Security Advisory: Another well-known developer's NPM account has been compromised, injecting wallet-stealing malware

By: theblockbeats.news|2025/09/10 00:02:41

0

Share

copy

BlockBeats News, September 9th. According to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for the DuckDB-related package, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used when Qix's account was compromised, strongly indicating that both are part of the same attack campaign.

Previously reported, Ledger's CTO stated that in the event of a large-scale supply chain attack, the entire JavaScript ecosystem could be at risk. However, the NPM attackers were not successful, and there were almost no victims.

You may also like

MegaETH Co-founder: 48 Hours After Leaving Dubai, I Reassessed the Entire Crypto Space

MegaETH Co-founder: 48 Hours After Leaving Dubai, I Reassessed the Entire Crypto Space

In an era of technological upheaval, rather than pursuing the "legitimacy" co-opted by power, it is better to sharpen the blade and build parallel systems that truly expand individual sovereignty.

Web3 Winter Mass Exodus: Resignations, Closures, Transformations, and Acquisitions

Web3 Winter Mass Exodus: Resignations, Closures, Transformations, and Acquisitions

The intense collision between technology and capital, products and markets, vision and reality, each story reflects the confusion and unwillingness of the market participants.

Key Market Information Discrepancy on March 4th — A Must-Read! | Alpha Morning Report

Key Market Information Discrepancy on March 4th — A Must-Read! | Alpha Morning Report

1. Top News: Strait of Hormuz Emerges as Flashpoint in US-Iran Standoff, US Stocks Trim Losses, Asia-Pacific Markets Open Sharply Lower, Cryptocurrencies See Slight Recovery 2. Token Unlock: None

During the weekend market closure, Hyperliquid more accurately predicted the Gold reopening price than Binance

During the weekend market closure, Hyperliquid more accurately predicted the Gold reopening price than Binance

When markets are closed and real-time pricing is needed due to geopolitical risks, Hyperliquid takes the lead and is closer to the eventual futures reopening price.

OpenClaw thrusts crypto project Venice.ai into the spotlight as its token VVV surges over 500% in a single month

OpenClaw thrusts crypto project Venice.ai into the spotlight as its token VVV surges over 500% in a single month

Openclaw Founder Advises Young People "Not to Waste Time on Cryptocurrency," Yet in its official documentation, it lists the cryptocurrency project Venice.ai as a recommended model provider.

Different Rulings in Similar Cases: Why can Uniswap go free while Tornado Cash cannot?

Different Rulings in Similar Cases: Why can Uniswap go free while Tornado Cash cannot?

Time and tide wait for no man.

In the next 5 years, Vitalik will expand Ethereum in this way

In the next 5 years, Vitalik will expand Ethereum in this way

Short-term and long-term, execution, data and status

WBT Pulled a Quiet 15X While Everyone Was Watching Meme Coins

WBT Pulled a Quiet 15X While Everyone Was Watching Meme Coins

WBT, the native token of WhiteBIT exchange, surged from under $6 in 2023 to over $50 by 2026,…

Bank of Japan to Test Blockchain-Based Reserve Settlement Platform

Bank of Japan to Test Blockchain-Based Reserve Settlement Platform

Key Takeaways The Bank of Japan (BOJ) is leading the way as the first G7 member to explore…

Ethereum Price Prediction: Whales Impact 7th Red Month as RWA Sector Achieves $15B Record

Ethereum Price Prediction: Whales Impact 7th Red Month as RWA Sector Achieves $15B Record

Key Takeaways: Ethereum is on the brink of recording its seventh consecutive red month, indicating a potential prolonged…

VanEck’s Macro Bottom Thesis: Is the $60K–$70K Floor the Real Cycle Reset?

VanEck’s Macro Bottom Thesis: Is the $60K–$70K Floor the Real Cycle Reset?

Key Takeaways VanEck CEO Jan van Eck asserts that Bitcoin is forming a macro market bottom around the…

WBT Did a Quiet 15X While Everyone Focused on Meme Coins

WBT Did a Quiet 15X While Everyone Focused on Meme Coins

Key Takeaways WBT, WhiteBIT’s native cryptocurrency, has surged over 3,000% from its lowest point in late 2022 to…

Arthur Hayes Forecasts Bitcoin Price Surge to $750,000 by 2027 Due to Monetary Expansion

Arthur Hayes Forecasts Bitcoin Price Surge to $750,000 by 2027 Due to Monetary Expansion

Key Takeaways Arthur Hayes, co-founder of BitMEX, forecasts Bitcoin’s price to reach $250,000 in 2026 and then surge…

Iranian Exchange Outflow Surges 700% Amid Stiffening USDT Sanctions

Iranian Exchange Outflow Surges 700% Amid Stiffening USDT Sanctions

Key Takeaways: Iranian cryptocurrency exchange outflows surged by 700% following military strikes, signaling rapid capital flight from the…

Crypto Price Prediction Today 2 March – XRP, Bitcoin, Ethereum

Crypto Price Prediction Today 2 March – XRP, Bitcoin, Ethereum

Key Takeaways XRP is poised to potentially reach $5, driven by its role in stablecoin and tokenized asset…

Solana Price Outlook: Why A Billion-Dollar Loss Didn’t Deter This SOL Whale — What Insight Do They Have?

Solana Price Outlook: Why A Billion-Dollar Loss Didn’t Deter This SOL Whale — What Insight Do They Have?

Key Takeaways A major institutional investor in Solana withstands a huge unrealized loss, maintaining confidence in the long-term…

Bitcoin Price Prediction: $1 Billion Floods Back Into Crypto ETFs — Is the Bull Run Restarting?

Bitcoin Price Prediction: $1 Billion Floods Back Into Crypto ETFs — Is the Bull Run Restarting?

Key Takeaways A notable $1 billion has re-entered crypto exchange-traded products, hinting at potential upward momentum in Bitcoin…

Ethereum Price and BitMine Shares Jump 10% After Latest Treasury Buy

Ethereum Price and BitMine Shares Jump 10% After Latest Treasury Buy

Key Takeaways BitMine Immersion Technologies has embarked on a bold move by purchasing a significant amount of Ethereum,…

MegaETH Co-founder: 48 Hours After Leaving Dubai, I Reassessed the Entire Crypto Space

In an era of technological upheaval, rather than pursuing the "legitimacy" co-opted by power, it is better to sharpen the blade and build parallel systems that truly expand individual sovereignty.

Web3 Winter Mass Exodus: Resignations, Closures, Transformations, and Acquisitions

The intense collision between technology and capital, products and markets, vision and reality, each story reflects the confusion and unwillingness of the market participants.

Key Market Information Discrepancy on March 4th — A Must-Read! | Alpha Morning Report

1. Top News: Strait of Hormuz Emerges as Flashpoint in US-Iran Standoff, US Stocks Trim Losses, Asia-Pacific Markets Open Sharply Lower, Cryptocurrencies See Slight Recovery 2. Token Unlock: None

During the weekend market closure, Hyperliquid more accurately predicted the Gold reopening price than Binance

When markets are closed and real-time pricing is needed due to geopolitical risks, Hyperliquid takes the lead and is closer to the eventual futures reopening price.

OpenClaw thrusts crypto project Venice.ai into the spotlight as its token VVV surges over 500% in a single month

Openclaw Founder Advises Young People "Not to Waste Time on Cryptocurrency," Yet in its official documentation, it lists the cryptocurrency project Venice.ai as a recommended model provider.

Different Rulings in Similar Cases: Why can Uniswap go free while Tornado Cash cannot?

Time and tide wait for no man.

Popular coins

Latest Crypto News

14:43

Data: ETH total network contract open interest decreased by 5.08% in 24 hours

According to Coinglass data, the total contract open interest for ETH has decreased by 5.08% in the past 24 hours, with the current total open interest at $24.759 billion. Among them, Binance's open interest is $5.331 billion, OKX's open interest is $1.549 billion, Bybit's open interest is $1.902 bi...

14:43

Goldman Sachs: The probability of a short-term correction in global stock markets has increased, but the risk of a bear market is low

According to Jinshi reports, Goldman Sachs equity strategists stated in a report that as tensions in the Middle East escalate, global stock markets face the possibility of a pullback in the short term, but the likelihood of a full-blown bear market remains low. The strategists pointed out that curre...

14:43

The escalation of the Middle East conflict has led to a complete suspension of Dubai routes, putting 20% of global gold flows at risk

According to market news, due to the conflict in the Middle East, most air traffic in and out of Dubai has been disrupted, severely affecting the flow of gold and silver globally.Traders indicate that this could trigger further volatility in metal prices, which have already been significantly fluctu...

14:43

Data: GMGN Smart Money 24h Net Inflow Ranking, TripleT Ranks First

According to GMGN data, the top 5 tokens with net inflows of smart money in the past 24 hours are as follows:TripleT (J8PS....ump): Net inflow of $7,000, 24-hour change -23.4%, currently priced at $0.0015.AUTISM (8jiV....ump): Net inflow of $4,000, 24-hour change -22.6%, currently priced at $0.0031....

14:43

Byreal moves towards Agent-Native DEX, open-sourcing the first AI Skill that supports strategy replication

Byreal stated that it is committed to becoming a decentralized exchange native to Agents, believing that the next generation of market participants will not all be human, and the protocol needs to be built for AI Agents.Byreal also open-sourced byreal-cli, the first DeFi tool in the AI Agent Skills ...