Skip to content
btc Bitcoin $76,393 -2.28% eth Ethereum $2,299 -1.31% usdt Tether $1 -0.04% bnb BNB $768 -0.44% xrp XRP $2 0.24% usdc USDC $1 -0.01% sol Solana $101 -3.29% trx TRON $0 0.99% steth Lido Staked Ether $2,299 -1.28% doge Dogecoin $0 0.57%
Bitcoin ATM Crypto Mining Apps Best XRP Wallet Bull Flag Vs Bear Flag Crypto Mining Apps Proof of Stake Best Crypto Wallets Crypto Leverage Trading Crypto Airdrops Best Cryptocurrencies Crypto Scammers

NPM supply chain attack compromises popular JavaScript libraries, threatens billions in crypto transactions

NPM attack injects malware into core JavaScript libraries
SHARE THIS ARTICLE
Twitter
LinkedIn
Telegram
Whatsapp
Written by
Written by
Nazia Saeed
Reviewed by
Reviewed by
Raghav Chopra
Nov. 18, 2025

In what is being dubbed as the largest supply chain attack in history, hackers have compromised key JavaScript libraries like chalk, strip-ansi, and color-convert, which are downloaded billions of times each week. The breach is raising alarms over the security of open-source software, particularly in the context of crypto transactions.

The attackers gained access to a node package manager (NPM) account belonging to a well-known developer and secretly inserted malware into these widely used libraries. The infected code is specifically designed to target crypto wallets by swapping wallet addresses and intercepting transactions, leading to potential theft of funds.

Malware targets critical JavaScript libraries

The affected libraries, like chalk and strip-ansi, are small utilities that are buried deep within the dependency trees of countless JavaScript projects. Despite being seemingly minor, these packages are downloaded over a billion times each week, making them ubiquitous in the development community. As a result, the attack has put billions of downloads’ worth of projects at risk, even if developers never directly installed these libraries themselves.

NPM, a central library where developers share and download code packages, operates like an app store for developers. It’s used by a vast number of developers to source code for JavaScript projects, meaning the scope of the breach is far-reaching and could have major security implications for the broader development ecosystem.

Attack uses crypto-clipper malware to hijack wallet addresses

The malware in question is believed to be a crypto-clipper, a type of malicious software that silently replaces wallet addresses during transactions, diverting funds to the attacker’s wallet. This method of attack raises particular concerns for software wallets, which may be more vulnerable to exploitation. However, hardware wallets, where users must manually confirm each transaction, remain protected from this type of attack.

The full extent of the attack is still unclear, particularly whether the malware attempts to steal seed phrases or other sensitive information. However, researchers have already raised alarms about the wide-reaching implications for the security of open-source software and the crypto community at large.

Coin Headlines covers the latest news in crypto, blockchain, Web3, and markets, bringing you credible and up-to-date information on all the latest developments from around the world.

We focus on real-time news updates, market movements, whale transfers, and macroeconomic trends to keep you informed and engaged. Whether it’s Bitcoin price swings, altcoin updates, meme coin hype, regulatory changes, or major moves from the world of traditional finance, Coin Headlines gives you what you need to know, right when you need it.