OKX Wallet: Not affected by third-party component security incidents, APP, plug-in and web can be used safely

Odaily Planet Daily News In response to the "NPM Supply Chain Attack", OKX Wallet said that OKX always puts system security first and strictly controls the risk of third-party components in the entire process of product research and development and launch. After internal verification and evaluation, the OKX APP is developed based on the native framework of Android and iOS and does not have related security risks; the OKX plug-in, web application and mobile DApp browser do not use the affected version of third-party components, and the platform's services are running normally, so users can continue to use it with peace of mind. It is reported that the attacker stole the developer's qix's NPM account credentials through phishing emails (disguised as npmjs support), and injected malicious code into the 18 popular JavaScript packages it released (including chalk, debug-js, etc., with more than 2 billion downloads per week). This attack is considered the largest supply chain attack ever. It is worth noting that the malicious code does not attempt to implant Trojans or steal files in the local environment, but is specifically targeted at Web 3 scenarios: if window.ethereum is detected in the browser environment, the transaction request will be hijacked. The malicious code redirects funds to an attacker-controlled address (such as Ethereum address 0xFc4a4858 ...) by tampering with the browser's Ethereum and Solana transaction requests, and steals assets by replacing the encrypted address in the JSON response. Although the page shows the normal trading address, the actual funds are transferred to the attacker's address.