reply on: EMERGENCY: Bitcoin Wallets Compromised! DO NOT SIGN TX Before Watching \ stacker news ~bitcoin

pull down to refresh

0 sats \ 1 reply \ @Bell_curve OP 8 Sep \ on: EMERGENCY: Bitcoin Wallets Compromised! DO NOT SIGN TX Before Watching bitcoin

from Claude...

Based on the research I've gathered, here are the 18 specific NPM packages that were compromised in this supply chain attack:

The Compromised Packages (with weekly download numbers):The Compromised Packages (with weekly download numbers):

Starting at September 8th, 13:16 UTC, these 18 very popular packages were compromised:

Highest Impact Packages:

ansi-styles - 371.41 million downloads/week
debug - 357.6 million downloads/week
chalk - 299.99 million downloads/week
strip-ansi - 261.17 million downloads/week
ansi-regex - 243.64 million downloads/week
wrap-ansi - 197.99 million downloads/week
color-convert - 193.5 million downloads/week
color-name - 191.71 million downloads/week

Medium Impact Packages:

is-arrayish - 73.8 million downloads/week
slice-ansi - 59.8 million downloads/week
error-ex - 47.17 million downloads/week
color-string - 27.48 million downloads/week
simple-swizzle - 26.26 million downloads/week
supports-hyperlinks - 19.2 million downloads/week
has-ansi - 12.1 million downloads/week

Lower Impact Packages:

chalk-template - 3.9 million downloads/week
supports-color - 287.1 million downloads/week
backslash - 0.26 million downloads/week

What These Packages DoWhat These Packages Do

These are all fundamental utility packages that handle basic functions like:

Text coloring and formatting (chalk, ansi-styles, color-convert)
Debugging output (debug)
String manipulation (strip-ansi, wrap-ansi)
Error handling (error-ex)

The ScaleThe Scale

These utilities underpin much of the modern web and collectively account for more than 2.6 billion weekly downloads. They're the kind of packages that get included in almost every JavaScript project without developers even realizing it.

How the Attack HappenedHow the Attack Happened

Hackers compromised the npm account of Josh Goldberg, a well-known open-source maintainer known as "Qix," through a phishing campaign that targeted npm maintainers with emails impersonating the platform's support team.

These aren't flashy frameworks - they're the invisible building blocks that millions of websites and applications depend on, which is exactly what made this attack so devastating.

11 sats \ 0 replies \ @SimpleStacker 8 Sep

How the heck does an experienced open source maintainer fall for a phishing attack?

It must have been a very sophisticated and convincing phishing attempt?!