned as cryptographic curtains, which silently falsified the torders of the wallet in products that depended on the infected versions.
This means that the web applications that interact with the aforementioned chains risked that their transactions be intercepted and redirected without users’ knowledge.
He said that the developers who pushed their constructions within a few hours of malicious updates and applications that automatically update their code libraries instead of freezing them to a safe version were the most exposed.
Makosov shared a verification list on how developers can verify if their applications were compromised. The main sign is whether the code is using one of the 18 versions of popular libraries such as ANSI-skles, chalk or depug. He said that if a project depends on these versions, it is probably committed.
He said the solution is to return to safe versions, reinstall the cleaning code and rebuild applications. He added that the new and updated versions are already available and urged developers to act quickly to eliminate malware before they can affect their users.
https://www.youtube.com/watch?v=1ljpqxtupnc
Magazine: BTS Jungkook hacker, Ripple supports Singapore’s payments firm: Asia Express