Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents \ stacker news ~security

pull down to refresh

Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents www.securityalliance.org/news/2025-09-npm-supply-chain

143 sats \ 3 comments \ @0xbitcoiner 13h security

Impact

Despite the magnitude of the breach, the attacker appears to have only “stolen” around 5 cents of ETH and 20 USD of a memecoin with a whopping 588 USD of trading volume over the past 24 hours. Indeed, it seems like the biggest financial impact of this entire incident will be the collective thousands of hours spent by engineering and security teams around the world working to clean compromised environments, and the millions of dollars of sales contracts that will inevitably be signed as a result of this new case study.

...read more at securityalliance.org

view all related items

0 sats \ 0 replies \ @0xbitcoiner OP 11h

Remediation

If you are a package maintainer, there are a few ways you can check if you have been impacted, including:

Checking your local node_modules to see if it contains the malware: grep -R 'checkethereumw'

Checking your npm cache with this script by phxgg

Checking your project with this script by AndrewMohawk

If you are a user, make sure you are double checking any transactions you are signing to make sure the addresses are correct. For more information, you can refer to the SEAL Framework on signing and verifying transactions.

0 sats \ 1 reply \ @DarthCoin 12h

LOL 5 cents hahahahaha

0 sats \ 0 replies \ @0xbitcoiner OP 12h

And most likely that transaction was just to test the hack! Hahaha