Security reminder: Another well-known developer and maintainer NPM account was hacked and injected into the wallet to steal malware

According to BlockBeats, on September 9, according to Socket monitoring, the ongoing NPM supply chain attacks have spread from the well-known developer Qix to another highly-known maintainer. The NPM account duckdb_admin, which is responsible for DuckDB-related packages, was hacked, and multiple malicious versions have been released. The injected code is the same as the wallet stealing malware used when a Qix account is damaged, which strongly suggests that both are part of the same attack. Previously, Ledger CTO said that a large-scale supply chain attack could face risks in the entire JavaScript ecosystem. But the NPM attackers failed and there were few victims.