Security Agency: NPM supply chain is attacked, developer Qix is ​​caught

PANews reported on September 9 that according to Scam Sniffer, well-known developer Qix has caused the npm package to be injected with malicious code due to phishing attacks, and related packages include chalk, strip-ansi, color-convert, etc. The attack methods are to hook the wallet function, tamper with the ETH/SOL transaction collection address and replace the address in the network response. User recommendation: Be sure to check the payee and amount in the wallet interface, check the address changes after pasting, review recent transactions, and give priority to using hardware wallets for high-value operations.