Slow Fog CISO: A well-known developer's NPM account was hacked, and several popular third-party packages were implanted with malicious code

Slow Fog Chief Information Security Officer 23pds tweeted, "A large-scale supply chain attack has been discovered. A well-known developer's NPM account was hacked, and multiple popular third-party packages were implanted with malicious code. The attacker is trying to steal cryptocurrency. Major platforms, wallets and development teams are asked to check and eliminate risks immediately. The affected package downloads have exceeded 1 billion times, and the entire JavaScript ecosystem may be at risk. The working principle of malicious code is to tamper with cryptocurrency addresses in the background to steal funds. If you use a hardware wallet, please carefully check each signed transaction to ensure security. If you are not using a hardware wallet, it is recommended to temporarily avoid any on-chain transactions. It is not clear whether the attacker is directly stealing the mnemonic words of the software wallet, which is to be further confirmed."