Security Agency: NPM supply chain is attacked, developer qix is ​​caught

According to ChainCatcher, according to market news, the well-known developer Qix has caused the npm package to be injected with malicious code due to phishing attacks, and related packages include chalk, strip-ansi, color-convert, etc. The attack methods are hooking the wallet function, tampering with the ETH/SOL transaction collection address and replacing the address in the network response. User recommendation: Be sure to check the payee and amount in the wallet interface, check the address changes after pasting, review recent transactions, and give priority to using hardware wallets for high-value operations.