A trusted open-source maintainer (known by the handle “qix”) had their account compromised via a phishing email, allowing hackers to publish malicious updates to 18 popular Node.js packages including chalk, debug, ansi-styles, strip-ansi, and more.
This phishing email lured a developer into logging in at a fake NPM website. | Source: https://krebsonsecurity.com/
Collectively, these libraries see over 2 billion downloads per week, forming core dependencies in countless projects. By sneaking a crypto-stealing malware into these ubiquitous packages, the attackers potentially put a vast number of applications – and the cryptocurrency assets of their users – at risk.
So how did this attack work, what exactly is a “crypto-clipper” malware, and why were hardware wallet users deemed safe amid the chaos?
This explainer breaks down the incident step by step: from the maintainer’s account takeover to the malware’s tactics, the impact on Web3 applications, and how hardware wallet safety proved to be a crucial safeguard.
New Trending Crypto Wallet Offers
Sponsored
Disclosure
We sometimes use affiliate links in our content, when clicking on those we might receive a commission at no extra cost to you. By using this website you agree to our terms and conditions and privacy policy.
Maintainer Account Compromised: How the NPM Attack Unfolded
The supply chain breach was set in motion by a phishing attack targeting the maintainer of the affected packages.
Maintainer’s confirmation on Bluesky. | Source: hackread.com
In this case, the developer (identified as Josh “Qix” and maintainer of chalk, strip-ansi, debug, and related libraries) received an email masquerading as npm support.
Unfortunately, the maintainer was having “a long week and a panicky morning” and clicked the malicious link instead of manually visiting the npm site, as he later admitted in a public apology.
The fake site stole his login credentials (and possibly 2FA token), giving attackers full control of his npm account.
“Hi, yep I got pwned. Sorry everyone, very embarrassing… just had a long week and a panicky morning and… made the mistake of clicking the link instead of going directly to the site like I normally would.” – Maintainer’s acknowledgment of the phishing mishap.
Once in control of the maintainer’s account, the attackers pushed malicious updates to 18 packages under his ownership almost simultaneously. These weren’t obscure libraries – they are fundamental building blocks in the Node/JavaScript ecosystem.
For example, chalk (text styling) gets 300 million downloads a week, debug (logging utility) 358 million, and ansi-styles 371 million.
Other compromised packages ranged from low-level helpers like is-arrayish to formatting tools like strip-ansi. Many of these are deeply embedded as dependencies of larger frameworks and dev tools (Webpack, Babel, ESLint, etc.), meaning countless projects could unknowingly pull in the infected versions.
Crucially, this happened fast. Here’s what events took place:
The attack began on September 8, 2025, and thanks to automated monitoring, it was detected within minutes by Aikido Security’s threat feed.
In fact, the first red flag was build pipelines suddenly failing with errors like ReferenceError: fetch is not defined. This odd error hinted that new code (expecting a browser environment where fetch exists) was running in Node.js contexts – a strong indicator of malicious code injection.
Within about an hour of the rogue package publishes, security researchers had disclosed the incident and warned the community, limiting the window of exposure.
The maintainer himself attempted to revert the bad releases, but by then attackers had locked him out of his account, forcing npm administrators to intervene in removing the compromised version. (As of the initial cleanup, at least one package like simple-swizzle was still showing a compromised version until full removal was completed.)
Anatomy of a Billion-Download NPM Supply-Chain Attack
How to safe for now?
▸Disable your extension on manage extension ▸No txn today
Crypto-Clipper Malware Explained: How JavaScript Code Stole Crypto
In general, a crypto-clipper is a type of malware that steals cryptocurrency by intercepting and altering wallet addresses during transactions.
It often works by monitoring your actions (such as the clipboard or network requests) for any data that looks like a crypto address, and when it finds one, it replaces it with an attacker’s address – all in the blink of an eye.
If the swap goes unnoticed, the victim ends up sending funds to the wrong address (controlled by the thief).
For example, traditional clipper trojans on PCs quietly watch your clipboard: if you copy a Bitcoin or Ethereum address, the malware will surreptitiously swap it out before you paste, so that you paste the attacker’s similar-looking address instead of the intended one. It’s a silent man-in-the-middle trick targeting human inattention.
In this NPM supply chain attack, the malicious code injected into the JavaScript libraries acted as an advanced, browser-based crypto-clipper. Rather than a simple clipboard hook, it integrated deeply into web application runtime behaviors.
Security analysis revealed that the malware monkey-patched (dynamically modified) core web APIs and wallet interfaces in any application that included the tainted packages:
Passive address swapping: It modified functions like fetch() and XMLHttpRequest to scan web traffic for wallet addresses. If it spotted one, it swapped it with a lookalike attacker address before the data reached the user or app.
Active transaction hijacking: It hooked into wallet APIs such as window.ethereum (used by MetaMask) and Phantom. Even if the dApp showed the right address, the code could silently replace it at the moment of signing, tricking users into sending funds to the attacker.
Multi-chain support with obfuscation: The malware recognized formats from major blockchains (Ethereum, Bitcoin, Solana, Tron, Litecoin, Bitcoin Cash, etc.). It was heavily obfuscated and functioned as a “man-in-the-browser,” altering both web content and wallet operations without visible warning.
Importantly, the malware didn’t steal private keys. Instead, it manipulated transactions so users willingly approved transfers to attacker-controlled addresses.
Aikido Intel Feed Exposes Malicious npm Packages
Aikido, a security firm in Belgium, reported that a series of 18 popular JavaScript packages were suddenly updated with code that appeared malicious. These weren’t niche tools — they were widely used dependencies, downloaded hundreds of millions of times every week across the JavaScript ecosystem.
New version release of ‘is-arrayish.’ | Source: Aikido
The discovery underscores how fragile open-source supply chains can be. A single compromised maintainer account allowed attackers to push malware into libraries that underpin nearly every corner of the JavaScript ecosystem.
For developers, this means dependency hygiene isn’t optional anymore and for crypto users, it’s a reminder that even familiar apps can become attack vectors overnight.
Widespread Impact on the JavaScript Ecosystem and Crypto Users
The npm attack shook both developers and crypto users because the compromised packages are core utilities in the Node.js ecosystem. Their reach meant the impact could be global.
Foundation packages at risk: Libraries like chalk, debug, ansi-styles, and strip-ansi are deeply embedded in build tools (Webpack, Babel), testing frameworks, and even desktop apps. Any project that auto-updated could unknowingly run malicious code.
Crypto users exposed:
DeFi and exchanges: Frontends using these libraries risked injecting attacker addresses into deposits or swaps.
Browser wallets: The malware likely hijacked MetaMask and Phantom by hooking into window.ethereum, enabling address swaps at signing. MetaMask’s team quickly warned developers and users. However, MetaMask noted on X that ‘you do not need to be scared‘ and Phantom says that its not at risk.
Industry warnings:
Ledger CTO Charles Guillemet called it a “large-scale supply chain attack” and urged users without hardware wallets to pause on-chain transactions.
Security teams identified attacker-controlled blockchain addresses and began monitoring activity.
Containment challenges: npm removed compromised versions, but cached dependencies and transitive installs meant exposure lingered until projects updated.
As a MetaMask user, you do not need to be scared of the supply chain attack that took place earlier today.
MetaMask has multiple layers of defense to protect our products and users:
– Basic Security: We lock our versions, don't push directly to main, have manual and automated…
According to @SolanaFloor on X, blockchain researcher @4484 grouped the attacker’s wallets on Arkham Intelligence under an entity labeled “NPM attack.” The findings show that despite the scale of the breach, the attacker managed to steal only about $66 worth of crypto.
Attacker managed to steal only $66. | Source: @SolanaFloor on X
One reassuring outcome was that hardware wallet users were safe if they carefully verified details.
How hardware wallets help:
Keys never leave the device.
Users must physically confirm recipient addresses on the device screen.
Malware cannot alter what’s displayed on the hardware wallet.
Limits: If a user blindly approves a swapped address, funds can still be lost. But the extra verification step gives users a fighting chance to catch tampering.
Outcome: No losses were reported from hardware wallet users. Software wallet users were strongly advised to pause activity or double-check every address.
Ledger CTO’s guidance for crypto users amid NPM supply chain attack | Source: @P3b7_ on X
Even though the malware could intercept and alter the address your computer or browser sees, it cannot alter what’s shown on the hardware wallet’s screen.
For example, let’s say you intended to send 1 ETH to Alice’s address 0xABC123…. The malware changes the address to attacker’s 0xHACK3D… in the background.
If you’re using a software wallet alone, you might just hit “Confirm” in MetaMask thinking everything is fine (since the on-screen dApp still showed Alice’s address when you initiated it, unless you double-check the tiny details in the MetaMask confirmation dialog).
But if you’re using a hardware wallet, when the confirmation appears on your Ledger/Trezor, you will see 0xHACK3D… as the destination.
This is your chance to say “Whoa, that’s not Alice’s address!” and reject the transaction, stopping the theft.
Essentially, the hardware wallet acts as a trust anchor – an out-of-band verification that what you see on your insecure computer is what you’re actually signing.
However, it is important to clarify that hardware wallets aren’t a magic shield that blocks the malware outright – if you blindly approve a transaction on a Ledger that has a swapped address, you would still lose funds.
The key is that hardware wallets encourage and necessitate the habit of verifying addresses in a secure way. They give users a fighting chance to spot the clipper’s handiwork. In practice, during this incident, no reports emerged of users with hardware wallets suffering losses.
Meanwhile, users of standard browser wallets were strongly urged to double-check every address or pause activity. MetaMask, Coinbase Wallet, and others advised users to remain on high alert, and some even integrated additional warnings.
This incident wasn’t just a problem for developers — it reached into the daily lives of crypto users and anyone relying on modern web apps. Here’s why it matters:
Hidden risks in trusted software: Even small utility packages can be a gateway for attackers. If your favorite app or DeFi platform updates with poisoned code, you could be exposed without realizing it.
Crypto theft without mistakes: Unlike scams that need you to click the wrong link or send coins manually, this malware could reroute funds even when you did everything right.
Impact on the entire web: Libraries like chalk and debug are used in testing, logging, build tools, and even desktop apps. That means the attack didn’t just threaten crypto users, it touched the foundations of web development itself.
Here’s what readers, both crypto holders and developers, can learn from this:
For crypto users:
Always check wallet addresses before confirming.
Use a hardware wallet when sending or storing significant funds.
Pause transactions if you hear about widespread attacks — the safest trade is the one you don’t make during uncertainty.
Pin versions and review updates before pushing them into production.
Treat package updates as potential security events, not just routine chores.
NPM Attack Failed — But the Threat Remains
Ledger’s CTO confirmed that the recent NPM supply chain attack fortunately failed, with almost no victims.
The incident was triggered by a phishing campaign using a fake NPM support domain to steal developer credentials. With access in hand, attackers attempted to publish malicious package updates containing code that hooked into crypto activity, intercepting Ethereum, Solana, and other transactions, and swapping wallet addresses in network responses.
But mistakes in the attackers’ payload caused CI/CD pipelines to crash, bringing early attention to the compromise and limiting its impact. This narrow escape underscores a hard truth: funds stored in software wallets or exchanges are always one malicious update away from being drained. Supply chain attacks remain one of the strongest malware delivery mechanisms, and the trend is moving toward more targeted exploits.
Hardware wallets provide critical protection in this landscape. With features like Clear Signing to display the true details of what you’re approving, and Transaction Checks to catch suspicious activity, they give users defense against precisely these kinds of threats.
Transaction Checks on hardware wallets flag suspicious activity. | Source: @P3b7_ on X
The danger may have passed this time—but the vector is alive and evolving. Stay safe, stay alert.
Conclusion
The September 2025 npm supply chain attack was a wake-up call for both developers and crypto users. By slipping crypto-clipper malware into everyday JavaScript packages, attackers proved that even the smallest utilities can become powerful tools for theft.
The incident highlighted how fragile the software supply chain is and how deeply it connects to financial security in Web3.
The good news: rapid detection limited widespread losses, and hardware wallets gave careful users a crucial layer of safety. The lesson is simple but urgent — verify what you install, verify what you sign, and never assume trusted code is risk-free.
A crypto-clipper is malware that intercepts wallet addresses during transactions and swaps them with attacker-controlled addresses, tricking users into sending funds to the wrong destination.
Which npm packages were compromised in the September 2025 attack?
Key libraries included chalk, debug, ansi-styles, strip-ansi, and related dependencies — all widely used across the Node.js ecosystem.
Were crypto hardware wallets affected by the attack?
No. Hardware wallets remained secure because they require users to physically confirm the recipient address on the device screen, which malware cannot alter.
How can developers and users protect themselves from similar attacks?
Developers should pin dependency versions, rely on lockfiles for reproducible builds, and regularly audit updates to catch suspicious changes before they reach production. For users, the safest path is to always confirm wallet addresses carefully, rely on hardware wallets for critical transactions, and stay alert to active threats and community warnings.
Dr. Guneet Kaur is a senior editor at CCN.com and a Science Fellow at Exponential Science. She is a fintech and blockchain expert with extensive experience in digital finance education, blockchain ecosystems, and cryptocurrency markets. She has worked with global media such as Cointelegraph, as well as education and blockchain platforms, to design and lead strategic content and learning initiatives. As an educator and assessor for top-tier executive programs, she bridges real-world fintech trends with academic insight.
Dr. Kaur is also a published researcher and peer reviewer across fintech and data science journals, including Financial Innovation Journal and International Journal of Big Data Intelligence and Applications. Her work spans data-driven analysis, Web3 innovation, and technical content development. With a strong foundation in both industry and academia, she translates complex financial technologies into practical applications, empowering learners, professionals, and institutions across the rapidly evolving digital finance landscape.
Easy 
